feat(tofu): init

gekoke · Feb 27, 2025 · 962208b · 962208b
1 parent 3a44858
commit 962208b
Show file tree

Hide file tree

Showing 13 changed files with 477 additions and 32 deletions.
diff --git a/checks.nix b/checks.nix
@@ -21,7 +21,10 @@
               };
             };
             nixfmt-rfc-style.enable = true;
-            statix.enable = true;
+            statix = {
+              enable = true;
+              settings.ignore = [ "tofu/.terraform/**" ];
+            };
             gitleaks = {
               enable = true;
               name = "gitleaks";

diff --git a/dev-shells.nix b/dev-shells.nix
@@ -6,7 +6,10 @@ _: {
         default = pkgs.mkShellNoCC {
           name = "elementary-shell";
 
-          nativeBuildInputs = [ pkgs.deadnix ];
+          nativeBuildInputs = [
+            pkgs.deadnix
+            pkgs.opentofu
+          ];
 
           shellHook = ''
             ${config.pre-commit.installationScript}

diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -41,6 +41,8 @@
 
     emacs-lsp-booster.url = "github:slotThe/emacs-lsp-booster-flake";
     emacs-lsp-booster.inputs.nixpkgs.follows = "nixpkgs";
+
+    disko.url = "github:nix-community/disko";
   };
 
   outputs =

diff --git a/systems/x86_64-linux/neon/default.nix b/systems/x86_64-linux/neon/default.nix
@@ -0,0 +1,44 @@
+{ inputs, modulesPath, ... }:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    inputs.disko.nixosModules.disko
+    ./disk-config.nix
+  ];
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 443 ];
+
+  services = {
+    openssh.enable = true;
+    nginx = {
+      enable = true;
+      virtualHosts."neon.grigorjan.net" = {
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          location / {
+              add_header Content-Type text/plain;
+              return 200 'Hello!';
+          }
+        '';
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "acme@grigorjan.net";
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZjHdiGT2JDe/3tdEt5hNsOw6bOo0DEfGTkD4+7/ASs geko@carbon"
+  ];
+
+  system.stateVersion = "25.05";
+}
diff --git a/systems/x86_64-linux/neon/disk-config.nix b/systems/x86_64-linux/neon/disk-config.nix
@@ -0,0 +1,55 @@
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/tofu/.gitignore b/tofu/.gitignore
@@ -0,0 +1,2 @@
+*.tfvars
+.terraform/