diff --git a/machines/limiting-factor/About.org b/machines/limiting-factor/About.org new file mode 100644 index 0000000..93076c0 --- /dev/null +++ b/machines/limiting-factor/About.org @@ -0,0 +1,54 @@ +#+TITLE: limiting-factor Machine Configuration +#+DATE: July 7, 2025 +#+AUTHOR: Geir Okkenhaug Jerstad +#+DESCRIPTION: Configuration details for the limiting-factor machine, which is set to become a file server + +* Machine Overview + +*Machine Name:* limiting-factor +*Culture Reference:* LimitingFactor (GSV) - A machine that defines boundaries or bottlenecks +*Role:* File Server (Future) +*Current Status:* Minimal configuration, preparation phase + +* Hardware Specifications + +- *CPU:* Intel N150 (low-power processor) +- *RAM:* 12 GB +- *Storage:* Six NVMe slots available for future storage expansion +- *Filesystem:* ext4 (for simplicity and reliability) + +* Configuration Details + +** Users +- *Primary User:* sma (Diziet Sma - System Administrator) +- *UID:* 1001 (consistent across machines) +- *Groups:* wheel, networkmanager, and other admin groups + +** Current Setup +- Minimal NixOS configuration +- SSH access enabled +- No specialized services yet (will be added when transitioning to file server role) + +** Future Plans +- Configure as dedicated file server +- Set up NFS/SMB shares +- Implement storage management across NVMe slots +- Add backup and redundancy solutions + +* Network Configuration + +- *Hostname:* limiting-factor +- *Network:* NetworkManager enabled +- *SSH:* Enabled for remote administration + +* Security + +- SSH key-based authentication +- Standard firewall configuration +- Admin user with sudo access + +* Notes + +This machine is currently set up with a minimal configuration to prepare for its future role as a file server. The name "limiting-factor" is fitting as it will potentially define storage boundaries and could become a bottleneck if the storage needs exceed its capabilities. + +The configuration follows the lab's standard patterns and can be easily extended when the machine is ready to take on its file server responsibilities. diff --git a/machines/limiting-factor/configuration.nix b/machines/limiting-factor/configuration.nix new file mode 100644 index 0000000..b400ece --- /dev/null +++ b/machines/limiting-factor/configuration.nix @@ -0,0 +1,80 @@ +{ + config, + pkgs, + lib, + ... +}: { + imports = [ + ./hardware-configuration.nix + ../../modules/common + ../../modules/security/ssh-keys.nix + ../../modules/users/sma.nix + ]; + + # Bootloader + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Networking + networking.hostName = "limiting-factor"; + networking.networkmanager.enable = true; + + # Time zone + time.timeZone = "Europe/Oslo"; + + # Internationalization + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "nb_NO.UTF-8"; + LC_IDENTIFICATION = "nb_NO.UTF-8"; + LC_MEASUREMENT = "nb_NO.UTF-8"; + LC_MONETARY = "nb_NO.UTF-8"; + LC_NAME = "nb_NO.UTF-8"; + LC_NUMERIC = "nb_NO.UTF-8"; + LC_PAPER = "nb_NO.UTF-8"; + LC_TELEPHONE = "nb_NO.UTF-8"; + LC_TIME = "nb_NO.UTF-8"; + }; + + # Console keymap + console.keyMap = "us"; + + # Define users + users.users.sma = { + isNormalUser = true; + description = "Diziet Sma"; + extraGroups = ["networkmanager" "wheel"]; + packages = with pkgs; [ + # Basic server tools + git + vim + htop + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile + environment.systemPackages = with pkgs; [ + wget + curl + git + vim + htop + tree + file + rsync + ]; + + # Enable the OpenSSH daemon + services.openssh.enable = true; + + # Open ports in the firewall + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + system.stateVersion = "25.05"; # Do not change this. +} diff --git a/machines/limiting-factor/hardware-configuration.nix b/machines/limiting-factor/hardware-configuration.nix new file mode 100644 index 0000000..303700b --- /dev/null +++ b/machines/limiting-factor/hardware-configuration.nix @@ -0,0 +1,47 @@ +# Do not modify this file! It was generated by 'nixos-generate-config' +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + # NOTE: This is a template - replace with actual hardware configuration + # after running nixos-generate-config on the target machine + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + # Filesystems - update paths and UUIDs after installation + fileSystems."/" = { + device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-BOOT-UUID"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077"]; + }; + + # Swap configuration - adjust as needed + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/users/geir.nix b/modules/users/geir.nix index e4f3738..43769eb 100644 --- a/modules/users/geir.nix +++ b/modules/users/geir.nix @@ -92,7 +92,7 @@ in { # Container tools podman-compose - podman-desktop + #podman-desktop # Media celluloid