prepared for mininas

machines/limiting-factor/About.org

@@ -0,0 +1,54 @@
+#+TITLE: limiting-factor Machine Configuration
+#+DATE: July 7, 2025
+#+AUTHOR: Geir Okkenhaug Jerstad
+#+DESCRIPTION: Configuration details for the limiting-factor machine, which is set to become a file server
+
+* Machine Overview
+
+*Machine Name:* limiting-factor
+*Culture Reference:* LimitingFactor (GSV) - A machine that defines boundaries or bottlenecks
+*Role:* File Server (Future)
+*Current Status:* Minimal configuration, preparation phase
+
+* Hardware Specifications
+
+- *CPU:* Intel N150 (low-power processor)
+- *RAM:* 12 GB
+- *Storage:* Six NVMe slots available for future storage expansion
+- *Filesystem:* ext4 (for simplicity and reliability)
+
+* Configuration Details
+
+** Users
+- *Primary User:* sma (Diziet Sma - System Administrator)
+- *UID:* 1001 (consistent across machines)
+- *Groups:* wheel, networkmanager, and other admin groups
+
+** Current Setup
+- Minimal NixOS configuration
+- SSH access enabled
+- No specialized services yet (will be added when transitioning to file server role)
+
+** Future Plans
+- Configure as dedicated file server
+- Set up NFS/SMB shares
+- Implement storage management across NVMe slots
+- Add backup and redundancy solutions
+
+* Network Configuration
+
+- *Hostname:* limiting-factor
+- *Network:* NetworkManager enabled
+- *SSH:* Enabled for remote administration
+
+* Security
+
+- SSH key-based authentication
+- Standard firewall configuration
+- Admin user with sudo access
+
+* Notes
+
+This machine is currently set up with a minimal configuration to prepare for its future role as a file server. The name "limiting-factor" is fitting as it will potentially define storage boundaries and could become a bottleneck if the storage needs exceed its capabilities.
+
+The configuration follows the lab's standard patterns and can be easily extended when the machine is ready to take on its file server responsibilities.

machines/limiting-factor/configuration.nix

@@ -0,0 +1,80 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules/common
+    ../../modules/security/ssh-keys.nix
+    ../../modules/users/sma.nix
+  ];
+
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Networking
+  networking.hostName = "limiting-factor";
+  networking.networkmanager.enable = true;
+
+  # Time zone
+  time.timeZone = "Europe/Oslo";
+
+  # Internationalization
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "nb_NO.UTF-8";
+    LC_IDENTIFICATION = "nb_NO.UTF-8";
+    LC_MEASUREMENT = "nb_NO.UTF-8";
+    LC_MONETARY = "nb_NO.UTF-8";
+    LC_NAME = "nb_NO.UTF-8";
+    LC_NUMERIC = "nb_NO.UTF-8";
+    LC_PAPER = "nb_NO.UTF-8";
+    LC_TELEPHONE = "nb_NO.UTF-8";
+    LC_TIME = "nb_NO.UTF-8";
+  };
+
+  # Console keymap
+  console.keyMap = "us";
+
+  # Define users
+  users.users.sma = {
+    isNormalUser = true;
+    description = "Diziet Sma";
+    extraGroups = ["networkmanager" "wheel"];
+    packages = with pkgs; [
+      # Basic server tools
+      git
+      vim
+      htop
+    ];
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile
+  environment.systemPackages = with pkgs; [
+    wget
+    curl
+    git
+    vim
+    htop
+    tree
+    file
+    rsync
+  ];
+
+  # Enable the OpenSSH daemon
+  services.openssh.enable = true;
+
+  # Open ports in the firewall
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  system.stateVersion = "25.05"; # Do not change this.
+}

machines/limiting-factor/hardware-configuration.nix

@@ -0,0 +1,47 @@
+# Do not modify this file!  It was generated by 'nixos-generate-config'
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  # NOTE: This is a template - replace with actual hardware configuration
+  # after running nixos-generate-config on the target machine
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  # Filesystems - update paths and UUIDs after installation
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-BOOT-UUID";
+    fsType = "vfat";
+    options = ["fmask=0077" "dmask=0077"];
+  };
+
+  # Swap configuration - adjust as needed
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

modules/users/geir.nix

@@ -92,7 +92,7 @@ in {
 
       # Container tools
       podman-compose
-      podman-desktop
+      #podman-desktop
 
       # Media
       celluloid