feat: init biblios

machines/biblios/default.nix

@@ -0,0 +1,58 @@
+{
+  inputs,
+  profiles,
+  ...
+}:
+{
+  imports = [
+    ./hardware.nix
+    ./home-julien.nix
+    ./garage.nix
+  ];
+
+  machine.meta = {
+    arch = "x86_64-linux";
+    nixpkgs_version = inputs.nixpkgs;
+    hm_version = inputs.home-manager;
+    profiles = with profiles; [
+      vm-simple-network
+      server
+      behind-sniproxy
+    ];
+    ips = {
+      public.ipv4 = "82.67.34.230";
+      vpn.ipv4 = "100.64.0.2";
+      public.ipv6 = "2a01:e0a:de4:a0e1:eb2:aaaa::46";
+      vpn.ipv6 = "fd7a:115c:a1e0::27";
+    };
+  };
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  deployment.tags = [ "server" ];
+
+  disko = import ./disko.nix;
+
+  luj.nginx.enable = true;
+
+  environment.persistence."/persistent" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib"
+      "/var/log"
+      "/srv"
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+    ];
+  };
+
+  fileSystems."/srv".neededForBoot = true;
+
+  services.tailscale.enable = true;
+
+  system.stateVersion = "24.11";
+}

machines/biblios/disko.nix

@@ -0,0 +1,79 @@
+{
+  devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02";
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            swap = {
+              size = "16G";
+              content = {
+                type = "swap";
+                discardPolicy = "both";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "lvm_pv";
+                vg = "mainpool";
+              };
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      mainpool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "50G";
+            pool = "mainpool";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [ "defaults" ];
+            };
+          };
+          persistent = {
+            size = "800G";
+            pool = "mainpool";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/persistent";
+              mountOptions = [ "defaults" ];
+            };
+          };
+
+          store = {
+            size = "100G";
+            pool = "mainpool";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/nix";
+            };
+          };
+        };
+      };
+    };
+  };
+}

machines/biblios/garage.nix

@@ -0,0 +1,46 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  api_domain = "s3.luj.fr";
+
+in
+{
+  services.garage = {
+    enable = true;
+    package = pkgs.garage_1_0_1;
+
+    settings = {
+      replication_factor = 1;
+      db_engine = "lmdb";
+      compression_level = 0;
+      s3_api = {
+        s3_region = "paris";
+        api_bind_addr = "[::]:3900";
+        root_domain = ".${api_domain}";
+      };
+      rpc_bind_addr = "[::]:3901";
+      rpc_public_addr = "127.0.0.1:3901";
+
+      admin.api_bind_addr = "127.0.0.1:3903";
+    };
+
+    environmentFile = config.age.secrets."garage-env-file".path;
+  };
+
+  age.secrets."garage-env-file".file = ../../secrets/garage-env-file.age;
+
+  services.nginx.virtualHosts."${api_domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:3900";
+      extraConfig = ''
+        proxy_max_temp_file_size 0;
+        client_max_body_size 5G;
+      '';
+    };
+  };
+}

machines/biblios/hardware.nix

@@ -0,0 +1,39 @@
+{
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/persistent".neededForBoot = lib.mkForce true;
+
+  boot.initrd.postDeviceCommands = ''
+    lvm lvremove --force /dev/mainpool/root || :
+    yes | lvm lvcreate --size 100G --name root mainpool
+    ${pkgs.e2fsprogs}/bin/mkfs.ext4 /dev/mainpool/root
+  '';
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}

machines/biblios/home-julien.nix

@@ -0,0 +1,3 @@
+_: {
+  luj.hmgr.julien = { };
+}