feat: add 'hecuba' host config

2025-12-03 17:42:27 +01:00
parent 0bad5c492c
commit 0197e99b8f
2 changed files with 88 additions and 0 deletions
--- a/hosts/hecuba/default.nix
+++ b/hosts/hecuba/default.nix
@@ -0,0 +1,51 @@
+{ pkgs, ... }:
+
+# Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
+
+{
+  imports = [
+    ./hard.nix
+    ../../modules/common.nix
+    ../../modules/ssh/hardened-openssh.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "ext4";
+  };
+  swapDevices = [
+    {
+      device = "/dev/disk/by-label/swap";
+    }
+  ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  users.users = {
+    root.hashedPassword = "!";
+    username = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOXPEhdKOVnb6mkeLLUcFGt+mnUR5pMie17JtjrxwgO h@andromache"
+      ];
+    };
+  };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  services.openssh = {
+    enable = true;
+    harden = true;
+  };
+}