Add cs306-mini server

main.tf

@@ -48,3 +48,9 @@ module "cs306" {
 	source = "./servers/cs306"
 	ssh_private_key_file = local.ssh.private_key
 }
+
+module "cs306-mini" {
+	host = "cs306-mini.${var.tailnet_name}.ts.net"
+	source = "./servers/cs306-mini"
+	ssh_private_key_file = local.ssh.private_key
+}

servers/base.nix

@@ -40,6 +40,10 @@ in {
 		git
 	];
 
+	users.users.root.openssh.authorizedKeys.keyFiles = [
+		<acm-aws/secrets/ssh/id_ed25519.pub>
+	];
+
 	# Deploy ./static to all servers.
 	deployment.staticPaths = [ ../static ];
 }

servers/cs306-mini/configuration.nix

@@ -0,0 +1,80 @@
+# Edit this configuration file to define what should be installed on
+# your system.	Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+	imports = [
+		<acm-aws/servers/base.nix>
+
+		./hardware-configuration.nix
+	];
+
+	# Bootloader.
+	boot.loader.systemd-boot.enable = true;
+	boot.loader.efi.canTouchEfiVariables = true;
+
+	networking.hostName = "cs306-mini";
+	networking.networkmanager.enable = true;
+
+	networking.firewall.enable = true; # Enable the firewall.
+	networking.firewall.allowedTCPPorts = [ ];
+	networking.firewall.allowedUDPPorts = [ ];
+
+	# Set your time zone.
+	time.timeZone = "America/Los_Angeles";
+
+	# Select internationalisation properties.
+	i18n.defaultLocale = "en_US.UTF-8";
+
+	i18n.extraLocaleSettings = {
+		LC_ADDRESS = "en_US.UTF-8";
+		LC_IDENTIFICATION = "en_US.UTF-8";
+		LC_MEASUREMENT = "en_US.UTF-8";
+		LC_MONETARY = "en_US.UTF-8";
+		LC_NAME = "en_US.UTF-8";
+		LC_NUMERIC = "en_US.UTF-8";
+		LC_PAPER = "en_US.UTF-8";
+		LC_TELEPHONE = "en_US.UTF-8";
+		LC_TIME = "en_US.UTF-8";
+	};
+
+	# Configure keymap in X11
+	services.xserver = {
+		layout = "us";
+		xkbVariant = "";
+	};
+
+	# Allow unfree packages
+	nixpkgs.config.allowUnfree = true;
+
+	environment.systemPackages = with pkgs; [
+		croc # for file transferring
+		tmux
+		vim
+	];
+
+	services.tailscale = {
+		enable = true;
+		openFirewall = true;
+		useRoutingFeatures = "both";
+	};
+
+	networking.firewall.interfaces.tailscale0 = {
+		allowedTCPPortRanges = [ { from = 0; to = 65535; } ];
+		allowedUDPPortRanges = [ { from = 0; to = 65535; } ];
+	};
+
+	# Enable the OpenSSH daemon.
+	services.openssh.enable = true;
+
+	services.logind = {
+		# Tweak laptop behaviors.
+		lidSwitch = "ignore";
+		powerKey = "ignore";
+		powerKeyLongPress = "reboot";
+	};
+
+	system.stateVersion = "24.05"; # Did you read the comment?
+}

servers/cs306-mini/default.nix

@@ -0,0 +1,8 @@
+let
+	sources = import <acm-aws/nix/sources.nix>;
+in
+
+import "${sources.nixpkgs}/nixos" {
+	system = "x86_64-linux";
+	configuration = import ./configuration.nix;
+}

servers/cs306-mini/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!	It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.	Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+	imports =
+		[ (modulesPath + "/installer/scan/not-detected.nix")
+		];
+
+	boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+	boot.initrd.kernelModules = [ ];
+	boot.kernelModules = [ "kvm-intel" ];
+	boot.extraModulePackages = [ ];
+
+	fileSystems."/" =
+		{ device = "/dev/disk/by-uuid/6f7eee14-5de3-41cc-985a-9d033ebf8a8d";
+			fsType = "ext4";
+		};
+
+	fileSystems."/boot" =
+		{ device = "/dev/disk/by-uuid/9CC1-E854";
+			fsType = "vfat";
+			options = [ "fmask=0022" "dmask=0022" ];
+		};
+
+	swapDevices = [ ];
+
+	# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+	# (the default) this is the recommended approach. When using systemd-networkd it's
+	# still possible to use this option, but it's recommended to use it in conjunction
+	# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+	networking.useDHCP = lib.mkDefault true;
+	# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+	nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+	hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

servers/cs306-mini/main.tf

@@ -0,0 +1,19 @@
+variable "ssh_private_key_file" {
+	description = "The path to the private key file to use for SSH"
+	type = string
+}
+
+variable "host" {
+	description = "The host to deploy to"
+	type = string
+}
+
+module "deployment" {
+	source = "git::https://github.com/diamondburned/terraform-nixos.git//deploy_nixos?ref=9d26ace355b2ed7d64a253b11ab12395a1395030"
+	nixos_config = "${path.module}"
+	target_host = "${var.host}"
+	ssh_private_key_file = var.ssh_private_key_file
+	ssh_agent = false
+	hermetic = true
+	build_on_target = false
+}