ma latte.r: run on 1blu
This commit is contained in:
parent
cbacf6c58f
commit
78669833b1
50
1systems/latte/1blu/default.nix
Normal file
50
1systems/latte/1blu/default.nix
Normal file
|
@ -0,0 +1,50 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{
|
||||
|
||||
imports =
|
||||
[ ./network.nix
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
# Disk
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "tank/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "tank/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "tank/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/AEF3-A486";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
|
||||
networking.hostId = "3150697c"; # required for zfs use
|
||||
boot.tmpOnTmpfs = true;
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.copyKernels = true;
|
||||
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
|
||||
boot.kernelParams = [
|
||||
"boot.shell_on_fail"
|
||||
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
|
||||
];
|
||||
}
|
31
1systems/latte/1blu/network.nix
Normal file
31
1systems/latte/1blu/network.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
let
|
||||
external-mac = "c4:37:72:55:4e:1c";
|
||||
external-gw = "178.254.28.1";
|
||||
external-ip = "178.254.30.202";
|
||||
external-ip6 = "2a00:6800:3:18c::2";
|
||||
external-gw6 = "2a00:6800:3::1";
|
||||
external-netmask = 22;
|
||||
external-netmask6 = 64;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
ext-if = "et0"; # gets renamed on the fly
|
||||
in
|
||||
{
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
|
||||
'';
|
||||
networking = {
|
||||
interfaces."${ext-if}" = {
|
||||
ipv4.addresses = [{
|
||||
address = external-ip;
|
||||
prefixLength = external-netmask;
|
||||
}];
|
||||
ipv6.addresses = [{
|
||||
address = external-ip6;
|
||||
prefixLength = external-netmask6;
|
||||
}];
|
||||
};
|
||||
defaultGateway6 = { address = external-gw6; interface = ext-if; };
|
||||
defaultGateway = external-gw;
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
|
||||
# external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
|
@ -10,11 +10,13 @@ let
|
|||
in {
|
||||
|
||||
imports = [
|
||||
./1blu
|
||||
<stockholm/makefu>
|
||||
#<stockholm/makefu/2configs/home-manager>
|
||||
# configure your hw:
|
||||
<stockholm/makefu/2configs/hw/CAC.nix>
|
||||
#<stockholm/makefu/2configs/hw/CAC.nix>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
||||
#<stockholm/makefu/2configs/save-diskspace.nix>
|
||||
|
||||
# Security
|
||||
<stockholm/makefu/2configs/sshd-totp.nix>
|
||||
|
@ -25,29 +27,12 @@ in {
|
|||
<stockholm/makefu/2configs/zsh-user.nix>
|
||||
# Services
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
<stockholm/makefu/2configs/torrent.nix>
|
||||
# <stockholm/makefu/2configs/torrent.nix>
|
||||
|
||||
];
|
||||
krebs = {
|
||||
enable = true;
|
||||
build.host = config.krebs.hosts.latte;
|
||||
};
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
|
||||
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
boot.loader.grub.copyKernels = true;
|
||||
fileSystems."/" = {
|
||||
device = "/dev/vda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
networking = {
|
||||
firewall = {
|
||||
allowPing = true;
|
||||
logRefusedConnections = false;
|
||||
allowedTCPPorts = [ ];
|
||||
allowedUDPPorts = [ 655 ];
|
||||
};
|
||||
# network interface receives dhcp address
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
name = "latte";
|
||||
torrent = true;
|
||||
home-manager = true;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue