home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 09a25339c2e9f4b2017359b824a7d350bc95ceea
parent 9fcf2f77cd77b9b9c820055184c9ae009dfcab72
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri, 11 Dec 2020 17:45:41 +0100

flake: use foo.flake.nix to test things

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mflake.nix | 1+
Asystems/hosts/foo.flake.nix | 80+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dsystems/hosts/naruhodo.flake.nix | 104-------------------------------------------------------------------------------
3 files changed, 81 insertions(+), 104 deletions(-)

diff --git a/flake.nix b/flake.nix @@ -224,6 +224,7 @@ kerkouane = { pkgs = inputs.nixos; system = "x86_64-linux"; config = ./systems/hosts/kerkouane.flake.nix; }; # TODO raspberry pi 8G x 3 (name them too) # TODO VMs + foo = { pkgs = inputs.nixos-unstable; system = "x86_64-linux"; config = ./systems/hosts/foo.flake.nix; }; }; # Import the modules exported by this flake. diff --git a/systems/hosts/foo.flake.nix b/systems/hosts/foo.flake.nix @@ -0,0 +1,80 @@ +{ pkgs, lib, ... }: + +with lib; +let + secretPath = ../../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); + + ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}"; + ips = lists.optionals secretCondition ([ "${ip}/24" ]); + endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP; + endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0; + endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; +in +{ + + fileSystems."/" = + { + device = "/dev/mapper/root"; + fsType = "ext4"; + options = [ "noatime" "discard" ]; + }; + + boot.initrd.luks.devices = { + root = { + device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def"; + preLVM = true; + allowDiscards = true; + }; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/0101-68DE"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }]; + + boot = { + tmpOnTmpfs = true; + plymouth.enable = true; + extraModulePackages = with pkgs.linuxPackages; [ + v4l2loopback + ]; + kernelModules = [ "v4l2loopback" ]; + extraModprobeConfig = '' + options v4l2loopback exclusive_caps=1 + ''; + }; + + profiles = { + desktop.i3.enable = true; + laptop.enable = true; + home = true; + dev.enable = true; + yubikey.enable = true; + virtualization = { enable = true; nested = true; }; + docker.enable = true; + redhat.enable = true; + scanning.enable = true; + }; + environment.systemPackages = with pkgs; [ virtmanager ]; + + virtualisation.podman.enable = true; + virtualisation.containers = { + enable = true; + registries = { + search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ]; + }; + policy = { + default = [{ type = "insecureAcceptAnything"; }]; + transports = { + docker-daemon = { + "" = [{ type = "insecureAcceptAnything"; }]; + }; + }; + }; + }; +} diff --git a/systems/hosts/naruhodo.flake.nix b/systems/hosts/naruhodo.flake.nix @@ -1,104 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - hostname = "naruhodo"; - secretPath = ../../secrets/machines.nix; - secretCondition = (builtins.pathExists secretPath); - - ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}"; - ips = lists.optionals secretCondition ([ "${ip}/24" ]); - endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP; - endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0; - endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; -in -{ - /* - imports = [ - ../hardware/thinkpad-t480s.nix - ../modules - (import ../../users).vincent - (import ../../users).root - ]; - */ - - fileSystems."/" = - { - device = "/dev/mapper/root"; - fsType = "ext4"; - options = [ "noatime" "discard" ]; - }; - - boot.initrd.luks.devices = { - root = { - device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def"; - preLVM = true; - allowDiscards = true; - }; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/0101-68DE"; - fsType = "vfat"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }]; - - networking = { - hostName = hostname; - }; - - boot = { - tmpOnTmpfs = true; - plymouth.enable = true; - extraModulePackages = with pkgs.linuxPackages; [ - v4l2loopback - ]; - kernelModules = [ "v4l2loopback" ]; - extraModprobeConfig = '' - options v4l2loopback exclusive_caps=1 - ''; - }; - - services.hardware.bolt.enable = true; - profiles = { - desktop.i3.enable = true; - laptop.enable = true; - home = true; - dev.enable = true; - yubikey.enable = true; - virtualization = { enable = true; nested = true; }; - docker.enable = true; - redhat.enable = true; - scanning.enable = true; - }; - environment.systemPackages = with pkgs; [ virtmanager ]; - - services = { - wireguard = { - enable = true; - ips = ips; - endpoint = endpointIP; - endpointPort = endpointPort; - endpointPublicKey = endpointPublicKey; - }; - }; - - virtualisation.podman.enable = true; - virtualisation.containers = { - enable = true; - registries = { - search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ]; - }; - policy = { - default = [{ type = "insecureAcceptAnything"; }]; - transports = { - docker-daemon = { - "" = [{ type = "insecureAcceptAnything"; }]; - }; - }; - }; - }; -}