commit 09a25339c2e9f4b2017359b824a7d350bc95ceea
parent 9fcf2f77cd77b9b9c820055184c9ae009dfcab72
Author: Vincent Demeester <vincent@sbr.pm>
Date: Fri, 11 Dec 2020 17:45:41 +0100
flake: use foo.flake.nix to test things
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
3 files changed, 81 insertions(+), 104 deletions(-)
diff --git a/flake.nix b/flake.nix
@@ -224,6 +224,7 @@
kerkouane = { pkgs = inputs.nixos; system = "x86_64-linux"; config = ./systems/hosts/kerkouane.flake.nix; };
# TODO raspberry pi 8G x 3 (name them too)
# TODO VMs
+ foo = { pkgs = inputs.nixos-unstable; system = "x86_64-linux"; config = ./systems/hosts/foo.flake.nix; };
};
# Import the modules exported by this flake.
diff --git a/systems/hosts/foo.flake.nix b/systems/hosts/foo.flake.nix
@@ -0,0 +1,80 @@
+{ pkgs, lib, ... }:
+
+with lib;
+let
+ secretPath = ../../secrets/machines.nix;
+ secretCondition = (builtins.pathExists secretPath);
+
+ ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
+ ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+ endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
+ endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
+ endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+in
+{
+
+ fileSystems."/" =
+ {
+ device = "/dev/mapper/root";
+ fsType = "ext4";
+ options = [ "noatime" "discard" ];
+ };
+
+ boot.initrd.luks.devices = {
+ root = {
+ device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def";
+ preLVM = true;
+ allowDiscards = true;
+ };
+ };
+
+ fileSystems."/boot" =
+ {
+ device = "/dev/disk/by-uuid/0101-68DE";
+ fsType = "vfat";
+ };
+
+ swapDevices =
+ [{ device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }];
+
+ boot = {
+ tmpOnTmpfs = true;
+ plymouth.enable = true;
+ extraModulePackages = with pkgs.linuxPackages; [
+ v4l2loopback
+ ];
+ kernelModules = [ "v4l2loopback" ];
+ extraModprobeConfig = ''
+ options v4l2loopback exclusive_caps=1
+ '';
+ };
+
+ profiles = {
+ desktop.i3.enable = true;
+ laptop.enable = true;
+ home = true;
+ dev.enable = true;
+ yubikey.enable = true;
+ virtualization = { enable = true; nested = true; };
+ docker.enable = true;
+ redhat.enable = true;
+ scanning.enable = true;
+ };
+ environment.systemPackages = with pkgs; [ virtmanager ];
+
+ virtualisation.podman.enable = true;
+ virtualisation.containers = {
+ enable = true;
+ registries = {
+ search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
+ };
+ policy = {
+ default = [{ type = "insecureAcceptAnything"; }];
+ transports = {
+ docker-daemon = {
+ "" = [{ type = "insecureAcceptAnything"; }];
+ };
+ };
+ };
+ };
+}
diff --git a/systems/hosts/naruhodo.flake.nix b/systems/hosts/naruhodo.flake.nix
@@ -1,104 +0,0 @@
-{ pkgs, lib, ... }:
-
-with lib;
-let
- hostname = "naruhodo";
- secretPath = ../../secrets/machines.nix;
- secretCondition = (builtins.pathExists secretPath);
-
- ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
- ips = lists.optionals secretCondition ([ "${ip}/24" ]);
- endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
- endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
- endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
-in
-{
- /*
- imports = [
- ../hardware/thinkpad-t480s.nix
- ../modules
- (import ../../users).vincent
- (import ../../users).root
- ];
- */
-
- fileSystems."/" =
- {
- device = "/dev/mapper/root";
- fsType = "ext4";
- options = [ "noatime" "discard" ];
- };
-
- boot.initrd.luks.devices = {
- root = {
- device = "/dev/disk/by-uuid/50d7faba-8923-4b30-88f7-40df26e02def";
- preLVM = true;
- allowDiscards = true;
- };
- };
-
- fileSystems."/boot" =
- {
- device = "/dev/disk/by-uuid/0101-68DE";
- fsType = "vfat";
- };
-
- swapDevices =
- [{ device = "/dev/disk/by-uuid/aff86817-55ae-47ed-876a-e5a027b560ba"; }];
-
- networking = {
- hostName = hostname;
- };
-
- boot = {
- tmpOnTmpfs = true;
- plymouth.enable = true;
- extraModulePackages = with pkgs.linuxPackages; [
- v4l2loopback
- ];
- kernelModules = [ "v4l2loopback" ];
- extraModprobeConfig = ''
- options v4l2loopback exclusive_caps=1
- '';
- };
-
- services.hardware.bolt.enable = true;
- profiles = {
- desktop.i3.enable = true;
- laptop.enable = true;
- home = true;
- dev.enable = true;
- yubikey.enable = true;
- virtualization = { enable = true; nested = true; };
- docker.enable = true;
- redhat.enable = true;
- scanning.enable = true;
- };
- environment.systemPackages = with pkgs; [ virtmanager ];
-
- services = {
- wireguard = {
- enable = true;
- ips = ips;
- endpoint = endpointIP;
- endpointPort = endpointPort;
- endpointPublicKey = endpointPublicKey;
- };
- };
-
- virtualisation.podman.enable = true;
- virtualisation.containers = {
- enable = true;
- registries = {
- search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
- };
- policy = {
- default = [{ type = "insecureAcceptAnything"; }];
- transports = {
- docker-daemon = {
- "" = [{ type = "insecureAcceptAnything"; }];
- };
- };
- };
- };
-}