home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 1edf4638f46b42cfc48897379057df2889af9f80
parent 8157bf30dd675986d1a8e349856328e196613730
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri, 25 Feb 2022 16:21:40 +0100

systems: remove hokkaido

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Dsystems/hosts/hokkaido.nix | 127-------------------------------------------------------------------------------
1 file changed, 0 insertions(+), 127 deletions(-)

diff --git a/systems/hosts/hokkaido.nix b/systems/hosts/hokkaido.nix @@ -1,127 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - hostname = "hokkaido"; - secretPath = ../../secrets/machines.nix; - secretCondition = (builtins.pathExists secretPath); - - ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}"; - ips = lists.optionals secretCondition ([ "${ip}/24" ]); - endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP; - endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0; - endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; -in -{ - imports = [ - ../hardware/dell-latitude-e6540.nix - (import ../../nix).home-manager-stable - ../modules - (import ../../users).vincent - (import ../../users).root - ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/3e86d004-5554-4a90-b436-fcca63775f9d"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/D91F-14E8"; - fsType = "vfat"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/f065180d-8889-45ba-81d1-a67ac746dfeb"; }]; - - networking = { - hostName = hostname; - bridges.br1.interfaces = [ "eno1" ]; - firewall.enable = false; # we are in safe territory :D - useDHCP = false; - interfaces.br1 = { - useDHCP = true; - }; - }; - - boot = { - tmpOnTmpfs = true; - plymouth.enable = true; - }; - - boot.binfmt.registrations = { - s390x-linux = { - # interpreter = getEmulator "s390x-linux"; - interpreter = "${pkgs.qemu}/bin/qemu-s390x"; - magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff''; - }; - }; - boot.binfmt.emulatedSystems = [ - "armv6l-linux" - "armv7l-linux" - "aarch64-linux" - # "s390x-linux" - "powerpc64le-linux" - ]; - - users.extraUsers.builder = { - isNormalUser = true; - uid = 1018; - extraGroups = [ ]; - openssh.authorizedKeys.keys = [ (builtins.readFile "/etc/nixos/secrets/builder.pub") ]; - }; - nix.trustedUsers = [ "root" "vincent" "builder" ]; - - profiles = { - home = true; - dev.enable = true; - desktop.enable = lib.mkForce false; - laptop.enable = true; - docker.enable = true; - avahi.enable = true; - syncthing.enable = true; - ssh = { enable = true; forwardX11 = true; }; - virtualization = { enable = true; nested = true; listenTCP = true; }; - kubernetes.enable = true; - openshift.enable = true; - tekton.enable = false; - yubikey.enable = true; - }; - virtualisation.podman.enable = true; - virtualisation.containers = { - enable = true; - registries = { - search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ]; - }; - policy = { - default = [{ type = "insecureAcceptAnything"; }]; - transports = { - docker-daemon = { - "" = [{ type = "insecureAcceptAnything"; }]; - }; - }; - }; - }; - - services = { - logind.extraConfig = '' - HandleLidSwitch=ignore - HandleLidSwitchExternalPower=ignore - HandleLidSwitchDocked=ignore - ''; - wireguard = { - enable = true; - ips = ips; - endpoint = endpointIP; - endpointPort = endpointPort; - endpointPublicKey = endpointPublicKey; - }; - }; - systemd.services.buildkitd.wantedBy = lib.mkForce [ ]; - systemd.services.containerd.wantedBy = lib.mkForce [ ]; - systemd.services.docker.wantedBy = lib.mkForce [ ]; - systemd.services.docker.requires = [ "containerd.socket" ]; - -}