home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit c0ca80722872898fa3f68475d638abba5a7f43b5
parent fd25b3df84fa2253ba00832b1b862fdf64aafb55
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri, 17 Jul 2020 11:53:14 +0200

systems: add naruhodo and make wakasu a server

- naruhodo based on hokkaido configuration for now
- wakasu becomes a libvirt server

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mhosts.nix | 4+++-
Asystems/naruhodo.nix | 136+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 139 insertions(+), 1 deletion(-)

diff --git a/hosts.nix b/hosts.nix @@ -1,6 +1,8 @@ { + naruhodo = { arch = "x86_64-linux"; type = "unstable"; }; hokkaido = { arch = "x86_64-linux"; type = "unstable"; }; - wakasu = { arch = "x86_64-linux"; type = "unstable"; }; + # servers + wakasu = { arch = "x86_64-linux"; }; kerkouane = { arch = "x86_64-linux"; }; okinawa = { arch = "x86_64-linux"; }; sakhalin = { arch = "x86_64-linux"; }; diff --git a/systems/naruhodo.nix b/systems/naruhodo.nix @@ -0,0 +1,136 @@ +{ pkgs, lib, ... }: + +with lib; +let + hostname = "hokkaido"; + secretPath = ../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); + + ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}"; + ips = lists.optionals secretCondition ([ "${ip}/24" ]); + endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP; + endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0; + endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; +in +{ + imports = [ + ./hardware/thinkpad-x220.nix + ./modules + (import ../users).vincent + (import ../users).root + ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/884a3d57-f652-49b2-9c8b-f6eebd5edbeb"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/C036-34B9"; + fsType = "vfat"; + }; + swapDevices = [{ device = "/dev/disk/by-uuid/e1833693-77ac-4d52-bcc7-54d082788639"; }]; + + networking = { + hostName = hostname; + }; + + boot = { + tmpOnTmpfs = true; + plymouth.enable = true; + }; + + hardware.bluetooth.enable = true; + profiles = { + syncthing.enable = true; + home = true; + laptop.enable = true; + desktop.enable = lib.mkForce false; + avahi.enable = true; + git.enable = true; + ssh.enable = true; + dev.enable = true; + yubikey.enable = true; + virtualization = { enable = true; nested = true; }; + }; + environment.systemPackages = with pkgs; [ virtmanager ]; + + networking.networkmanager = { + enable = true; + unmanaged = [ + "interface-name:ve-*" + "interface-name:veth*" + "interface-name:wg0" + "interface-name:docker0" + "interface-name:virbr*" + ]; + packages = with pkgs; [ networkmanager-openvpn ]; + }; + + services.xserver.enable = true; + services.xserver.layout = "fr"; + services.xserver.xkbVariant = "bepo"; + services.xserver.xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps"; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome3.enable = true; + services.gnome3.chrome-gnome-shell.enable = true; + services.gnome3.core-shell.enable = true; + services.gnome3.core-os-services.enable = true; + services.gnome3.core-utilities.enable = true; + + fonts = { + enableFontDir = true; + enableGhostscriptFonts = true; + fonts = with pkgs; [ + corefonts + dejavu_fonts + emojione + feh + fira + fira-code + fira-code-symbols + fira-mono + hasklig + inconsolata + iosevka + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + noto-fonts-extra + overpass + symbola + source-code-pro + twemoji-color-font + ubuntu_font_family + unifont + ]; + }; + + services = { + fprintd.enable = true; + # FIXME re-generate hokkaido key + /* + wireguard = { + enable = true; + ips = ips; + endpoint = endpointIP; + endpointPort = endpointPort; + endpointPublicKey = endpointPublicKey; + }; + */ + }; + + virtualisation.containers = { + enable = true; + registries = { + search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ]; + }; + policy = { + default = [{ type = "insecureAcceptAnything"; }]; + transports = { + docker-daemon = { + "" = [{ type = "insecureAcceptAnything"; }]; + }; + }; + }; + }; +}