home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit dd5a2f59ecc986614611406e67ecc3c6b3db3b5f
parent b7cb4c5487c8b53fb252c1d406338a39e87848a1
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Thu, 17 Dec 2020 15:28:28 +0100

systems: hokkaido as a build machine

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mhosts.nix | 2+-
Msystems/hosts/hokkaido.nix | 76++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------
2 files changed, 55 insertions(+), 23 deletions(-)

diff --git a/hosts.nix b/hosts.nix @@ -1,7 +1,7 @@ { naruhodo = { arch = "x86_64-linux"; type = "unstable"; }; - hokkaido = { arch = "x86_64-linux"; type = "unstable"; }; # servers + hokkaido = { arch = "x86_64-linux"; }; wakasu = { arch = "x86_64-linux"; }; kerkouane = { arch = "x86_64-linux"; }; okinawa = { arch = "x86_64-linux"; }; diff --git a/systems/hosts/hokkaido.nix b/systems/hosts/hokkaido.nix @@ -37,6 +37,12 @@ in networking = { hostName = hostname; + bridges.br1.interfaces = [ "eno1" ]; + firewall.enable = false; # we are in safe territory :D + useDHCP = false; + interfaces.br1 = { + useDHCP = true; + }; }; boot = { @@ -44,33 +50,45 @@ in plymouth.enable = true; }; - services.hardware.bolt.enable = true; + boot.binfmt.registrations = { + s390x-linux = { + # interpreter = getEmulator "s390x-linux"; + interpreter = "${pkgs.qemu}/bin/qemu-s390x"; + magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16''; + mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff''; + }; + }; + boot.binfmt.emulatedSystems = [ + "armv6l-linux" + "armv7l-linux" + "aarch64-linux" + # "s390x-linux" + "powerpc64le-linux" + ]; + + users.extraUsers.builder = { + isNormalUser = true; + uid = 1018; + extraGroups = [ ]; + openssh.authorizedKeys.keys = [ (builtins.readFile "/etc/nixos/secrets/builder.pub") ]; + }; + nix.trustedUsers = [ "root" "vincent" "builder" ]; + profiles = { - desktop.gnome.enable = true; - laptop.enable = true; home = true; - ssh.enable = true; dev.enable = true; - yubikey.enable = true; - virtualization = { enable = true; nested = true; }; + desktop.enable = lib.mkForce false; + laptop.enable = true; docker.enable = true; - redhat.enable = true; - }; - environment.systemPackages = with pkgs; [ virtmanager ]; - - services = { - # FIXME re-generate hokkaido key - /* - wireguard = { - enable = true; - ips = ips; - endpoint = endpointIP; - endpointPort = endpointPort; - endpointPublicKey = endpointPublicKey; - }; - */ + avahi.enable = true; + syncthing.enable = true; + ssh = { enable = true; forwardX11 = true; }; + virtualization = { enable = true; nested = true; listenTCP = true; }; + kubernetes.enable = true; + openshift.enable = true; + tekton.enable = true; + yubikey.enable = true; }; - virtualisation.podman.enable = true; virtualisation.containers = { enable = true; @@ -86,4 +104,18 @@ in }; }; }; + + services = { + # FIXME re-generate hokkaido key + /* + wireguard = { + enable = true; + ips = ips; + endpoint = endpointIP; + endpointPort = endpointPort; + endpointPublicKey = endpointPublicKey; + }; + */ + }; + }