diff options
| -rw-r--r-- | users/sterni/machines/ingeborg/default.nix | 15 | ||||
| -rw-r--r-- | users/sterni/machines/ingeborg/hardware.nix | 76 | ||||
| -rw-r--r-- | users/sterni/machines/ingeborg/network.nix | 62 |
3 files changed, 153 insertions, 0 deletions
diff --git a/users/sterni/machines/ingeborg/default.nix b/users/sterni/machines/ingeborg/default.nix new file mode 100644 index 000000000000..3012e5f4af9e --- /dev/null +++ b/users/sterni/machines/ingeborg/default.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, depot, ... }: + +{ + imports = [ + # Basic settings + ../../modules/common.nix + # These modules touch things related to booting (filesystems, initrd network…) + ./hardware.nix + ./network.nix + ]; + + config = { + system.stateVersion = "24.05"; + }; +} diff --git a/users/sterni/machines/ingeborg/hardware.nix b/users/sterni/machines/ingeborg/hardware.nix new file mode 100644 index 000000000000..982598131eb6 --- /dev/null +++ b/users/sterni/machines/ingeborg/hardware.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, depot, ... }: + +{ + # Booting / Kernel + boot = { + loader.grub = { + enable = true; + devices = [ + "/dev/disk/by-id/wwn-0x5000c500a4859731" + "/dev/disk/by-id/wwn-0x5000c500a485c1b5" + ]; + }; + + initrd = { + availableKernelModules = [ + "ahci" + "btrfs" + "sd_mod" + "xhci_pci" + "e1000e" + ]; + kernelModules = [ + "dm-snapshot" + ]; + }; + + swraid = { + enable = true; + mdadmConf = '' + ARRAY /dev/md/boot-raid metadata=1.2 name=nixos:boot-raid UUID=13007b9d:ab7a1129:c45ec40f:3c9f2111 + ARRAY /dev/md/encrypted-container-raid metadata=1.2 name=nixos:encrypted-container-raid UUID=38dfa683:a6d30690:32a5de6f:fb7980fe + ''; + }; + + kernelModules = [ + "kvm-intel" + ]; + }; + + # Filesystems + services.lvm.enable = true; + + boot.initrd.luks.devices."container" = { + device = "/dev/md/encrypted-container-raid"; + preLVM = true; + }; + + fileSystems = { + "/" = { + device = "/dev/mainvg/root"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + }; + }; + + swapDevices = [ + { device = "/dev/mainvg/swap"; } + ]; + + # CPU + hardware = { + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + enableRedistributableFirmware = true; + }; + + nix.settings = { + max-jobs = 2; + cores = 4; + }; + + powerManagement.cpuFreqGovernor = "performance"; +} diff --git a/users/sterni/machines/ingeborg/network.nix b/users/sterni/machines/ingeborg/network.nix new file mode 100644 index 000000000000..fceb530d55d8 --- /dev/null +++ b/users/sterni/machines/ingeborg/network.nix @@ -0,0 +1,62 @@ +{ config, pkgs, lib, depot, ... }: + +let + ipv6 = "2a01:4f9:2a:1bc6::/64"; + + ipv4 = "95.216.27.158"; + gatewayv4 = "95.216.27.129"; + netmaskv4 = "255.255.255.192"; +in + +{ + config = { + boot = { + kernelParams = [ + "ip=${ipv4}::${gatewayv4}:${netmaskv4}::eth0:none" + ]; + + initrd.network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = depot.users.sterni.keys.all; + hostKeys = [ + "/etc/nixos/unlock_rsa_key_openssh" + "/etc/nixos/unlock_ed25519_key_openssh" + ]; + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + }; + + networking = { + usePredictableInterfaceNames = false; + useDHCP = false; + interfaces."eth0".useDHCP = false; + + hostName = "ingeborg"; + + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ 22 ]; + }; + }; + + systemd.network = { + enable = true; + networks."eth0".extraConfig = '' + [Match] + Name = eth0 + + [Network] + Address = ${ipv6} + Gateway = fe80::1 + Address = ${ipv4}/27 + Gateway = ${gatewayv4} + ''; + }; + }; +} |