diff options
Diffstat (limited to 'users/sterni/machines/edwin')
| -rw-r--r-- | users/sterni/machines/edwin/default.nix | 19 | ||||
| -rw-r--r-- | users/sterni/machines/edwin/hardware.nix | 63 | ||||
| -rw-r--r-- | users/sterni/machines/edwin/network.nix | 62 |
3 files changed, 144 insertions, 0 deletions
diff --git a/users/sterni/machines/edwin/default.nix b/users/sterni/machines/edwin/default.nix new file mode 100644 index 0000000000..68f20787a9 --- /dev/null +++ b/users/sterni/machines/edwin/default.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, depot, ... }: + +{ + imports = [ + # Third party modules we use + "${depot.third_party.agenix.src}/modules/age.nix" + # Basic settings + ../../modules/common.nix + # These modules touch things related to booting (filesystems, initrd network…) + ./hardware.nix + ./network.nix + # These modules configure services, websites etc. + (depot.path.origSrc + "/ops/modules/btrfs-auto-scrub.nix") + ]; + + config = { + system.stateVersion = "20.09"; + }; +} diff --git a/users/sterni/machines/edwin/hardware.nix b/users/sterni/machines/edwin/hardware.nix new file mode 100644 index 0000000000..0e33de753a --- /dev/null +++ b/users/sterni/machines/edwin/hardware.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, depot, ... }: + +{ + config = { + boot = { + loader.grub = { + enable = true; + # TODO(sterni): use /dev/disk/by-id ? + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + }; + + kernelModules = [ + "kvm-intel" + ]; + + initrd.availableKernelModules = [ + "ahci" + "sd_mod" + "btrfs" + "realtek" + "r8169" + ]; + }; + + boot.initrd.luks.devices = { + "crypt1".device = "/dev/disk/by-uuid/02ac34ee-be10-401b-90c2-1c6aa54c4d5f"; + "crypt2".device = "/dev/disk/by-uuid/7ce07191-e704-4aed-a60f-dfa3ce386b26"; + "crypt-swap1".device = "/dev/disk/by-uuid/fec7155c-6a65-4f25-b271-43763e4c31eb"; + "crypt-swap2".device = "/dev/disk/by-uuid/7b0a03fc-51de-4578-9811-94b00df09d88"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/root"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "btrfs"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-label/swap1"; } + { device = "/dev/disk/by-label/swap2"; } + ]; + + powerManagement.cpuFreqGovernor = "performance"; + hardware = { + enableRedistributableFirmware = true; + cpu.intel.updateMicrocode = true; + }; + + nix.settings = { + max-jobs = 2; + cores = 4; + }; + }; +} diff --git a/users/sterni/machines/edwin/network.nix b/users/sterni/machines/edwin/network.nix new file mode 100644 index 0000000000..1e3d4e76f0 --- /dev/null +++ b/users/sterni/machines/edwin/network.nix @@ -0,0 +1,62 @@ +{ config, pkgs, lib, depot, ... }: + +let + ipv6 = "2a01:4f8:151:54d0::/64"; + + ipv4 = "176.9.107.207"; + gatewayv4 = "176.9.107.193"; + netmaskv4 = "255.255.255.224"; +in + +{ + config = { + boot = { + kernelParams = [ + "ip=${ipv4}::${gatewayv4}:${netmaskv4}::eth0:none" + ]; + + initrd.network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = depot.users.sterni.keys.all; + hostKeys = [ + "/etc/nixos/unlock_rsa_key_openssh" + "/etc/nixos/unlock_ed25519_key_openssh" + ]; + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + }; + + networking = { + usePredictableInterfaceNames = false; + useDHCP = false; + interfaces."eth0".useDHCP = false; + + hostName = "edwin"; + + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ 22 80 443 ]; + }; + }; + + systemd.network = { + enable = true; + networks."eth0".extraConfig = '' + [Match] + Name = eth0 + + [Network] + Address = ${ipv6} + Gateway = fe80::1 + Address = ${ipv4}/27 + Gateway = ${gatewayv4} + ''; + }; + }; +} |