WIP: challenger: init new host
This commit is contained in:
parent
f580bef7c1
commit
097ded10b5
@ -25,3 +25,9 @@ creation_rules:
|
||||
- age:
|
||||
- *host_defiant
|
||||
- *user_felixalb
|
||||
|
||||
- path_regex: secrets/challenger/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
# - *host_defiant
|
||||
- *user_felixalb
|
||||
|
18
flake.nix
18
flake.nix
@ -67,6 +67,24 @@
|
||||
}
|
||||
];
|
||||
};
|
||||
challenger = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
modules = [
|
||||
# Overlays-module makes "pkgs.unstable" available in configuration.nix
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
|
||||
|
||||
./hosts/challenger/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
home-manager.nixosModules.home-manager {
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users."felixalb" = import ./hosts/challenger/home.nix;
|
||||
}
|
||||
];
|
||||
};
|
||||
defiant = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
|
37
hosts/challenger/configuration.nix
Normal file
37
hosts/challenger/configuration.nix
Normal file
@ -0,0 +1,37 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
../../base.nix
|
||||
../../common/metrics-exporters.nix
|
||||
./hardware-configuration.nix
|
||||
./exports.nix
|
||||
./filesystems.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "challenger";
|
||||
bridges.br0.interfaces = [ "eno1" ]; # TODO
|
||||
interfaces.br0.useDHCP = false;
|
||||
interfaces.br0.ipv4.addresses = [
|
||||
{ address = "192.168.10.161"; prefixLength = 24; }
|
||||
];
|
||||
|
||||
hostId = "828ab735";
|
||||
defaultGateway = "192.168.10.1";
|
||||
};
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/challenger/challenger.yaml;
|
||||
|
||||
environment.variables = { EDITOR = "vim"; };
|
||||
environment.systemPackages = with pkgs; [
|
||||
zfs
|
||||
];
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
||||
|
12
hosts/challenger/exports.nix
Normal file
12
hosts/challenger/exports.nix
Normal file
@ -0,0 +1,12 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# Enable nfs4 only
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports = ''
|
||||
''; # TODO
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 111 2049 20048 ];
|
||||
networking.firewall.allowedUDPPorts = [ 111 20048];
|
||||
}
|
18
hosts/challenger/filesystems.nix
Normal file
18
hosts/challenger/filesystems.nix
Normal file
@ -0,0 +1,18 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# Boot drives are defined in ./hardware-configuration.nix
|
||||
|
||||
environment.systemPackages = with pkgs; [ cifs-utils ];
|
||||
|
||||
# Local zfs
|
||||
boot = {
|
||||
zfs.extraPools = [ "tank" ];
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||
};
|
||||
services.zfs.autoScrub = {
|
||||
enable = true;
|
||||
interval = "Wed *-*-8..14 00:00:00";
|
||||
};
|
||||
|
||||
}
|
38
hosts/challenger/hardware-configuration.nix
Normal file
38
hosts/challenger/hardware-configuration.nix
Normal file
@ -0,0 +1,38 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/TODO";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/TODO";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.idrac.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
12
hosts/challenger/home.nix
Normal file
12
hosts/challenger/home.nix
Normal file
@ -0,0 +1,12 @@
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./../../home/base.nix
|
||||
];
|
||||
|
||||
programs = {
|
||||
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
|
||||
};
|
||||
|
||||
home.stateVersion = "24.05";
|
||||
}
|
Loading…
Reference in New Issue
Block a user