WIP: challenger: init new host

This commit is contained in:
Felix Albrigtsen 2024-07-01 23:28:24 +02:00
parent f580bef7c1
commit 097ded10b5
7 changed files with 141 additions and 0 deletions

View File

@ -25,3 +25,9 @@ creation_rules:
- age: - age:
- *host_defiant - *host_defiant
- *user_felixalb - *user_felixalb
- path_regex: secrets/challenger/[^/]+\.yaml$
- age:
# - *host_defiant
- *user_felixalb

View File

@ -67,6 +67,24 @@
} }
]; ];
}; };
challenger = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
modules = [
# Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users."felixalb" = import ./hosts/challenger/home.nix;
defiant = nixpkgs.lib.nixosSystem { defiant = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {

View File

@ -0,0 +1,37 @@
{ config, pkgs, ... }:
imports =
networking = {
hostName = "challenger";
bridges.br0.interfaces = [ "eno1" ]; # TODO
interfaces.br0.useDHCP = false;
interfaces.br0.ipv4.addresses = [
{ address = ""; prefixLength = 24; }
hostId = "828ab735";
defaultGateway = "";
sops.defaultSopsFile = ../../secrets/challenger/challenger.yaml;
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
system.stateVersion = "24.05";

View File

@ -0,0 +1,12 @@
{ config, pkgs, lib, ... }:
# Enable nfs4 only
services.nfs.server = {
enable = true;
exports = ''
''; # TODO
networking.firewall.allowedTCPPorts = [ 111 2049 20048 ];
networking.firewall.allowedUDPPorts = [ 111 20048];

View File

@ -0,0 +1,18 @@
{ config, pkgs, lib, ... }:
# Boot drives are defined in ./hardware-configuration.nix
environment.systemPackages = with pkgs; [ cifs-utils ];
# Local zfs
boot = {
zfs.extraPools = [ "tank" ];
supportedFilesystems = [ "zfs" ];
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
services.zfs.autoScrub = {
enable = true;
interval = "Wed *-*-8..14 00:00:00";

View File

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/TODO";
fsType = "ext4";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/TODO";
fsType = "vfat";
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.idrac.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

hosts/challenger/home.nix Normal file
View File

@ -0,0 +1,12 @@
{ pkgs, lib, ... }:
imports = [
programs = {
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
home.stateVersion = "24.05";