From 097ded10b59ce5bf0bc564958ca7b37e1872daca Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 1 Jul 2024 23:28:24 +0200 Subject: [PATCH] WIP: challenger: init new host --- .sops.yaml | 6 ++++ flake.nix | 18 ++++++++++ hosts/challenger/configuration.nix | 37 ++++++++++++++++++++ hosts/challenger/exports.nix | 12 +++++++ hosts/challenger/filesystems.nix | 18 ++++++++++ hosts/challenger/hardware-configuration.nix | 38 +++++++++++++++++++++ hosts/challenger/home.nix | 12 +++++++ 7 files changed, 141 insertions(+) create mode 100644 hosts/challenger/configuration.nix create mode 100644 hosts/challenger/exports.nix create mode 100644 hosts/challenger/filesystems.nix create mode 100644 hosts/challenger/hardware-configuration.nix create mode 100644 hosts/challenger/home.nix diff --git a/.sops.yaml b/.sops.yaml index 22aa91b..aedde85 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -25,3 +25,9 @@ creation_rules: - age: - *host_defiant - *user_felixalb + + - path_regex: secrets/challenger/[^/]+\.yaml$ + key_groups: + - age: + # - *host_defiant + - *user_felixalb diff --git a/flake.nix b/flake.nix index 260a6ae..ecf41a7 100644 --- a/flake.nix +++ b/flake.nix @@ -67,6 +67,24 @@ } ]; }; + challenger = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ + # Overlays-module makes "pkgs.unstable" available in configuration.nix + ({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; }) + + ./hosts/challenger/configuration.nix + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users."felixalb" = import ./hosts/challenger/home.nix; + } + ]; + }; defiant = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { diff --git a/hosts/challenger/configuration.nix b/hosts/challenger/configuration.nix new file mode 100644 index 0000000..182ab36 --- /dev/null +++ b/hosts/challenger/configuration.nix @@ -0,0 +1,37 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ../../base.nix + ../../common/metrics-exporters.nix + ./hardware-configuration.nix + ./exports.nix + ./filesystems.nix + ]; + + networking = { + hostName = "challenger"; + bridges.br0.interfaces = [ "eno1" ]; # TODO + interfaces.br0.useDHCP = false; + interfaces.br0.ipv4.addresses = [ + { address = "192.168.10.161"; prefixLength = 24; } + ]; + + hostId = "828ab735"; + defaultGateway = "192.168.10.1"; + }; + + sops.defaultSopsFile = ../../secrets/challenger/challenger.yaml; + + environment.variables = { EDITOR = "vim"; }; + environment.systemPackages = with pkgs; [ + zfs + ]; + + virtualisation.docker.enable = true; + virtualisation.oci-containers.backend = "docker"; + + system.stateVersion = "24.05"; +} + diff --git a/hosts/challenger/exports.nix b/hosts/challenger/exports.nix new file mode 100644 index 0000000..e4fbd7c --- /dev/null +++ b/hosts/challenger/exports.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: +{ + # Enable nfs4 only + services.nfs.server = { + enable = true; + exports = '' + ''; # TODO + }; + + networking.firewall.allowedTCPPorts = [ 111 2049 20048 ]; + networking.firewall.allowedUDPPorts = [ 111 20048]; +} diff --git a/hosts/challenger/filesystems.nix b/hosts/challenger/filesystems.nix new file mode 100644 index 0000000..626efb6 --- /dev/null +++ b/hosts/challenger/filesystems.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: +{ + # Boot drives are defined in ./hardware-configuration.nix + + environment.systemPackages = with pkgs; [ cifs-utils ]; + + # Local zfs + boot = { + zfs.extraPools = [ "tank" ]; + supportedFilesystems = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + }; + services.zfs.autoScrub = { + enable = true; + interval = "Wed *-*-8..14 00:00:00"; + }; + +} diff --git a/hosts/challenger/hardware-configuration.nix b/hosts/challenger/hardware-configuration.nix new file mode 100644 index 0000000..f6d4b2c --- /dev/null +++ b/hosts/challenger/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/TODO"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/TODO"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + # networking.interfaces.idrac.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/challenger/home.nix b/hosts/challenger/home.nix new file mode 100644 index 0000000..04b5729 --- /dev/null +++ b/hosts/challenger/home.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, ... }: +{ + imports = [ + ./../../home/base.nix + ]; + + programs = { + zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config"; + }; + + home.stateVersion = "24.05"; +}