From 498215fb07e94c334876ce4cb1a652d423a45933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Wed, 30 Jan 2019 13:26:06 +0100 Subject: [PATCH] move retiolum config; add homeros config --- .gitignore | 3 +- configs/networks.nix | 27 +++-------- configs/retiolum.nix | 88 ++++++++--------------------------- config.nix => main.nix | 0 modules/retiolum.nix | 72 ++++++++++++++++++++++++++++ systems/catullus/config.nix | 2 +- systems/catullus/physical.nix | 0 systems/homeros/config.nix | 13 ++++++ systems/homeros/physical.nix | 32 +++++++++++++ 9 files changed, 146 insertions(+), 91 deletions(-) rename config.nix => main.nix (100%) create mode 100644 modules/retiolum.nix mode change 100755 => 100644 systems/catullus/config.nix mode change 100755 => 100644 systems/catullus/physical.nix create mode 100644 systems/homeros/config.nix create mode 100644 systems/homeros/physical.nix diff --git a/.gitignore b/.gitignore index 89b3a77..ed715a6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -secrets.nix +/secrets.nix +/result diff --git a/configs/networks.nix b/configs/networks.nix index c4e6a52..b3cccdf 100644 --- a/configs/networks.nix +++ b/configs/networks.nix @@ -1,16 +1,17 @@ { pkgs, config, lib, ... }: let sshPort = 22022; - secrets = import ../secrets.nix; + sshKey = { + homeros = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDn13Y6CznabMvKJPIrr/dj1TX4boe8F98yc3FDElJeprQo2RXlDzjg/po9/lHTHaoC5yQUjlRg/AnI4vizYkn2sqJebAeSPahmpS+l0eFnjZgsqds2cCFqSPB6Qc5YEkGRhN4aq/ABz0jdFJLBYOYGxuuXowYxyNrqrItxDR7tF7upG+kVjYiDoP/qFm8C7zv6Zy8aoehNbzf8HlIJd0ITbMr/vUftNsQ8C84QmbZljReHmchPgE8GUfVLTlCORkhndbvNX3jXo+75y7JOIZZ6193FZHM4seg/VSDWYLJtpnhttD1w6qmiLrlimqbJB9ihoXq2eDmQ+4zo6hxQ6pFH6P0xQClJ0hxVWn6hEM3rkMwoMfbq4v54gKJsYxcGdnwjAX6d9DQv/QVjmVZffKWsGGoC7uz7bdmc0akVKi+GLSPOx8sJwXqvyvFStfqLaweVcuikUqQ72JLK7pZyliA7na6KuQ1PE3LTpfSr0lbBJ73xtS2rU1nF/Oe5zwA4LX5s/QeDVmS86D8acUrSCO62pBB3Yv8go0KR4mEvfxLiUWV6gR2uTeIPXvo4ouYFZqyABAGybjUATlGCXJaeHd/y/VWkpIB8ocqNESlRMCEe4TrYjw91AEmYBL6kWIeop3dyhovm3dTB3fQvC97kbL16wuXBrOcN4lEc+56ShhmvdQ== kieran.meinhardt@gmail.com"; + scardanelli = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com"; + }; in { networking.hosts = lib.mapAttrs (_: value: [ (value + ".local") ]) { "192.168.178.1" = "router"; "192.168.178.21" = "scardanelli"; "192.168.178.22" = "homeros"; - "192.168.178.24" = "lestrade"; + "192.168.178.24" = "catullus"; "192.168.178.27" = "printer"; - } // { - "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; }; networking.wireless = { @@ -69,24 +70,8 @@ in { passwordAuthentication = false; }; - users.users.kfm.openssh.authorizedKeys.keys = let sshKey = secrets.ssh.publicKey; in [ + users.users.kfm.openssh.authorizedKeys.keys = [ sshKey.homeros sshKey.scardanelli ]; - - networking.retiolum = { - scardanelli = { - ipv4 = "10.243.2.2"; - ipv6 = "42:0:3c46:4007:5bce:f1bc:606b:2b18"; - }; - homeros = { - ipv4 = "10.243.2.1"; - ipv6 = "42:0:3c46:53e:e63d:e62a:56ea:c705"; - }; - }.${config.networking.hostName}; - - environment.etc."tinc/retiolum/rsa_key.priv" = { - text = secrets.retiolum.privateKey.${config.networking.hostName}; - mode = "400"; - }; } diff --git a/configs/retiolum.nix b/configs/retiolum.nix index 869b863..dc0ad68 100644 --- a/configs/retiolum.nix +++ b/configs/retiolum.nix @@ -1,72 +1,24 @@ -{ config, pkgs, lib, ... }: -with lib; -let - netname = "retiolum"; - cfg = config.networking.retiolum; -in { - options = { - networking.retiolum.ipv4 = mkOption { - type = types.str; - description = '' - own ipv4 address - ''; - }; - networking.retiolum.ipv6 = mkOption { - type = types.str; - description = '' - own ipv6 address - ''; - }; - networking.retiolum.nodename = mkOption { - type = types.str; - default = config.networking.hostName; - description = '' - tinc network name - ''; - }; - }; - config = { - services.tinc.networks.${netname} = { - name = cfg.nodename; - extraConfig = '' - LocalDiscovery = yes - ConnectTo = gum - ConnectTo = ni - ConnectTo = prism - ConnectTo = eve - AutoConnect = yes - ''; - }; +{ config, pkgs, ... }: +{ + imports = [ ../modules/retiolum.nix ]; - networking.extraHosts = builtins.readFile (pkgs.fetchurl { - name = "retiolum.hosts"; - url = "https://lassul.us/retiolum.hosts"; - # FIXME - sha256 = "0q8f5gw12hf9dhwcs4fni8jrvb2a1g6jskz28qcbd10p2xlkja58"; - }); - - environment.systemPackages = [ config.services.tinc.networks.${netname}.package ]; - - systemd.services."tinc.${netname}" = { - path = with pkgs; [ curl gnutar bzip2 ]; - preStart = '' - curl https://lassul.us/retiolum-hosts.tar.bz2 | tar -xjvf - -C /etc/tinc/${netname}/ || true - ''; - }; - - networking.firewall.allowedTCPPorts = [ 655 ]; - networking.firewall.allowedUDPPorts = [ 655 ]; - - systemd.network.enable = true; - systemd.network.networks = { - "${netname}".extraConfig = '' - [Match] - Name = tinc.${netname} - [Network] - Address=${cfg.ipv4}/12 - Address=${cfg.ipv6}/16 - ''; - }; + networking.hosts = { + "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; }; + networking.retiolum = { + scardanelli = { + ipv4 = "10.243.2.2"; + ipv6 = "42:0:3c46:4007:5bce:f1bc:606b:2b18"; + }; + homeros = { + ipv4 = "10.243.2.1"; + ipv6 = "42:0:3c46:53e:e63d:e62a:56ea:c705"; + }; + }.${config.networking.hostName}; + + environment.etc."tinc/retiolum/rsa_key.priv" = { + text = (import ../secrets.nix).retiolum.privateKey.${config.networking.hostName}; + mode = "400"; + }; } diff --git a/config.nix b/main.nix similarity index 100% rename from config.nix rename to main.nix diff --git a/modules/retiolum.nix b/modules/retiolum.nix new file mode 100644 index 0000000..869b863 --- /dev/null +++ b/modules/retiolum.nix @@ -0,0 +1,72 @@ +{ config, pkgs, lib, ... }: +with lib; +let + netname = "retiolum"; + cfg = config.networking.retiolum; +in { + options = { + networking.retiolum.ipv4 = mkOption { + type = types.str; + description = '' + own ipv4 address + ''; + }; + networking.retiolum.ipv6 = mkOption { + type = types.str; + description = '' + own ipv6 address + ''; + }; + networking.retiolum.nodename = mkOption { + type = types.str; + default = config.networking.hostName; + description = '' + tinc network name + ''; + }; + }; + config = { + services.tinc.networks.${netname} = { + name = cfg.nodename; + extraConfig = '' + LocalDiscovery = yes + ConnectTo = gum + ConnectTo = ni + ConnectTo = prism + ConnectTo = eve + AutoConnect = yes + ''; + }; + + networking.extraHosts = builtins.readFile (pkgs.fetchurl { + name = "retiolum.hosts"; + url = "https://lassul.us/retiolum.hosts"; + # FIXME + sha256 = "0q8f5gw12hf9dhwcs4fni8jrvb2a1g6jskz28qcbd10p2xlkja58"; + }); + + environment.systemPackages = [ config.services.tinc.networks.${netname}.package ]; + + systemd.services."tinc.${netname}" = { + path = with pkgs; [ curl gnutar bzip2 ]; + preStart = '' + curl https://lassul.us/retiolum-hosts.tar.bz2 | tar -xjvf - -C /etc/tinc/${netname}/ || true + ''; + }; + + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; + + systemd.network.enable = true; + systemd.network.networks = { + "${netname}".extraConfig = '' + [Match] + Name = tinc.${netname} + [Network] + Address=${cfg.ipv4}/12 + Address=${cfg.ipv6}/16 + ''; + }; + }; + +} diff --git a/systems/catullus/config.nix b/systems/catullus/config.nix old mode 100755 new mode 100644 index 974e905..20c2b49 --- a/systems/catullus/config.nix +++ b/systems/catullus/config.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - imports = [ ../slim.nix ]; + imports = []; boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; diff --git a/systems/catullus/physical.nix b/systems/catullus/physical.nix old mode 100755 new mode 100644 diff --git a/systems/homeros/config.nix b/systems/homeros/config.nix new file mode 100644 index 0000000..19bea72 --- /dev/null +++ b/systems/homeros/config.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + imports = + [ ../../main.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "homeros"; + + system.stateVersion = "19.03"; +} diff --git a/systems/homeros/physical.nix b/systems/homeros/physical.nix new file mode 100644 index 0000000..a6c395b --- /dev/null +++ b/systems/homeros/physical.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./config.nix + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/83544ad3-1d23-4c2d-82bc-fafef13a996f"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/8F9E-7556"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/5ea3a65e-8fdb-45fb-ad32-3759d991a83a"; } + ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +}