krebs: init puyak

3 files changed, 82 insertions, 0 deletions

diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
new file mode 100644
index 00000000..5e5f6cdb
--- /dev/null
+++ b/krebs/1systems/puyak/config.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/krebs>
+    <stockholm/krebs/2configs>
+    <stockholm/krebs/2configs/secret-passwords.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.puyak;
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+
+    initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
+    initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+    initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/mapper/pool-root";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
+    };
+    "/boot" = {
+      device = "/dev/sda2";
+    };
+    "/home" = {
+      device = "/dev/mapper/pool-home";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
+    };
+    "/tmp" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["nosuid" "nodev" "noatime"];
+    };
+  };
+
+  hardware.enableAllFirmware = true;
+  networking.wireless.enable = true;
+  nixpkgs.config.allowUnfree = true;
+
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
+    SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
+  '';
+
+}
diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix
new file mode 100644
index 00000000..a2165189
--- /dev/null
+++ b/krebs/1systems/puyak/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/krebs/source.nix> {
+  name = "puyak";
+}
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 0aa0cac9..f11b8ef4 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,6 +30,30 @@ let
   });
 in {
   hosts = {
+    puyak = {
+      owner = config.krebs.users.krebs;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.77.2";
+          ip6.addr = "42:0:0:0:0:0:77:2";
+          aliases = [
+            "puyak.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
+            SwotAPBrOT5P3pZ52Pu326SR5nj9XWfN6GD0CkcDQddtRG5OOtUWlvkYzZraNh33
+            p9l8TBgHJKogGe6umbs+4v7pWfbS0k708L2ttwY0ceju6RL6UqShIYB6qhDzwalU
+            p8s7pypl7BwrsTwYkUGleIptiN78cYv/NHvXhvXBuVGz4J0tCH4GMvdTHCah1l1r
+            zwEpKlAq0FD6bgYTJL94Tvxe2xzyr8c+xn1+XbJtMudGmrRjIHS6YupzO/Y2MO7w
+            UkbMKDhYVhSPFEyk6PMm0SU9uAh4I1+8BQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
+    };
     wolf = {
       owner = config.krebs.users.krebs;
       nets = {