diff options
author | lassulus <lassulus@lassul.us> | 2020-12-30 09:13:07 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2020-12-30 09:13:07 +0100 |
commit | e0bb61d3d3c2e053ab8c8c22f9cdded409ecece7 (patch) | |
tree | cb00a8eeead2d80cb05bc561005b8e9cf6edfb6a /krebs/1systems/puyak | |
parent | ba47b90d7326c262f3e3327781a16fd8400df062 (diff) | |
parent | c370c87da36bc256cfbc59bb2b0b9ffa1d457168 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs/1systems/puyak')
-rw-r--r-- | krebs/1systems/puyak/config.nix | 12 | ||||
-rw-r--r-- | krebs/1systems/puyak/net.nix | 23 |
2 files changed, 28 insertions, 7 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 9ee61c6f8..e41488cc3 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -1,12 +1,16 @@ { config, pkgs, ... }: - { imports = [ + ./net.nix <stockholm/krebs> <stockholm/krebs/2configs> <stockholm/krebs/2configs/secret-passwords.nix> <stockholm/krebs/2configs/hw/x220.nix> + # see documentation in included getty-for-esp.nix: + # brain hosts/puyak/root + <stockholm/krebs/2configs/hw/getty-for-esp.nix> + ## initrd unlocking # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase' @@ -118,7 +122,6 @@ krebs.build.host = config.krebs.hosts.puyak; sound.enable = false; - boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; @@ -163,10 +166,6 @@ services.logind.lidSwitchExternalPower = "ignore"; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0" - ''; environment.systemPackages = [ pkgs.zsh ]; @@ -179,5 +178,4 @@ isNormalUser = true; shell = "/run/current-system/sw/bin/zsh"; }; - networking.firewall.allowedTCPPorts = [ 5901 ]; } diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix new file mode 100644 index 000000000..4cb8d247c --- /dev/null +++ b/krebs/1systems/puyak/net.nix @@ -0,0 +1,23 @@ +let + ext-if = "enp0s25"; + shack-ip = "10.42.22.184"; + shack-gw = "10.42.20.1"; +in { + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0" + ''; + networking = { + firewall.enable = false; + firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ]; + interfaces."${ext-if}".ipv4.addresses = [ + { + address = shack-ip; + prefixLength = 20; + } + ]; + + defaultGateway = shack-gw; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; +} |