summaryrefslogtreecommitdiffstats
path: root/krebs/1systems/puyak
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2020-12-30 09:13:07 +0100
committerlassulus <lassulus@lassul.us>2020-12-30 09:13:07 +0100
commite0bb61d3d3c2e053ab8c8c22f9cdded409ecece7 (patch)
treecb00a8eeead2d80cb05bc561005b8e9cf6edfb6a /krebs/1systems/puyak
parentba47b90d7326c262f3e3327781a16fd8400df062 (diff)
parentc370c87da36bc256cfbc59bb2b0b9ffa1d457168 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs/1systems/puyak')
-rw-r--r--krebs/1systems/puyak/config.nix12
-rw-r--r--krebs/1systems/puyak/net.nix23
2 files changed, 28 insertions, 7 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 9ee61c6f8..e41488cc3 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -1,12 +1,16 @@
{ config, pkgs, ... }:
-
{
imports = [
+ ./net.nix
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
+ # see documentation in included getty-for-esp.nix:
+ # brain hosts/puyak/root
+ <stockholm/krebs/2configs/hw/getty-for-esp.nix>
+
## initrd unlocking
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
@@ -118,7 +122,6 @@
krebs.build.host = config.krebs.hosts.puyak;
sound.enable = false;
-
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
@@ -163,10 +166,6 @@
services.logind.lidSwitchExternalPower = "ignore";
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
- '';
environment.systemPackages = [ pkgs.zsh ];
@@ -179,5 +178,4 @@
isNormalUser = true;
shell = "/run/current-system/sw/bin/zsh";
};
- networking.firewall.allowedTCPPorts = [ 5901 ];
}
diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix
new file mode 100644
index 000000000..4cb8d247c
--- /dev/null
+++ b/krebs/1systems/puyak/net.nix
@@ -0,0 +1,23 @@
+let
+ ext-if = "enp0s25";
+ shack-ip = "10.42.22.184";
+ shack-gw = "10.42.20.1";
+in {
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
+ '';
+ networking = {
+ firewall.enable = false;
+ firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
+ interfaces."${ext-if}".ipv4.addresses = [
+ {
+ address = shack-ip;
+ prefixLength = 20;
+ }
+ ];
+
+ defaultGateway = shack-gw;
+ nameservers = [ "10.42.0.100" "10.42.0.200" ];
+ };
+}