diff options
-rw-r--r-- | krebs/1systems/puyak/config.nix | 55 | ||||
-rw-r--r-- | krebs/1systems/puyak/source.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 24 |
3 files changed, 82 insertions, 0 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix new file mode 100644 index 000000000..5e5f6cdb2 --- /dev/null +++ b/krebs/1systems/puyak/config.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + <stockholm/krebs/2configs/secret-passwords.nix> + ]; + + krebs.build.host = config.krebs.hosts.puyak; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/pool-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda2"; + }; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + hardware.enableAllFirmware = true; + networking.wireless.enable = true; + nixpkgs.config.allowUnfree = true; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0" + ''; + +} diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix new file mode 100644 index 000000000..a21651899 --- /dev/null +++ b/krebs/1systems/puyak/source.nix @@ -0,0 +1,3 @@ +import <stockholm/krebs/source.nix> { + name = "puyak"; +} diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 0aa0cac9d..f11b8ef48 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -30,6 +30,30 @@ let }); in { hosts = { + puyak = { + owner = config.krebs.users.krebs; + nets = { + retiolum = { + ip4.addr = "10.243.77.2"; + ip6.addr = "42:0:0:0:0:0:77:2"; + aliases = [ + "puyak.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955 + SwotAPBrOT5P3pZ52Pu326SR5nj9XWfN6GD0CkcDQddtRG5OOtUWlvkYzZraNh33 + p9l8TBgHJKogGe6umbs+4v7pWfbS0k708L2ttwY0ceju6RL6UqShIYB6qhDzwalU + p8s7pypl7BwrsTwYkUGleIptiN78cYv/NHvXhvXBuVGz4J0tCH4GMvdTHCah1l1r + zwEpKlAq0FD6bgYTJL94Tvxe2xzyr8c+xn1+XbJtMudGmrRjIHS6YupzO/Y2MO7w + UkbMKDhYVhSPFEyk6PMm0SU9uAh4I1+8BQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; + }; wolf = { owner = config.krebs.users.krebs; nets = { |