summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/puyak/config.nix55
-rw-r--r--krebs/1systems/puyak/source.nix3
-rw-r--r--krebs/3modules/krebs/default.nix24
3 files changed, 82 insertions, 0 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
new file mode 100644
index 000000000..5e5f6cdb2
--- /dev/null
+++ b/krebs/1systems/puyak/config.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ <stockholm/krebs/2configs/secret-passwords.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.puyak;
+
+ boot = {
+ loader.systemd-boot.enable = true;
+ loader.efi.canTouchEfiVariables = true;
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ };
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/pool-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/boot" = {
+ device = "/dev/sda2";
+ };
+ "/home" = {
+ device = "/dev/mapper/pool-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ };
+
+ hardware.enableAllFirmware = true;
+ networking.wireless.enable = true;
+ nixpkgs.config.allowUnfree = true;
+
+ services.logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ '';
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
+ '';
+
+}
diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix
new file mode 100644
index 000000000..a21651899
--- /dev/null
+++ b/krebs/1systems/puyak/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/krebs/source.nix> {
+ name = "puyak";
+}
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 0aa0cac9d..f11b8ef48 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,6 +30,30 @@ let
});
in {
hosts = {
+ puyak = {
+ owner = config.krebs.users.krebs;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.77.2";
+ ip6.addr = "42:0:0:0:0:0:77:2";
+ aliases = [
+ "puyak.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
+ SwotAPBrOT5P3pZ52Pu326SR5nj9XWfN6GD0CkcDQddtRG5OOtUWlvkYzZraNh33
+ p9l8TBgHJKogGe6umbs+4v7pWfbS0k708L2ttwY0ceju6RL6UqShIYB6qhDzwalU
+ p8s7pypl7BwrsTwYkUGleIptiN78cYv/NHvXhvXBuVGz4J0tCH4GMvdTHCah1l1r
+ zwEpKlAq0FD6bgYTJL94Tvxe2xzyr8c+xn1+XbJtMudGmrRjIHS6YupzO/Y2MO7w
+ UkbMKDhYVhSPFEyk6PMm0SU9uAh4I1+8BQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
+ };
wolf = {
owner = config.krebs.users.krebs;
nets = {