From 41865fe25f356b46b8a56629ab60e2c3af125ae8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 24 Nov 2020 22:11:59 +0100 Subject: puyak.r: separate config in net.nix --- krebs/1systems/puyak/config.nix | 6 +----- krebs/1systems/puyak/net.nix | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 krebs/1systems/puyak/net.nix (limited to 'krebs/1systems/puyak') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 9ee61c6f8..2bfe061f5 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -2,6 +2,7 @@ { imports = [ + ./net.nix @@ -163,10 +164,6 @@ services.logind.lidSwitchExternalPower = "ignore"; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0" - ''; environment.systemPackages = [ pkgs.zsh ]; @@ -179,5 +176,4 @@ isNormalUser = true; shell = "/run/current-system/sw/bin/zsh"; }; - networking.firewall.allowedTCPPorts = [ 5901 ]; } diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix new file mode 100644 index 000000000..4cb8d247c --- /dev/null +++ b/krebs/1systems/puyak/net.nix @@ -0,0 +1,23 @@ +let + ext-if = "enp0s25"; + shack-ip = "10.42.22.184"; + shack-gw = "10.42.20.1"; +in { + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0" + ''; + networking = { + firewall.enable = false; + firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ]; + interfaces."${ext-if}".ipv4.addresses = [ + { + address = shack-ip; + prefixLength = 20; + } + ]; + + defaultGateway = shack-gw; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; +} -- cgit v1.2.3 From 3ed2d7d3701234325fef6b659feaa83ec2723b93 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 24 Nov 2020 22:13:32 +0100 Subject: getty-for-esp: init this module provides a serial port which is exposed via an esp8266 to the network via wifi. it essentially creates a backdoor to the serial console when the network config is b0rked again --- krebs/1systems/puyak/config.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'krebs/1systems/puyak') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 2bfe061f5..e41488cc3 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -1,5 +1,4 @@ { config, pkgs, ... }: - { imports = [ ./net.nix @@ -8,6 +7,10 @@ + # see documentation in included getty-for-esp.nix: + # brain hosts/puyak/root + + ## initrd unlocking # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase' @@ -119,7 +122,6 @@ krebs.build.host = config.krebs.hosts.puyak; sound.enable = false; - boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; -- cgit v1.2.3 From b96b4fce078dc90ee59ae5a75cf0c13cbc278fb0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Dec 2020 09:47:57 +0100 Subject: puyak.r: use brockman for news --- krebs/1systems/puyak/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/1systems/puyak') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index e41488cc3..31b96c04d 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -25,7 +25,7 @@ #### NEWS #### # - # + ### shackspace ### -- cgit v1.2.3 From f5364616bec217e2bcf22629c7d56ddfd22ad3ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Dec 2020 11:46:12 +0100 Subject: news: use shortener, write to #news --- krebs/1systems/puyak/config.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs/1systems/puyak') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 31b96c04d..19cf22280 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -24,8 +24,7 @@ #### NEWS #### - # - + ### shackspace ### -- cgit v1.2.3