diff --git a/config/zoro/configuration.nix b/config/zoro/configuration.nix new file mode 100644 index 0000000..83ba311 --- /dev/null +++ b/config/zoro/configuration.nix @@ -0,0 +1,99 @@ +{ + pkgs, + ... +}: + +{ + imports = [ + ./hardware-configuration.nix + ../modules/nixin-base.nix + ../modules/nginx.nix + ../modules/wireguard-client.nix + ../modules/users.nix + ../modules/nixin-web.nix + ]; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + + nixin.wg.client = { + ipv4 = "192.168.12.8"; + ipv6 = "2a01:4f9:1a:9a05::8"; + allowedIPs = [ + "192.168.12.0/24" + "2a01:4f9:1a:9a05::/64" + ]; + endpoint = "vpn.lab12.fr:51812"; + endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w="; + }; + + nixin.web = { + domain = "nixin.zoro.mrflos.pw"; + http-port = 8081; + }; + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + neovim + magic-wormhole + git + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + i18n.defaultLocale = "en_US.UTF-8"; + + services.openssh = { + enable = true; + ports = [ 4222 ]; + }; + + networking = { + hostName = "zoro"; + firewall = { + enable = true; + allowedTCPPorts = [ + 80 + 4222 + 443 + 8081 + ]; + allowedUDPPortRanges = [ + { + from = 60000; + to = 61000; + } + ]; + }; + nat = { + enable = true; + internalIPs = [ "10.10.8.0/24" ]; + externalInterface = "enp0s31f6"; + }; + bridges = { + "br0" = { + interfaces = [ ]; + }; + }; + interfaces = { + enp0s31f6 = { + useDHCP = true; + }; + # interface for containers virtual network + br0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = "10.10.8.1"; + prefixLength = 24; + } + ]; + }; + }; + }; + + system.copySystemConfiguration = true; + system.stateVersion = "24.11"; +} diff --git a/config/zoro/hardware-configuration.nix b/config/zoro/hardware-configuration.nix new file mode 100644 index 0000000..4237e8c --- /dev/null +++ b/config/zoro/hardware-configuration.nix @@ -0,0 +1,55 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "uas" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/18027f1f-3b58-47c6-9792-6ed85744fae7"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6B31-8759"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/f436f7bc-af2e-4bb6-8bde-47f41707a1ed"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/krops.nix b/krops.nix index 6d1665f..92cb05e 100644 --- a/krops.nix +++ b/krops.nix @@ -57,6 +57,14 @@ let }; }; + zoro = pkgs.krops.writeDeploy "deploy-server-zoro" { + source = source "zoro"; + target = lib.mkTarget "operator@192.168.12.8" // { + port = "4222"; + sudo = true; + }; + }; + dromadaire = pkgs.krops.writeDeploy "deploy-server-dromadaire" { source = source "dromadaire"; target = lib.mkTarget "operator@192.168.12.11" // { @@ -103,6 +111,7 @@ in framboise = framboise; grille-pain = grille-pain; sanji = sanji; + zoro = zoro; dromadaire = dromadaire; plancha = plancha; all = pkgs.writeScript "deploy-all-servers" ( @@ -111,6 +120,7 @@ in framboise grille-pain sanji + zoro dromadaire plancha ]