From 4176ee3f56cc4d9362bb93cc9af1215bb1e0d629 Mon Sep 17 00:00:00 2001
From: Florian Schmitt <mrflos@gmail.com>
Date: Thu, 26 Dec 2024 23:25:26 +0300
Subject: [PATCH] feat(machines): add sanji

---
 config/sanji/configuration.nix          | 83 +++++++++++++++++++++++++
 config/sanji/hardware-configuration.nix | 40 ++++++++++++
 krops.nix                               | 10 +++
 3 files changed, 133 insertions(+)
 create mode 100644 config/sanji/configuration.nix
 create mode 100644 config/sanji/hardware-configuration.nix

diff --git a/config/sanji/configuration.nix b/config/sanji/configuration.nix
new file mode 100644
index 0000000..335329f
--- /dev/null
+++ b/config/sanji/configuration.nix
@@ -0,0 +1,83 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../modules/nixin-base.nix
+    ../modules/wireguard-client.nix
+  ];
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
+
+  nixin.wg.client = {
+    ipv4 = "192.168.12.5/32";
+    ipv6 = "2a01:4f9:1a:9a05::5/128";
+    allowedIPs = [
+      "192.168.12.0/24"
+      "2a01:4f9:1a:9a05::/64"
+    ];
+    endpoint = "vpn.lab12.fr:51812";
+    endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w=";
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    magic-wormhole
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  services.openssh = {
+    enable = true;
+    ports = [ 4222 ];
+  };
+
+  networking = {
+    hostName = "sanji";
+    firewall.enable = false;
+    firewall.allowedUDPPortRanges = [
+      {
+        from = 60000;
+        to = 61000;
+      }
+    ];
+    nat = {
+      enable = true;
+      internalIPs = [ "10.10.5.0/24" ];
+      externalInterface = "enp0s31f6";
+    };
+    bridges = {
+      "br0" = {
+        interfaces = [ ];
+      };
+    };
+    interfaces = {
+      enp0s31f6 = {
+        useDHCP = true;
+      };
+      # interface for containers virtual network
+      br0 = {
+        useDHCP = false;
+        ipv4.addresses = [
+          {
+            address = "10.10.5.1";
+            prefixLength = 24;
+          }
+        ];
+      };
+    };
+  };
+
+  system.copySystemConfiguration = true;
+  system.stateVersion = "24.11";
+}
diff --git a/config/sanji/hardware-configuration.nix b/config/sanji/hardware-configuration.nix
new file mode 100644
index 0000000..9dca052
--- /dev/null
+++ b/config/sanji/hardware-configuration.nix
@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e163e5d3-5488-4ed5-9eed-40f2dc758823";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/8A69-72B3";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/60230e2b-6284-43d5-af39-67978001a938"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/krops.nix b/krops.nix
index f8f6618..91974a3 100644
--- a/krops.nix
+++ b/krops.nix
@@ -49,6 +49,14 @@ let
     };
   };
 
+  sanji = pkgs.krops.writeDeploy "deploy-server-sanji" {
+    source = source "sanji";
+    target = lib.mkTarget "mrflos@192.168.12.5" // {
+      port = "4222";
+      sudo = true;
+    };
+  };
+
   dromadaire = pkgs.krops.writeDeploy "deploy-server-dromadaire" {
     source = source "dromadaire";
     target = lib.mkTarget "operator@192.168.12.11" // {
@@ -87,11 +95,13 @@ in
   framboise = framboise;
   grille-pain = grille-pain;
   dromadaire = dromadaire;
+  sanji = sanji;
   all = pkgs.writeScript "deploy-all-servers" (
     lib.concatStringsSep "\n" [
       arachnide
       framboise
       grille-pain
+      sanji
       dromadaire
     ]
   );