diff --git a/config/plancha/configuration.nix b/config/plancha/configuration.nix new file mode 100644 index 0000000..bd5591f --- /dev/null +++ b/config/plancha/configuration.nix @@ -0,0 +1,60 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ./network-configuration.nix + /var/src/modules/nixin-base.nix + /var/src/modules/users.nix + /var/src/modules/wireguard-client.nix + ]; + + # Bootloader. + # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) + boot.loader.grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + # Enable ip forwarding to route packets + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + + nixin.wg.client = { + ipv4 = "192.168.12.12/32"; + ipv6 = "2a01:4f9:1a:9a05::12/128"; + allowedIPs = [ "192.168.12.0/24" "2a01:4f9:1a:9a05::/64" ]; + endpoint = "vpn.lab12.fr:51812"; + endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w="; + }; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 80 144 443 ]; + #networking.firewall.allowedUDPPorts = [ 53 ]; + # allow UDP port range for mosh + networking.firewall.allowedUDPPortRanges = [ + { from = 60000; to = 61000; } + ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Configure console keymap + # console.keyMap = "fr"; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + mtr + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/config/plancha/hardware-configuration.nix b/config/plancha/hardware-configuration.nix new file mode 100644 index 0000000..1972121 --- /dev/null +++ b/config/plancha/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.end0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/config/plancha/network-configuration.nix b/config/plancha/network-configuration.nix new file mode 100644 index 0000000..3a30e3f --- /dev/null +++ b/config/plancha/network-configuration.nix @@ -0,0 +1,59 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + #virtualisation.writableStore = true; + #virtualisation.additionalPaths = [ pkgs.stdenv ]; + + networking = { + hostName = "plancha"; + useDHCP = false; + defaultGateway = "192.168.36.1"; + + nat = { + enable = true; + #internalInterfaces = ["vb-+"]; + internalIPs = ["10.10.12.0/24"]; + externalInterface = "end0"; + # Lazy IPv6 connectivity for the containers + #enableIPv6 = true; + }; + + # bridge for containers + bridges = { + "br0" = { + #interfaces = [ "enp4s0" ]; + interfaces = [ ]; + }; + }; + + interfaces = { + # primary network interface, connected to WAN through a router + end0 = { + useDHCP = false; + ipv4.addresses = [ { + address = "192.168.36.16"; + prefixLength = 24; + } ]; + }; + # interface for containers virtual network + br0 = { + useDHCP = false; + ipv4.addresses = [ { + address = "10.10.12.1"; + prefixLength = 24; + } ]; + #ipv6.addresses = [ + # { + # address = hostIp6; + # prefixLength = 7; + # } + #]; + }; + }; + + }; + +} diff --git a/krops.nix b/krops.nix index 91974a3..128be34 100644 --- a/krops.nix +++ b/krops.nix @@ -65,6 +65,14 @@ let }; }; + plancha = pkgs.krops.writeDeploy "deploy-server-plancha" { + source = source "plancha"; + target = lib.mkTarget "operator@192.168.36.16" // { + port = "144"; + sudo = true; + }; + }; + register-runner = pkgs.krops.writeCommand "register-forgejo-runner" { source = source "arachnide"; target = lib.mkTarget "douzeb@192.168.36.9" // { @@ -94,8 +102,9 @@ in arachnide = arachnide; framboise = framboise; grille-pain = grille-pain; - dromadaire = dromadaire; sanji = sanji; + dromadaire = dromadaire; + plancha = plancha; all = pkgs.writeScript "deploy-all-servers" ( lib.concatStringsSep "\n" [ arachnide @@ -103,6 +112,7 @@ in grille-pain sanji dromadaire + plancha ] ); register-runner = register-runner;