This commit is contained in:
parent
153617394b
commit
0daf30fe09
18
flake.nix
18
flake.nix
|
@ -125,10 +125,9 @@
|
|||
users = digga.lib.rakeLeaves ./users;
|
||||
};
|
||||
suites = with profiles; rec {
|
||||
base = [users.pub-solar users.root];
|
||||
iso = base ++ [base-user graphical pub-solar-iso];
|
||||
pubsolaros = [full-install base-user users.root];
|
||||
anonymous = [pubsolaros users.pub-solar];
|
||||
base = [ base-user users.root users.barkeeper ];
|
||||
|
||||
host_001_momo_koeln = base;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -143,10 +142,10 @@
|
|||
};
|
||||
};
|
||||
users = {
|
||||
pub-solar = {suites, ...}: {
|
||||
barkeeper = {suites, ...}: {
|
||||
imports = suites.base;
|
||||
|
||||
home.stateVersion = "21.03";
|
||||
home.stateVersion = "22.05";
|
||||
};
|
||||
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
||||
};
|
||||
|
@ -155,6 +154,11 @@
|
|||
|
||||
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
||||
|
||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {};
|
||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
||||
host_001_momo_koeln = {
|
||||
hostname = "80.244.242.4";
|
||||
sshUser = "barkeeper";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
30
hosts/host_001_momo_koeln/configuration.nix
Normal file
30
hosts/host_001_momo_koeln/configuration.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
pub-solar.core.lite = true;
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
|
||||
interfaces.enp1s0.ipv4.addresses = [{
|
||||
address = "80.244.242.4";
|
||||
prefixLength = 29;
|
||||
}];
|
||||
|
||||
defaultGateway = "80.244.242.1";
|
||||
nameservers = [ "95.129.51.51" "80.244.244.244" ];
|
||||
};
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
}
|
6
hosts/host_001_momo_koeln/default.nix
Normal file
6
hosts/host_001_momo_koeln/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{ suites, ... }:
|
||||
{
|
||||
imports = [
|
||||
./host_001_momo_koeln.nix
|
||||
] ++ suites.host_001_momo_koeln;
|
||||
}
|
54
hosts/host_001_momo_koeln/hardware-configuration.nix
Normal file
54
hosts/host_001_momo_koeln/hardware-configuration.nix
Normal file
|
@ -0,0 +1,54 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.systemd-boot.enable = false;
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
# boot.loader.grub.efiSupport = true;
|
||||
# boot.loader.grub.efiInstallAsRemovable = true;
|
||||
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||
# Define on which hard drive you want to install Grub.
|
||||
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.initrd.luks.devices."cryptroot" = {
|
||||
device = "/dev/disk/by-uuid/531ee357-5777-498f-abbf-64bb4cff9a14";
|
||||
};
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/f5b3152a-a3bd-46d1-968f-53d50fca921e";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/1fd053f8-725b-418d-aed1-aee71dac2b62";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/46191ecf-244c-4445-b1c0-ae3059871a70"; }
|
||||
];
|
||||
|
||||
networking = {
|
||||
defaultGateway = "80.244.242.1";
|
||||
|
||||
nameservers = ["95.129.51.51" "80.244.244.244"];
|
||||
|
||||
interfaces."enp1s0" = {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "80.244.242.4";
|
||||
prefixLength = 29;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
12
hosts/host_001_momo_koeln/host_001_momo_koeln.nix
Normal file
12
hosts/host_001_momo_koeln/host_001_momo_koeln.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
with pkgs;
|
||||
let
|
||||
psCfg = config.pub-solar;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./configuration.nix
|
||||
];
|
||||
|
||||
}
|
|
@ -13,12 +13,15 @@ in {
|
|||
users = {
|
||||
mutableUsers = false;
|
||||
|
||||
groups."${psCfg.user.name}" = {};
|
||||
|
||||
users = with pkgs;
|
||||
pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||
# Indicates whether this is an account for a “real” user.
|
||||
# This automatically sets group to users, createHome to true,
|
||||
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
|
||||
isNormalUser = true;
|
||||
group = "${psCfg.user.name}";
|
||||
description = psCfg.user.description;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
|
|
42
users/barkeeper/default.nix
Normal file
42
users/barkeeper/default.nix
Normal file
|
@ -0,0 +1,42 @@
|
|||
{
|
||||
config,
|
||||
hmUsers,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
psCfg = config.pub-solar;
|
||||
in {
|
||||
config = {
|
||||
home-manager.users = {inherit (hmUsers) barkeeper;};
|
||||
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
users = [ "${psCfg.user.name}" ];
|
||||
commands = [
|
||||
{
|
||||
command = "ALL";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
|
||||
pub-solar = {
|
||||
user = {
|
||||
name = "barkeeper";
|
||||
description = "momo deployment user";
|
||||
fullName = "momo infra barkeeper";
|
||||
email = "admins@momo.koeln";
|
||||
gpgKeyId = "";
|
||||
publicKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in a new issue