add 001_momo_koeln

2023-03-07 00:48:42 +01:00 · 2023-03-07 00:48:42 +01:00 · 0daf30fe09
parent 153617394b
commit 0daf30fe09
7 changed files with 158 additions and 7 deletions
--- a/flake.nix
+++ b/flake.nix
@ -125,10 +125,9 @@
              users = digga.lib.rakeLeaves ./users;
            };
          suites = with profiles; rec {
-            base = [users.pub-solar users.root];
-            iso = base ++ [base-user graphical pub-solar-iso];
-            pubsolaros = [full-install base-user users.root];
-            anonymous = [pubsolaros users.pub-solar];
+            base = [ base-user users.root users.barkeeper ];
+
+            host_001_momo_koeln = base;
          };
        };
      };
@ -143,10 +142,10 @@
          };
        };
        users = {
-          pub-solar = {suites, ...}: {
+          barkeeper = {suites, ...}: {
            imports = suites.base;

-            home.stateVersion = "21.03";
+            home.stateVersion = "22.05";
          };
        }; # digga.lib.importers.rakeLeaves ./users/hm;
      };
@ -155,6 +154,11 @@

      homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;

-      deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {};
+      deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
+        host_001_momo_koeln = {
+          hostname = "80.244.242.4";
+          sshUser = "barkeeper";
+        };
+      };
    };
 }
--- a/hosts/host_001_momo_koeln/configuration.nix
+++ b/hosts/host_001_momo_koeln/configuration.nix
@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  pub-solar.core.lite = true;
+
+  time.timeZone = "Europe/Berlin";
+
+  networking = {
+    useDHCP = false;
+
+    interfaces.enp1s0.ipv4.addresses = [{
+      address = "80.244.242.4";
+      prefixLength = 29;
+    }];
+
+    defaultGateway = "80.244.242.1";
+    nameservers = [ "95.129.51.51" "80.244.244.244" ];
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  system.stateVersion = "22.05";
+}
--- a/hosts/host_001_momo_koeln/default.nix
+++ b/hosts/host_001_momo_koeln/default.nix
@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+  imports = [
+    ./host_001_momo_koeln.nix
+  ] ++ suites.host_001_momo_koeln;
+}
--- a/hosts/host_001_momo_koeln/hardware-configuration.nix
+++ b/hosts/host_001_momo_koeln/hardware-configuration.nix
@ -0,0 +1,54 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Use the GRUB 2 boot loader.
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # boot.loader.grub.efiSupport = true;
+  # boot.loader.grub.efiInstallAsRemovable = true;
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  boot.initrd.luks.devices."cryptroot" = {
+    device = "/dev/disk/by-uuid/531ee357-5777-498f-abbf-64bb4cff9a14";
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f5b3152a-a3bd-46d1-968f-53d50fca921e";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1fd053f8-725b-418d-aed1-aee71dac2b62";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/46191ecf-244c-4445-b1c0-ae3059871a70"; }
+    ];
+
+  networking = {
+    defaultGateway = "80.244.242.1";
+
+    nameservers = ["95.129.51.51" "80.244.244.244"];
+
+    interfaces."enp1s0" = {
+      ipv4.addresses = [
+        {
+          address = "80.244.242.4";
+          prefixLength = 29;
+        }
+      ];
+    };
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/host_001_momo_koeln/host_001_momo_koeln.nix
+++ b/hosts/host_001_momo_koeln/host_001_momo_koeln.nix
@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }:
+with lib;
+with pkgs;
+let
+  psCfg = config.pub-solar;
+in
+{
+  imports = [
+    ./configuration.nix
+  ];
+
+}
--- a/profiles/base-user/default.nix
+++ b/profiles/base-user/default.nix
@ -13,12 +13,15 @@ in {
  users = {
    mutableUsers = false;

+    groups."${psCfg.user.name}" = {};
+
    users = with pkgs;
      pkgs.lib.setAttrByPath [psCfg.user.name] {
        # Indicates whether this is an account for a “real” user.
        # This automatically sets group to users, createHome to true,
        # home to /home/username, useDefaultShell to true, and isSystemUser to false.
        isNormalUser = true;
+        group = "${psCfg.user.name}";
        description = psCfg.user.description;
        extraGroups = [
          "wheel"
--- a/users/barkeeper/default.nix
+++ b/users/barkeeper/default.nix
@ -0,0 +1,42 @@
+{
+  config,
+  hmUsers,
+  pkgs,
+  lib,
+  ...
+}: let
+  psCfg = config.pub-solar;
+in {
+  config = {
+    home-manager.users = {inherit (hmUsers) barkeeper;};
+
+    security.sudo.extraRules = [
+      {
+        users = [ "${psCfg.user.name}" ];
+        commands = [
+          {
+            command = "ALL";
+            options = [ "NOPASSWD" ];
+          }
+        ];
+      }
+    ];
+
+
+    pub-solar = {
+      user = {
+        name = "barkeeper";
+        description = "momo deployment user";
+        fullName = "momo infra barkeeper";
+        email = "admins@momo.koeln";
+        gpgKeyId = "";
+        publicKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
+        ];
+      };
+    };
+  };
+}
+