add 001_momo_koeln

flake.nix

@@ -125,10 +125,9 @@
               users = digga.lib.rakeLeaves ./users;
             };
           suites = with profiles; rec {
-            base = [users.pub-solar users.root];
+            base = [ base-user users.root users.barkeeper ];
-            iso = base ++ [base-user graphical pub-solar-iso];
+
-            pubsolaros = [full-install base-user users.root];
+            host_001_momo_koeln = base;
-            anonymous = [pubsolaros users.pub-solar];
           };
         };
       };
@@ -143,10 +142,10 @@
           };
         };
         users = {
-          pub-solar = {suites, ...}: {
+          barkeeper = {suites, ...}: {
             imports = suites.base;
 
-            home.stateVersion = "21.03";
+            home.stateVersion = "22.05";
           };
         }; # digga.lib.importers.rakeLeaves ./users/hm;
       };
@@ -155,6 +154,11 @@
 
       homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
 
-      deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {};
+      deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
+        host_001_momo_koeln = {
+          hostname = "80.244.242.4";
+          sshUser = "barkeeper";
+        };
+      };
     };
 }

hosts/host_001_momo_koeln/configuration.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  pub-solar.core.lite = true;
+
+  time.timeZone = "Europe/Berlin";
+
+  networking = {
+    useDHCP = false;
+
+    interfaces.enp1s0.ipv4.addresses = [{
+      address = "80.244.242.4";
+      prefixLength = 29;
+    }];
+
+    defaultGateway = "80.244.242.1";
+    nameservers = [ "95.129.51.51" "80.244.244.244" ];
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  system.stateVersion = "22.05";
+}

hosts/host_001_momo_koeln/default.nix

@@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+  imports = [
+    ./host_001_momo_koeln.nix
+  ] ++ suites.host_001_momo_koeln;
+}

hosts/host_001_momo_koeln/hardware-configuration.nix

@@ -0,0 +1,54 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Use the GRUB 2 boot loader.
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # boot.loader.grub.efiSupport = true;
+  # boot.loader.grub.efiInstallAsRemovable = true;
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  boot.initrd.luks.devices."cryptroot" = {
+    device = "/dev/disk/by-uuid/531ee357-5777-498f-abbf-64bb4cff9a14";
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f5b3152a-a3bd-46d1-968f-53d50fca921e";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1fd053f8-725b-418d-aed1-aee71dac2b62";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/46191ecf-244c-4445-b1c0-ae3059871a70"; }
+    ];
+
+  networking = {
+    defaultGateway = "80.244.242.1";
+
+    nameservers = ["95.129.51.51" "80.244.244.244"];
+
+    interfaces."enp1s0" = {
+      ipv4.addresses = [
+        {
+          address = "80.244.242.4";
+          prefixLength = 29;
+        }
+      ];
+    };
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/host_001_momo_koeln/host_001_momo_koeln.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }:
+with lib;
+with pkgs;
+let
+  psCfg = config.pub-solar;
+in
+{
+  imports = [
+    ./configuration.nix
+  ];
+
+}

profiles/base-user/default.nix

@@ -13,12 +13,15 @@ in {
   users = {
     mutableUsers = false;
 
+    groups."${psCfg.user.name}" = {};
+
     users = with pkgs;
       pkgs.lib.setAttrByPath [psCfg.user.name] {
         # Indicates whether this is an account for a “real” user.
         # This automatically sets group to users, createHome to true,
         # home to /home/username, useDefaultShell to true, and isSystemUser to false.
         isNormalUser = true;
+        group = "${psCfg.user.name}";
         description = psCfg.user.description;
         extraGroups = [
           "wheel"

users/barkeeper/default.nix

@@ -0,0 +1,42 @@
+{
+  config,
+  hmUsers,
+  pkgs,
+  lib,
+  ...
+}: let
+  psCfg = config.pub-solar;
+in {
+  config = {
+    home-manager.users = {inherit (hmUsers) barkeeper;};
+
+    security.sudo.extraRules = [
+      {
+        users = [ "${psCfg.user.name}" ];
+        commands = [
+          {
+            command = "ALL";
+            options = [ "NOPASSWD" ];
+          }
+        ];
+      }
+    ];
+
+
+    pub-solar = {
+      user = {
+        name = "barkeeper";
+        description = "momo deployment user";
+        fullName = "momo infra barkeeper";
+        email = "admins@momo.koeln";
+        gpgKeyId = "";
+        publicKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
+        ];
+      };
+    };
+  };
+}
+