steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

add fwhost2

Browse source
This commit is contained in:
steveej 2022-01-09 21:50:55 +01:00
parent acc37c64f9
commit f88c89d28b
8 changed files with 237 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nix/os/devices/fwhost2/boot.nix Normal file
View file

@ -0,0 +1,8 @@
{ lib
, ...
}:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

13
nix/os/devices/fwhost2/configuration.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix
./system.nix
./hw.nix
./pkg.nix
./user.nix
];
}

17
nix/os/devices/fwhost2/hw.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }:
let
in
{
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
encrypted = false;
diskId = "ata-ST9500325AS_S2WGAP8C";
};
hardware.enableRedistributableFirmware = true;
boot.extraModprobeConfig = ''
'';
}

18
nix/os/devices/fwhost2/pkg.nix Normal file
View file

@ -0,0 +1,18 @@
{ pkgs
, ...
}:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
environment.systemPackages = with pkgs; [
iw
wirelesstools
];
system.stateVersion = "21.11";
}

104
nix/os/devices/fwhost2/system.nix Normal file
View file

@ -0,0 +1,104 @@
{ pkgs
, lib
, config
, ... }:
let
keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "fwhost2"; # Define your hostname.
networking.useDHCP = false;
networking.firewall.enable = lib.mkForce false;
networking.firewall.allowedTCPPorts = [
# iperf3
5201
];
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
networking.bridges = {
breth.interfaces = [ "eth0" "eth1" ];
brlan.interfaces = [
"lan"
# "wllan"
];
brdmz.interfaces = [
"dmz"
# "wldmz"
];
brfamily.interfaces = [
"family"
# "wlfamily"
];
brguests.interfaces = [
"guests"
"wlguests"
];
};
networking.defaultGateway.address = "172.172.171.10";
networking.nameservers = [
"172.172.171.10"
];
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface= "breth";
networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.16"; prefixLength = 24; } ];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface= "breth";
networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.16"; prefixLength = 12; } ];
# Local interfaces
networking.vlans.lan.id = 1;
networking.vlans.lan.interface= "breth";
networking.interfaces.brlan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface= "breth";
networking.interfaces.brdmz.ipv4.addresses = [{ address = "172.172.175.16"; prefixLength = 24; } ];
networking.vlans.family.id = 6;
networking.vlans.family.interface= "breth";
networking.interfaces.brfamily.ipv4.addresses = [{ address = "172.172.176.16"; prefixLength = 24; } ];
networking.vlans.guests.id = 7;
networking.vlans.guests.interface= "breth";
networking.interfaces.brguests.ipv4.addresses = [{ address = "172.172.177.16"; prefixLength = 24; } ];
networking.wlanInterfaces = {
wllan.device = "wlan0";
wldmz.device = "wlan0";
wlfamily.device = "wlan0";
wlguests.device = "wlan0";
};
services.hostapd = {
enable = true;
hwMode = "g";
interface = "wlguests";
ssid = "noowhere-guests";
wpaPassphrase = "the_sekrettt";
};
virtualisation = {
libvirtd = {
onShutdown = "shutdown";
enable = true;
};
docker = {
enable = true;
extraOptions = "--experimental";
};
};
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

15
nix/os/devices/fwhost2/user.nix Normal file
View file

@ -0,0 +1,15 @@
{ config
, pkgs
, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
in {
# users.extraUsers.steveej2 = mkUser {
# uid = 1001;
# openssh.authorizedKeys.keys = keys.users.steveej.openssh;
# };
}

31
nix/os/devices/fwhost2/versions.nix Normal file
View file

@ -0,0 +1,31 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "00acdb2aa817048fbe1f91ece18fe7de09762531";
};
in
{
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "ff377a78794d412a35245e05428c8f95fef3951f";
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "2ac65dd85b7fbe81b88e3c2a80d351aba4c4a9d8";
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "697cc8c68ed6a606296efbbe9614c32537078756";
};
}

31
nix/os/devices/fwhost2/versions.tmpl.nix Normal file
View file

@ -0,0 +1,31 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
};
in
{
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
};
}