1 files changed, 55 insertions, 0 deletions

diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..b582d8e
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/krebs/5pkgs>
+    <stockholm/tv/3modules/iptables.nix>
+    <stockholm/tv/5pkgs>
+    ./base.nix
+  ];
+
+  boot.loader.grub.devices = [ config.ni-disk ];
+  boot.loader.grub.splashImage = null;
+
+  environment.systemPackages = [
+    pkgs.htop
+    pkgs.iptables
+    (pkgs.writeDashBin "ni-upload-iso" ''
+      export NIX_PATH=${config.ni-nix-path}
+      set -efux
+      ${pkgs.nix}/bin/nix-build \
+          -A config.system.build.isoImage \
+          -I nixos-config=${config.ni-nix-path}/nixos-config/install.nix \
+          -o ${config.ni-nix-path}/isoImage \
+          ${config.ni-nix-path}/nixpkgs/nixos
+      ftpHost=$(${pkgs.jq}/bin/jq -r .ftp.host ${config.ni-key-path}/kvm-info.json); \
+      ${pkgs.curl}/bin/curl -n --netrc-file ${config.ni-key-path}/upload-iso.netrc \
+          -T ${config.ni-nix-path}/isoImage/iso/ni-install.iso \
+          "ftp://$ftpHost/cdrom/ni-install.iso"
+    '')
+  ];
+
+  fileSystems = {
+    "/" = {
+      device = "${config.ni-disk}-part1";
+      fsType = "btrfs";
+      options = ["defaults" "noatime" "ssd" "compress=lzo"];
+    };
+  };
+
+  networking.hostName = "ni";
+
+  services.timesyncd.enable = true;
+
+  services.openssh = {
+    enable = true;
+    hostKeys = lib.singleton ({
+      type = "ed25519";
+      path = "${config.ni-key-path}/ssh.id_ed25519";
+    });
+  };
+
+  tv.iptables.enable = true;
+  tv.iptables.accept-echo-request = "internet";
+  tv.iptables.input-internet-accept-tcp = [ "ssh" ];
+}