blob: 14c9240d3bb518cd7c5d13996163de3db79e9753 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
{ config, lib, pkgs, ... }:
{
nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
imports = [
<stockholm/krebs/5pkgs>
<stockholm/tv/3modules/iptables.nix>
./base.nix
];
boot.loader.grub.devices = [ config.ni-disk ];
boot.loader.grub.splashImage = null;
environment.systemPackages = [
pkgs.htop
pkgs.iptables
(pkgs.writeDashBin "ni-upload-iso" ''
export NIX_PATH=${config.ni-nix-path}
set -efux
${pkgs.nix}/bin/nix-build \
-A config.system.build.isoImage \
-I nixos-config=${config.ni-nix-path}/nixos-config/install.nix \
-o ${config.ni-nix-path}/isoImage \
${config.ni-nix-path}/nixpkgs/nixos
ftpHost=$(${pkgs.jq}/bin/jq -r .ftp.host ${config.ni-key-path}/kvm-info.json); \
${pkgs.curl}/bin/curl -n --netrc-file ${config.ni-key-path}/upload-iso.netrc \
-T ${config.ni-nix-path}/isoImage/iso/ni-install.iso \
"ftp://$ftpHost/cdrom/ni-install.iso"
'')
];
fileSystems = {
"/" = {
device = "${config.ni-disk}-part1";
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
};
networking.hostName = "ni";
services.timesyncd.enable = true;
services.openssh = {
enable = true;
hostKeys = lib.singleton ({
type = "ed25519";
path = "${config.ni-key-path}/ssh.id_ed25519";
});
};
tv.iptables.enable = true;
tv.iptables.accept-echo-request = "internet";
tv.iptables.input-internet-accept-tcp = [ "ssh" ];
}
|