From adc11cf679970da26f82e5200f2ea2a94c59e8be Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 28 Dec 2022 11:18:54 +0100 Subject: l neoprism.r: init --- lass/1systems/neoprism/config.nix | 25 ++++++++ lass/1systems/neoprism/disk.nix | 116 ++++++++++++++++++++++++++++++++++++ lass/1systems/neoprism/physical.nix | 42 +++++++++++++ 3 files changed, 183 insertions(+) create mode 100644 lass/1systems/neoprism/config.nix create mode 100644 lass/1systems/neoprism/disk.nix create mode 100644 lass/1systems/neoprism/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix new file mode 100644 index 000000000..e4f9d2560 --- /dev/null +++ b/lass/1systems/neoprism/config.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + { # TODO make new hfos.nix out of this vv + users.users.riot = { + uid = pkgs.stockholm.lib.genid_uint31 "riot"; + isNormalUser = true; + extraGroups = [ "libvirtd" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" + ]; + }; + # krebs.iptables.tables.filter.FORWARD.rules = [ + # { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; } + # { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; } + # ]; + } + ]; + + krebs.build.host = config.krebs.hosts.neoprism; +} diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix new file mode 100644 index 000000000..cf9a8cef4 --- /dev/null +++ b/lass/1systems/neoprism/disk.nix @@ -0,0 +1,116 @@ +{ lib, ... }: +{ + disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: { + type = "disk"; + device = disk; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + type = "partition"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = ["bios_grub"]; + } + { + type = "partition"; + name = "ESP"; + start = "1M"; + end = "1GiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "mdraid"; + name = "boot"; + }; + } + { + type = "partition"; + name = "zfs"; + start = "1GiB"; + end = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + ]; + }; + })) // { + hdd1 = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "zfs"; + pool = "tank"; + }; + }; + }; + mdadm = { + boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + mountpoint = "/"; + rootFsOptions = { + }; + datasets.reserved = { + zfs_type = "filesystem"; + options.refreservation = "1G"; + }; + }; + tank = { + type = "zpool"; + datasets = { + reserved = { + zfs_type = "filesystem"; + options.refreservation = "1G"; + }; + containers = { + zfs_type = "filesystem"; + mountpoint = "/var/lib/containers"; + }; + home = { + zfs_type = "filesystem"; + mountpoint = "/home"; + }; + srv = { + zfs_type = "filesystem"; + mountpoint = "/srv"; + }; + libvirt = { + zfs_type = "filesystem"; + mountpoint = "/var/lib/libvirt"; + }; + # encrypted = { + # zfs_type = "filesystem"; + # options = { + # mountpoint = "none"; + # encryption = "aes-256-gcm"; + # keyformat = "passphrase"; + # keylocation = "prompt"; + # }; + # }; + + # "encrypted/download" = { + # zfs_type = "filesystem"; + # mountpoint = "/var/download"; + # }; + }; + }; + }; +} diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix new file mode 100644 index 000000000..4ffb749f1 --- /dev/null +++ b/lass/1systems/neoprism/physical.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +{ + + imports = [ + ./config.nix + + ]; + + disko.devices = import ./disk.nix; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + boot.kernelModules = [ "kvm-amd" ]; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # networking config + boot.kernelParams = [ "net.ifnames=0" ]; + networking.bridges."ext-br".interfaces = [ "eth0" ]; + networking = { + hostId = "2283aaae"; + defaultGateway = "95.217.192.1"; + defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.ext-br.ipv4.addresses = [ + { + address = "95.217.192.59"; + prefixLength = 26; + } + ]; + interfaces.ext-br.ipv6.addresses = [ + { + address = "2a01:4f9:4a:4f1a::1"; + prefixLength = 64; + } + ]; + }; + +} -- cgit v1.2.3