diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index 94f95e1f2d..05e1312a94 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -15,7 +15,7 @@ let system = builtins.currentSystem; modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ]; }).config.system.build.toplevel; - systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" "totoro" "kusakabe" ]; + systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" "totoro" "kusakabe" "swann" ]; rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; })); systemCfgs = lib.genAttrs systems (name: import (./. + "/${name}")); diff --git a/ops/nixos/swann/README.md b/ops/nixos/swann/README.md new file mode 100644 index 0000000000..2af2cc2d1f --- /dev/null +++ b/ops/nixos/swann/README.md @@ -0,0 +1,18 @@ + + +# swann + +Hardware running NixOS in my flat. + +* 4 core i3-4170 @ 3.70GHz. +* ~3GiB of RAM. +* 60GiB disk space. + +NICs on: + +* `ens-virginmedia` Virgin Media (DHCP) +* `ens-general` General (192.168.1.1) diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix new file mode 100644 index 0000000000..61ae580a28 --- /dev/null +++ b/ops/nixos/swann/default.nix @@ -0,0 +1,98 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, rebuilder, config, ... }: +let + inherit (depot.ops) secrets; +in { + boot.initrd.availableKernelModules = [ + "sd_mod" + "ahci" + "usb_storage" + "usbhid" + ]; + boot.kernelParams = [ "mitigations=off" ]; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/fc964ef6-e3d0-4472-bc0e-f96f977ebf11"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/AB36-5BE4"; + fsType = "vfat"; + }; + }; + + nix.maxJobs = lib.mkDefault 4; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Networking! + networking = { + hostName = "swann"; # Define your hostname. + domain = "house.as205479.net"; + nameservers = ["8.8.8.8" "8.8.4.4"]; + useDHCP = false; + interfaces = { + ens-virginmedia = { + useDHCP = true; + }; + ens-general = { + ipv4.addresses = [ + { address = "192.168.1.1"; prefixLength = 23; } + ]; + }; + }; + }; + services.udev.extraRules = '' + ATTR{address}=="e4:3a:6e:16:07:62", NAME="ens-virginmedia" + ATTR{address}=="e4:3a:6e:16:07:67", NAME="ens-general" + ''; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = "1"; + "net.ipv6.conf.default.forwarding" = "1"; + "net.ipv6.conf.all.forwarding" = "1"; + }; + networking.nat = { + enable = true; + externalInterface = "ens-virginmedia"; + internalInterfaces = ["ens-general"]; + }; + services.dhcpd4 = { + enable = true; + interfaces = ["ens-general"]; + authoritative = true; + extraConfig = '' + subnet 192.168.1.0 netmask 255.255.255.0 { + option subnet-mask 255.255.255.0; + option routers 192.168.1.1; + option domain-name-servers 8.8.8.8, 8.8.4.4; + option domain-name "house.as205479.net"; + default-lease-time 600; + max-lease-time 3600; + + range 192.168.1.100 192.168.1.200; + } + ''; + }; + networking.localCommands = '' + tc qdisc del dev ens-virginmedia root || true + tc qdisc add dev ens-virginmedia root cake bandwidth 30Mbit + + ip link add name ifb-virginmedia type ifb || true + tc qdisc del dev ens-virginmedia ingress || true + tc qdisc add dev ens-virginmedia handle ffff: ingress + tc qdisc del dev ifb-virginmedia root || true + tc qdisc add dev ifb-virginmedia root cake bandwidth 500Mbit besteffort + ip link set dev ifb-virginmedia up + tc filter add dev ens-virginmedia parent ffff: matchall action mirred egress redirect dev ifb-virginmedia + ''; + + environment.systemPackages = with pkgs; []; + + system.stateVersion = "21.03"; +}