swann: init
This commit is contained in:
parent
74371dbe8a
commit
3acb27f020
3 changed files with 117 additions and 1 deletions
|
@ -15,7 +15,7 @@ let
|
||||||
system = builtins.currentSystem;
|
system = builtins.currentSystem;
|
||||||
modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ];
|
modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ];
|
||||||
}).config.system.build.toplevel;
|
}).config.system.build.toplevel;
|
||||||
systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" "totoro" "kusakabe" ];
|
systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" "totoro" "kusakabe" "swann" ];
|
||||||
rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
|
rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
|
||||||
systemCfgs = lib.genAttrs systems
|
systemCfgs = lib.genAttrs systems
|
||||||
(name: import (./. + "/${name}"));
|
(name: import (./. + "/${name}"));
|
||||||
|
|
18
ops/nixos/swann/README.md
Normal file
18
ops/nixos/swann/README.md
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
<!--
|
||||||
|
SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
-->
|
||||||
|
|
||||||
|
# swann
|
||||||
|
|
||||||
|
Hardware running NixOS in my flat.
|
||||||
|
|
||||||
|
* 4 core i3-4170 @ 3.70GHz.
|
||||||
|
* ~3GiB of RAM.
|
||||||
|
* 60GiB disk space.
|
||||||
|
|
||||||
|
NICs on:
|
||||||
|
|
||||||
|
* `ens-virginmedia` Virgin Media (DHCP)
|
||||||
|
* `ens-general` General (192.168.1.1)
|
98
ops/nixos/swann/default.nix
Normal file
98
ops/nixos/swann/default.nix
Normal file
|
@ -0,0 +1,98 @@
|
||||||
|
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
{ depot, lib, pkgs, rebuilder, config, ... }:
|
||||||
|
let
|
||||||
|
inherit (depot.ops) secrets;
|
||||||
|
in {
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"sd_mod"
|
||||||
|
"ahci"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
|
];
|
||||||
|
boot.kernelParams = [ "mitigations=off" ];
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-uuid/fc964ef6-e3d0-4472-bc0e-f96f977ebf11";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
"/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/AB36-5BE4";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.maxJobs = lib.mkDefault 4;
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
# Networking!
|
||||||
|
networking = {
|
||||||
|
hostName = "swann"; # Define your hostname.
|
||||||
|
domain = "house.as205479.net";
|
||||||
|
nameservers = ["8.8.8.8" "8.8.4.4"];
|
||||||
|
useDHCP = false;
|
||||||
|
interfaces = {
|
||||||
|
ens-virginmedia = {
|
||||||
|
useDHCP = true;
|
||||||
|
};
|
||||||
|
ens-general = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{ address = "192.168.1.1"; prefixLength = 23; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
ATTR{address}=="e4:3a:6e:16:07:62", NAME="ens-virginmedia"
|
||||||
|
ATTR{address}=="e4:3a:6e:16:07:67", NAME="ens-general"
|
||||||
|
'';
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.ipv4.ip_forward" = "1";
|
||||||
|
"net.ipv6.conf.default.forwarding" = "1";
|
||||||
|
"net.ipv6.conf.all.forwarding" = "1";
|
||||||
|
};
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
externalInterface = "ens-virginmedia";
|
||||||
|
internalInterfaces = ["ens-general"];
|
||||||
|
};
|
||||||
|
services.dhcpd4 = {
|
||||||
|
enable = true;
|
||||||
|
interfaces = ["ens-general"];
|
||||||
|
authoritative = true;
|
||||||
|
extraConfig = ''
|
||||||
|
subnet 192.168.1.0 netmask 255.255.255.0 {
|
||||||
|
option subnet-mask 255.255.255.0;
|
||||||
|
option routers 192.168.1.1;
|
||||||
|
option domain-name-servers 8.8.8.8, 8.8.4.4;
|
||||||
|
option domain-name "house.as205479.net";
|
||||||
|
default-lease-time 600;
|
||||||
|
max-lease-time 3600;
|
||||||
|
|
||||||
|
range 192.168.1.100 192.168.1.200;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
networking.localCommands = ''
|
||||||
|
tc qdisc del dev ens-virginmedia root || true
|
||||||
|
tc qdisc add dev ens-virginmedia root cake bandwidth 30Mbit
|
||||||
|
|
||||||
|
ip link add name ifb-virginmedia type ifb || true
|
||||||
|
tc qdisc del dev ens-virginmedia ingress || true
|
||||||
|
tc qdisc add dev ens-virginmedia handle ffff: ingress
|
||||||
|
tc qdisc del dev ifb-virginmedia root || true
|
||||||
|
tc qdisc add dev ifb-virginmedia root cake bandwidth 500Mbit besteffort
|
||||||
|
ip link set dev ifb-virginmedia up
|
||||||
|
tc filter add dev ens-virginmedia parent ffff: matchall action mirred egress redirect dev ifb-virginmedia
|
||||||
|
'';
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [];
|
||||||
|
|
||||||
|
system.stateVersion = "21.03";
|
||||||
|
}
|
Loading…
Reference in a new issue