swann: init
This commit is contained in:
parent
74371dbe8a
commit
3acb27f020
3 changed files with 117 additions and 1 deletions
|
@ -15,7 +15,7 @@ let
|
|||
system = builtins.currentSystem;
|
||||
modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ];
|
||||
}).config.system.build.toplevel;
|
||||
systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" "totoro" "kusakabe" ];
|
||||
systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" "totoro" "kusakabe" "swann" ];
|
||||
rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
|
||||
systemCfgs = lib.genAttrs systems
|
||||
(name: import (./. + "/${name}"));
|
||||
|
|
18
ops/nixos/swann/README.md
Normal file
18
ops/nixos/swann/README.md
Normal file
|
@ -0,0 +1,18 @@
|
|||
<!--
|
||||
SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
|
||||
# swann
|
||||
|
||||
Hardware running NixOS in my flat.
|
||||
|
||||
* 4 core i3-4170 @ 3.70GHz.
|
||||
* ~3GiB of RAM.
|
||||
* 60GiB disk space.
|
||||
|
||||
NICs on:
|
||||
|
||||
* `ens-virginmedia` Virgin Media (DHCP)
|
||||
* `ens-general` General (192.168.1.1)
|
98
ops/nixos/swann/default.nix
Normal file
98
ops/nixos/swann/default.nix
Normal file
|
@ -0,0 +1,98 @@
|
|||
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
{ depot, lib, pkgs, rebuilder, config, ... }:
|
||||
let
|
||||
inherit (depot.ops) secrets;
|
||||
in {
|
||||
boot.initrd.availableKernelModules = [
|
||||
"sd_mod"
|
||||
"ahci"
|
||||
"usb_storage"
|
||||
"usbhid"
|
||||
];
|
||||
boot.kernelParams = [ "mitigations=off" ];
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/fc964ef6-e3d0-4472-bc0e-f96f977ebf11";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/AB36-5BE4";
|
||||
fsType = "vfat";
|
||||
};
|
||||
};
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
# Networking!
|
||||
networking = {
|
||||
hostName = "swann"; # Define your hostname.
|
||||
domain = "house.as205479.net";
|
||||
nameservers = ["8.8.8.8" "8.8.4.4"];
|
||||
useDHCP = false;
|
||||
interfaces = {
|
||||
ens-virginmedia = {
|
||||
useDHCP = true;
|
||||
};
|
||||
ens-general = {
|
||||
ipv4.addresses = [
|
||||
{ address = "192.168.1.1"; prefixLength = 23; }
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
services.udev.extraRules = ''
|
||||
ATTR{address}=="e4:3a:6e:16:07:62", NAME="ens-virginmedia"
|
||||
ATTR{address}=="e4:3a:6e:16:07:67", NAME="ens-general"
|
||||
'';
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.ip_forward" = "1";
|
||||
"net.ipv6.conf.default.forwarding" = "1";
|
||||
"net.ipv6.conf.all.forwarding" = "1";
|
||||
};
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
externalInterface = "ens-virginmedia";
|
||||
internalInterfaces = ["ens-general"];
|
||||
};
|
||||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
interfaces = ["ens-general"];
|
||||
authoritative = true;
|
||||
extraConfig = ''
|
||||
subnet 192.168.1.0 netmask 255.255.255.0 {
|
||||
option subnet-mask 255.255.255.0;
|
||||
option routers 192.168.1.1;
|
||||
option domain-name-servers 8.8.8.8, 8.8.4.4;
|
||||
option domain-name "house.as205479.net";
|
||||
default-lease-time 600;
|
||||
max-lease-time 3600;
|
||||
|
||||
range 192.168.1.100 192.168.1.200;
|
||||
}
|
||||
'';
|
||||
};
|
||||
networking.localCommands = ''
|
||||
tc qdisc del dev ens-virginmedia root || true
|
||||
tc qdisc add dev ens-virginmedia root cake bandwidth 30Mbit
|
||||
|
||||
ip link add name ifb-virginmedia type ifb || true
|
||||
tc qdisc del dev ens-virginmedia ingress || true
|
||||
tc qdisc add dev ens-virginmedia handle ffff: ingress
|
||||
tc qdisc del dev ifb-virginmedia root || true
|
||||
tc qdisc add dev ifb-virginmedia root cake bandwidth 500Mbit besteffort
|
||||
ip link set dev ifb-virginmedia up
|
||||
tc filter add dev ens-virginmedia parent ffff: matchall action mirred egress redirect dev ifb-virginmedia
|
||||
'';
|
||||
|
||||
environment.systemPackages = with pkgs; [];
|
||||
|
||||
system.stateVersion = "21.03";
|
||||
}
|
Loading…
Reference in a new issue