Commit 90fa57761717

Vincent Demeester <vincent@sbr.pm>
2022-04-19 16:09:24
systems: add shikoku
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 152621c
Changed files (3)
systems
hosts
shikoku.nix
modules
default.flake.nix
flake.nix
systems/hosts/shikoku.nix
@@ -0,0 +1,95 @@
+{ lib, pkgs, ... }:
+
+with lib;
+let
+  hostname = "sakhalin";
+  secretPath = ../../secrets/machines.nix;
+  secretCondition = (builtins.pathExists secretPath);
+
+  ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
+  ips = lists.optionals secretCondition ([ "${ip}/24" ]);
+  endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
+  endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
+  endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
+in
+{
+  imports = [
+    (import ../../nix).home-manager-stable
+    ../modules/default.stable.nix
+    (import ../../users).vincent
+    (import ../../users).root
+  ];
+
+  networking = {
+    hostName = hostname;
+    bridges.br1.interfaces = [ "enp0s31f6" ];
+    firewall.enable = false; # we are in safe territory :D
+    useDHCP = false;
+    interfaces.br1 = {
+      useDHCP = true;
+    };
+  };
+
+  boot.binfmt.registrations = {
+    s390x-linux = {
+      # interpreter = getEmulator "s390x-linux";
+      interpreter = "${pkgs.qemu}/bin/qemu-s390x";
+      magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16'';
+      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
+    };
+  };
+  boot.binfmt.emulatedSystems = [
+    "armv6l-linux"
+    "armv7l-linux"
+    "aarch64-linux"
+    # "s390x-linux"
+    "powerpc64le-linux"
+  ];
+
+  # fileSystems."/" = {
+  #   device = "/dev/disk/by-uuid/6590b73d-72a4-4356-94b1-f56ac45c976d";
+  #   fsType = "ext4";
+  #   options = [ "noatime" "discard" ];
+  # };
+  #
+  # fileSystems."/boot" = {
+  #   device = "/dev/disk/by-uuid/7FA5-145B";
+  #   fsType = "vfat";
+  # };
+  #
+  # swapDevices = [{ device = "/dev/disk/by-uuid/720200fc-8f27-49a7-85bb-a406b6119d31"; }];
+
+  profiles = {
+    home = true;
+    dev.enable = false;
+    desktop.enable = lib.mkForce false;
+    avahi.enable = true;
+    syncthing.enable = true;
+    ssh = { enable = true; };
+    virtualization = { enable = true; nested = true; listenTCP = true; };
+  };
+  services = {
+    netdata.enable = true;
+    syncthing.guiAddress = "${ip}:8384";
+    # smartd = {
+    #   enable = true;
+    #   devices = [{ device = "/dev/nvme0n1"; }];
+    # };
+    # wireguard = {
+    #   enable = true;
+    #   ips = ips;
+    #   endpoint = endpointIP;
+    #   endpointPort = endpointPort;
+    #   endpointPublicKey = endpointPublicKey;
+    # };
+  };
+
+  # Move this to a "builder" role
+  users.extraUsers.builder = {
+    isNormalUser = true;
+    uid = 1018;
+    extraGroups = [ ];
+    openssh.authorizedKeys.keys = [ (builtins.readFile ../../secrets/builder.pub) ];
+  };
+  nix.trustedUsers = [ "root" "vincent" "builder" ];
+}
systems/modules/default.flake.nix
@@ -7,5 +7,4 @@
     ./services
     ./virtualisation
   ];
-  sops.defaultSopsFile = ../../secrets/secrets.yaml;
 }
flake.nix
@@ -68,7 +68,7 @@
     } @ inputs:
     let
       mkApp = flake-utils.lib.mkApp;
-      homeProfiles = import ./home { inherit (nixpkgs) lib; };
+      # homeProfiles = import ./home { inherit (nixpkgs) lib; };
     in
     flake-utils-plus.lib.mkFlake {
       inherit self inputs;
@@ -98,6 +98,8 @@
           {
             # Import custom home-manager modules (NixOS)
             config.home-manager.sharedModules = import ./users/modules/modules.nix;
+            # Default SopsFile
+            config.sops.defaultSopsFile = ./secrets/secrets.yaml;
           }
         ];
       };
@@ -108,21 +110,34 @@
           modules = [ ./systems/hosts/naruhodo.nix ];
         };
         # WSL setup
+        # FIXME okinawa doesn't have openssh
         okinawa = {
           modules = [
-	    nixos-wsl.nixosModules.wsl
-	    ./systems/hosts/okinawa.nix
-	  ];
+            nixos-wsl.nixosModules.wsl
+            ./systems/hosts/okinawa.nix
+          ];
         };
         # Servers
         shikoku = {
           channelName = "nixos-21_11";
           modules = [ ./systems/hosts/shikoku.nix ]; # Can add additionnal things
         };
-        wakasu = { };
-        sakhalin = { };
-        aomi = { };
-        kerkouane = { };
+        wakasu = {
+          channelName = "nixos-21_11";
+          modules = [ ./systems/hosts/wakasu.nix ]; # Can add additionnal things
+        };
+        sakhalin = {
+          channelName = "nixos-21_11";
+          modules = [ ./systems/hosts/sakhalin.nix ]; # Can add additionnal things
+        };
+        aomi = {
+          channelName = "nixos-21_11";
+          modules = [ ./systems/hosts/aomi.nix ]; # Can add additionnal things
+        };
+        kerkouane = {
+          channelName = "nixos-21_11";
+          modules = [ ./systems/hosts/kerkouane.nix ]; # Can add additionnal things
+        };
       };
 
       # deploy-rs setup
@@ -133,6 +148,8 @@
         in
         {
           overlay = import ./nix/overlays;
+
+          # `nix develop`
           devShell =
             let
               inherit (sops-nix.packages."x86_64-linux") sops-import-keys-hook;