Commit 9cc60476d1b2
Changed files (6)
secrets/machines.nix
@@ -46,6 +46,7 @@ let
hass = "10.100.0.81";
demeter = "10.100.0.82";
athena = "10.100.0.83";
+ aix = "10.100.0.89";
aion = "10.100.0.49";
};
kerkouane = {
@@ -68,6 +69,10 @@ let
allowedIPs = [ "${wireguard.ips.demeter}/32" ];
publicKey = "/bBh4gvDty/AA2qIiHc7K0OHoOXWmj2SFFXdDq8nsUU=";
};
+ aix = {
+ allowedIPs = [ "${wireguard.ips.aix}/32" ];
+ publicKey = "D1HoBqrqBchHOOi8mjKpVg5vZtt+iFy8wj4o3kGYwkc=";
+ };
aion = {
allowedIPs = [ "${wireguard.ips.aion}/32" ];
publicKey = "T8qfsBiOcZNxUeRHFg+2FPdGj4AuGloJ4b+0uI2jM2w=";
@@ -197,6 +202,7 @@ in
wireguard.hass
wireguard.demeter
wireguard.athena
+ wireguard.aix
wireguard.aion
wireguard.honshu
wireguard.houbeb
systems/aix/boot.nix
@@ -0,0 +1,19 @@
+{ lib, pkgs, ... }:
+{
+ console.keyMap = lib.mkForce "us";
+ boot = {
+ kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
+ initrd.systemd.enable = lib.mkForce false;
+ # initrd.systemd.enableTpm2 = false;
+ initrd.availableKernelModules = [
+ "xhci_pci"
+ "usbhid"
+ "usb_storage"
+ ];
+ loader = {
+ grub.enable = false;
+ systemd-boot.enable = lib.mkForce false;
+ generic-extlinux-compatible.enable = true;
+ };
+ };
+}
systems/aix/extra.nix
@@ -0,0 +1,22 @@
+{ globals, ... }:
+{
+ imports = [
+ ../common/services/prometheus-exporters-node.nix
+ ];
+
+ networking.firewall.enable = false;
+
+ services = {
+ wireguard = {
+ enable = true;
+ ips = globals.fn.wg-ips globals.machines.aix.net.vpn.ips;
+ endpoint = "${globals.net.vpn.endpoint}";
+ endpointPublicKey = "${globals.net.vpn.pubkey}";
+ };
+ };
+
+ # TODO: could be enable by default for all ?
+ security.pam.enableSSHAgentAuth = true;
+
+ security.apparmor.enable = true;
+}
systems/aix/hardware.nix
@@ -0,0 +1,9 @@
+_: {
+ fileSystems = {
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ options = [ "noatime" ];
+ };
+ };
+}
flake.nix
@@ -105,6 +105,12 @@
pkgsInput = inputs.nixpkgs-24_11;
homeInput = inputs.home-manager-24_11;
};
+ aix = libx.mkHost {
+ hostname = "aix";
+ hardwareType = "rpi4";
+ pkgsInput = inputs.nixpkgs-24_11;
+ homeInput = inputs.home-manager-24_11;
+ };
# shikoku = libx.mkHost { hostname = "shikoku"; };
# FIXME migrate to libx.mkHost
aomi = inputs.nixpkgs.lib.nixosSystem {
globals.nix
@@ -80,6 +80,14 @@
};
};
};
+ aix = {
+ net = {
+ vpn = {
+ pubkey = "D1HoBqrqBchHOOi8mjKpVg5vZtt+iFy8wj4o3kGYwkc=";
+ ips = [ "10.100.0.89" ];
+ };
+ };
+ };
kyushu = {
net = {
ips = [