Commit b4841e9586df

Vincent Demeester <vincent@sbr.pm>
2020-05-15 12:23:05
machines: add sandbox
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 769d949
Changed files (1)
machines
sandbox.nix
machines/sandbox.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, ... }:
+
+with import ../assets/machines.nix; {
+  networking = {
+    firewall.enable = false; # we are in safe territory :D
+    # Move this to private/*.nix
+    hosts = {
+      "${home.ips.honshu}" = [ "honshu.home" ];
+      "${wireguard.ips.honshu}" = [ "honshu.vpn" ];
+      "${home.ips.shikoku}" = [ "shikoku.home" ];
+      "${wireguard.ips.shikoku}" = [ "shikoku.vpn" ];
+      "${home.ips.wakasu}" = [ "wakasu.home" ];
+      "${wireguard.ips.wakasu}" = [ "wakasu.vpn" ];
+      "${home.ips.hokkaido}" = [ "hokkaido.home" ];
+      "${wireguard.ips.hokkaido}" = [ "hokkaido.vpn" ];
+      "${home.ips.sakhalin}" = [ "sakhalin.home" ];
+      "${wireguard.ips.sakhalin}" = [ "sakhalin.vpn" ];
+      "${wireguard.ips.massimo}" = [ "massimo.vpn" ];
+      "${home.ips.synodine}" = [ "synodine.home" ];
+      "${home.ips.okinawa}" = [ "okinawa.home" "cache.home" "svc.home" "nix.cache.home" "go.cache.home" ];
+      "${wireguard.ips.okinawa}" = [ "okinawa.vpn" ];
+      "${wireguard.ips.carthage}" = [ "carthage.vpn" ];
+      "${wireguard.ips.kerkouane}" = [ "kerkouane.vpn" ];
+    };
+    networkmanager = {
+      dns = "dnsmasq";
+    };
+  };
+  profiles = {
+    dev.enable = true;
+    nix-config.buildCores = 4;
+    #qemu-user = { arm = true; aarch64 = true; };
+    ssh = {
+      enable = true;
+      forwardX11 = true;
+    };
+  };
+  programs = {
+    podman.enable = true;
+  };
+  security.sudo = {
+    extraConfig = ''
+      %users ALL = (root) NOPASSWD: /home/vincent/.nix-profile/bin/kubernix
+    '';
+  };
+}