nixos-config/hosts/france.nix

{ config, pkgs, ... }:

let
  hostname = "france.fudo.org";

in {

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";

  security.hideProcessInformation = true;

  imports = [
    ../defaults.nix
    ../networks/fudo.org.nix
    ../profiles/server.nix
    ../config/fudo.nix
    ../profiles/services/basic_acme.nix
    ../profiles/services/heimdal_kdc.nix
    ../profiles/services/minecraft.nix
    ../hardware-configuration.nix
    ../packages/local-packages.nix
  ];

  environment.systemPackages = with pkgs; [
    acme-ca
    lxd
    multipath-tools
  ];

  fudo.auth.server = {
    enable = true;
    base = "dc=fudo,dc=org";
    organization = "Fudo";
    rootpw-file = "/srv/ldap/secure/root.pw";
    kerberos-host = "france.fudo.org";
    kerberos-keytab = "/srv/ldap/secure/ldap.keytab";

    sslCert = "/srv/ldap/france.fudo.org.pem";
    sslKey = "/srv/ldap/secure/france.fudo.org-key.pem";
    sslCACert = "/etc/nixos/static/fudo_ca.pem";

    listen-uris = [
      "ldap://${hostname}/"
      "ldaps://${hostname}/"
      "ldap://localhost/"
      "ldaps://localhost/"
      "ldapi:///"
    ];

    users = import ../fudo/users.nix;

    groups = import ../fudo/groups.nix;

    system-users = import ../fudo/system-users.nix;
  };

  networking = {
    hostName = hostname;

    dhcpcd.enable = false;
    useDHCP = false;
    interfaces.enp4s0f0.useDHCP = true;
    interfaces.enp4s0f1.useDHCP = true;

    enableIPv6 = true;

    # Create a bridge for VMs to use
    macvlans = {
      extif0 = {
        interface = "enp4s0f0";
        mode = "bridge";
      };
      intif0 = {
        interface = "enp4s0f1";
        mode = "bridge";
      };
    };

    interfaces = {
      extif0 = {
        # result of: echo $FQDN-extif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
        macAddress = "02:d4:e8:3b:10:2f";
        ipv4.addresses = [
          {
            address = "208.81.3.117";
            prefixLength = 28;
          }
        ];
      };
      intif0 = {
        # result of: echo $FQDN-intif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
        macAddress = "02:ba:ba:e9:08:21";
        ipv4.addresses = [
          {
            address = "192.168.11.1";
            prefixLength = 24;
          }
        ];
      };
    };
  };

  hardware.bluetooth.enable = false;

  virtualisation.lxd = {
    enable = true;
  };
}
Initial re-checki 2019-12-25 15:20:36 -08:00			`{ config, pkgs, ... }:`

			`let`
			`hostname = "france.fudo.org";`

			`in {`

			`boot.loader.grub.enable = true;`
			`boot.loader.grub.version = 2;`
			`boot.loader.grub.device = "/dev/sda";`

			`security.hideProcessInformation = true;`

			`imports = [`
			`../defaults.nix`
			`../networks/fudo.org.nix`
			`../profiles/server.nix`
			`../config/fudo.nix`
			`../profiles/services/basic_acme.nix`
			`../profiles/services/heimdal_kdc.nix`
			`../profiles/services/minecraft.nix`
			`../hardware-configuration.nix`
			`../packages/local-packages.nix`
			`];`

			`environment.systemPackages = with pkgs; [`
			`acme-ca`
			`lxd`
			`multipath-tools`
			`];`

			`fudo.auth.server = {`
			`enable = true;`
			`base = "dc=fudo,dc=org";`
			`organization = "Fudo";`
			`rootpw-file = "/srv/ldap/secure/root.pw";`
			`kerberos-host = "france.fudo.org";`
			`kerberos-keytab = "/srv/ldap/secure/ldap.keytab";`

			`sslCert = "/srv/ldap/france.fudo.org.pem";`
			`sslKey = "/srv/ldap/secure/france.fudo.org-key.pem";`
			`sslCACert = "/etc/nixos/static/fudo_ca.pem";`

			`listen-uris = [`
			`"ldap://${hostname}/"`
			`"ldaps://${hostname}/"`
			`"ldap://localhost/"`
			`"ldaps://localhost/"`
			`"ldapi:///"`
			`];`

			`users = import ../fudo/users.nix;`

			`groups = import ../fudo/groups.nix;`

			`system-users = import ../fudo/system-users.nix;`
			`};`

			`networking = {`
			`hostName = hostname;`

			`dhcpcd.enable = false;`
			`useDHCP = false;`
			`interfaces.enp4s0f0.useDHCP = true;`
			`interfaces.enp4s0f1.useDHCP = true;`

			`enableIPv6 = true;`

			`# Create a bridge for VMs to use`
			`macvlans = {`
			`extif0 = {`
			`interface = "enp4s0f0";`
			`mode = "bridge";`
			`};`
			`intif0 = {`
			`interface = "enp4s0f1";`
			`mode = "bridge";`
			`};`
			`};`

			`interfaces = {`
			`extif0 = {`
			`# result of: echo $FQDN-extif\|md5sum\|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'`
			`macAddress = "02:d4:e8:3b:10:2f";`
			`ipv4.addresses = [`
			`{`
			`address = "208.81.3.117";`
			`prefixLength = 28;`
			`}`
			`];`
			`};`
			`intif0 = {`
			`# result of: echo $FQDN-intif\|md5sum\|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'`
			`macAddress = "02:ba:ba:e9:08:21";`
			`ipv4.addresses = [`
			`{`
			`address = "192.168.11.1";`
			`prefixLength = 24;`
			`}`
			`];`
			`};`
			`};`
			`};`

			`hardware.bluetooth.enable = false;`

			`virtualisation.lxd = {`
			`enable = true;`
			`};`
			`}`