nixos-config/config/host-config/lambda.nix

{ config, lib, pkgs, ... }:

let primaryIp = "10.0.0.11";

in {
  config = {
    boot = { loader.grub.copyKernels = true; };

    networking = {
      interfaces = {
        enp3s0f0.useDHCP = false;
        enp3s0f1.useDHCP = false;
        enp4s0f0.useDHCP = false;
        enp4s0f1.useDHCP = false;

        intif0 = {
          useDHCP = false;
          ipv4.addresses = [{
            address = primaryIp;
            prefixLength = 16;
          }];
        };
      };

      defaultGateway = {
        address = "10.0.0.1";
        interface = "intif0";
      };
    };

    environment = {
      etc = {
        nixos.source = "/etc/nixos-live";
        NIXOS.source = "/state/host/NIXOS";
      };
      systemPackages = with pkgs; [ nixopsUnstable openssl ];
    };

    security.sudo.extraConfig = ''
      # Due to rollback, sudo will lecture after every reboot
      Defaults lecture = never
    '';

    fudo = {
      secrets = {
        secret-group = "fudo-secrets";
        secret-users = [ "niten" ];
        secret-paths = [ "/secrets" ];
      };
      hosts.lambda.encrypted-filesystems.secrets = {
        encrypted-device =
          "/dev/disk/by-id/scsi-3600508b1001c2f439e343270a365a5bd-part1";
        key-path = "/state/secrets-key/key";
        filesystem-type = "btrfs";
        remove-key = false;
        type = "luks2";
        mountpoints = {
          "/secrets" = {
            options = [ "noatime" "compress=zstd" ];
            group = "fudo-secrets";
            users = [ "niten" ];
            world-readable = false;
          };
        };
      };
    };

    systemd = {
      tmpfiles.rules = [ "L /etc/adjtime - - - - /state/etc/adjtime" ];
    };
  };
}
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`{ config, lib, pkgs, ... }:`

Commit to move 2023-05-16 22:40:08 -07:00			`let primaryIp = "10.0.0.11";`
Added live disk flake 2022-03-16 09:49:35 -07:00
Defined informis deployment. Don't need so much info to deploy. 2021-04-18 23:24:01 -07:00			`in {`
Commit to move 2023-05-16 22:40:08 -07:00			`config = {`
			`boot = { loader.grub.copyKernels = true; };`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00
Commit to move 2023-05-16 22:40:08 -07:00			`networking = {`
			`interfaces = {`
			`enp3s0f0.useDHCP = false;`
			`enp3s0f1.useDHCP = false;`
			`enp4s0f0.useDHCP = false;`
			`enp4s0f1.useDHCP = false;`
Changes for lambda, fixes for sea.fudo.org 2021-07-26 12:09:47 -07:00
Commit to move 2023-05-16 22:40:08 -07:00			`intif0 = {`
			`useDHCP = false;`
			`ipv4.addresses = [{`
			`address = primaryIp;`
			`prefixLength = 16;`
			`}];`
			`};`
			`};`
Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00
Commit to move 2023-05-16 22:40:08 -07:00			`defaultGateway = {`
			`address = "10.0.0.1";`
			`interface = "intif0";`
			`};`
Changes for lambda, with tmpfs root 2021-07-20 18:28:12 -07:00			`};`
Commit to move 2023-05-16 22:40:08 -07:00
			`environment = {`
			`etc = {`
			`nixos.source = "/etc/nixos-live";`
			`NIXOS.source = "/state/host/NIXOS";`
			`};`
			`systemPackages = with pkgs; [ nixopsUnstable openssl ];`
Changes for lambda, with tmpfs root 2021-07-20 18:28:12 -07:00			`};`

Commit to move 2023-05-16 22:40:08 -07:00			`security.sudo.extraConfig = ''`
			`# Due to rollback, sudo will lecture after every reboot`
			`Defaults lecture = never`
			`'';`
Add factorio mod zips 2022-10-23 13:36:31 -07:00
Commit to move 2023-05-16 22:40:08 -07:00			`fudo = {`
			`secrets = {`
			`secret-group = "fudo-secrets";`
			`secret-users = [ "niten" ];`
			`secret-paths = [ "/secrets" ];`
			`};`
			`hosts.lambda.encrypted-filesystems.secrets = {`
			`encrypted-device =`
			`"/dev/disk/by-id/scsi-3600508b1001c2f439e343270a365a5bd-part1";`
			`key-path = "/state/secrets-key/key";`
			`filesystem-type = "btrfs";`
			`remove-key = false;`
			`type = "luks2";`
			`mountpoints = {`
			`"/secrets" = {`
			`options = [ "noatime" "compress=zstd" ];`
			`group = "fudo-secrets";`
			`users = [ "niten" ];`
			`world-readable = false;`
			`};`
			`};`
			`};`
Add factorio mod zips 2022-10-23 13:36:31 -07:00			`};`

Commit to move 2023-05-16 22:40:08 -07:00			`systemd = {`
			`tmpfiles.rules = [ "L /etc/adjtime - - - - /state/etc/adjtime" ];`
Add factorio mod zips 2022-10-23 13:36:31 -07:00			`};`
			`};`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`}`