nixos-config/hosts/procul.nix

{ config, pkgs, lib, ... }:

with lib;
let
  hostname = "procul";
  mail-hostname = hostname;
  host_ipv4 = "172.86.179.18";
  all-hostnames = [];

  acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";
  acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";
  acme-ca = "/etc/nixos/static/letsencryptauthorityx3.pem";

  fudo-ca = "/etc/nixos/static/fudo_ca.pem";

in {

  boot.loader.grub = {
    enable = true;
    version = 2;
    device = "/dev/sdb";
  };

  imports = [
    ../hardware-configuration.nix

    ../defaults.nix
  ];

  fudo.common = {
    # Sets some server-common settings. See /etc/nixos/fudo/profiles/...
    profile = "server";

    # Sets some common site-specific settings: gateway, monitoring, etc. See /etc/nixos/fudo/sites/...
    site = "joes";

    local-networks = [
      "172.86.179.18/29"
      "208.81.1.128/28"
      "208.81.3.112/28"
      "172.17.0.0/16"
      "127.0.0.0/8"
    ];
  };

  environment.systemPackages = with pkgs; [
    multipath-tools
  ];

  # Not all users need access to procul; don't allow LDAP-user access.
  fudo.authentication.enable = false;

  # TODO: not used yet
  fudo.acme.hostnames = all-hostnames;

  networking = {
    hostName = hostname;

    dhcpcd.enable = false;
    useDHCP = false;

    # TODO: fix IPv6
    enableIPv6 = true;

    # Create a bridge for VMs to use
    macvlans = {
      extif0 = {
        interface = "enp0s25";
        mode = "bridge";
      };
    };

    interfaces = {
      extif0 = {
        # result of:
        # echo $FQDN-extif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
        macAddress = "02:e2:b7:db:e8:af";
        ipv4.addresses = [
          {
            address = host_ipv4;
            prefixLength = 29;
          }
        ];
      };
    };
  };

  hardware.bluetooth.enable = false;
}
Updated for procul 2020-06-22 13:29:33 -07:00			`{ config, pkgs, lib, ... }:`

			`with lib;`
			`let`
			`hostname = "procul";`
			`mail-hostname = hostname;`
			`host_ipv4 = "172.86.179.18";`
			`all-hostnames = [];`

			`acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";`
			`acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";`
			`acme-ca = "/etc/nixos/static/letsencryptauthorityx3.pem";`

			`fudo-ca = "/etc/nixos/static/fudo_ca.pem";`

			`in {`

			`boot.loader.grub = {`
			`enable = true;`
			`version = 2;`
			`device = "/dev/sdb";`
			`};`

			`imports = [`
			`../hardware-configuration.nix`

			`../defaults.nix`
			`];`

			`fudo.common = {`
			`# Sets some server-common settings. See /etc/nixos/fudo/profiles/...`
			`profile = "server";`

			`# Sets some common site-specific settings: gateway, monitoring, etc. See /etc/nixos/fudo/sites/...`
			`site = "joes";`

			`local-networks = [`
			`"172.86.179.18/29"`
			`"208.81.1.128/28"`
			`"208.81.3.112/28"`
			`"172.17.0.0/16"`
			`"127.0.0.0/8"`
			`];`
			`};`

			`environment.systemPackages = with pkgs; [`
			`multipath-tools`
			`];`

			`# Not all users need access to procul; don't allow LDAP-user access.`
			`fudo.authentication.enable = false;`

			`# TODO: not used yet`
			`fudo.acme.hostnames = all-hostnames;`

			`networking = {`
			`hostName = hostname;`

			`dhcpcd.enable = false;`
			`useDHCP = false;`

			`# TODO: fix IPv6`
			`enableIPv6 = true;`

			`# Create a bridge for VMs to use`
			`macvlans = {`
			`extif0 = {`
			`interface = "enp0s25";`
			`mode = "bridge";`
			`};`
			`};`

			`interfaces = {`
			`extif0 = {`
			`# result of:`
			`# echo $FQDN-extif\|md5sum\|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'`
			`macAddress = "02:e2:b7:db:e8:af";`
			`ipv4.addresses = [`
			`{`
			`address = host_ipv4;`
			`prefixLength = 29;`
			`}`
			`];`
			`};`
			`};`
			`};`

			`hardware.bluetooth.enable = false;`
			`}`