90 lines
1.8 KiB
Nix
90 lines
1.8 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
let
|
|
hostname = "procul";
|
|
mail-hostname = hostname;
|
|
host_ipv4 = "172.86.179.18";
|
|
all-hostnames = [];
|
|
|
|
acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";
|
|
acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";
|
|
acme-ca = "/etc/nixos/static/letsencryptauthorityx3.pem";
|
|
|
|
fudo-ca = "/etc/nixos/static/fudo_ca.pem";
|
|
|
|
in {
|
|
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
version = 2;
|
|
device = "/dev/sdb";
|
|
};
|
|
|
|
imports = [
|
|
../hardware-configuration.nix
|
|
|
|
../defaults.nix
|
|
];
|
|
|
|
fudo.common = {
|
|
# Sets some server-common settings. See /etc/nixos/fudo/profiles/...
|
|
profile = "server";
|
|
|
|
# Sets some common site-specific settings: gateway, monitoring, etc. See /etc/nixos/fudo/sites/...
|
|
site = "joes";
|
|
|
|
local-networks = [
|
|
"172.86.179.18/29"
|
|
"208.81.1.128/28"
|
|
"208.81.3.112/28"
|
|
"172.17.0.0/16"
|
|
"127.0.0.0/8"
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
multipath-tools
|
|
];
|
|
|
|
# Not all users need access to procul; don't allow LDAP-user access.
|
|
fudo.authentication.enable = false;
|
|
|
|
# TODO: not used yet
|
|
fudo.acme.hostnames = all-hostnames;
|
|
|
|
networking = {
|
|
hostName = hostname;
|
|
|
|
dhcpcd.enable = false;
|
|
useDHCP = false;
|
|
|
|
# TODO: fix IPv6
|
|
enableIPv6 = true;
|
|
|
|
# Create a bridge for VMs to use
|
|
macvlans = {
|
|
extif0 = {
|
|
interface = "enp0s25";
|
|
mode = "bridge";
|
|
};
|
|
};
|
|
|
|
interfaces = {
|
|
extif0 = {
|
|
# result of:
|
|
# echo $FQDN-extif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
|
|
macAddress = "02:e2:b7:db:e8:af";
|
|
ipv4.addresses = [
|
|
{
|
|
address = host_ipv4;
|
|
prefixLength = 29;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
hardware.bluetooth.enable = false;
|
|
}
|