diff options
author | Alex Auvolat <alex@adnab.me> | 2021-11-01 22:56:32 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2021-11-01 22:56:32 +0100 |
commit | dac37b918bbf427a8f499c82ebb464c57ead6478 (patch) | |
tree | 2507db827c83940140385a495365423353873a04 | |
download | nixcfg-dac37b918bbf427a8f499c82ebb464c57ead6478.tar.gz nixcfg-dac37b918bbf427a8f499c82ebb464c57ead6478.zip |
Import initial Nix configuration files
-rw-r--r-- | configuration.nix | 111 | ||||
-rw-r--r-- | node/carcajou.nix | 24 | ||||
-rw-r--r-- | node/cariacou.nix | 24 | ||||
-rw-r--r-- | node/caribou.nix | 41 |
4 files changed, 200 insertions, 0 deletions
diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..d500108 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,111 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + # Configuration local for this cluster node (hostname, IP, etc) + ./node.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.timeout = 20; + boot.loader.efi.canTouchEfiVariables = true; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + + # Set your time zone. + time.timeZone = "Europe/Paris"; + + networking.extraHosts = '' +192.168.1.21 cariacou +192.168.1.22 carcajou +192.168.1.23 caribou +192.168.1.23 binarycache +192.168.1.23 binarycache.home.adnab.me + ''; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "sun12x22"; + keyMap = "fr"; + }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.lx = { + isNormalUser = true; + extraGroups = [ "wheel" "video" ]; # Enable ‘sudo’ for the user. + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim + tmux + wget + htop + links + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable network time + services.ntp.enable = true; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? +} + diff --git a/node/carcajou.nix b/node/carcajou.nix new file mode 100644 index 0000000..ae6b488 --- /dev/null +++ b/node/carcajou.nix @@ -0,0 +1,24 @@ +# Configuration file local to this node + +{ config, pkgs, ... }: + +{ + networking.hostName = "carcajou"; # Define your hostname. + + networking.interfaces.eno1.useDHCP = false; + networking.interfaces.eno1.ipv4.addresses = [ + { + address = "192.168.1.22"; + prefixLength = 24; + } + ]; + + nix = { + binaryCaches = [ + "http://binarycache.home.adnab.me" + ]; + binaryCachePublicKeys = [ + "binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw=" + ]; + }; +} diff --git a/node/cariacou.nix b/node/cariacou.nix new file mode 100644 index 0000000..5ed6154 --- /dev/null +++ b/node/cariacou.nix @@ -0,0 +1,24 @@ +# Configuration file local to this node + +{ config, pkgs, ... }: + +{ + networking.hostName = "cariacou"; # Define your hostname. + + networking.interfaces.eno1.useDHCP = false; + networking.interfaces.eno1.ipv4.addresses = [ + { + address = "192.168.1.21"; + prefixLength = 24; + } + ]; + + nix = { + binaryCaches = [ + "http://binarycache.home.adnab.me" + ]; + binaryCachePublicKeys = [ + "binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw=" + ]; + }; +} diff --git a/node/caribou.nix b/node/caribou.nix new file mode 100644 index 0000000..95b0d52 --- /dev/null +++ b/node/caribou.nix @@ -0,0 +1,41 @@ +# Configuration file local to this node + +{ config, pkgs, ... }: + +{ + networking.hostName = "caribou"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + networking.interfaces.eno1.useDHCP = false; + networking.interfaces.eno1.ipv4.addresses = [ + { + address = "192.168.1.23"; + prefixLength = 24; + } + ]; + networking.interfaces.enp0s20u1.useDHCP = true; + + # Enable nix-serve + services.nix-serve = { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; + + # Configure a Nginx web server to serve NixOS cache + services.nginx = { + enable = true; + virtualHosts = { + "binarycache.home.adnab.me" = { + serverAliases = [ "binarycache" ]; + locations."/".extraConfig = '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; +} |