diff options
| -rw-r--r-- | flake.nix | 1 | ||||
| -rw-r--r-- | machines/taupe/default.nix | 28 | ||||
| -rw-r--r-- | machines/taupe/devices.nix | 51 | ||||
| -rw-r--r-- | machines/taupe/hardware.nix | 37 | ||||
| -rw-r--r-- | machines/taupe/home.nix | 9 |
5 files changed, 126 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix index ed61eb6..4a943c3 100644 --- a/flake.nix +++ b/flake.nix @@ -53,6 +53,7 @@ machines = with systems; mkMachines [ { name = "corsac"; system = x86; tailscale.ip = "100.64.100.100"; } { name = "lapin"; system = arm; tailscale.ip = "100.83.254.27"; } + { name = "taupe"; system = arm; tailscale.ip = "100.103.211.75"; } { name = "renard"; system = x86; tailscale.ip = "100.75.17.75"; } { name = "fourmi"; system = arm; tailscale.ip = "100.99.119.83"; } ]; diff --git a/machines/taupe/default.nix b/machines/taupe/default.nix new file mode 100644 index 0000000..e4dce7d --- /dev/null +++ b/machines/taupe/default.nix @@ -0,0 +1,28 @@ +{ ... }: + +{ + imports = [ + ../../modules/common.nix + + ./hardware.nix + ./devices.nix + ]; + + foundation = { + www = { + enable = true; + + public = true; + tailnet = true; + }; + + monitoring = { + client.enable = true; + services = [ + "base" + ]; + }; + }; + + system.stateVersion = "25.05"; +} diff --git a/machines/taupe/devices.nix b/machines/taupe/devices.nix new file mode 100644 index 0000000..5dcfee1 --- /dev/null +++ b/machines/taupe/devices.nix @@ -0,0 +1,51 @@ +{ lib, ... }: + +{ + boot = { + loader.systemd-boot.enable = true; + kernelModules = [ "wireguard" ]; + }; + + zramSwap = { + enable = true; + algorithm = "zstd"; + swapDevices = 1; + memoryPercent = 50; + }; + + networking = { + useDHCP = false; + nameservers = [ + "1.1.1.1" "1.0.0.1" + "2606:4700:4700::1111" "2606:4700:4700::1001" + ]; + }; + + # Static IPv6 network configuration + # + soliciting of IPv4 via DHCP. + systemd.network.enable = true; + systemd.network.networks."10-wan" = { + name = "enp1s0"; + DHCP = "ipv4"; + address = [ "2a01:4f9:c012:dce::1" ]; + routes = [ { Gateway = "fe80::1"; } ]; + }; + + services.resolved = { + llmnr = "false"; + extraConfig = "MulticastDNS=no"; + dnssec = "false"; + }; + + virtualisation.docker.daemon.settings = { + "experimental" = true; + "ipv6" = true; + "ip6tables" = true; + "fixed-cidr-v6" = "fc00:d0c:b1b1::/48"; + "bip" = "172.17.0.1/24"; + "default-address-pools" = [ + { base = "172.17.0.0/16"; size = 24; } + { base = "fc00:d0c::/32"; size = 48; } + ]; + }; +} diff --git a/machines/taupe/hardware.nix b/machines/taupe/hardware.nix new file mode 100644 index 0000000..8ddf1b1 --- /dev/null +++ b/machines/taupe/hardware.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/555b9b22-25a3-47a7-8f28-94313b67d41f"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A79C-C5F9"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/machines/taupe/home.nix b/machines/taupe/home.nix new file mode 100644 index 0000000..8f27ed2 --- /dev/null +++ b/machines/taupe/home.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +{ + imports = [ + ../../modules/home/common.nix + ]; + + home.stateVersion = "25.05"; +} |