From 91f68b75015feaae42c54f0d2dfcee39125b8a8f Mon Sep 17 00:00:00 2001
From: sinavir <sinavir@sinavir.fr>
Date: Fri, 18 Oct 2024 11:05:12 +0200
Subject: [PATCH] feat(router02): init

---
 keys/default.nix                              |  1 +
 machines/router02/_configuration.nix          | 16 ++++++
 machines/router02/_hardware-configuration.nix | 49 +++++++++++++++++++
 machines/router02/networking.nix              | 18 +++++++
 machines/router02/secrets/secrets.nix         |  3 ++
 meta/network.nix                              |  7 +++
 meta/nodes.nix                                |  8 +++
 7 files changed, 102 insertions(+)
 create mode 100644 machines/router02/_configuration.nix
 create mode 100644 machines/router02/_hardware-configuration.nix
 create mode 100644 machines/router02/networking.nix
 create mode 100644 machines/router02/secrets/secrets.nix

diff --git a/keys/default.nix b/keys/default.nix
index 81dbd3f..b3df704 100644
--- a/keys/default.nix
+++ b/keys/default.nix
@@ -13,6 +13,7 @@ rec {
   #          If not, you will face an angry maintainer
   _keys = (import "${_sources.infrastructure}/keys")._keys // {
     krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ];
+    router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ];
   };
 
   getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
diff --git a/machines/router02/_configuration.nix b/machines/router02/_configuration.nix
new file mode 100644
index 0000000..0655177
--- /dev/null
+++ b/machines/router02/_configuration.nix
@@ -0,0 +1,16 @@
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [
+    # List of modules to enable
+  ];
+
+  enabledServices = [
+    # List of services to enable
+    "networking"
+  ];
+
+  extraConfig = { };
+
+  root = ./.;
+}
diff --git a/machines/router02/_hardware-configuration.nix b/machines/router02/_hardware-configuration.nix
new file mode 100644
index 0000000..3214702
--- /dev/null
+++ b/machines/router02/_hardware-configuration.nix
@@ -0,0 +1,49 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "ata_piix"
+        "uhci_hcd"
+        "virtio_pci"
+        "virtio_scsi"
+        "sd_mod"
+        "sr_mod"
+      ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/77ecdf8d-ecda-42ed-aa4f-caa78d5d5e06";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/A044-5792";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/machines/router02/networking.nix b/machines/router02/networking.nix
new file mode 100644
index 0000000..c494455
--- /dev/null
+++ b/machines/router02/networking.nix
@@ -0,0 +1,18 @@
+{
+  systemd.network = {
+    networks = {
+      "10-ens18" = {
+        name = "ens18";
+
+        networkConfig = {
+          Description = "ENS uplink";
+          Address = [ "129.199.146.34/24" ];
+          Gateway = "129.199.146.254";
+          LLDP = true;
+          # Only to the switch we are connected to directly, e.g. the hypervisor or the switch.
+          EmitLLDP = "nearest-bridge";
+        };
+      };
+    };
+  };
+}
diff --git a/machines/router02/secrets/secrets.nix b/machines/router02/secrets/secrets.nix
new file mode 100644
index 0000000..5e3898e
--- /dev/null
+++ b/machines/router02/secrets/secrets.nix
@@ -0,0 +1,3 @@
+(import ../../../keys).mkSecrets [ "router02" ] [
+  # List of secrets for router02
+]
diff --git a/meta/network.nix b/meta/network.nix
index 7bcaac6..4b992d9 100644
--- a/meta/network.nix
+++ b/meta/network.nix
@@ -21,4 +21,11 @@
     hostId = "bd11e8fc";
     netbirdIp = "100.80.103.206";
   };
+  router02 = {
+    interfaces = { };
+
+    addresses.ipv4 = [ "129.199.46.34" ];
+
+    hostId = "144d0f7a";
+  };
 }
diff --git a/meta/nodes.nix b/meta/nodes.nix
index c5b6763..e8d3526 100644
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@@ -28,4 +28,12 @@
     stateVersion = "24.05";
     nixpkgs = "unstable";
   };
+  router02 = {
+    site = "pav01";
+
+    hashedPassword = "$y$j9T$aFhOWa05W7VKeKt3Nc.nA1$uBOvG4wf7/yWjwOxO8NLf9ipCsAkS1.5cD2EJpLx57A";
+
+    stateVersion = "24.05";
+    nixpkgs = "24.05";
+  };
 }