diff --git a/machines/labcore01/_configuration.nix b/machines/labcore01/_configuration.nix new file mode 100644 index 0000000..5c0b9f5 --- /dev/null +++ b/machines/labcore01/_configuration.nix @@ -0,0 +1,16 @@ +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ + # List of modules to enable + ]; + + enabledServices = [ + # List of services to enable + "unbound" + ]; + + extraConfig = { }; + + root = ./.; +} diff --git a/machines/labcore01/_hardware-configuration.nix b/machines/labcore01/_hardware-configuration.nix new file mode 100644 index 0000000..ca89d67 --- /dev/null +++ b/machines/labcore01/_hardware-configuration.nix @@ -0,0 +1,49 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ ]; + }; + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/e2536e0b-2f60-467e-b4a4-dcea2a4928ce"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/913D-7694"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/17552e24-22de-4965-a1de-aa635e636f63"; } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/machines/labcore01/secrets/secrets.nix b/machines/labcore01/secrets/secrets.nix new file mode 100644 index 0000000..5e3898e --- /dev/null +++ b/machines/labcore01/secrets/secrets.nix @@ -0,0 +1,3 @@ +(import ../../../keys).mkSecrets [ "router02" ] [ + # List of secrets for router02 +] diff --git a/machines/labcore01/unbound.nix b/machines/labcore01/unbound.nix new file mode 100644 index 0000000..4e2e8a4 --- /dev/null +++ b/machines/labcore01/unbound.nix @@ -0,0 +1,20 @@ +{ + services.unbound = { + enable = true; + settings = { + server = { + verbosity = 5; + interface = [ "2a0e:e701:1120:1000::f:1" ]; + access-control = [ "2a0e:e701:1120::/48 allow" ]; + dns64-prefix = "64:ff9b::/96"; + do-nat64 = "yes"; + module-config = "\"dns64 validator iterator\""; + }; + }; + }; + networking = { + firewall = { + allowedUDPPorts = [ 53 ]; + }; + }; +} diff --git a/meta/network.nix b/meta/network.nix index c4a919f..fa7572c 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -21,6 +21,23 @@ hostId = "bd11e8fc"; netbirdIp = "100.80.103.206"; }; + labcore01 = { + interfaces = { + ens18 = { + ipv6 = [ + { + address = "2a0e:e701:1120:1000::f:1"; + prefixLength = 64; + } + ]; + + gateways = [ "2a0e:e701:1120:1000::1" ]; + enableDefaultDNS = true; + }; + }; + + hostId = "4a370ef4"; + }; router02 = { interfaces = { }; diff --git a/meta/nodes.nix b/meta/nodes.nix index e8d3526..ca40091 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -28,6 +28,14 @@ stateVersion = "24.05"; nixpkgs = "unstable"; }; + labcore01 = { + site = "pav01"; + + hashedPassword = "$y$j9T$aFhOWa05W7VKeKt3Nc.nA1$uBOvG4wf7/yWjwOxO8NLf9ipCsAkS1.5cD2EJpLx57A"; + + stateVersion = "24.05"; + nixpkgs = "24.05"; + }; router02 = { site = "pav01";