config-perso/BOcal/net_config.nix

106 lines
4 KiB
Nix
Raw Normal View History

2024-04-13 00:03:06 +02:00
{ lib, users, mods, pkgs, ... }:
let
machines = {
"54:bf:64:5d:33:5e" = "arturgo";
"54:bf:64:5d:33:f9" = "catvayor";
"54:bf:64:5d:32:d4" = "darksysy";
"48:4d:7e:d6:fa:1e" = "empraeleerup";
"48:4d:7e:d6:cf:57" = "glohuglohu";
"54:bf:64:5d:33:7e" = "h";
"54:bf:64:5d:32:b7" = "inutile.club";
"54:bf:64:5d:33:f5" = "jimmicrosoft";
"48:4d:7e:d6:fc:e8" = "krik";
"54:bf:64:5d:31:fd" = "loony";
};
distant-users = builtins.attrValues machines;
distant-users-id = builtins.genList (i: { name = builtins.elemAt distant-users i; uid = 2001 + i; }) (builtins.length distant-users);
remote_sys = (import (pkgs.path + "/nixos/lib/eval-config.nix") {
system = "x86_64-linux";
specialArgs = { inherit users mods; };
modules = [ (import ./net-user/configuration.nix distant-users-id) ];
});
remote_build = remote_sys.config.system.build;
json_maker = mac: user: pkgs.writeText "netboot-${mac}.json" ''
{
"kernel": "/kernel",
"initrd": [ "/initrd" ],
"cmdline": "init=${remote_build.toplevel}/init loglevel=4 systemd.setenv=BOCAL=${user}"
}
'';
json_ln = mac: json: ''ln -s ${json} $out/v1/boot/${mac}'';
cmds = [
"mkdir -p $out/v1/boot"
"ln -s ${remote_build.kernel}/bzImage $out/kernel"
"ln -s ${remote_build.netbootRamdisk}/initrd $out/initrd"
] ++ builtins.attrValues (builtins.mapAttrs json_ln (builtins.mapAttrs json_maker machines));
webroot = pkgs.runCommand "netboot-apiroot" {} (builtins.concatStringsSep "\n" cmds);
in {
users.groups.bocal.gid = 2000;
users.users = let
template = { name, uid }: {
inherit name;
value = {
isNormalUser = true;
inherit uid;
shell = pkgs.zsh;
group = "bocal";
homeMode = "750";
};
};
in builtins.listToAttrs (map template distant-users-id) // {
bocal = {
isNormalUser = true;
uid = 2000;
shell = pkgs.zsh;
group = "bocal";
homeMode = "750";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvGR9LIJrb9fEIuYn4DMAiyPq0gZ/J8Hv/hIcszu0Tp vincent@vincent-ZB"
];
};
};
home-manager.users.bocal = {
home.stateVersion = "23.11";
imports = with mods.home; [ zsh neovim ];
programs.zsh.shellAliases = {
"redac" = "/home/bocal/bin/redac";
"faire" = "redac faire";
};
};
services.pixiecore = {
enable = true;
openFirewall = true;
dhcpNoBind = true;
apiServer = "http://localhost:8000";
mode = "api";
listen = "192.168.222.1";
};
services.nfs.server = {
enable = true;
exports = let
template = { name, uid }: "/home/${name} 192.168.222.0/24(rw,nohide,insecure,no_subtree_check,anonuid=${builtins.toString uid},anongid=2000)";
in builtins.concatStringsSep "\n" ([
"/home/bocal 192.168.222.0/24(rw,nohide,insecure,no_subtree_check)"
] ++ map template distant-users-id);
};
services.dnsmasq = {
enable = true;
settings = {
interface = [ "netboot-client" ];
bind-dynamic = true;
dhcp-option = "3,0.0.0.0";
dhcp-range = "192.168.222.100,192.168.222.200,255.255.255.0,12h";
};
};
services.nginx = {
enable = true;
virtualHosts."localhost" = {
listen = [{ addr = "localhost"; port = 8000; }];
root = webroot;
};
};
}