106 lines
4 KiB
Nix
106 lines
4 KiB
Nix
|
{ lib, users, mods, pkgs, ... }:
|
||
|
let
|
||
|
machines = {
|
||
|
"54:bf:64:5d:33:5e" = "arturgo";
|
||
|
"54:bf:64:5d:33:f9" = "catvayor";
|
||
|
"54:bf:64:5d:32:d4" = "darksysy";
|
||
|
"48:4d:7e:d6:fa:1e" = "empraeleerup";
|
||
|
"48:4d:7e:d6:cf:57" = "glohuglohu";
|
||
|
"54:bf:64:5d:33:7e" = "h";
|
||
|
"54:bf:64:5d:32:b7" = "inutile.club";
|
||
|
"54:bf:64:5d:33:f5" = "jimmicrosoft";
|
||
|
"48:4d:7e:d6:fc:e8" = "krik";
|
||
|
"54:bf:64:5d:31:fd" = "loony";
|
||
|
};
|
||
|
distant-users = builtins.attrValues machines;
|
||
|
distant-users-id = builtins.genList (i: { name = builtins.elemAt distant-users i; uid = 2001 + i; }) (builtins.length distant-users);
|
||
|
remote_sys = (import (pkgs.path + "/nixos/lib/eval-config.nix") {
|
||
|
system = "x86_64-linux";
|
||
|
specialArgs = { inherit users mods; };
|
||
|
modules = [ (import ./net-user/configuration.nix distant-users-id) ];
|
||
|
});
|
||
|
remote_build = remote_sys.config.system.build;
|
||
|
json_maker = mac: user: pkgs.writeText "netboot-${mac}.json" ''
|
||
|
{
|
||
|
"kernel": "/kernel",
|
||
|
"initrd": [ "/initrd" ],
|
||
|
"cmdline": "init=${remote_build.toplevel}/init loglevel=4 systemd.setenv=BOCAL=${user}"
|
||
|
}
|
||
|
'';
|
||
|
json_ln = mac: json: ''ln -s ${json} $out/v1/boot/${mac}'';
|
||
|
cmds = [
|
||
|
"mkdir -p $out/v1/boot"
|
||
|
"ln -s ${remote_build.kernel}/bzImage $out/kernel"
|
||
|
"ln -s ${remote_build.netbootRamdisk}/initrd $out/initrd"
|
||
|
] ++ builtins.attrValues (builtins.mapAttrs json_ln (builtins.mapAttrs json_maker machines));
|
||
|
webroot = pkgs.runCommand "netboot-apiroot" {} (builtins.concatStringsSep "\n" cmds);
|
||
|
in {
|
||
|
users.groups.bocal.gid = 2000;
|
||
|
users.users = let
|
||
|
template = { name, uid }: {
|
||
|
inherit name;
|
||
|
value = {
|
||
|
isNormalUser = true;
|
||
|
inherit uid;
|
||
|
shell = pkgs.zsh;
|
||
|
group = "bocal";
|
||
|
homeMode = "750";
|
||
|
};
|
||
|
};
|
||
|
in builtins.listToAttrs (map template distant-users-id) // {
|
||
|
bocal = {
|
||
|
isNormalUser = true;
|
||
|
uid = 2000;
|
||
|
shell = pkgs.zsh;
|
||
|
group = "bocal";
|
||
|
homeMode = "750";
|
||
|
openssh.authorizedKeys.keys = [
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
|
||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvGR9LIJrb9fEIuYn4DMAiyPq0gZ/J8Hv/hIcszu0Tp vincent@vincent-ZB"
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
home-manager.users.bocal = {
|
||
|
home.stateVersion = "23.11";
|
||
|
imports = with mods.home; [ zsh neovim ];
|
||
|
programs.zsh.shellAliases = {
|
||
|
"redac" = "/home/bocal/bin/redac";
|
||
|
"faire" = "redac faire";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
services.pixiecore = {
|
||
|
enable = true;
|
||
|
openFirewall = true;
|
||
|
dhcpNoBind = true;
|
||
|
apiServer = "http://localhost:8000";
|
||
|
mode = "api";
|
||
|
listen = "192.168.222.1";
|
||
|
};
|
||
|
services.nfs.server = {
|
||
|
enable = true;
|
||
|
exports = let
|
||
|
template = { name, uid }: "/home/${name} 192.168.222.0/24(rw,nohide,insecure,no_subtree_check,anonuid=${builtins.toString uid},anongid=2000)";
|
||
|
in builtins.concatStringsSep "\n" ([
|
||
|
"/home/bocal 192.168.222.0/24(rw,nohide,insecure,no_subtree_check)"
|
||
|
] ++ map template distant-users-id);
|
||
|
};
|
||
|
services.dnsmasq = {
|
||
|
enable = true;
|
||
|
settings = {
|
||
|
interface = [ "netboot-client" ];
|
||
|
bind-dynamic = true;
|
||
|
dhcp-option = "3,0.0.0.0";
|
||
|
dhcp-range = "192.168.222.100,192.168.222.200,255.255.255.0,12h";
|
||
|
};
|
||
|
};
|
||
|
services.nginx = {
|
||
|
enable = true;
|
||
|
virtualHosts."localhost" = {
|
||
|
listen = [{ addr = "localhost"; port = 8000; }];
|
||
|
root = webroot;
|
||
|
};
|
||
|
};
|
||
|
}
|