This commit is contained in:
catvayor 2024-05-31 14:58:42 +02:00
parent 60ff7b5e8e
commit a36419634f
6 changed files with 0 additions and 486 deletions

View file

@ -1,56 +0,0 @@
{
config,
lib,
pkgs,
users,
...
}:
{
imports = [
./hardware-configuration.nix
./router.nix
./net_config.nix
(users.root { ssh = true; })
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "bcachefs" ];
boot.kernelPackages = pkgs.linuxPackages_latest;
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
services.dbus.packages = with pkgs; [ dconf ];
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
wget
brightnessctl
nix-search-cli
git
btop
ranger
dnsmasq
screen
];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.openssh.enable = true;
networking.firewall.enable = false;
networking.useDHCP = false;
system.stateVersion = "23.11";
}

View file

@ -1,50 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b56a6a08-60e7-4997-9f7b-05c58006e730";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3975-DEB6";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-uuid/b196b10b-5480-49b9-a6fb-ed2f21850815"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,168 +0,0 @@
distant-users-id:
{
pkgs,
lib,
users,
mods,
...
}:
{
imports = [
<nixos/nixos/modules/installer/netboot/netboot.nix>
<nixos/nixos/modules/installer/cd-dvd/channel.nix>
<home-manager/nixos>
(users.root { ssh = true; })
];
system.stateVersion = "23.11";
networking = {
hostName = "net-bocal";
firewall.enable = false;
};
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "fr_FR.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
environment.systemPackages = with pkgs; [ git ];
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
subject.isInGroup("bocal")
&& (
//action.id == "org.freedesktop.login1.chvt" ||
action.id == "org.freedesktop.accounts.change-own-password" ||
action.id == "org.freedesktop.locale1.set-keyboard" ||
action.id == "org.freedesktop.locale1.set-locale" ||
action.id == "org.freedesktop.login1.attach-device" ||
action.id == "org.freedesktop.login1.flush-devices" ||
action.id == "org.freedesktop.login1.halt" ||
action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
action.id == "org.freedesktop.login1.halt-multiple-sessions" ||
action.id == "org.freedesktop.login1.hibernate" ||
action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
action.id == "org.freedesktop.login1.inhibit-block-idle" ||
action.id == "org.freedesktop.login1.inhibit-block-shutdown" ||
action.id == "org.freedesktop.login1.inhibit-block-sleep" ||
action.id == "org.freedesktop.login1.inhibit-delay-shutdown" ||
action.id == "org.freedesktop.login1.inhibit-delay-sleep" ||
action.id == "org.freedesktop.login1.inhibit-handle-hibernate-key" ||
action.id == "org.freedesktop.login1.inhibit-handle-lid-switch" ||
action.id == "org.freedesktop.login1.inhibit-handle-power-key" ||
action.id == "org.freedesktop.login1.inhibit-handle-reboot-key" ||
action.id == "org.freedesktop.login1.inhibit-handle-suspend-key" ||
action.id == "org.freedesktop.login1.lock-sessions" ||
action.id == "org.freedesktop.login1.manage" ||
action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
action.id == "org.freedesktop.login1.reboot" ||
action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
action.id == "org.freedesktop.login1.set-reboot-parameter" ||
action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" ||
action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" ||
action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
action.id == "org.freedesktop.login1.set-self-linger" ||
action.id == "org.freedesktop.login1.set-user-linger" ||
action.id == "org.freedesktop.login1.set-wall-message" ||
action.id == "org.freedesktop.login1.suspend" ||
action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
action.id == "org.freedesktop.login1.suspend-multiple-sessions"
)
)
{
return polkit.Result.NO;
}
})
'';
users.groups.bocal.gid = 2000;
users.users =
let
template =
{ name, uid }:
{
inherit name;
value = {
isNormalUser = true;
inherit uid;
shell = pkgs.zsh;
group = "bocal";
homeMode = "750";
};
};
in
builtins.listToAttrs (map template distant-users-id)
// {
root.hashedPassword = "$y$j9T$GK2ejPfMgk0GlBqZX0aBo/$n3nds9zcBi8X8p9aG5Aywq1A.R6Bt/dIOccvfIdMM/1";
root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
];
};
home-manager.users =
let
template =
{ name, uid }:
{
inherit name;
value = {
home.stateVersion = "23.11";
imports = with mods.home; [
zsh
neovim
];
programs.zsh.profileExtra = "exec ${pkgs.plasma5Packages.plasma-workspace}/bin/startplasma-wayland";
programs.firefox.enable = true;
home.packages = with pkgs; [ gedit ];
};
};
in
builtins.listToAttrs (map template distant-users-id);
services.getty = {
loginProgram = pkgs.writeShellScript "autologin" ''
${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/nix/profiles/home-manager*
${pkgs.sudo}/bin/sudo -u $BOCAL rm /home/$BOCAL/.local/state/home-manager/gcroots/current-home
${pkgs.systemd}/bin/systemctl restart home-manager-''${BOCAL}.service
exec ${pkgs.shadow}/bin/login -f $BOCAL
'';
autologinUser = "bocal";
};
systemd.services.unlock = {
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.dbus}/bin/dbus-monitor --system "type='signal',interface='org.freedesktop.DBus.Properties',path_namespace='/org/freedesktop/login1/session'" | while read x; do
case "$x" in
*"boolean true"*) ${pkgs.systemd}/bin/loginctl unlock-sessions
esac
done
'';
};
services.xserver = {
enable = true;
xkb.layout = "fr";
desktopManager.plasma5.enable = true;
displayManager.lightdm.enable = false;
};
fileSystems =
let
template =
{ name, uid }:
{
name = "/home/${name}";
value = {
device = "192.168.222.1:/home/${name}";
fsType = "nfs";
};
};
in
{
"/home/bocal" = {
device = "192.168.222.1:/home/bocal";
fsType = "nfs";
};
}
// builtins.listToAttrs (map template distant-users-id);
}

View file

@ -1,139 +0,0 @@
{
lib,
users,
mods,
pkgs,
...
}:
let
machines = {
"54:bf:64:5d:33:5e" = "arturgo";
"54:bf:64:5d:33:f9" = "catvayor";
"54:bf:64:5d:32:d4" = "darksysy";
"48:4d:7e:d6:fa:1e" = "empraeleerup";
"48:4d:7e:d6:cf:57" = "glohuglohu";
"54:bf:64:5d:33:7e" = "h";
"54:bf:64:5d:32:b7" = "inutile.club";
"54:bf:64:5d:33:f5" = "jimmicrosoft";
"48:4d:7e:d6:fc:e8" = "krik";
"54:bf:64:5d:31:fd" = "loony";
};
distant-users = builtins.attrValues machines;
distant-users-id = builtins.genList (i: {
name = builtins.elemAt distant-users i;
uid = 2001 + i;
}) (builtins.length distant-users);
remote_sys = (
import (pkgs.path + "/nixos/lib/eval-config.nix") {
system = "x86_64-linux";
specialArgs = {
inherit users mods;
};
modules = [ (import ./net-user/configuration.nix distant-users-id) ];
}
);
remote_build = remote_sys.config.system.build;
json_maker =
mac: user:
pkgs.writeText "netboot-${mac}.json" ''
{
"kernel": "/kernel",
"initrd": [ "/initrd" ],
"cmdline": "init=${remote_build.toplevel}/init loglevel=4 systemd.setenv=BOCAL=${user}"
}
'';
json_ln = mac: json: ''ln -s ${json} $out/v1/boot/${mac}'';
cmds = [
"mkdir -p $out/v1/boot"
"ln -s ${remote_build.kernel}/bzImage $out/kernel"
"ln -s ${remote_build.netbootRamdisk}/initrd $out/initrd"
] ++ builtins.attrValues (builtins.mapAttrs json_ln (builtins.mapAttrs json_maker machines));
webroot = pkgs.runCommand "netboot-apiroot" { } (builtins.concatStringsSep "\n" cmds);
in
{
users.groups.bocal.gid = 2000;
users.users =
let
template =
{ name, uid }:
{
inherit name;
value = {
isNormalUser = true;
inherit uid;
shell = pkgs.zsh;
group = "bocal";
homeMode = "750";
};
};
in
builtins.listToAttrs (map template distant-users-id)
// {
bocal = {
isNormalUser = true;
uid = 2000;
shell = pkgs.zsh;
group = "bocal";
homeMode = "750";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvGR9LIJrb9fEIuYn4DMAiyPq0gZ/J8Hv/hIcszu0Tp vincent@vincent-ZB"
];
};
};
home-manager.users.bocal = {
home.stateVersion = "23.11";
imports = with mods.home; [
zsh
neovim
];
programs.zsh.shellAliases = {
"redac" = "/home/bocal/bin/redac";
"faire" = "redac faire";
};
};
services.pixiecore = {
enable = true;
openFirewall = true;
dhcpNoBind = true;
apiServer = "http://localhost:8000";
mode = "api";
listen = "192.168.222.1";
};
services.nfs.server = {
enable = true;
exports =
let
template =
{ name, uid }:
"/home/${name} 192.168.222.0/24(rw,nohide,insecure,no_subtree_check,anonuid=${builtins.toString uid},anongid=2000)";
in
builtins.concatStringsSep "\n" (
[ "/home/bocal 192.168.222.0/24(rw,nohide,insecure,no_subtree_check)" ]
++ map template distant-users-id
);
};
services.dnsmasq = {
enable = true;
settings = {
interface = [ "netboot-client" ];
bind-dynamic = true;
dhcp-option = "3,0.0.0.0";
dhcp-range = "192.168.222.100,192.168.222.200,255.255.255.0,12h";
};
};
services.nginx = {
enable = true;
virtualHosts."localhost" = {
listen = [
{
addr = "localhost";
port = 8000;
}
];
root = webroot;
};
};
}

View file

@ -1,64 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
systemd.network = {
enable = true;
networks = {
"uplink" = {
name = "eno1";
DHCP = "ipv4";
# networkConfig.IPMasquerade = "ipv4";
};
"10-enp2s0" = {
name = "enp2s0";
bridge = [ "netboot-client" ];
networkConfig = {
LLDP = false;
EmitLLDP = false;
LinkLocalAddressing = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"10-enp3s2" = {
name = "enp3s2";
bridge = [ "netboot-client" ];
networkConfig = {
LLDP = false;
EmitLLDP = false;
LinkLocalAddressing = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"11-netboot-client" = {
name = "netboot-client";
address = [ "192.168.222.1/24" ];
# dhcpServerConfig = {
# PoolOffset = 100;
# PoolSize = 100;
# BootServerAddress = "192.168.222.1";
# };
};
};
netdevs."10-client".netdevConfig = {
Name = "netboot-client";
Kind = "bridge";
};
};
networking.nameservers = [ "208.67.222.222" ];
networking.nat = {
enable = true;
internalInterfaces = [ "netboot-client" ];
externalInterface = "eno1";
};
services.netbird.enable = true;
}

View file

@ -90,15 +90,6 @@ in
]; ];
}; };
BOcal = {
deployment.targetHost = "bocal.tmp";
imports = [ ./BOcal/configuration.nix ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
];
};
kat-iso = kat-iso =
{ name, pkgs, ... }: { name, pkgs, ... }:
{ {