diff --git a/hive.nix b/hive.nix index 3ca7bae..427c671 100644 --- a/hive.nix +++ b/hive.nix @@ -59,6 +59,15 @@ in { ]; }; + kat-runner = { name, nodes, ... }: { + deployment.targetHost = "runner.kat"; + + imports = [ + ./machines/kat-runner/configuration.nix + (users.root { ssh = true; }) + ]; + }; + BOcal = { deployment.targetHost = "bocal.tmp"; imports = [ ./BOcal/configuration.nix ]; diff --git a/machines/kat-probook/configuration.nix b/machines/kat-probook/configuration.nix index 40233e1..a845e1d 100644 --- a/machines/kat-probook/configuration.nix +++ b/machines/kat-probook/configuration.nix @@ -67,6 +67,7 @@ tree lazygit nix-output-monitor + ripgrep ]; fonts.packages = with pkgs; [ fira-code-nerdfont diff --git a/machines/kat-r86s/configuration.nix b/machines/kat-r86s/configuration.nix index 140bf1f..8e79706 100644 --- a/machines/kat-r86s/configuration.nix +++ b/machines/kat-r86s/configuration.nix @@ -103,9 +103,11 @@ services.nginx = { enable = true; - virtualHosts."degette.katvayor.net".locations."/" = { - recommendedProxySettings = true; - proxyPass = "http://192.168.122.2/"; + virtualHosts = { + "degette.katvayor.net".locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://192.168.122.2/"; + }; }; streamConfig = '' server { diff --git a/machines/kat-r86s/router.nix b/machines/kat-r86s/router.nix index 9cd5752..397e88e 100644 --- a/machines/kat-r86s/router.nix +++ b/machines/kat-r86s/router.nix @@ -1,23 +1,29 @@ {config, lib, pkgs, ...}: { boot.kernel.sysctl."net.ipv4.ip_forward" = true; - networking.nat = { - enable = true; - internalInterfaces = [ "enp2s0" ]; - externalInterface = "enp1s0"; - }; +# networking.nat = { +# enable = true; +# internalInterfaces = [ "enp2s0" ]; +# externalInterface = "enp1s0"; +# }; networking.interfaces.enp2s0 = { useDHCP = false; ipv4.addresses = [{ address = "192.168.42.1"; prefixLength = 24; }]; }; + networking.interfaces.enp3s0 = { + useDHCP = false; + ipv4.addresses = [{ address = "192.168.222.1"; prefixLength = 24; }]; + ipv6.addresses = [{ address = "fd26:baf9:d250:8000::ffff"; prefixLength = 64; }]; + }; + services.dnsmasq = { enable = true; settings = { - interface = [ "enp2s0" ]; + interface = [ "enp3s0" ]; bind-dynamic = true; dhcp-option = "3,0.0.0.0"; - dhcp-range = "192.168.42.100,192.168.42.254,255.255.255.0,12h"; + dhcp-range = "192.168.222.100,192.168.222.254,255.255.255.0,infinite"; }; }; } diff --git a/machines/kat-runner/configuration.nix b/machines/kat-runner/configuration.nix new file mode 100644 index 0000000..4f5d3f3 --- /dev/null +++ b/machines/kat-runner/configuration.nix @@ -0,0 +1,74 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + time.timeZone = "Europe/Paris"; + + systemd.network = { + enable = true; + networks."10-enp1s0" = { + name = "enp1s0"; + address = [ "192.168.122.3/24" "fe80::3/64" ]; + routes = [ + { routeConfig.Gateway = "192.168.122.1"; } + { routeConfig.Gateway = "fe80::1"; } + ]; + }; + }; + + networking = { + useDHCP = false; + nameservers = [ + "192.168.122.1" + "fe80::1%enp1s0" + ]; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "fr"; + }; + + services.dbus.packages = with pkgs; [ dconf ]; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + wget + nix-search-cli + git + btop + ranger + screen + gnumake + ]; + + services.gitlab-runner = { + enable = true; + services.parkas = { + executor = "shell"; + registrationConfigFile = "/root/parkas-runner-secrets.toml"; + tagList = [ "test" "linux" "nix" ]; + }; + }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + networking.firewall.enable = false; + + system.stateVersion = "23.11"; +} + diff --git a/machines/kat-runner/hardware-configuration.nix b/machines/kat-runner/hardware-configuration.nix new file mode 100644 index 0000000..aa6f2bc --- /dev/null +++ b/machines/kat-runner/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/33eef82e-c54b-49a8-8f48-4dc28aab0fab"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6760-3980"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/modules/desktop/wall.jpg b/modules/desktop/wall.jpg index 37b1954..ba59863 100644 Binary files a/modules/desktop/wall.jpg and b/modules/desktop/wall.jpg differ diff --git a/modules/ssh.nix b/modules/ssh.nix index ef92212..a2cdfdd 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -27,6 +27,11 @@ hostname = "fe80::2%%virbr0"; proxyJump = "r86s.kat"; }; + "runner.kat" = { + user = "root"; + hostname = "fe80::3%%virbr0"; + proxyJump = "r86s.kat"; + }; "sas.ens" = { user = "lbailly"; @@ -51,7 +56,8 @@ }; "vault01.dgnum" = { user = "root"; - hostname = "vault01.hyp01.infra.dgnum.eu"; + proxyJump = "r86s.kat"; + hostname = "fd26:baf9:d250:8000::1"; }; }; };