From ddcc0baf1ba2005e0caba4fc25e60b0dd8cca993 Mon Sep 17 00:00:00 2001 From: catvayor Date: Wed, 7 Aug 2024 17:26:34 +0200 Subject: [PATCH] orchid --- hive.nix | 15 +++ machines/kat-manah/default.nix | 4 + machines/kat-orchid/default.nix | 119 ++++++++++++++++++ machines/kat-orchid/disks.nix | 33 +++++ .../kat-orchid/hardware-configuration.nix | 25 ++++ machines/kat-probook/default.nix | 2 +- machines/kat-watcher/default.nix | 1 + modules/ssh.nix | 5 + 8 files changed, 203 insertions(+), 1 deletion(-) create mode 100644 machines/kat-orchid/default.nix create mode 100644 machines/kat-orchid/disks.nix create mode 100644 machines/kat-orchid/hardware-configuration.nix diff --git a/hive.nix b/hive.nix index a255725..33a44db 100644 --- a/hive.nix +++ b/hive.nix @@ -167,6 +167,21 @@ in ]; }; + kat-orchid = + { users, ... }: + { + deployment = { + targetHost = "orchid.kat"; + tags = [ "kat-vms" ]; + }; + services.qemuGuest.enable = true; + boot.kernelParams = [ "console=ttyS0" ]; + imports = [ + ./machines/kat-orchid + (users.root { ssh = true; }) + ]; + }; + kat-iso = { users, diff --git a/machines/kat-manah/default.nix b/machines/kat-manah/default.nix index c459843..e224662 100644 --- a/machines/kat-manah/default.nix +++ b/machines/kat-manah/default.nix @@ -90,6 +90,10 @@ vm = "192.168.122.5"; sshport = null; }; + "orchid.katvayor.net" = { + vm = "192.168.122.6"; + sshport = 22042; + }; }; in { diff --git a/machines/kat-orchid/default.nix b/machines/kat-orchid/default.nix new file mode 100644 index 0000000..8a2b707 --- /dev/null +++ b/machines/kat-orchid/default.nix @@ -0,0 +1,119 @@ +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ + config, + lib, + pkgs, + mods, + ... +}: +{ + imports = [ + ./hardware-configuration.nix + ./disks.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.supportedFilesystems = [ "bcachefs" ]; + boot.kernelPackages = pkgs.linuxPackages_latest; + + time.timeZone = "Europe/Paris"; + + networking = { + interfaces."enp1s0" = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.122.6"; + prefixLength = 24; + } + ]; + ipv6.addresses = [ + { + address = "fe80::6"; + prefixLength = 64; + } + ]; + }; + defaultGateway = "192.168.122.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "enp1s0"; + }; + nameservers = [ + "192.168.122.1" + "fe80::1%enp1s0" + ]; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "fr"; + }; + + services.dbus.packages = with pkgs; [ dconf ]; + + nixpkgs.config.allowUnfree = true; + + programs.zsh.enable = true; + + environment.systemPackages = with pkgs; [ + wget + nix-search-cli + git + btop + ranger + screen + tree + ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh.enable = true; + + networking.firewall.enable = false; + + security.acme = { + acceptTerms = true; + defaults.email = "root@katvayor.net"; + }; + services.nginx = { + enable = true; + virtualHosts = { + "orchid.katvayor.net" = { + enableACME = true; + forceSSL = true; + locations."/static/" = { + alias = "/srv/orchid/"; + }; + }; + }; + }; + services.wordpress = { + webserver = "nginx"; + sites."orchid.katvayor.net" = { }; + }; + fileSystems."/home/orchid/content/www" = { + device = "/srv/orchid"; + options = [ "bind" ]; + }; + + users.users.orchid = { + isNormalUser = true; + shell = pkgs.zsh; + }; + home-manager.users.orchid = { + home.stateVersion = "23.11"; + imports = with mods.home; [ + neovim + zsh + ]; + }; + + system.stateVersion = "23.11"; +} diff --git a/machines/kat-orchid/disks.nix b/machines/kat-orchid/disks.nix new file mode 100644 index 0000000..6c59a85 --- /dev/null +++ b/machines/kat-orchid/disks.nix @@ -0,0 +1,33 @@ +{ + disko.devices = { + disk = { + vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "100M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "bcachefs"; + mountpoint = "/"; + mountOptions = [ "fsck" "fix_errors" ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/kat-orchid/hardware-configuration.nix b/machines/kat-orchid/hardware-configuration.nix new file mode 100644 index 0000000..e8da702 --- /dev/null +++ b/machines/kat-orchid/hardware-configuration.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/machines/kat-probook/default.nix b/machines/kat-probook/default.nix index ed332f0..2881268 100644 --- a/machines/kat-probook/default.nix +++ b/machines/kat-probook/default.nix @@ -89,7 +89,7 @@ programs.steam.enable = true; # boot.kernelModules = [ "kvm-intel" "kvm-amd" ]; - # programs.virt-manager.enable = true; + programs.virt-manager.enable = true; # virtualisation.libvirtd.enable = true; system.stateVersion = "23.11"; diff --git a/machines/kat-watcher/default.nix b/machines/kat-watcher/default.nix index d256550..ee8ccdc 100644 --- a/machines/kat-watcher/default.nix +++ b/machines/kat-watcher/default.nix @@ -70,6 +70,7 @@ "catvayor.sh" = null; "test.traque.katvayor.net" = null; "son.katvayor.net" = null; + "orchid.katvayor.net" = 22042; }; in { diff --git a/modules/ssh.nix b/modules/ssh.nix index 74f92f0..59dcebc 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -42,6 +42,11 @@ hostname = "fe80::5%%virbr0"; proxyJump = "manah.kat"; }; + "orchid.kat" = { + user = "root"; + hostname = "fe80::6%%virbr0"; + proxyJump = "manah.kat"; + }; "sas.ens" = { user = "lbailly";