machines: Integrate heinrich+labtop from labernix.

So far I'm not quite sure whether mailserver really belongs to labnet,
so I'm leaving it at the labernix subtree. Maybe it even makes sense to
just make it a profile until we have it on a real machine.

We no longer need common.nix for these machines, because it is already
done via callMachine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

3 files changed, 217 insertions, 0 deletions

diff --git a/machines/default.nix b/machines/default.nix
index baceb647..51f446b1 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -17,4 +17,8 @@ in {
     kzerza    = callMachine ./aszlig/kzerza.nix;
     tishtushi = callMachine ./aszlig/tishtushi.nix;
   };
+  labnet = {
+    heinrich = callMachine ./labnet/heinrich.nix;
+    labtop   = callMachine ./labnet/labtop.nix;
+  };
 }
diff --git a/machines/labnet/heinrich.nix b/machines/labnet/heinrich.nix
new file mode 100644
index 00000000..3eaddea5
--- /dev/null
+++ b/machines/labnet/heinrich.nix
@@ -0,0 +1,143 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  routes = {
+    moritz = {
+      id = 14;
+      address = "192.168.0.12";
+      prefixLength = 24;
+      gateway = "192.168.0.1";
+      destination = "144.76.143.122";
+    };
+
+    hotelturm = {
+      id = 8;
+      address = "10.11.77.5";
+      prefixLength = 24;
+      gateway = "10.11.77.16";
+      destination = "10.11.7.0/24";
+    };
+  };
+
+  internalIf = config.heinrich.internalInterface;
+  externalIf = config.heinrich.externalInterface;
+
+  mkRouteConfig = name: cfg: {
+    key = "routes-${name}";
+
+    networking.vlans.${name} = {
+      inherit (cfg) id;
+      interface = externalIf;
+    };
+
+    networking.interfaces.${name}.ip4 = singleton {
+      inherit (cfg) address prefixLength;
+    };
+
+    systemd.network.networks."40-${name}".routes = singleton {
+      routeConfig.Gateway = cfg.gateway;
+      routeConfig.Destination = cfg.destination;
+    };
+  };
+
+in {
+  imports = mapAttrsToList mkRouteConfig routes;
+
+  options.heinrich = {
+    internalInterface = mkOption {
+      type = types.str;
+      default = "enp7s0";
+      description = ''
+        The internal network interface where Heinrich is serving DHCP and DNS
+        requests.
+      '';
+    };
+
+    externalInterface = mkOption {
+      type = types.str;
+      default = "enp5s0";
+      description = ''
+        The external network interface where Heinrich is connected to the
+        internet.
+      '';
+    };
+  };
+
+  config = {
+    networking.useDHCP = false;
+    networking.interfaces.${externalIf}.ip4 = mkForce [];
+    networking.interfaces.${internalIf}.ip4 = lib.singleton {
+      address = "172.16.0.1";
+      prefixLength = 24;
+    };
+
+    services.dnsmasq.enable = true;
+    services.dnsmasq.resolveLocalQueries = false;
+    services.dnsmasq.extraConfig = ''
+      dhcp-range=172.16.0.100,172.16.0.254,12h
+
+      dhcp-option=3,172.16.0.1 # Gateway
+      dhcp-option=6,172.16.0.1 # DNS-server
+
+      local=/openlab.lan/
+      domain=openlab.lan
+
+      dhcp-leasefile=/var/db/dnsmasq/dhcp.leases
+    '';
+
+    systemd.services.dnsmasq-pre = {
+      description = "Pre-Init DNSMasq";
+      before = [ "dnsmasq.service" ];
+      wantedBy = [ "multi-user.target" ];
+      script = ''
+        mkdir -p /var/db/dnsmasq
+        chown dnsmasq:nogroup /var/db/dnsmasq
+      '';
+      serviceConfig.Type = "oneshot";
+      serviceConfig.RemainAfterExit = true;
+    };
+
+    users.motd = ''
+      0. Never touch a running system.
+      1. Dokumentiere alle trotz 0 erfolgten Änderungen im Github-Repo:
+         https://github.com/openlab-aux/labnetz-doku
+      2. Mit großer Macht geht große Verantwortung einher.
+      3. So weit!
+      4. ...
+      5. Reisst dir Hannes den Arsch auf, wenn Du die Punkte 0-2 ignorierst.
+    '';
+
+    # TODO: This is a dummy, replace it once we know about the real root fs.
+    fileSystems."/".label = "root";
+    boot.loader.grub.device = "nodev";
+
+    networking.useNetworkd = true;
+    networking.firewall.enable = false;
+    networking.nat.enable = true;
+    networking.nat.externalIP = routes.hotelturm.address;
+    networking.nat.externalInterface = "hotelturm";
+    networking.nat.internalIPs = [ "172.16.0.1/24" ];
+    networking.nat.internalInterfaces = [ internalIf ];
+
+    /* TODO!
+    services.openvpn.enable = true;
+    services.openvpn.servers.heinrich.config = ''
+      dev tun0
+      remote 144.76.143.122
+      ifconfig 10.9.8.2 10.9.8.1
+      secret /etc/openvpn/priv.key
+
+      comp-lzo
+
+      keepalive 10 60
+      ping-timer-rem
+      persist-tun
+      persist-key
+
+      route 0.0.0.0 0.0.0.0
+    '';
+    */
+  };
+}
diff --git a/machines/labnet/labtop.nix b/machines/labnet/labtop.nix
new file mode 100644
index 00000000..a66ceea3
--- /dev/null
+++ b/machines/labnet/labtop.nix
@@ -0,0 +1,70 @@
+{ pkgs, ... }:
+
+let
+  greybird = pkgs.stdenv.mkDerivation {
+    name = "greybird-xfce-theme";
+
+    src = pkgs.fetchFromGitHub {
+      repo = "Greybird";
+      owner = "shimmerproject";
+      rev = "61ec18d22780aa87998381599c941e0cf4f7bfb5";
+      sha256 = "03h8hba4lfp337a4drylcplrbggry9gz8dq1f3gjy25fhqkgvq05";
+    };
+
+    phases = [ "unpackPhase" "installPhase" ];
+
+    installPhase = ''
+      mkdir -p "$out/share/themes/Greybird" \
+               "$out/share/themes/Greybird-compact/xfwm4"
+      cp -vrt "$out/share/themes/Greybird" \
+        gtk-* metacity-1 unity xfce-notify-4.0 xfwm4
+      cp -vrt "$out/share/themes/Greybird-compact/xfwm4" \
+        xfwm4_compact/*
+    '';
+  };
+
+in {
+  i18n = {
+    consoleFont = "lat9w-16";
+    consoleKeyMap = "us";
+    defaultLocale = "de_DE.UTF-8";
+  };
+
+  # TODO: This is a dummy, replace it once we know about the real root fs.
+  fileSystems."/".label = "root";
+  boot.loader.grub.device = "nodev";
+
+  environment.systemPackages = [
+    greybird
+    #repetierhost <- TODO
+    pkgs.firefox
+    pkgs.gimp
+    pkgs.freecad
+    pkgs.openscad
+    #pkgs.pronterface <- TODO
+    pkgs.blender
+    pkgs.slic3r
+    pkgs.libreoffice
+    pkgs.inkscape
+    pkgs.filezilla
+    pkgs.gmpc
+    pkgs.vlc
+  ];
+
+  # TODO: Needed for slic3r right now.
+  nixpkgs.config.allowBroken = true;
+
+  services.xserver.enable = true;
+  services.xserver.layout = "us";
+  services.xserver.xkbOptions = "eurosign:e";
+
+  services.xserver.displayManager.auto.enable = true;
+  services.xserver.displayManager.auto.user = "openlab";
+  services.xserver.desktopManager.xfce.enable = true;
+
+  users.mutableUsers = false;
+  users.extraUsers.openlab = {
+    uid = 1000;
+    isNormalUser = true;
+  };
+}