diff options
Diffstat (limited to 'machines/labnet')
-rw-r--r-- | machines/labnet/heinrich.nix | 143 | ||||
-rw-r--r-- | machines/labnet/labtop.nix | 135 |
2 files changed, 278 insertions, 0 deletions
diff --git a/machines/labnet/heinrich.nix b/machines/labnet/heinrich.nix new file mode 100644 index 00000000..64601314 --- /dev/null +++ b/machines/labnet/heinrich.nix @@ -0,0 +1,143 @@ +{ config, lib, ... }: + +with lib; + +let + routes = { + moritz = { + id = 14; + address = "192.168.0.12"; + prefixLength = 24; + gateway = "192.168.0.1"; + destination = "144.76.143.122"; + }; + + hotelturm = { + id = 8; + address = "10.11.77.5"; + prefixLength = 24; + gateway = "10.11.77.16"; + destination = "10.11.7.0/24"; + }; + }; + + internalIf = config.vuizvui.machines.heinrich.internalInterface; + externalIf = config.vuizvui.machines.heinrich.externalInterface; + + mkRouteConfig = name: cfg: { + key = "routes-${name}"; + + networking.vlans.${name} = { + inherit (cfg) id; + interface = externalIf; + }; + + networking.interfaces.${name}.ip4 = singleton { + inherit (cfg) address prefixLength; + }; + + systemd.network.networks."40-${name}".routes = singleton { + routeConfig.Gateway = cfg.gateway; + routeConfig.Destination = cfg.destination; + }; + }; + +in { + imports = mapAttrsToList mkRouteConfig routes; + + options.vuizvui.machines.heinrich = { + internalInterface = mkOption { + type = types.str; + default = "enp7s0"; + description = '' + The internal network interface where Heinrich is serving DHCP and DNS + requests. + ''; + }; + + externalInterface = mkOption { + type = types.str; + default = "enp5s0"; + description = '' + The external network interface where Heinrich is connected to the + internet. + ''; + }; + }; + + config = { + networking.useDHCP = false; + networking.interfaces.${externalIf}.ip4 = mkForce []; + networking.interfaces.${internalIf}.ip4 = lib.singleton { + address = "172.16.0.1"; + prefixLength = 24; + }; + + services.dnsmasq.enable = true; + services.dnsmasq.resolveLocalQueries = false; + services.dnsmasq.extraConfig = '' + dhcp-range=172.16.0.100,172.16.0.254,12h + + dhcp-option=3,172.16.0.1 # Gateway + dhcp-option=6,172.16.0.1 # DNS-server + + local=/openlab.lan/ + domain=openlab.lan + + dhcp-leasefile=/var/db/dnsmasq/dhcp.leases + ''; + + systemd.services.dnsmasq-pre = { + description = "Pre-Init DNSMasq"; + before = [ "dnsmasq.service" ]; + wantedBy = [ "multi-user.target" ]; + script = '' + mkdir -p /var/db/dnsmasq + chown dnsmasq:nogroup /var/db/dnsmasq + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + }; + + users.motd = '' + 0. Never touch a running system. + 1. Dokumentiere alle trotz 0 erfolgten Änderungen im Github-Repo: + https://github.com/openlab-aux/labnetz-doku + 2. Mit großer Macht geht große Verantwortung einher. + 3. So weit! + 4. ... + 5. Reisst dir Hannes den Arsch auf, wenn Du die Punkte 0-2 ignorierst. + ''; + + # TODO: This is a dummy, replace it once we know about the real root fs. + fileSystems."/".label = "root"; + boot.loader.grub.device = "nodev"; + + networking.useNetworkd = true; + networking.firewall.enable = false; + networking.nat.enable = true; + networking.nat.externalIP = routes.hotelturm.address; + networking.nat.externalInterface = "hotelturm"; + networking.nat.internalIPs = [ "172.16.0.1/24" ]; + networking.nat.internalInterfaces = [ internalIf ]; + + /* TODO! + services.openvpn.enable = true; + services.openvpn.servers.heinrich.config = '' + dev tun0 + remote 144.76.143.122 + ifconfig 10.9.8.2 10.9.8.1 + secret /etc/openvpn/priv.key + + comp-lzo + + keepalive 10 60 + ping-timer-rem + persist-tun + persist-key + + route 0.0.0.0 0.0.0.0 + ''; + */ + }; +} diff --git a/machines/labnet/labtop.nix b/machines/labnet/labtop.nix new file mode 100644 index 00000000..65e3723d --- /dev/null +++ b/machines/labnet/labtop.nix @@ -0,0 +1,135 @@ +{ pkgs, lib, ... }: + +let + greybird = pkgs.stdenv.mkDerivation { + name = "greybird-xfce-theme"; + + src = pkgs.fetchFromGitHub { + repo = "Greybird"; + owner = "shimmerproject"; + rev = "61ec18d22780aa87998381599c941e0cf4f7bfb5"; + sha256 = "03h8hba4lfp337a4drylcplrbggry9gz8dq1f3gjy25fhqkgvq05"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + + installPhase = '' + mkdir -p "$out/share/themes/Greybird" \ + "$out/share/themes/Greybird-compact/xfwm4" + cp -vrt "$out/share/themes/Greybird" \ + gtk-* metacity-1 unity xfce-notify-4.0 xfwm4 + cp -vrt "$out/share/themes/Greybird-compact/xfwm4" \ + xfwm4_compact/* + ''; + }; + + modulesPath = "${import ../../nixpkgs-path.nix}/nixos/modules"; + +in { + imports = [ "${modulesPath}/installer/scan/not-detected.nix" ]; + + boot.loader.grub.device = "/dev/disk/by-id/ata-HITACHI_HTS722010K9SA00_080711DP0270DPGLVMPC"; + + boot.kernelModules = [ "kvm-intel" ]; + boot.initrd.availableKernelModules = [ + "uhci_hcd" "ehci_pci" "ata_piix" "firewire_ohci" "usb_storage" + ]; + + i18n = { + consoleFont = "lat9w-16"; + consoleKeyMap = "us"; + defaultLocale = "de_DE.UTF-8"; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/754fd3e3-2e04-4028-9363-0c6bb4c54367"; + fsType = "ext4"; + }; + + vuizvui.hardware.thinkpad.enable = true; + + environment.systemPackages = with pkgs; [ + #repetierhost <- TODO + ack + antimony + blender + filezilla + firefox + fish + freecad + gcc + gnome3.gedit + gimp + git + gmpc + vuizvui.greybird-xfce-theme + inkscape + ino + (libreoffice.overrideDerivation (lib.const { doCheck = false; })) + netcat-openbsd + openscad + printrun + python3 + screen + slic3r + tmux + vim + vlc + wget + ]; + + services.xserver = { + enable = true; + layout = "us"; + xkbOptions = "eurosign:e"; + + displayManager.auto.enable = true; + displayManager.auto.user = "openlab"; + desktopManager.xfce.enable = true; + # synaptics.enable = true; + # synaptics.minSpeed = "0.5"; + # synaptics.accelFactor = "0.01"; + }; + + + # hardware.trackpoint = { + # enable = true; + # emulateWheel = true; + # sensitivity = 130; + # speed = 350; + # }; + + + services.openssh.enable = true; + + networking.networkmanager.enable = true; + networking.enableIntel3945ABGFirmware = true; + networking.hostName = "labtop"; + networking.firewall = { + allowedTCPPorts = [ 1337 2342 ]; + allowedTCPPortRanges = [ { from = 8000; to = 8005; } ]; + allowPing = true; + }; + + nix.maxJobs = 2; + + users.mutableUsers = false; + users.extraUsers.openlab = { + uid = 1000; + isNormalUser = true; + password = "openlab"; + extraGroups = [ "wheel" "networkmanager" "dialout"]; + openssh.authorizedKeys.keys = lib.singleton (lib.concatStrings [ + + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJhthfk38lzDvoI7lPqRneI0yBpZEhLD" + "GRBpcXzpPSu+V0YlgrDix5fHhBl+EKfw4aeQNvQNuAky3pDtX+BDK1b7idbz9ZMCExy2a1" + "kBKDVJz/onLSQxiiZMuHlAljVj9iU4uoTOxX3vB85Ok9aZtMP1rByRIWR9e81/km4HdfZT" + "CjFVRLWfvo0s29H7l0fnbG9bb2E6kydlvjnXJnZFXX+KUM16X11lK53ilPdPJdm87VtxeS" + "KZ7GOiBz6q7FHzEd2Zc3CnzgupQiXGSblXrlN22IY3IWfm5S/8RTeQbMLVoH0TncgCeenX" + "H7FU/sXD79ypqQV/WaVVDYMOirsnh/ philip@nyx" + ]); + }; + + # fix for emacs + programs.bash.promptInit = "PS=\"# \""; +} |