From b73d9004052a90647647475ee46884b445e1f534 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 18 Mar 2015 12:36:04 +0100
Subject: machines: Integrate heinrich+labtop from labernix.

So far I'm not quite sure whether mailserver really belongs to labnet,
so I'm leaving it at the labernix subtree. Maybe it even makes sense to
just make it a profile until we have it on a real machine.

We no longer need common.nix for these machines, because it is already
done via callMachine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 machines/default.nix         |   4 ++
 machines/labnet/heinrich.nix | 143 +++++++++++++++++++++++++++++++++++++++++++
 machines/labnet/labtop.nix   |  70 +++++++++++++++++++++
 3 files changed, 217 insertions(+)
 create mode 100644 machines/labnet/heinrich.nix
 create mode 100644 machines/labnet/labtop.nix

(limited to 'machines')

diff --git a/machines/default.nix b/machines/default.nix
index baceb647..51f446b1 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -17,4 +17,8 @@ in {
     kzerza    = callMachine ./aszlig/kzerza.nix;
     tishtushi = callMachine ./aszlig/tishtushi.nix;
   };
+  labnet = {
+    heinrich = callMachine ./labnet/heinrich.nix;
+    labtop   = callMachine ./labnet/labtop.nix;
+  };
 }
diff --git a/machines/labnet/heinrich.nix b/machines/labnet/heinrich.nix
new file mode 100644
index 00000000..3eaddea5
--- /dev/null
+++ b/machines/labnet/heinrich.nix
@@ -0,0 +1,143 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  routes = {
+    moritz = {
+      id = 14;
+      address = "192.168.0.12";
+      prefixLength = 24;
+      gateway = "192.168.0.1";
+      destination = "144.76.143.122";
+    };
+
+    hotelturm = {
+      id = 8;
+      address = "10.11.77.5";
+      prefixLength = 24;
+      gateway = "10.11.77.16";
+      destination = "10.11.7.0/24";
+    };
+  };
+
+  internalIf = config.heinrich.internalInterface;
+  externalIf = config.heinrich.externalInterface;
+
+  mkRouteConfig = name: cfg: {
+    key = "routes-${name}";
+
+    networking.vlans.${name} = {
+      inherit (cfg) id;
+      interface = externalIf;
+    };
+
+    networking.interfaces.${name}.ip4 = singleton {
+      inherit (cfg) address prefixLength;
+    };
+
+    systemd.network.networks."40-${name}".routes = singleton {
+      routeConfig.Gateway = cfg.gateway;
+      routeConfig.Destination = cfg.destination;
+    };
+  };
+
+in {
+  imports = mapAttrsToList mkRouteConfig routes;
+
+  options.heinrich = {
+    internalInterface = mkOption {
+      type = types.str;
+      default = "enp7s0";
+      description = ''
+        The internal network interface where Heinrich is serving DHCP and DNS
+        requests.
+      '';
+    };
+
+    externalInterface = mkOption {
+      type = types.str;
+      default = "enp5s0";
+      description = ''
+        The external network interface where Heinrich is connected to the
+        internet.
+      '';
+    };
+  };
+
+  config = {
+    networking.useDHCP = false;
+    networking.interfaces.${externalIf}.ip4 = mkForce [];
+    networking.interfaces.${internalIf}.ip4 = lib.singleton {
+      address = "172.16.0.1";
+      prefixLength = 24;
+    };
+
+    services.dnsmasq.enable = true;
+    services.dnsmasq.resolveLocalQueries = false;
+    services.dnsmasq.extraConfig = ''
+      dhcp-range=172.16.0.100,172.16.0.254,12h
+
+      dhcp-option=3,172.16.0.1 # Gateway
+      dhcp-option=6,172.16.0.1 # DNS-server
+
+      local=/openlab.lan/
+      domain=openlab.lan
+
+      dhcp-leasefile=/var/db/dnsmasq/dhcp.leases
+    '';
+
+    systemd.services.dnsmasq-pre = {
+      description = "Pre-Init DNSMasq";
+      before = [ "dnsmasq.service" ];
+      wantedBy = [ "multi-user.target" ];
+      script = ''
+        mkdir -p /var/db/dnsmasq
+        chown dnsmasq:nogroup /var/db/dnsmasq
+      '';
+      serviceConfig.Type = "oneshot";
+      serviceConfig.RemainAfterExit = true;
+    };
+
+    users.motd = ''
+      0. Never touch a running system.
+      1. Dokumentiere alle trotz 0 erfolgten Änderungen im Github-Repo:
+         https://github.com/openlab-aux/labnetz-doku
+      2. Mit großer Macht geht große Verantwortung einher.
+      3. So weit!
+      4. ...
+      5. Reisst dir Hannes den Arsch auf, wenn Du die Punkte 0-2 ignorierst.
+    '';
+
+    # TODO: This is a dummy, replace it once we know about the real root fs.
+    fileSystems."/".label = "root";
+    boot.loader.grub.device = "nodev";
+
+    networking.useNetworkd = true;
+    networking.firewall.enable = false;
+    networking.nat.enable = true;
+    networking.nat.externalIP = routes.hotelturm.address;
+    networking.nat.externalInterface = "hotelturm";
+    networking.nat.internalIPs = [ "172.16.0.1/24" ];
+    networking.nat.internalInterfaces = [ internalIf ];
+
+    /* TODO!
+    services.openvpn.enable = true;
+    services.openvpn.servers.heinrich.config = ''
+      dev tun0
+      remote 144.76.143.122
+      ifconfig 10.9.8.2 10.9.8.1
+      secret /etc/openvpn/priv.key
+
+      comp-lzo
+
+      keepalive 10 60
+      ping-timer-rem
+      persist-tun
+      persist-key
+
+      route 0.0.0.0 0.0.0.0
+    '';
+    */
+  };
+}
diff --git a/machines/labnet/labtop.nix b/machines/labnet/labtop.nix
new file mode 100644
index 00000000..a66ceea3
--- /dev/null
+++ b/machines/labnet/labtop.nix
@@ -0,0 +1,70 @@
+{ pkgs, ... }:
+
+let
+  greybird = pkgs.stdenv.mkDerivation {
+    name = "greybird-xfce-theme";
+
+    src = pkgs.fetchFromGitHub {
+      repo = "Greybird";
+      owner = "shimmerproject";
+      rev = "61ec18d22780aa87998381599c941e0cf4f7bfb5";
+      sha256 = "03h8hba4lfp337a4drylcplrbggry9gz8dq1f3gjy25fhqkgvq05";
+    };
+
+    phases = [ "unpackPhase" "installPhase" ];
+
+    installPhase = ''
+      mkdir -p "$out/share/themes/Greybird" \
+               "$out/share/themes/Greybird-compact/xfwm4"
+      cp -vrt "$out/share/themes/Greybird" \
+        gtk-* metacity-1 unity xfce-notify-4.0 xfwm4
+      cp -vrt "$out/share/themes/Greybird-compact/xfwm4" \
+        xfwm4_compact/*
+    '';
+  };
+
+in {
+  i18n = {
+    consoleFont = "lat9w-16";
+    consoleKeyMap = "us";
+    defaultLocale = "de_DE.UTF-8";
+  };
+
+  # TODO: This is a dummy, replace it once we know about the real root fs.
+  fileSystems."/".label = "root";
+  boot.loader.grub.device = "nodev";
+
+  environment.systemPackages = [
+    greybird
+    #repetierhost <- TODO
+    pkgs.firefox
+    pkgs.gimp
+    pkgs.freecad
+    pkgs.openscad
+    #pkgs.pronterface <- TODO
+    pkgs.blender
+    pkgs.slic3r
+    pkgs.libreoffice
+    pkgs.inkscape
+    pkgs.filezilla
+    pkgs.gmpc
+    pkgs.vlc
+  ];
+
+  # TODO: Needed for slic3r right now.
+  nixpkgs.config.allowBroken = true;
+
+  services.xserver.enable = true;
+  services.xserver.layout = "us";
+  services.xserver.xkbOptions = "eurosign:e";
+
+  services.xserver.displayManager.auto.enable = true;
+  services.xserver.displayManager.auto.user = "openlab";
+  services.xserver.desktopManager.xfce.enable = true;
+
+  users.mutableUsers = false;
+  users.extraUsers.openlab = {
+    uid = 1000;
+    isNormalUser = true;
+  };
+}
-- 
cgit 1.4.1