From 1df1e88f7985094243ceca7dcc5b36597e992581 Mon Sep 17 00:00:00 2001 From: Dustin Frisch Date: Tue, 30 May 2023 23:03:12 +0200 Subject: [PATCH] Progress --- .gitignore | 3 ++ .sops.yaml | 8 ++++- flake.lock | 16 ++++++++++ flake.nix | 10 +++++-- machines.nix | 51 ++++++++++++++++++-------------- machines/manager/autoinstall.nix | 5 ---- machines/manager/cache.nix | 2 +- machines/manager/default.nix | 25 ++++++---------- machines/manager/disk.nix | 27 ++++++++++++----- machines/manager/hardware.nix | 34 +++++++++++++++++++++ machines/manager/ldap.nix | 23 +++++++++----- machines/manager/netinstall.nix | 29 ++++++++++++++++++ machines/manager/network.nix | 13 ++++++++ machines/manager/nfs.nix | 4 +-- machines/node/default.nix | 16 ++++++---- machines/node/disk.nix | 29 +++++++++--------- machines/node/hardware.nix | 35 ++++++++++++++++++++++ machines/node/network.nix | 13 ++++++++ secrets.yaml | 31 ++++++++++++------- secrets/cache-priv-key.pem | 11 +++++-- shared/default.nix | 11 ++----- shared/network.nix | 13 +++++++- shared/{root.nix => users.nix} | 2 +- 23 files changed, 305 insertions(+), 106 deletions(-) create mode 100644 .gitignore delete mode 100644 machines/manager/autoinstall.nix create mode 100644 machines/manager/hardware.nix create mode 100644 machines/manager/netinstall.nix create mode 100644 machines/manager/network.nix create mode 100644 machines/node/hardware.nix create mode 100644 machines/node/network.nix rename shared/{root.nix => users.nix} (98%) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..07a5e66 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/.pre-commit-config.yaml +.gcroots +.direnv diff --git a/.sops.yaml b/.sops.yaml index 160b89e..8ddf506 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,11 @@ +keys: + - &admin_fooker 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE + - &server_manager age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn + creation_rules: - key_groups: - pgp: - - 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE + - *admin_fooker + age: + - *server_manager path_regex: ^(secrets\.yaml|secrets/.+)$ diff --git a/flake.lock b/flake.lock index fc4bbb6..b90a67d 100644 --- a/flake.lock +++ b/flake.lock @@ -165,6 +165,21 @@ "type": "github" } }, + "gather": { + "locked": { + "lastModified": 1685458852, + "narHash": "sha256-w05QjsDxebdO6Hsfp60Run3tECsI6ucwoS1pPR1YLbk=", + "owner": "fooker", + "repo": "gather.nix", + "rev": "cd099d749f2050370d0cc42a496d537e61b9a6f4", + "type": "github" + }, + "original": { + "owner": "fooker", + "repo": "gather.nix", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -368,6 +383,7 @@ "inputs": { "colmena": "colmena", "disko": "disko", + "gather": "gather", "nixago": "nixago", "nixpkgs": "nixpkgs", "pre-commit-hooks": "pre-commit-hooks", diff --git a/flake.nix b/flake.nix index f7f26e0..1a62a56 100644 --- a/flake.nix +++ b/flake.nix @@ -51,14 +51,20 @@ type = "github"; owner = "nix-community"; repo = "disko"; - + inputs.nixpkgs.follows = "nixpkgs"; }; + + gather = { + type = "github"; + owner = "fooker"; + repo = "gather.nix"; + }; }; outputs = { nixpkgs, utils, ... }@inputs: { colmena = import ./machines.nix inputs; - + devShell = utils.lib.eachSystemMap utils.lib.allSystems (system: let pkgs = nixpkgs.legacyPackages.${system}; diff --git a/machines.nix b/machines.nix index 31563c3..dfa60bd 100644 --- a/machines.nix +++ b/machines.nix @@ -1,33 +1,40 @@ -{ nixpkgs, disko, sops, ... }@inputs: +{ nixpkgs, disko, sops, gather, ... }@inputs: let deploymentPkgs = import nixpkgs { localSystem.system = "x86_64-linux"; }; -in with deploymentPkgs.lib; let - - mkMachine = type: opts: { lib, ... }: - let - machine = import ./machines/${type} opts; - in { - imports = [ - ./shared - ./modules - machine - sops.nixosModules.sops - disko.nixosModules.disko - ]; - }; +in +with deploymentPkgs.lib; let + + mkMachine = type: opts: { lib, ... }: + let + machine = import ./machines/${type} opts; + in + { + imports = [ + ./shared + ./modules + + machine + + disko.nixosModules.disko + sops.nixosModules.sops + gather.nixosModules.gather + ]; + }; machines = { - manager = mkMachine "manager" {}; - } // (listToAttrs (genList (i: nameValuePair - "node-${fixedWidthNumber 2 i}" - (mkMachine "node" { id = i; }) - ) 16)); + manager = mkMachine "manager" { }; + } // (listToAttrs (genList + (i: nameValuePair + "node-${fixedWidthNumber 2 i}" + (mkMachine "node" { id = i; }) + ) 16)); -in { +in +{ meta = { nixpkgs = deploymentPkgs; @@ -35,4 +42,4 @@ in { inherit inputs; }; }; -} // machines \ No newline at end of file +} // machines diff --git a/machines/manager/autoinstall.nix b/machines/manager/autoinstall.nix deleted file mode 100644 index fa58b0a..0000000 --- a/machines/manager/autoinstall.nix +++ /dev/null @@ -1,5 +0,0 @@ -# TFTP boot with shared image -# Requests store path to install from master -# Runs disko and nixos-install - -{} \ No newline at end of file diff --git a/machines/manager/cache.nix b/machines/manager/cache.nix index a7fdae6..df64ee3 100644 --- a/machines/manager/cache.nix +++ b/machines/manager/cache.nix @@ -15,7 +15,7 @@ enable = true; recommendedProxySettings = true; virtualHosts = { - "cache.hpc.informatik.hs-fulda.de" = { + "cache.${config.networking.domain}" = { locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; }; }; diff --git a/machines/manager/default.nix b/machines/manager/default.nix index 79c7dd2..7043369 100644 --- a/machines/manager/default.nix +++ b/machines/manager/default.nix @@ -1,31 +1,24 @@ -{ ... }: -{ lib, config, ... }: +_: +{ lib, config, ... }: with lib; { imports = [ + ./hardware.nix ./disk.nix + ./network.nix ./nfs.nix - #./ldap.nix + ./ldap.nix #./beegfs.nix - #./ntp.nix + ./ntp.nix #./gateway.nix - #./autoinstall.nix - #./cache.nix + #./netinstall.nix + ./cache.nix ]; - users.users."root".password = "asdasd123"; - - virtualisation.useDefaultFilesystems = false; - virtualisation.fileSystems."/" = { - device = config.virtualisation.bootDevice; - fsType = "btrfs"; - autoFormat = true; - }; - deployment = { - targetHost = "10.32.30.240"; + targetHost = "10.32.30.93"; targetUser = "root"; tags = [ "manager" ]; diff --git a/machines/manager/disk.nix b/machines/manager/disk.nix index e686c41..8d693bd 100644 --- a/machines/manager/disk.nix +++ b/machines/manager/disk.nix @@ -1,31 +1,44 @@ -{ ... }: - { disko.devices = { - disk.sda = { - device = "/dev/nvme0n1"; + disk."system" = { + device = "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:1:1:0"; type = "disk"; content = { type = "table"; format = "gpt"; partitions = [ { + index = 1; name = "root"; start = "100MiB"; - end = "100%"; + end = "-4GB"; part-type = "primary"; + fs-type = "btrfs"; bootable = true; content = { type = "filesystem"; - format = "ext4"; - #format = "btrfs"; + format = "btrfs"; mountpoint = "/"; }; } { + index = 2; + name = "swap"; + start = "-4G"; + end = "100%"; + part-type = "primary"; + fs-type = "linux-swap"; + content = { + type = "swap"; + randomEncryption = true; + }; + } + { + index = 3; name = "ESP"; start = "1MiB"; end = "100MiB"; + fs-type = "fat32"; bootable = true; content = { type = "filesystem"; diff --git a/machines/manager/hardware.nix b/machines/manager/hardware.nix new file mode 100644 index 0000000..90c504b --- /dev/null +++ b/machines/manager/hardware.nix @@ -0,0 +1,34 @@ +{ lib, pkgs, config, modulesPath, ... }: + +with lib; + +{ + imports = [ + "${modulesPath}/installer/scan/not-detected.nix" + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.systemd.enable = true; + + boot.initrd.availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ata_piix" + "mptsas" + "usb_storage" + "usbhid" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; +} diff --git a/machines/manager/ldap.nix b/machines/manager/ldap.nix index d4c2dd1..14e720e 100644 --- a/machines/manager/ldap.nix +++ b/machines/manager/ldap.nix @@ -1,5 +1,12 @@ -{ config, ... }: +{ lib, config, ... }: +with lib; + +let + baseDN = concatMapStringsSep "," + (part: "dc=${part}") + (splitString "." config.networking.domain); +in { services.openldap = { enable = true; @@ -17,10 +24,10 @@ olcDatabase = "{1}mdb"; olcDbDirectory = "/var/lib/openldap/db"; - - olcSuffix = "dc=sc,dc=informatik,dc=hs-fulda,dc=de"; - - olcRootDN = "cn=root,dc=sc,dc=informatik,dc=hs-fulda,dc=de"; + + olcSuffix = baseDN; + + olcRootDN = "cn=root,${baseDN}"; olcRootPW.path = config.sops.secrets."ldap/root/password".path; olcAccess = [ @@ -40,5 +47,7 @@ }; }; - sops.secrets."ldap/root/password" = { }; -} \ No newline at end of file + sops.secrets."ldap/root/password" = { + owner = "openldap"; + }; +} diff --git a/machines/manager/netinstall.nix b/machines/manager/netinstall.nix new file mode 100644 index 0000000..29d3c34 --- /dev/null +++ b/machines/manager/netinstall.nix @@ -0,0 +1,29 @@ +# TFTP boot with shared image +# Requests store path to install from master +# Runs disko and nixos-install + +{ pkgs, lib, config, ... }: + +{ + services.pixiecore = { + enable = true; + mode = "api"; + dhcpNoBind = true; + debug = true; + statusPort = 6080; + apiServer = "http://boot.${config.networking.domain}/pixiecore"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "boot.${config.networking.domain}" = { + locations."/status".proxyPass = "http://localhost:${toString config.services.pixiecore.statusPort}"; + locations."/pixiecore" = { + root = "/srv/pixieboot"; + }; + }; + }; + }; +} diff --git a/machines/manager/network.nix b/machines/manager/network.nix new file mode 100644 index 0000000..78005cd --- /dev/null +++ b/machines/manager/network.nix @@ -0,0 +1,13 @@ +{ + networking.interfaces."enp11s0f0" = { + ipv4.addresses = [{ + address = "10.32.30.93"; + prefixLength = 24; + }]; + }; + + networking.defaultGateway = { + address = "10.32.30.1"; + interface = "enp11s0f0"; + }; +} diff --git a/machines/manager/nfs.nix b/machines/manager/nfs.nix index 37a4c7d..e61ccb2 100644 --- a/machines/manager/nfs.nix +++ b/machines/manager/nfs.nix @@ -1,8 +1,8 @@ -{ +{ config, ... }: { services.nfs.server = { enable = true; exports = '' - /home node*.hpc.informatik.hs-fulda.de(rw) + /home node*.${config.networking.domain}(rw) ''; }; } diff --git a/machines/node/default.nix b/machines/node/default.nix index c13e4d7..0faac4a 100644 --- a/machines/node/default.nix +++ b/machines/node/default.nix @@ -1,24 +1,30 @@ { id, ... }: -{ lib, ... }: +{ lib, config, ... }: with lib; { imports = [ + ./hardware.nix ./disk.nix + ./network.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + deployment = { + targetHost = "10.32.30.94"; + targetUser = "root"; + + tags = [ "node" ]; + }; networking.hostName = "node-${fixedWidthNumber 2 id}"; nix.settings = { substituters = [ - "http://cache.hpc.informatik.hs-fulda.de" + "http://cache.${config.networking.domain}" ]; trusted-public-keys = [ - "cache.hpc.informatik.hs-fulda.de:dc2abEGJAQfaZiBXhjvjPU0jx/wosQwAOQoz48/G6cA=" + "cache.${config.networking.domain}:dc2abEGJAQfaZiBXhjvjPU0jx/wosQwAOQoz48/G6cA=" ]; }; } diff --git a/machines/node/disk.nix b/machines/node/disk.nix index 897bf89..257e5a9 100644 --- a/machines/node/disk.nix +++ b/machines/node/disk.nix @@ -1,19 +1,19 @@ -{ ... }: - { disko.devices = { - disk.sda = { - device = "/dev/sda"; + disk."system" = { + device = "/dev/disk/by-path/pci-0000:00:11.0-ata-1"; type = "disk"; content = { type = "table"; - format = "gpt"; + format = "msdos"; partitions = [ { + index = 1; name = "root"; - start = "100MiB"; - end = "100%"; + start = "1MB"; + end = "-4GB"; part-type = "primary"; + fs-type = "btrfs"; bootable = true; content = { type = "filesystem"; @@ -22,14 +22,15 @@ }; } { - name = "ESP"; - start = "1MiB"; - end = "100MiB"; - bootable = true; + index = 2; + name = "swap"; + start = "-4G"; + end = "100%"; + part-type = "primary"; + fs-type = "linux-swap"; content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; + type = "swap"; + randomEncryption = true; }; } ]; diff --git a/machines/node/hardware.nix b/machines/node/hardware.nix new file mode 100644 index 0000000..f07b410 --- /dev/null +++ b/machines/node/hardware.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, config, modulesPath, ... }: + +with lib; + +{ + imports = [ + "${modulesPath}/installer/scan/not-detected.nix" + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + boot.initrd.systemd.enable = true; + + boot.initrd.availableKernelModules = [ + "ahci" + "ohci_pci" + "ehci_pci" + "pata_atiixp" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + hardware.enableRedistributableFirmware = true; + hardware.cpu.amd.updateMicrocode = true; +} diff --git a/machines/node/network.nix b/machines/node/network.nix new file mode 100644 index 0000000..c6c3b56 --- /dev/null +++ b/machines/node/network.nix @@ -0,0 +1,13 @@ +{ + networking.interfaces."enp2s0f0" = { + ipv4.addresses = [{ + address = "10.32.30.94"; + prefixLength = 24; + }]; + }; + + networking.defaultGateway = { + address = "10.32.30.1"; + interface = "enp2s0f0"; + }; +} diff --git a/secrets.yaml b/secrets.yaml index e9ea2f2..15f516a 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -8,23 +8,32 @@ sops: gcp_kms: [] azure_kv: [] hc_vault: [] - age: [] + age: + - recipient: age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL2N1SVQzcVFHRC9KRmM4 + Wmd0dVE1TmIxZTR3QmhVbnRxT21kcFA4VEJVCnhrRUY0d2xJVFdaR2xRQXBEM2t2 + Qllha1AvRGxFNWxta1JNSzBNSUNIdjQKLS0tIEJ2TWpnTFArdzhPU2JIZjlhOGVy + REpyVVlBL3BMSnF5QThBSGxNSEVGNHcKWqozLpGac2RlrpmR9DuJTcD4ue5zjwnz + b0eyJ2gD3gr81zG9DSifjLg8BLyt1mSml4wia5uHOP4DxhX4EOLDJw== + -----END AGE ENCRYPTED FILE----- lastmodified: "2023-05-29T12:51:30Z" mac: ENC[AES256_GCM,data:02jKHbEZGs3QiNzXEQxcB8v/i5UVB/pCciz4hSI220+GEYPgQK6qR1cZJaMAyrHKjzJLhNZq3Gfgsj4zfA+FMg/d12vp2QNTMRrVD/hSh67NgloZ/iTmJC//S8OJfiHEPdGKkq7zXCVajnkGMT/0yLNWAKISAwL451ohgMzMQYw=,iv:8hqKXUolNA7WatnnYwwUN2EgOyZjTISG2bfToENYc7c=,tag:5y43RQJgZbPK8g3Cw8CBzQ==,type:str] pgp: - - created_at: "2023-05-24T20:04:49Z" + - created_at: "2023-05-30T15:22:50Z" enc: | -----BEGIN PGP MESSAGE----- - hQEMA5ntoryXZPD4AQf6A69nF8BRpYRdz3ea8acqryKoMe5p2A44drykDQR0NO9r - I6j0Hg9AksgC+rGRIQtCuj18gYybDFXgYLCE8MYfgh2NSyqeGzq2+kPDqAXRong/ - Wrg1+KRlDbvIqH7IZ5BS40TGdphh/U8BIUcO8N4tgP60G6C7z9FqfjiA5YByqau3 - 7uAtKg3kR6lL13Cf0AUnMrQ8AOZ+6p+BwdTcXeUW2bScw8ScbEQsw/MtoiEN9Een - jvPhqTczdcZLIgTV+DvmimwYmH8xwFiMNFBrt4uzsBMv9N4pb0EzL8TcKIOuE8iw - YserGEi/sMx5QzqYmS2yPvNxwcXsZi28SQrHOs4Lv9JeAdpqwrqJjAaV3pN0OgSy - 31XV/oDL8GJ3SfNqUZEULB06gkemRZscehMOi0tN+UX1gd7fJGsqsDK6geuqpShP - IpfMLriGoQb6Zy4fwEq9N5+AfWXfSZ9Kb8ab8ksvuA== - =Wm8a + hQEMA5ntoryXZPD4AQf/csXiLfUOCPX0jNdz6V2YzStTD1tiYM8+SyqS433ZC8ii + CR1vD5UlrXHEzfXX5Wt1iHO6Y5BCtvv4nVOaYPldV0n17FisXhAbKciTj5Om43uu + rbfY2xgHdZaFU3nMC147xDh5cOVa297mOY6jaCDX2bpfxp35NYz2vUNyfevG61Tl + sT6y0ISi2eN+x4xmlbDBs7/8LLiwjXvJu3UBXcEYNK18lYzALVPZWeCQvM5ALGS7 + IC/vw6lhudNGXCSiT4SyPuQgIvFEyQvmIx4a/N35EARp6bXHH6gHalgJBTmulKaT + DGwewIjEw6FdmdLO4r3bpC7FvS0Pllo6HFTxh7OkVtJeASYywgWX1n/O6xT4pisQ + 5dHHYoPtEe3wnuF/xb+mRsidGdKG3Tiu6rA3SoFbK6m7QSHOaDgsC8hDVDLw1XBs + FIJWhBoHIodOj+aaScZmFGZnJAbwhYiYrmZs8qJdtg== + =Vjvo -----END PGP MESSAGE----- fp: 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE unencrypted_suffix: _unencrypted diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem index 89fd7b6..db56f8c 100644 --- a/secrets/cache-priv-key.pem +++ b/secrets/cache-priv-key.pem @@ -5,13 +5,18 @@ "gcp_kms": null, "azure_kv": null, "hc_vault": null, - "age": null, + "age": [ + { + "recipient": "age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bkJEK1lXZDRpbHd1WXNL\nYkdId3NicUwrK09ScVVuWnhIUjA3QTRXZDA0CkticldtQUUvK1E2emhLckxDaklx\nNDdMT2VxOGVSdEwxS1FZRldYMzRvQmcKLS0tIE5UeUFVVGVrdEkxNUltYUs5RUNV\nSEIwNzFXUk4xZStiYm5JRWRZUDBPblEKjM4GZg+YPgoQl9pXp7SM1SOBO1vH1rfb\nEWIHIZc5kx2VPnD+jSUqqFApZuPSpDtdyWXJWJQLIWBOXeUmx/KJKA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], "lastmodified": "2023-05-26T08:59:34Z", "mac": "ENC[AES256_GCM,data:8h8NREXye3DDL7DpvT7sVr1lyaAfEgDwOoaDMuCzzRyHFWPSELQHnjLjEjmexoRrrsE/U608/h62PU7m9EDSYuWlJsvuNBZ+HezR/Ve8oFrZ5ZE3HIoEt2aeM2enSEHGP+aYFL4jEZJJDn9xoW3chFu3JLTSez0NOAhuejghjnU=,iv:Dfxlfa/mwKswYL077oPV+rylKk5y67qKPz+6UFCje9c=,tag:lmM0U8H5FlVRMO51mqTZgg==,type:str]", "pgp": [ { - "created_at": "2023-05-26T08:54:32Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA5ntoryXZPD4AQf/WmHVgATZ4cl/zI+aRMYGrWyAHAWJ/gtXzTbY2oGHdonw\nx4+5XBsFg28JcJXlI9Aq643e8+/2BPie4tawyrNfWBcaovHbFzEvc4EK0wPbx0Ax\nYW2P237lKyCfOhC4uzeghlr/IpX+SGZGvSDmg6R99/sXZ8pnPFG6PwPp2rdE1JMJ\nZRupMzZfSgJWgZXQIxJhiymHh1ddAMGuLhDzRSj7eVZiN8kl39Y0wEKzmCqCSvIl\n5nn3EmGsB2sSNo8W6C91WQRyxRBP48wWUSZ0P7lHXQEqJW9ioLGq+1qLaL2ZVA3h\nr++vjXf+v9yIsOSGVJAehVV4rXF1pJJJSDMewG6bJdJeAQOiR8+mLvdtwIQOfEFM\nQVvNJ6RfRKSYIrRxBqBJx4vDKTUtktmcBRZJazB7s+TWkhAtrFHyZXCcO9L9Uz7/\nePJ8xD8z6SDZTUa7Y2mJx416mVZwvz7yEWThIBrGGA==\n=Xn2g\n-----END PGP MESSAGE-----\n", + "created_at": "2023-05-30T15:22:58Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA5ntoryXZPD4AQf+M9eb4mKfNadMmoAZ/OHOpKTl52jUDympCZblXF6yHS+8\ny7uchp+69vtXif+ZPLC+NMEZLtAnwPG3KhBXTK5c+6+dqZN4DI3MvGq1HKy3nEU0\nDqk2vQKPH29EvsVO4QgEZqGoNRVW7MXHzcq8WYKkKWXvNRcGzNPANqp1pCS+Chns\neeFCVynsd7QUTYkvSw1/BZuMY135+Ubd2Vm9At6GI6xI87KTVQh/o+vFKQpdnRHj\nENuPBF2z4TbZHweH4gGYibfdiWsyWzAlu7G9OtNww+AdoydctaMDeH+N4LGCCqBS\nnLfNY7aRYfLxQ/zcuPhzl1jiJeQeLcMiXyssoyNwRtJeASov2wKOpLAYlSVE+frW\n4CY9iw2694Cidw66l2i15hk/Q9IiUSPYpghdiowVvZgNnNaAl8TYhcN08uPFhLvT\nASzWUOwnhgVTu11bhqYEIjt3tY4JrKzynY8tDy+Z3Q==\n=ZSOF\n-----END PGP MESSAGE-----\n", "fp": "3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE" } ], diff --git a/shared/default.nix b/shared/default.nix index 6a830e3..db0a40b 100644 --- a/shared/default.nix +++ b/shared/default.nix @@ -3,9 +3,9 @@ { imports = [ ./network.nix - ./root.nix - - #"${modulesPath}/profiles/headless.nix" + ./users.nix + + "${modulesPath}/profiles/headless.nix" "${modulesPath}/profiles/all-hardware.nix" ]; @@ -16,11 +16,6 @@ age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.systemd.enable = true; - time.timeZone = "Europe/Berlin"; console.keyMap = "de"; diff --git a/shared/network.nix b/shared/network.nix index 56f260d..f36a3e1 100644 --- a/shared/network.nix +++ b/shared/network.nix @@ -1,7 +1,18 @@ +{ config, ... }: + { networking.domain = "hpc.informatik.hs-fulda.de"; - networking.useDHCP = true; + networking.search = [ + config.networking.domain + ]; + + networking.nameservers = [ + "10.0.0.52" + "10.1.1.10" + ]; + + networking.useDHCP = false; services.openssh = { enable = true; diff --git a/shared/root.nix b/shared/users.nix similarity index 98% rename from shared/root.nix rename to shared/users.nix index 3893e9f..d0fdae2 100644 --- a/shared/root.nix +++ b/shared/users.nix @@ -3,7 +3,7 @@ users.users."root" = { hashedPassword = "$y$j9T$tz8ojZ2gVOQ5AUp6GMhoj.$mAeE0eTGGsKNGddC7ebk/zFr5IMDyIpOpMP/6o.GI6D"; - + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so" ];