diff --git a/flake.nix b/flake.nix index b1a7195..f0279bf 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,10 @@ flake = with nixpkgs.lib; { nixosConfigurations = { + neo = nixosSystem { + modules = [ ./hosts/vm/neo ]; + }; + two = nixosSystem { modules = [ ./hosts/vm/two ]; }; diff --git a/hosts/vm/neo/default.nix b/hosts/vm/neo/default.nix new file mode 100644 index 0000000..c4566bf --- /dev/null +++ b/hosts/vm/neo/default.nix @@ -0,0 +1,14 @@ +{ ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + + ../../../modules + ]; + + boot.loader.grub.devices = [ "nodev" ]; + + system.stateVersion = "23.11"; +} diff --git a/hosts/vm/neo/hardware-configuration.nix b/hosts/vm/neo/hardware-configuration.nix new file mode 100644 index 0000000..5ac6215 --- /dev/null +++ b/hosts/vm/neo/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/89589639-21f1-4899-97e9-d1de6eb16d45"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + # networking.interfaces.ens19.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/vm/neo/networking.nix b/hosts/vm/neo/networking.nix new file mode 100644 index 0000000..7f5dcee --- /dev/null +++ b/hosts/vm/neo/networking.nix @@ -0,0 +1,53 @@ +{ ... }: + +{ + networking = { + interfaces = { + ens18 = { + + ipv4 = { + addresses = [{ + address = "172.16.10.137"; + prefixLength = 24; + }]; + }; + + ipv6 = { + addresses = [{ + address = "fd00::10:0:ff:fe01:3710"; + prefixLength = 64; + }]; + }; + + }; + + ens19 = { + + ipv4 = { + addresses = [{ + address = "185.230.79.38"; + prefixLength = 24; + }]; + routes = [{ + address = "0.0.0.0"; + via = "185.230.79.254"; + prefixLength = 0; + }]; + }; + + ipv6 = { + addresses = [{ + address = "2a0c:700:2::ff:fe01:3702"; + prefixLength = 64; + }]; + routes = [{ + address = "::"; + via = "2a0c:700:2::ff:fe00:9902"; + prefixLength = 0; + }]; + }; + + }; + }; + }; +} diff --git a/hosts/vm/two/default.nix b/hosts/vm/two/default.nix index e35c54c..22b6b1e 100644 --- a/hosts/vm/two/default.nix +++ b/hosts/vm/two/default.nix @@ -5,10 +5,10 @@ ./hardware-configuration.nix ./networking.nix - ../../../modules/crans + ../../../modules ]; - boot.loader.grub.devices = [ "nodev" ]; + boot.loader.grub.devices = [ "/dev/sda" ]; system.stateVersion = "23.11"; } diff --git a/hosts/vm/two/hardware-configuration.nix b/hosts/vm/two/hardware-configuration.nix index 98e94d3..8e55b35 100644 --- a/hosts/vm/two/hardware-configuration.nix +++ b/hosts/vm/two/hardware-configuration.nix @@ -16,11 +16,12 @@ fileSystems."/" = { - device = "/dev/disk/by-uuid/78bbf8a3-b4d6-4f1b-824e-4a9132aae372"; + device = "/dev/disk/by-uuid/49b72b3e-4c52-46db-8655-d7e3d93c1c56"; fsType = "ext4"; }; - swapDevices = [ ]; + swapDevices = + [{ device = "/dev/disk/by-uuid/98accdb0-7e99-4280-9fb2-43ccbbefaeb8"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/crans/default.nix b/modules/crans/default.nix index df8300e..ceee3c0 100644 --- a/modules/crans/default.nix +++ b/modules/crans/default.nix @@ -5,5 +5,13 @@ ./locale.nix ./networking.nix ./ntp.nix + ./users.nix ]; + + services.qemuGuest.enable = true; + boot.kernelParams = [ "console=ttyS0,115200" ]; + + services.openssh = { + enable = true; + }; } diff --git a/modules/crans/users.nix b/modules/crans/users.nix new file mode 100644 index 0000000..b2a9f39 --- /dev/null +++ b/modules/crans/users.nix @@ -0,0 +1,41 @@ +{ ... }: + +{ + users.ldap = { + enable = true; + base = "dc=crans,dc=org"; + server = "ldaps://ldap-adm.adm.crans.org/"; + daemon = { + enable = true; + extraConfig = '' + ldap_version 3 + tls_reqcert allow + map passwd loginShell /run/current-system/sw/bin/bash + ''; + }; + }; + + security.sudo = { + enable = true; + extraConfig = '' + Defaults passprompt_override + Defaults passprompt="[sudo] mot de passe pour %p sur %h: " + ''; + extraRules = [ + { + groups = [ "_user" ]; + runAs = "root:ALL"; + commands = [ "NOPASSWD:/usr/bin/qm list" ]; + } + { + groups = [ "_nounou" ]; + commands = [ "ALL" ]; + } + ]; + }; + + users.users.root = { + hashedPassword = "$6$aKmj69cplAKoeR9z$BVNUsPz3sNWFdxJkDaYBsLlbdSUdsn42Rok6Ozsd8dbE8E36RX54/tuaPM2bW6/0SletzEmIAGFdf4kIWNy3O1"; + }; + services.openssh.settings.PermitRootLogin = "yes"; +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..bed0b34 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + imports = [ + ./crans + ]; + + nix.settings.experimental-features = [ "flakes" "nix-command" ]; +}