diff --git a/README.md b/README.md index ee806f4..3d06363 100644 --- a/README.md +++ b/README.md @@ -1 +1,18 @@ # VCP Bundeslager 2022 Nixfiles + +## How to deploy +``` +./deploy.sh apply switch --on vpn7 +``` + +or to deploy all gateways: + +``` +./deploy.sh apply switch --on gateway +``` + +There is a special case for the nixdeploy-host: +``` +./deploy.sh apply-local switch --sudo --node nixdeploy +``` + diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 0000000..cf5e606 --- /dev/null +++ b/deploy.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +DEPLOY_HOST="nixdeploy.bula22.de" + +rsync -r . ${DEPLOY_HOST}:bula-nixfiles/ +ssh -tA ${DEPLOY_HOST} "cd bula-nixfiles && colmena $@" diff --git a/flake.nix b/flake.nix index 3bc393b..2f32f0e 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,11 @@ deployment.targetUser = null; }; + nixdeploy = {...}: { + deployment.targetHost = "nixdeploy.bula22.de"; + deployment.allowLocalDeployment = true; + }; + pre-router = { config, pkgs, ... }: { deployment.targetHost = "lightbuffet.entr0py.cloud"; deployment.keys = { @@ -29,7 +34,7 @@ }; pre-yate-n0emis = { config, pkgs, ... }: { - deployment.targetHost = "10.152.4.91"; + deployment.targetHost = "2001:470:7694::5e5"; }; }; }; diff --git a/hosts/nixdeploy/configuration.nix b/hosts/nixdeploy/configuration.nix new file mode 100644 index 0000000..bd81498 --- /dev/null +++ b/hosts/nixdeploy/configuration.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "nixdeploy"; + + networking.useNetworkd = true; + systemd.network = { + links."10-eth0" = { + matchConfig.MACAddress = "5e:1b:ed:a2:91:d1"; + linkConfig.Name = "eth0"; + }; + networks."10-eth0" = { + matchConfig = { + Name = "eth0"; + }; + DHCP = "yes"; + address = [ "2a01:4f8:1c0c:8221:1337:42:10:1/64" ]; + }; + }; + + environment.systemPackages = with pkgs; [ colmena ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + +} diff --git a/hosts/nixdeploy/hardware-configuration.nix b/hosts/nixdeploy/hardware-configuration.nix new file mode 100644 index 0000000..7d90d2a --- /dev/null +++ b/hosts/nixdeploy/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ab8ef984-07ee-47a4-a92d-59f57aee1018"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/73F5-5E82"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} +