fujitsu: configure network and impermanence

2024-11-15 05:13:10 +01:00 · 2024-05-15 13:23:05 +02:00 · 2024-05-15 13:23:05 +02:00 · 0ef795ca18
parent 0780cdefc8
commit 0ef795ca18
4 changed files with 68 additions and 19 deletions
--- a/hosts/fujitsu/default.nix
+++ b/hosts/fujitsu/default.nix
@ -1,20 +1,25 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ config, lib, pkgs, ... }:
-
+{ pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
+    ./modules/networks
  ];

  boot.loader.grub.enable = true;
  boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
  services.btrfs.autoScrub.enable = true;

-  # TODO move to netwurking
-  networking.hostName = "fujitsu"; # Define your hostname.
+  environment.persistence."/nix/persist/system" = {
+    directories = [
+      "/etc/ssh"
+      "/root/.borgmatic"
+      "/root/.local/share/zsh"
+      "/root/.config/borg/security"
+    ];
+    files = [
+      "/etc/machine-id"
+    ];
+  };

  time.timeZone = "Europe/Berlin";
  console = {
--- a/hosts/fujitsu/hardware-configuration.nix
+++ b/hosts/fujitsu/hardware-configuration.nix
@ -11,9 +11,15 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+    options = [ "mode=755" ];
+  };
+
+  fileSystems."/boot" = {
    device = "/dev/sda2";
    fsType = "btrfs";
-    options = [ "subvol=root" ];
+    options = [ "subvol=boot" "noatime" ];
  };

  fileSystems."/nix" = {
@ -33,15 +39,6 @@
    fsType = "btrfs";
    options = [ "subvol=log" "compress=zstd" "noatime" ];
  };
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
-
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/fujitsu/modules/networks/default.nix
+++ b/hosts/fujitsu/modules/networks/default.nix
@ -0,0 +1,47 @@
+{ ... }:
+{
+  networking = {
+    hostName = "fujitsu";
+    domain = "rfive.de";
+    useNetworkd = true;
+    enableIPv6 = true;
+    nftables.enable = true;
+    firewall = {
+      extraInputRules = ''
+        ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
+      '';
+    };
+  };
+  services.resolved = {
+    enable = true;
+    fallbackDns = [
+      "9.9.9.9"
+      "149.112.112.112"
+      "2620:fe::fe"
+      "2620:fe::9"
+    ];
+  };
+
+
+  systemd.network = {
+    enable = true;
+    networks."10-loopback" = {
+      matchConfig.Name = "lo";
+      linkConfig.RequiredForOnline = false;
+    };
+    networks."10-wired" = {
+      matchConfig.Name = "enp2s0";
+      address = [ "192.168.42.3/24" ];
+      routes = [{
+        routeConfig.Gateway = "192.168.42.1";
+      }];
+      networkConfig = {
+        DNS = [
+          "192.168.42.1"
+        ];
+        LLDP = true;
+        EmitLLDP = "nearest-bridge";
+      };
+    };
+  };
+}
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -23,7 +23,7 @@
          identity="rose159e@tu-dresden.de"
          password="@EDUROAM_AUTH@"
          phase2="auth=PAP"
-          bssid_ignore=7c:5a:1c:02:3d:ef
+          bssid_ignore=7c:5a:1c:02:3d:ef,82:5a:1c:02:3d:ef
        '';
        extraConfig = ''
          scan_ssid=1