From 0ef795ca18b229f9c51e4f606f930b8f98fc26d4 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 15 May 2024 13:23:05 +0200 Subject: [PATCH] fujitsu: configure network and impermanence --- hosts/fujitsu/default.nix | 21 ++++++---- hosts/fujitsu/hardware-configuration.nix | 17 ++++---- hosts/fujitsu/modules/networks/default.nix | 47 ++++++++++++++++++++++ hosts/thinkpad/modules/networks/uni.nix | 2 +- 4 files changed, 68 insertions(+), 19 deletions(-) create mode 100644 hosts/fujitsu/modules/networks/default.nix diff --git a/hosts/fujitsu/default.nix b/hosts/fujitsu/default.nix index 2d9820f..7dc15f2 100644 --- a/hosts/fujitsu/default.nix +++ b/hosts/fujitsu/default.nix @@ -1,20 +1,25 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: - +{ pkgs, ... }: { imports = [ ./hardware-configuration.nix + ./modules/networks ]; boot.loader.grub.enable = true; boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; services.btrfs.autoScrub.enable = true; - # TODO move to netwurking - networking.hostName = "fujitsu"; # Define your hostname. + environment.persistence."/nix/persist/system" = { + directories = [ + "/etc/ssh" + "/root/.borgmatic" + "/root/.local/share/zsh" + "/root/.config/borg/security" + ]; + files = [ + "/etc/machine-id" + ]; + }; time.timeZone = "Europe/Berlin"; console = { diff --git a/hosts/fujitsu/hardware-configuration.nix b/hosts/fujitsu/hardware-configuration.nix index da29632..75fc55a 100644 --- a/hosts/fujitsu/hardware-configuration.nix +++ b/hosts/fujitsu/hardware-configuration.nix @@ -11,9 +11,15 @@ boot.extraModulePackages = [ ]; fileSystems."/" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "mode=755" ]; + }; + + fileSystems."/boot" = { device = "/dev/sda2"; fsType = "btrfs"; - options = [ "subvol=root" ]; + options = [ "subvol=boot" "noatime" ]; }; fileSystems."/nix" = { @@ -33,15 +39,6 @@ fsType = "btrfs"; options = [ "subvol=log" "compress=zstd" "noatime" ]; }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/fujitsu/modules/networks/default.nix b/hosts/fujitsu/modules/networks/default.nix new file mode 100644 index 0000000..47e61c2 --- /dev/null +++ b/hosts/fujitsu/modules/networks/default.nix @@ -0,0 +1,47 @@ +{ ... }: +{ + networking = { + hostName = "fujitsu"; + domain = "rfive.de"; + useNetworkd = true; + enableIPv6 = true; + nftables.enable = true; + firewall = { + extraInputRules = '' + ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks" + ''; + }; + }; + services.resolved = { + enable = true; + fallbackDns = [ + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + ]; + }; + + + systemd.network = { + enable = true; + networks."10-loopback" = { + matchConfig.Name = "lo"; + linkConfig.RequiredForOnline = false; + }; + networks."10-wired" = { + matchConfig.Name = "enp2s0"; + address = [ "192.168.42.3/24" ]; + routes = [{ + routeConfig.Gateway = "192.168.42.1"; + }]; + networkConfig = { + DNS = [ + "192.168.42.1" + ]; + LLDP = true; + EmitLLDP = "nearest-bridge"; + }; + }; + }; +} diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index eedc098..08129be 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -23,7 +23,7 @@ identity="rose159e@tu-dresden.de" password="@EDUROAM_AUTH@" phase2="auth=PAP" - bssid_ignore=7c:5a:1c:02:3d:ef + bssid_ignore=7c:5a:1c:02:3d:ef,82:5a:1c:02:3d:ef ''; extraConfig = '' scan_ssid=1