add nixos management(mno001) box

Author: tanneberger

.gitignore

@@ -0,0 +1 @@
+result

flake.nix

@@ -5,7 +5,18 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
   };
 
-  outputs = { self, nixpkgs }: {
-    packages.x86_64-linux.rpi-manager = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/ixp-manager.nix {};
+  outputs = inputs@{ self, nixpkgs }: {
+    packages.x86_64-linux.rpi-manager = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/ixp-manager.nix { };
+
+    nixosConfigurations = {
+      mno001 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs self; };
+        modules = [
+          ./hosts/mno001/configuration.nix
+          ./modules/management
+        ];
+      };
+    };
   };
 }

hosts/mno001/configuration.nix

@@ -0,0 +1,44 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./network.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.zfs.requestEncryptionCredentials = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  boot.supportedFilesystems = [ "zfs" ];
+
+  networking.hostId = "eeb0e9de";
+  networking.hostName = "MNO001";
+
+  services.zfs.autoSnapshot.enable = true;
+  services.zfs.autoScrub.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+  ];
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}
+

hosts/mno001/hardware-configuration.nix

@@ -0,0 +1,44 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "rpool/root/nixos";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    {
+      device = "rpool/root/nixos/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var/lib" =
+    {
+      device = "rpool/data";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/9864-EC3C";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/mno001/network.nix

@@ -0,0 +1,39 @@
+{ pkgs, ... }:
+let
+  bond_name = "bond0";
+in
+{
+
+  # LACP on first two ports
+  networking.bonds."${bond_name}" = {
+    interfaces = [ "eno2" "eno3" ];
+    driverOptions = {
+      mode = "802.3ad";
+      lacp_rate = "fast";
+    };
+  };
+
+  # Static IP Address
+  networking.interfaces."${bond_name}" = {
+    useDHCP = false;
+    ipv4.addresses = [
+      {
+        address = "212.111.245.178";
+        prefixLength = 29;
+      }
+    ];
+  };
+
+  # Default Gateway
+  networking.defaultGateway.address = "212.111.245.177";
+
+  # nameservers
+  networking.nameservers = [ "212.111.228.53" "193.36.123.53" ];
+
+  # enabling and configuring firewall
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 22 443 ];
+    allowedUDPPorts = [ ];
+  };
+}

modules/management/base.nix

@@ -0,0 +1,39 @@
+{ pkgs, config, lib, ... }: {
+  nix = {
+    package = pkgs.nixUnstable;
+    nixPath = [
+      "nixpkgs=${pkgs.path}"
+      "nixos-config=/etc/nixos/configuration.nix"
+    ];
+    settings = {
+      auto-optimise-store = true;
+      substituters = [
+        "https://nix-serve.hq.c3d2.de"
+      ];
+      trusted-public-keys = [
+        "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
+      ];
+    };
+    extraOptions = ''
+      experimental-features = nix-command flakes
+      allow-import-from-derivation = true
+    '';
+  };
+
+  environment.systemPackages = with pkgs; [
+    git # versioning tool
+    vim # vim editor
+    htop # resource monitor
+  ];
+
+
+  programs.vim.defaultEditor = true;
+  programs.mosh.enable = true;
+  services.openssh.enable = true;
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMbUizElFyULDlpEE9XHWWOca4ZXepS18ljh4Fj4YnJOAs7sbYzzhfMUiD703FIgK5YObzOlheu/PBbwUOStgcmPDuRalZWLr+0kCUYERfjLHkgliFx96xEFw9dluvII6JpbzFI/uvkEkQ3ESKapRcYAuBTk2sRoit8za+HX9sLmMueqNtN4H92sFYYm1wWy3FFgz/NN+uTh7F5nmA7SrSS/fpbmugcgBdR/Zy1YwSA8Rl1pagEvgN9/qAnP7pssvXr9pTCUNxVSQ7FlTUOHmxzG16RybYRikgevQaHtFYvmS7AuRvRDlQWhHt1drREGOIwwZPXD1smfQAsvP66J85j9aeanZdoBoJcvvFNer3071QGmi+5NHDSiG+YvoWt7qgiKLF4lOfByzjdoRRSg01uuhdQLOHHt0hbfyGS6hx//1MtjiXTElXvOOiUJ6AqfCSwOTK+72W6VKhKYcO11+Ngym1dyF3TtVcoEYN3JpUdbNq+qctMzXFMGovPEEMh7s= mel@umbreon"
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NLB8EHnUgl2GO2uaojdf3p3YpsHH6px6CZleif8klhLN+ro5KeFK2OXC2SO3Vo4qgF/NySdsoInV9JEsssELZ2ttVbeKxI6f76V5dZgGI7qoSf4E0TXIgpS9n9K2AEmRKr65uC2jgkSJuo/T1mF+4/Nzyo706FT/GGVoiBktgq9umbYX0vIQkTMFAcw921NwFCWFQcMYRruaH01tLu6HIAdJ9FVG8MAt84hCr4D4PobD6b029bHXTzcixsguRtl+q4fQAl3WK3HAxT+txN91CDoP2eENo3gbmdTBprD2RcB/hz5iI6IaY3p1+8fTX2ehvI3loRA8Qjr/xzkzMUlpA/8NLKbJD4YxNGgFbauEmEnlC8Evq2vMrxdDr2SjnBAUwzZ63Nq+pUoBNYG/c+h+eO/s7bjnJVe0m2/2ZqPj1jWQp4hGoNzzU1cQmy6TdEWJcg2c8ints5068HN3o0gQKkp1EseNrdB8SuG+me/c/uIOX8dPASgo3Yjv9IGLhhx8GOGQxHEQN9QFC4QyZt/rrAyGmlX342PBNYmmStgVWHiYCcMVUWGlsG0XvG6bvGgmMeHNVsDf6WdMQuLj9luvxJzrd4FlKX6O0X/sIaqMVSkhIbD2+vvKNqrii7JdUTntUPs89L5h9DoDqQWkL13Plg1iQt4/VYeKTbUhYYz1lw== revo-xut@plank"
+  ];
+
+}

modules/management/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./base.nix
+  ];
+}