summaryrefslogtreecommitdiffstats
path: root/krebs/1systems/puyak
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-01-18 15:24:18 +0100
committertv <tv@krebsco.de>2021-01-18 15:24:18 +0100
commitff6f5ef5e1cdbd27b2211c54643fa2754f888cbb (patch)
treeb33763a7ac8040efe988f8bed2fe1c649cc155dd /krebs/1systems/puyak
parent7b7ebd8708885633c926c21a4b71d5d4ce8931cf (diff)
parent2a32b7731496615e43a06ec1049f6716c49a1999 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/1systems/puyak')
-rw-r--r--krebs/1systems/puyak/config.nix15
-rw-r--r--krebs/1systems/puyak/net.nix23
2 files changed, 29 insertions, 9 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 9ee61c6f8..19cf22280 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -1,12 +1,16 @@
{ config, pkgs, ... }:
-
{
imports = [
+ ./net.nix
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
+ # see documentation in included getty-for-esp.nix:
+ # brain hosts/puyak/root
+ <stockholm/krebs/2configs/hw/getty-for-esp.nix>
+
## initrd unlocking
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
@@ -20,8 +24,7 @@
#### NEWS ####
<stockholm/krebs/2configs/ircd.nix>
- #<stockholm/krebs/2configs/news.nix>
- #<stockholm/krebs/2configs/news-spam.nix>
+ <stockholm/krebs/2configs/news.nix>
### shackspace ###
@@ -118,7 +121,6 @@
krebs.build.host = config.krebs.hosts.puyak;
sound.enable = false;
-
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
@@ -163,10 +165,6 @@
services.logind.lidSwitchExternalPower = "ignore";
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
- '';
environment.systemPackages = [ pkgs.zsh ];
@@ -179,5 +177,4 @@
isNormalUser = true;
shell = "/run/current-system/sw/bin/zsh";
};
- networking.firewall.allowedTCPPorts = [ 5901 ];
}
diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix
new file mode 100644
index 000000000..4cb8d247c
--- /dev/null
+++ b/krebs/1systems/puyak/net.nix
@@ -0,0 +1,23 @@
+let
+ ext-if = "enp0s25";
+ shack-ip = "10.42.22.184";
+ shack-gw = "10.42.20.1";
+in {
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0"
+ '';
+ networking = {
+ firewall.enable = false;
+ firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
+ interfaces."${ext-if}".ipv4.addresses = [
+ {
+ address = shack-ip;
+ prefixLength = 20;
+ }
+ ];
+
+ defaultGateway = shack-gw;
+ nameservers = [ "10.42.0.100" "10.42.0.200" ];
+ };
+}