This adds edwin, the machine running sterni.lv, as well as my idiosyncratic deployment solution. It is based on instantiating the system configuration locally (where you'd work on the configuration), copying the derivation files to the remote machine where the system derivation is realised and deployed. Unfortunately, the first step tends to be quite slow (despite gzip compression), so this may not be the definite way despite its advantages. Change-Id: I30f597692338df3981e01a1b7eee9cdad48f94cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7293 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
		
			
				
	
	
		
			62 lines
		
	
	
	
		
			1.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			62 lines
		
	
	
	
		
			1.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { config, pkgs, lib, depot, ... }:
 | |
| 
 | |
| let
 | |
|   ipv6 = "2a01:4f8:151:54d0::/64";
 | |
| 
 | |
|   ipv4 = "176.9.107.207";
 | |
|   gatewayv4 = "176.9.107.193";
 | |
|   netmaskv4 = "255.255.255.224";
 | |
| in
 | |
| 
 | |
| {
 | |
|   config = {
 | |
|     boot = {
 | |
|       kernelParams = [
 | |
|         "ip=${ipv4}::${gatewayv4}:${netmaskv4}::eth0:none"
 | |
|       ];
 | |
| 
 | |
|       initrd.network = {
 | |
|         enable = true;
 | |
|         ssh = {
 | |
|           enable = true;
 | |
|           authorizedKeys = depot.users.sterni.keys.all;
 | |
|           hostKeys = [
 | |
|             "/etc/nixos/unlock_rsa_key_openssh"
 | |
|             "/etc/nixos/unlock_ed25519_key_openssh"
 | |
|           ];
 | |
|         };
 | |
|         postCommands = ''
 | |
|           echo 'cryptsetup-askpass' >> /root/.profile
 | |
|         '';
 | |
|       };
 | |
|     };
 | |
| 
 | |
|     networking = {
 | |
|       usePredictableInterfaceNames = false;
 | |
|       useDHCP = false;
 | |
|       interfaces."eth0".useDHCP = false;
 | |
| 
 | |
|       hostName = "edwin";
 | |
| 
 | |
|       firewall = {
 | |
|         enable = true;
 | |
|         allowPing = true;
 | |
|         allowedTCPPorts = [ 22 80 443 ];
 | |
|       };
 | |
|     };
 | |
| 
 | |
|     systemd.network = {
 | |
|       enable = true;
 | |
|       networks."eth0".extraConfig = ''
 | |
|         [Match]
 | |
|         Name = eth0
 | |
| 
 | |
|         [Network]
 | |
|         Address = ${ipv6}
 | |
|         Gateway = fe80::1
 | |
|         Address = ${ipv4}/27
 | |
|         Gateway = ${gatewayv4}
 | |
|       '';
 | |
|     };
 | |
|   };
 | |
| }
 |