From 0ccc06a09c59cf482a95eee6e341d89592e27552 Mon Sep 17 00:00:00 2001
From: root <root@mesange>
Date: Mon, 27 May 2024 20:02:31 +0200
Subject: [PATCH] add mesange

---
 flake.nix                          |   6 ++
 mesange/configuration.nix          | 153 +++++++++++++++++++++++++++++
 mesange/hardware-configuration.nix |  54 ++++++++++
 3 files changed, 213 insertions(+)
 create mode 100644 mesange/configuration.nix
 create mode 100644 mesange/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index be4eee0..2aa3e0f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -13,5 +13,11 @@
       specialArgs = attrs;
       modules = [ ./pastila/configuration.nix ];
     };
+
+    nixosConfigurations."mesange" = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      specialArgs = attrs;
+      modules = [ ./mesange/configuration.nix ];
+    };
   };
 }
diff --git a/mesange/configuration.nix b/mesange/configuration.nix
new file mode 100644
index 0000000..eb4478a
--- /dev/null
+++ b/mesange/configuration.nix
@@ -0,0 +1,153 @@
+{ config, lib, pkgs, ... }:
+
+let
+  tailscaleAddr = "100.64.0.12";
+in
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ../common/configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  # use the latest kernel compatible with zfs
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+
+  networking.hostName = "mesange"; # Define your hostname.
+  networking.hostId = "8425e349";
+
+  users.users.armael = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "libvirtd" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhh0V4CCRKrskoughCzd70KxU+kXRPs9BdATAmPX580 armael@teabox"
+    ];
+  };
+
+  users.users.lx = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "libvirtd" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIw+IIX8+lZX9RrHAbwi/bncLYStXpI4EmK3AUcqPY2O"
+    ];
+  };
+
+  services.tailscale = {
+    enable = true;
+    openFirewall = true;
+  };
+  systemd.services.tailscaled.serviceConfig.Environment = lib.mkForce [
+    "PORT=${toString config.services.tailscale.port}"
+    ''"FLAGS=--tun ${lib.escapeShellArg config.services.tailscale.interfaceName} --no-logs-no-support"''
+  ];
+
+  # prometheus smartctl exporter
+  services.prometheus.exporters.smartctl = {
+    enable = true;
+    listenAddress = tailscaleAddr;
+    openFirewall = true;
+    devices = [
+      # SSD
+      "/dev/disk/by-id/ata-KINGSTON_SA400S37240G_50026B738050A4DA"
+      "/dev/disk/by-id/ata-ST4000VN008-2DR166_ZDH2PV07"
+      "/dev/disk/by-id/ata-WDC_WD20EZRZ-22Z5HB0_WD-WCC4M1NN1DCL"
+    ];
+  };
+  systemd.services."prometheus-smartctl-exporter".serviceConfig = {
+    SupplementaryGroups = [ "qemu-libvirtd" ];
+  };
+
+  # Netdata
+  # services.netdata.enable = true;
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [
+    # 19999 # Netdata
+  ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # disable the setting set by hardware-configuration.nix
+  networking.useDHCP = false;
+  # setup a fixed IP on the local network + a bridge for the VMs
+  systemd.network = {
+    enable = true;
+    # create the bridge
+    netdevs."20-br0" = {
+      netdevConfig = {
+        Kind = "bridge";
+        Name = "br0";
+      };
+    };
+    # assign eno1 to the bridge. eno1 will not take an IP itself, the bridge will
+    # the bridge acts like a network switch, all the VMs see the local network
+    networks."30-eno1" = {
+      matchConfig.Name = "eno1";
+      networkConfig.Bridge = "br0";
+      linkConfig.RequiredForOnline = "enslaved";
+    };
+    # configure the bridge
+    networks."40-br0" = {
+      matchConfig.Name = "br0";
+      address = [
+        "192.168.1.28/24"
+      ];
+      routes = [
+        {
+          routeConfig = {
+	    Gateway = "192.168.1.254"; # ip of the box
+	    GatewayOnLink = true;
+	  };
+	}
+      ];
+      # tells systemd that network is considered up if we can reach the gateway
+      linkConfig = {
+        RequiredForOnline = "routable";
+      };
+    };
+  };
+
+  networking.nameservers = [
+    "192.168.1.254"
+  ];
+
+  # set up the hypervisor
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu.runAsRoot = false;
+    allowedBridges = [ "br0" ];
+    onShutdown = "shutdown";
+    parallelShutdown = 10;
+  };
+
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}
+
diff --git a/mesange/hardware-configuration.nix b/mesange/hardware-configuration.nix
new file mode 100644
index 0000000..c928037
--- /dev/null
+++ b/mesange/hardware-configuration.nix
@@ -0,0 +1,54 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "mesange/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "mesange/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var" =
+    { device = "mesange/var";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "mesange/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/B070-58C4";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/086ba009-613d-4b42-a7c6-145187376b2d"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}