Moving kernighan to Hetzner

2023-09-27 09:26:55 +01:00 · 2023-09-27 09:26:55 +01:00 · b713a30292
parent 231b604939
commit b713a30292
3 changed files with 29 additions and 55 deletions
--- a/system/kernighan/kernighan.nix
+++ b/system/kernighan/kernighan.nix
@ -6,51 +6,38 @@
    [
      ../shared/shared-configuration.nix
      ./kernighan-hardware.nix
-      ./services/git.nix
-      ./services/home_assistant.nix
-      ./services/nginx.nix
+      #./services/git.nix
+      #./services/nginx.nix
    ];

  networking = {
    hostName = "kernighan";
    firewall = {
-      enable = true;
-      allowedTCPPorts = [ 8123 2223 80 443 ];
+      enable = false;
    };
-    interfaces = {
-       end0.ipv4.addresses = [{
-         address = "192.168.40.25";
-         prefixLength = 24;
-       }];
-       end0.ipv6.addresses = [{
-         address = "fe80::dea6:32ff:fe04:c6f3";
-         prefixLength = 64;
-       }];
-    };
-    defaultGateway = "192.168.40.1";
-    defaultGateway6.address = "fe80::00:b8:c2:db:b8:57";
-    defaultGateway6.interface = "end0";
-    nameservers = [ "208.67.222.222" "208.67.220.220" ];
  };

-  boot.loader.grub.enable = false;
-  boot.loader.generic-extlinux-compatible.enable = true;
+  systemd.network.enable = true;
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "ens3"; # either ens3 (amd64) or enp1s0 (arm64)
+    networkConfig.DHCP = "ipv4";
+    address = [
+      "2a01:4f9:c012:72e3::/64"
+    ];
+    routes = [
+      { routeConfig.Gateway = "fe80::1"; }
+    ];
+  };
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    initrd.kernelModules = [ "virtio_gpu" ];
+    kernelParams = [ "console=tty" ];
+  };

  environment.systemPackages = with pkgs; [
    git
    vim
  ];
-
-  nix.buildMachines = [ {
-    hostName = "kernighan";
-    systems = ["x86_64-linux" "aarch64-linux"];
-    protocol = "ssh-ng";
-    maxJobs = 1;
-    speedFactor = 2;
-    supportedFeatures = [ "nixos-test" ];
-  } ];
-  nix.distributedBuilds = true;
-  nix.extraOptions = ''
-    builders-use-substitutes = true
-  '';
 }
--- a/system/shared/desktop.nix
+++ b/system/shared/desktop.nix
@ -13,4 +13,12 @@
  ];

  virtualisation.docker.enable = true;
+
+  users.groups = {
+    tmux.gid = 1000; # Used for tmux pairing
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /var/tmux_share 2770 tsv tmux"
+  ];
 }
--- a/system/shared/shared-configuration.nix
+++ b/system/shared/shared-configuration.nix
@ -19,15 +19,6 @@

  time.timeZone = "Europe/London";

-  users.groups = {
-    tmux.gid = 1000; # Used for tmux pairing
-    nixremote = {};
-  };
-
-  systemd.tmpfiles.rules = [
-    "d /var/tmux_share 2770 tsv tmux"
-  ];
-
  users.users.tsv = {
    isNormalUser = true;
    extraGroups = [
@ -41,18 +32,6 @@
    ];
  };

-  users.users.nixremote = {
-    createHome = true;
-    uid = null;
-    isNormalUser = true;
-    description = "For remote Nix builds";
-    openssh.authorizedKeys.keyFiles = [
-      ../../users/nixremote/authorized_keys
-    ];
-    homeMode = "500";
-    group = "nixremote";
-  };
-
  nix = {
    extraOptions = "experimental-features = nix-command flakes";
    package = pkgs.nixFlakes;