tahoe-lafs · btlogy · Jan 29, 2025
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,23 @@
+{
+  inputs = {
+    # The nixpkgs channels we want to consume
+    nixpkgs-24_11.url = "github:NixOS/nixpkgs/nixos-24.11-small";
+
+    # Some links to the above channels for consistent naming in outputs
+    nixpkgs.follows = "nixpkgs-24_11";
+  };
+  outputs = { self, nixpkgs, ... }@attrs: {
+    # Generate an attrset of nixosConfigurations based on their system name
+    nixosConfigurations = nixpkgs.lib.attrsets.genAttrs [
+      "webforge"
+    ] (sysname: nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = attrs;
+        modules = [
+          { system.name = sysname; }
+          ./nix/hosts/${sysname}/configuration.nix
+        ];
+      }
+    );
+  };
+}
diff --git a/nix/hosts/webforge/configuration.nix b/nix/hosts/webforge/configuration.nix
@@ -0,0 +1,16 @@
+{ ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix # generated at runtime by nixos-infect
+  ];
+
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking.hostName = "webforge";
+  networking.domain = "";
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlPneIaRT/mqu13N83ctEftub4O6zAfi6qgzZKerU5o florian@leastauthority.com"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZtWY7t8HVnaz6bluYsrAlzZC3MZtb8g0nO5L5fCQKR benoit@leastauthority.com" ];
+  system.stateVersion = "23.11";
+}
diff --git a/nix/hosts/webforge/hardware-configuration.nix b/nix/hosts/webforge/hardware-configuration.nix
@@ -0,0 +1,8 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+}
diff --git a/nix/hosts/webforge/networking.nix b/nix/hosts/webforge/networking.nix
@@ -0,0 +1,35 @@
+{ lib, ... }: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    nameservers = [
+      "2a01:4ff:ff00::add:2"
+      "2a01:4ff:ff00::add:1"
+      "185.12.64.1"
+      "185.12.64.2"
+    ];
+    defaultGateway = "172.31.1.1";
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "eth0";
+    };
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce false;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          { address="135.181.155.146"; prefixLength=32; }
+        ];
+        ipv6.addresses = [
+          { address="2a01:4f9:c011:b882::1"; prefixLength=64; }
+          { address="fe80::9400:4ff:fe03:57eb"; prefixLength=64; }
+        ];
+        ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
+        ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
+      };
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="96:00:04:03:57:eb", NAME="eth0"
+  '';
+}