nixos-config/systems/LoutreOS/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

let
  gitRev = "83dbfc9fc8fab023f21743c13bb0f42287a5eb50";
  nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz";
in
{
  imports = [
    ../common.nix
    ./hardware-configuration.nix
    ./users.nix
    ./services.nix
  ];

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };

    supportedFilesystems = [ "zfs" ];

    tmpOnTmpfs = true;
  };

  nix.nixPath = [
    "nixpkgs=${nixpkgs}"
    "nixos-config=/etc/nixos/configuration.nix"
  ];

  nixpkgs.config.allowUnfree = false;
  nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.28.1-slimserver" ]);

  services.zfs = {
    autoSnapshot.enable = true;
    autoScrub.enable = true;
  };

  # eno1 -> VLAN100 -> Internet
  # eno2 -> LAN
  # eno3 -> Legacy client DHCP
  # eno4 -> Pas utilisé

  networking = {
    hostName = "loutreos"; # Define your hostname.
    hostId = "7e66e347";

    vlans.bouyges = {
      id = 100;
      interface = "eno1";
    };

    interfaces = {
      bouyges = {
        # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303
        macAddress = "00:11:22:33:44:55";
      };
      eno2 = {
        ipv4.addresses = [
          { address = "10.30.0.1"; prefixLength = 16; }
        ];
      };
    };

    # NAT bouyges <-> eno2
    nat = {
      enable = true;
      # À remplacer par bouyges
      externalInterface = "eno3";
      # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE
      # externalIP = "0.0.0.0";
      internalIPs = [ "10.30.0.0/16" ];
      internalInterfaces = [ "eno2" ];
    };

  };

  services.dhcpd4 = {
    enable = true;
    interfaces = [ "eno2" ];
    extraConfig = ''
      option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40;
      option subnet-mask 255.255.0.0;
      option routers 10.30.0.1;
      subnet 10.30.0.0 netmask 255.255.0.0 {
        range 10.30.50.0 10.30.250.0;
      }
    '';
  };

  nixpkgs.overlays = [
    (import ../../overlays/riot-web.nix)
  ];

  services.openssh = {
    enable = true;
    permitRootLogin = "no";
    passwordAuthentication = false;
  };

  networking.firewall = {
    allowedTCPPorts = [ ];
    allowedUDPPorts = [ ];
    enable = true;
  };

  security.sudo.wheelNeedsPassword = false;

  system.stateVersion = "18.03";
}