139 lines
3.5 KiB
Nix
139 lines
3.5 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
|
||
{ config, pkgs, ... }:
|
||
|
||
let
|
||
gitRev = "4c45e960e797d660358a11723e736afee3998261";
|
||
nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz";
|
||
in
|
||
{
|
||
imports = [
|
||
../common-cli.nix
|
||
./hardware-configuration.nix
|
||
./users.nix
|
||
./services.nix
|
||
];
|
||
|
||
boot = {
|
||
loader = {
|
||
systemd-boot.enable = true;
|
||
efi.canTouchEfiVariables = true;
|
||
};
|
||
|
||
supportedFilesystems = [ "zfs" ];
|
||
|
||
tmpOnTmpfs = true;
|
||
};
|
||
|
||
nix.nixPath = [
|
||
"nixpkgs=${nixpkgs}"
|
||
"nixos-config=/etc/nixos/configuration.nix"
|
||
];
|
||
|
||
nixpkgs.config.allowUnfree = false;
|
||
nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.pname).name [ "factorio-headless" "perl5.30.0-slimserver" "minecraft-server" ]);
|
||
|
||
services.zfs = {
|
||
autoSnapshot.enable = true;
|
||
autoScrub.enable = true;
|
||
};
|
||
|
||
# eno1 -> VLAN100 -> Internet
|
||
# eno2 -> LAN
|
||
# eno3 -> Legacy client DHCP
|
||
# eno4 -> Pas utilisé
|
||
|
||
networking = {
|
||
hostName = "loutreos"; # Define your hostname.
|
||
hostId = "7e66e347";
|
||
|
||
dhcpcd.extraConfig = ''
|
||
interface "bouyges" {
|
||
send vendor-class-identifier "BYGTELIAD";
|
||
}
|
||
'';
|
||
|
||
vlans.bouyges = {
|
||
id = 100;
|
||
interface = "eno1";
|
||
};
|
||
|
||
interfaces = {
|
||
eno1.useDHCP = false;
|
||
bouyges = {
|
||
# Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303
|
||
macAddress = "E8:AD:A6:21:73:68";
|
||
};
|
||
eno2 = {
|
||
ipv4.addresses = [
|
||
{ address = "10.30.0.1"; prefixLength = 16; }
|
||
];
|
||
};
|
||
};
|
||
|
||
# NAT bouyges <-> eno2
|
||
nat = {
|
||
enable = true;
|
||
externalInterface = "bouyges";
|
||
# Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE
|
||
# externalIP = "0.0.0.0";
|
||
internalIPs = [ "10.30.0.0/16" ];
|
||
internalInterfaces = [ "eno2" ];
|
||
forwardPorts = [
|
||
{ destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;}
|
||
{ destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];}
|
||
];
|
||
};
|
||
|
||
firewall = {
|
||
allowedTCPPorts = [ ];
|
||
allowedUDPPorts = [ ];
|
||
interfaces.eno2 = {
|
||
allowedTCPPorts = [
|
||
111 2049 4000 4001 4002 # NFS
|
||
3483 9000 9090 # Slimserver
|
||
];
|
||
allowedUDPPorts = [
|
||
111 2049 4000 4001 4002 # NFS
|
||
3483 # Slimserver
|
||
];
|
||
};
|
||
enable = true;
|
||
};
|
||
};
|
||
|
||
services.dhcpd4 = {
|
||
enable = true;
|
||
interfaces = [ "eno2" ];
|
||
machines = [
|
||
{ ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; }
|
||
{ ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; }
|
||
{ ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; }
|
||
];
|
||
extraConfig = ''
|
||
option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40;
|
||
option subnet-mask 255.255.0.0;
|
||
option routers 10.30.0.1;
|
||
subnet 10.30.0.0 netmask 255.255.0.0 {
|
||
range 10.30.50.0 10.30.250.0;
|
||
}
|
||
'';
|
||
};
|
||
|
||
nixpkgs.overlays = [
|
||
(import ../../overlays/riot-web.nix)
|
||
];
|
||
|
||
services.openssh = {
|
||
enable = true;
|
||
permitRootLogin = "no";
|
||
passwordAuthentication = false;
|
||
};
|
||
|
||
security.sudo.wheelNeedsPassword = false;
|
||
|
||
system.stateVersion = "18.03";
|
||
}
|