nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity
ef0a6f3cc9
nixos-config/systems/LoutreOS/configuration.nix

121 lines
2.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let
gitRev = "91cb80e4397d55b19b0beba3fa3846f1a02d0342";
nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz";
in
{
imports = [
../common.nix
./hardware-configuration.nix
./users.nix
./services.nix
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = [ "zfs" ];
tmpOnTmpfs = true;
};
nix.nixPath = [
"nixpkgs=${nixpkgs}"
"nixos-config=/etc/nixos/configuration.nix"
];
nixpkgs.config.allowUnfree = false;
nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.28.1-slimserver" ]);
services.zfs = {
autoSnapshot.enable = true;
autoScrub.enable = true;
};
# eno1 -> VLAN100 -> Internet
# eno2 -> LAN
# eno3 -> Legacy client DHCP
# eno4 -> Pas utilisé
networking = {
hostName = "loutreos"; # Define your hostname.
hostId = "7e66e347";
dhcpcd.extraConfig = ''
interface "bouyges" {
send vendor-class-identifier "BYGTELIAD";
}
'';
vlans.bouyges = {
id = 100;
interface = "eno1";
};
interfaces = {
eno1.useDHCP = false;
bouyges = {
# Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303
macAddress = "E8:AD:A6:21:73:68";
};
eno2 = {
ipv4.addresses = [
{ address = "10.30.0.1"; prefixLength = 16; }
];
};
};
# NAT bouyges <-> eno2
nat = {
enable = true;
externalInterface = "bouyges";
# Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE
# externalIP = "0.0.0.0";
internalIPs = [ "10.30.0.0/16" ];
internalInterfaces = [ "eno2" ];
};
};
services.dhcpd4 = {
enable = true;
interfaces = [ "eno2" ];
extraConfig = ''
option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40;
option subnet-mask 255.255.0.0;
option routers 10.30.0.1;
subnet 10.30.0.0 netmask 255.255.0.0 {
range 10.30.50.0 10.30.250.0;
}
'';
};
nixpkgs.overlays = [
(import ../../overlays/riot-web.nix)
];
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
networking.firewall = {
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
enable = true;
};
security.sudo.wheelNeedsPassword = false;
system.stateVersion = "18.03";
}
Reference in New Issue View Git Blame Copy Permalink