diff --git a/.drone.yml b/.drone.yml
index 03bb113..11e4112 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -26,6 +26,11 @@ steps:
commands:
- nix build -v '.#nixosConfigurations.newton.config.system.build.toplevel' --option binary-caches "https://cache.nixos.org"
+- name: Build tower
+ commands:
+ - nix build -v '.#nixosConfigurations.tower.config.system.build.toplevel' --option binary-caches "https://cache.nixos.org"
+
+
trigger:
branch:
@@ -86,6 +91,10 @@ steps:
- mv result lisa-old
- nix build -v '.#nixosConfigurations.newton.config.system.build.toplevel' --option binary-caches "https://cache.nixos.org"
- mv result newton-old
+ - nix build -v '.#nixosConfigurations.tower.config.system.build.toplevel' --option binary-caches "https://cache.nixos.org"
+ - mv result tower-old
+
+
- name: flake update
@@ -116,12 +125,20 @@ steps:
- nix build -v '.#nixosConfigurations.newton.config.system.build.toplevel' --option binary-caches "https://cache.nixos.org"
- mv result newton-new
+- name: Build tower
+ commands:
+ - nix build -v '.#nixosConfigurations.tower.config.system.build.toplevel' --option binary-caches "https://cache.nixos.org"
+ - mv result tower-new
+
+
+
- name: Print report
commands:
- echo "lisa:" && nix store diff-closures $(readlink -f lisa-old) $(readlink -f lisa-new)
- echo "newton:" && nix store diff-closures $(readlink -f newton-old) $(readlink -f newton-new)
-
+ - echo "tower:" && nix store diff-closures $(readlink -f tower-old) $(readlink -f tower-new)
+
- name: Push update
commands:
diff --git a/base.nix b/base.nix
index 1838a29..5f36199 100644
--- a/base.nix
+++ b/base.nix
@@ -35,7 +35,7 @@
security.pki.certificates = [
-''-----BEGIN CERTIFICATE-----
+ ''-----BEGIN CERTIFICATE-----
MIIByzCCAXKgAwIBAgIQAcJCOR+99m5v3dHWQw5m9jAKBggqhkjOPQQDAjAwMRIw
EAYDVQQKEwlTYXVtb25OZXQxGjAYBgNVBAMTEVNhdW1vbk5ldCBSb290IENBMB4X
DTIyMDQyNDIwMDE1MFoXDTMyMDQyMTIwMDE1MFowODESMBAGA1UEChMJU2F1bW9u
@@ -47,7 +47,7 @@ mP3yuMIy6iNTMB8GA1UdIwQYMBaAFBWOQHe4eAeothQTmTNKiG/pAowGMAoGCCqG
SM49BAMCA0cAMEQCICu8u19I7RMfnQ7t3QXHP5fdUm/fX/puqF+jYSf9SZEoAiBc
oVcd0OfuAExWHhOMUZ0OV4bws9WCax333I+Pg4nDNw==
-----END CERTIFICATE-----''
-''-----BEGIN CERTIFICATE-----
+ ''-----BEGIN CERTIFICATE-----
MIIBpTCCAUqgAwIBAgIRALevKnnElllot/cRNGjnUqUwCgYIKoZIzj0EAwIwMDES
MBAGA1UEChMJU2F1bW9uTmV0MRowGAYDVQQDExFTYXVtb25OZXQgUm9vdCBDQTAe
Fw0yMjA0MjQyMDAxNDlaFw0zMjA0MjEyMDAxNDlaMDAxEjAQBgNVBAoTCVNhdW1v
@@ -57,7 +57,8 @@ BW9YZfs1xIbMZ5wL0Zc/DsSEo5xCC7j4YaXro0UwQzAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUFY5Ad7h4B6i2FBOZM0qIb+kC
jAYwCgYIKoZIzj0EAwIDSQAwRgIhALdsEqiRa4ak5Cnin6Tjnel5uOiHSjoC6LKf
VfXtULncAiEA2gmqdr+ugFz5tvPdKwanroTiMTUMhhCRYVlQlyTApyQ=
------END CERTIFICATE-----''];
+-----END CERTIFICATE-----''
+ ];
diff --git a/machines/tower/default.nix b/machines/tower/default.nix
new file mode 100644
index 0000000..4b49fcb
--- /dev/null
+++ b/machines/tower/default.nix
@@ -0,0 +1,120 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ./hardware.nix
+ ./home-julien.nix
+ ../../users/julien.nix
+ ../../users/default.nix
+ ];
+
+ # Bootloader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.device = "/dev/sda";
+ boot.loader.grub.useOSProber = true;
+
+networking.nameservers = [ "100.127.245.71" "9.9.9.9" ];
+ environment.etc."resolv.conf" = with lib; with pkgs; {
+ source = writeText "resolv.conf" ''
+ ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)}
+ options edns0
+ '';
+ };
+
+ networking.hostName = "tower"; # Define your hostname.
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Configure network proxy if necessary
+ # networking.proxy.default = "http://user:password@proxy:port/";
+ # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+ # Enable networking
+ networking.networkmanager.enable = true;
+
+ # Set your time zone.
+ time.timeZone = "Europe/Paris";
+
+ environment.systemPackages = [ pkgs.tailscale ];
+
+ # enable the tailscale service
+ services.tailscale.enable = true;
+
+ nix.extraOptions = ''
+ experimental-features = nix-command flakes
+ '';
+
+services.openssh.extraConfig = ''
+ HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+ HostKey /etc/ssh/ssh_host_ed25519_key
+ TrustedUserCAKeys /etc/ssh/ssh_user_key.pub
+ MaxAuthTries 20
+ '';
+
+ # Select internationalisation properties.
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ i18n.extraLocaleSettings = {
+ LC_ADDRESS = "fr_FR.UTF-8";
+ LC_IDENTIFICATION = "fr_FR.UTF-8";
+ LC_MEASUREMENT = "fr_FR.UTF-8";
+ LC_MONETARY = "fr_FR.UTF-8";
+ LC_NAME = "fr_FR.UTF-8";
+ LC_NUMERIC = "fr_FR.UTF-8";
+ LC_PAPER = "fr_FR.UTF-8";
+ LC_TELEPHONE = "fr_FR.UTF-8";
+ LC_TIME = "fr_FR.UTF-8";
+ };
+
+ # Configure keymap in X11
+ services.xserver = {
+ layout = "fr";
+ xkbVariant = "";
+ };
+
+ # Configure console keymap
+ console.keyMap = "fr";
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.users.julien = {
+ isNormalUser = true;
+ description = "Julien";
+ extraGroups = [ "networkmanager" "wheel" ];
+ packages = with pkgs; [];
+ };
+
+ # List packages installed in system profile. To search, run:
+ # $ nix search wget
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = {
+ # enable = true;
+ # enableSSHSupport = true;
+ # };
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ # networking.firewall.enable = false;
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "22.11"; # Did you read the comment?
+
+}
diff --git a/machines/tower/hardware.nix b/machines/tower/hardware.nix
new file mode 100644
index 0000000..f557106
--- /dev/null
+++ b/machines/tower/hardware.nix
@@ -0,0 +1,32 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/274b827e-73aa-46fe-a68c-7f401c76977d";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/machines/tower/home-julien.nix b/machines/tower/home-julien.nix
new file mode 100644
index 0000000..7b25eef
--- /dev/null
+++ b/machines/tower/home-julien.nix
@@ -0,0 +1,9 @@
+{ pkgs, lib, config, ... }:
+{
+
+ luj.hmgr.julien = {
+ luj.programs.neovim.enable = true;
+ luj.programs.ssh-client.enable = true;
+ luj.programs.git.enable = true;
+ };
+}