diff --git a/common/default.nix b/common/default.nix index ac1ac79..e41b089 100644 --- a/common/default.nix +++ b/common/default.nix @@ -6,8 +6,8 @@ ./hardening.nix ./nix.nix ./raito-proxy-aware-nginx.nix - ./raito-vm.nix ./sysadmin + ./hardware ./zsh.nix ]; } diff --git a/common/hardware/default.nix b/common/hardware/default.nix new file mode 100644 index 0000000..547f443 --- /dev/null +++ b/common/hardware/default.nix @@ -0,0 +1,7 @@ +{ ... }: { + imports = [ + ./raito-vm.nix + ./oracle-vm.nix + ./hetzner.nix + ]; +} diff --git a/common/hardware/hetzner.nix b/common/hardware/hetzner.nix new file mode 100644 index 0000000..0ec9d55 --- /dev/null +++ b/common/hardware/hetzner.nix @@ -0,0 +1,76 @@ + +{ lib, config, ... }: +let + cfg = config.bagel.hardware.hetzner; + inherit (lib) mkEnableOption mkIf mkOption types; +in +{ + options.bagel.hardware.hetzner = { + enable = mkEnableOption "Hetzner's hardware defaults"; + + platformType = mkOption { + # Only VMs are supported. + type = types.enum [ "virtual-machine" ]; + }; + + system = mkOption { + # Only the aarch64-linux VM Hetzner is supported. + type = types.enum [ "aarch64-linux" ]; + }; + + networking.wan = { + mac = mkOption { + type = types.str; + description = "MAC address of the WAN interface in the Hetzner machine"; + }; + address = mkOption { + type = types.listOf types.str; + description = "List of static addresses attached to the WAN interface"; + }; + }; + }; + + config = mkIf cfg.enable { + # A bunch of stuff is virtio. + boot.initrd.availableKernelModules = [ + "xhci_pci" + "usbhid" + "sr_mod" + "virtio_gpu" + "virtio_scsi" + "virtio_rng" + "virtio_pci" + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.useDHCP = lib.mkDefault false; + + # Stolen from the netplan provided by aarch64 Ubuntu images. + systemd.network.enable = true; + systemd.network.links."10-wan" = { + linkConfig.Name = "wan"; + matchConfig.MACAddress = cfg.networking.mac; + }; + systemd.network.networks."10-wan" = { + matchConfig.Name = "wan"; + networkingConfig.Address = cfg.networking.address; + linkConfig.RequiredForOnline = true; + DHCP = "ipv4"; + routes = [ + { + routeConfig = { + Destination = "::/0"; + GatewayOnLink = true; + Gateway = "fe80::1"; + }; + } + ]; + dhcpV4Config = { + RouteMetric = 100; + UseMTU = true; + }; + }; + }; +} diff --git a/common/hardware/oracle-vm.nix b/common/hardware/oracle-vm.nix new file mode 100644 index 0000000..4be3acf --- /dev/null +++ b/common/hardware/oracle-vm.nix @@ -0,0 +1,44 @@ + +{ lib, config, ... }: +let + cfg = config.bagel.hardware.oracle-vm; + inherit (lib) mkEnableOption mkIf mkOption types; +in +{ + options.bagel.hardware.oracle-vm = { + enable = mkEnableOption "Oracle's VM hardware defaults"; + + system = mkOption { + # Only the free Oracle VMs are supported. + type = types.enum [ "aarch64-linux" ]; + }; + }; + + config = mkIf cfg.enable { + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = cfg.system; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault false; + # Examples: + # 2: enp0s3: mtu 1500 qdisc mq state UP group default qlen 1000 + # link/ether 02:00:17:00:91:6e brd ff:ff:ff:ff:ff:ff + # inet 10.0.0.94/24 brd 10.0.0.255 scope global dynamic noprefixroute enp0s3 + # valid_lft 44162sec preferred_lft 33362sec + # inet6 fe80::17ff:fe00:916e/64 scope link + # valid_lft forever preferred_lft forever + # [root@build02-aarch64-lahfa:~]# ip r + # default via 10.0.0.1 dev enp0s3 proto dhcp src 10.0.0.94 metric 1002 mtu 9000 + networking.interfaces.enp0s3.useDHCP = lib.mkDefault true; + }; +} diff --git a/common/raito-vm.nix b/common/hardware/raito-vm.nix similarity index 100% rename from common/raito-vm.nix rename to common/hardware/raito-vm.nix