From 67bdab21079d959db0a8babcf1b2ec4f2af1b2a5 Mon Sep 17 00:00:00 2001
From: Malte Brandy <malte.brandy@maralorn.de>
Date: Sat, 2 Jun 2018 13:13:13 +0200
Subject: [PATCH] Setup hera

---
 .gitignore                              |   1 +
 hosts/apollo/hardware-configuration.nix |   1 +
 hosts/hera/hardware-configuration.nix   |   8 +++--
 hosts/hera/home.nix                     |   4 ---
 hosts/hera/secret/boot_rsa              | Bin 0 -> 827 bytes
 system/default.nix                      |   8 +++--
 system/init_ssh.nix                     |  16 ----------
 system/modules/init_ssh.nix             |  23 ++++++++++++++
 system/modules/laptop.nix               |   1 +
 system/modules/server.nix               |  39 +++++++++++++-----------
 10 files changed, 58 insertions(+), 43 deletions(-)
 create mode 100644 hosts/hera/secret/boot_rsa
 delete mode 100644 system/init_ssh.nix
 create mode 100644 system/modules/init_ssh.nix

diff --git a/.gitignore b/.gitignore
index 40c71083..13b101b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 configuration.nix
+local
diff --git a/hosts/apollo/hardware-configuration.nix b/hosts/apollo/hardware-configuration.nix
index 71cd4d14..28d44602 100644
--- a/hosts/apollo/hardware-configuration.nix
+++ b/hosts/apollo/hardware-configuration.nix
@@ -28,4 +28,5 @@
 
   nix.maxJobs = lib.mkDefault 4;
   powerManagement.cpuFreqGovernor = "ondemand";
+  security.rngd.enable = true;
 }
diff --git a/hosts/hera/hardware-configuration.nix b/hosts/hera/hardware-configuration.nix
index a983a1cd..84cc7587 100644
--- a/hosts/hera/hardware-configuration.nix
+++ b/hosts/hera/hardware-configuration.nix
@@ -4,9 +4,11 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [ ];
+  imports = [
+  	<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+  ];
 
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" ];
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
@@ -16,7 +18,7 @@
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/A8E7-3962";
+    { device = "/dev/disk/by-uuid/3D8A-20F0";
       fsType = "vfat";
     };
 
diff --git a/hosts/hera/home.nix b/hosts/hera/home.nix
index bc89426b..90042d61 100644
--- a/hosts/hera/home.nix
+++ b/hosts/hera/home.nix
@@ -5,8 +5,4 @@ imports = [
   ../../home-manager
 ];
 
-m-0.rustdev.enable = true;
-m-0.taskwarrior.enable = true;
-m-0.eventd.enable = true;
-
 }
diff --git a/hosts/hera/secret/boot_rsa b/hosts/hera/secret/boot_rsa
new file mode 100644
index 0000000000000000000000000000000000000000..040cd798322a34ab41ffff3f0400453aa25dfac1
GIT binary patch
literal 827
zcmV-B1H}9QM@dveQdv+`0P=t<!cB!O1JQn&486uO+n+<Vh)nE3Q%bkk1}Ie4Cq>e&
z4yxkrAs4jNkWo_&%0WY!y$t+4@J)%ajbn!p!k?|>q0R(1j|ACVLJ7~*tA_Z(ckf!H
z-2MW~J*FT6w&JYTQt_>4<`5Dsxf-zI=hUKrRa5@rWzK|MFEZTevT$ysk}i^6Sg<um
z6oW}$ubfl70ub7qa$oiR9#8#AIBdYkx9$0yqhIa1<leR7ghT9rR#n<z+Q#_~Uhao7
zN&}4*FvL$_eZyJ=0bD1b$N2-EgKwqN;E5cKq_T5v;Fzy>_FHYk(F|4psf&JePrPt%
zy#|Awbm=#dJ)@gXa+sG{bS+C!l&)vTs6rm4O-#m|xKgd>iE&Q6+0NhGHclE7J3+HJ
zoFu0qz04qf8R8tvS9{2N0?UA<rFT*3df(vlf+0CF`>O&g8kG6Et3Pp#mzMs#R%${i
z$+Zzi^YoFb{fk9%>zii)H0Edusjy~5RF}h_#`AjVp|Wzz87Z9K(dH;K-%%dfh<N`~
zDk%*T&X8o1nxINl<CV1b-!u9!WqX_)yDahof51CXDBHOf+hK-vxP&i>4uQ2m0`onX
zJ=+m{S;0m*@ni8ZXQFIf!Gl%-O}Cmgv~GS9uozD+4v03|{SE-{<*<`$eE(Uf3_s2h
zcy<LV$C2P>!<f)|OnUpNzgS9cXVIbFMv~Ut6>5#0p-5!iPt@RRi7YON_0$4KxzO$C
z!lN*-lCASh+G0c$_*W@1`ELku6pl+SOox?}%B8ntO@G)Q7Ael!og)^4)+4L&KJ7!`
zEi~JmEVm6PTtdI)VG*riWzgA?#cJdcbBOnAnze+yQt)1n7b#cCEJ?5hSxz%e{{#^<
zHdNbsop<-WIC%82F8N~vh@tzdMwYe8s!!t}FujnG5slwrpW6XVCdo|zN9120Fm@7)
zdT+b{bCaT79Rur;xbP@Epo{1kp`2IYDouba(wCgiBDN+S?DV@{oI8{9FmQ9oGB3nB
zkJ;6cPbT`~K@VC$X4lxb)D$x2ECR2aCLhPC>bv6IgUzMogzPm02y*?R8pGI;&qtZY
F7gL5~pvwRN

literal 0
HcmV?d00001

diff --git a/system/default.nix b/system/default.nix
index 2bf6f477..4a4c6d45 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -7,6 +7,7 @@
     ../common/secret
     ../common/private-options.nix
     ./modules/laptop.nix
+    ./modules/server.nix
     ./admin.nix
     ./syncthing.nix
     ./modules/cdarknet
@@ -18,8 +19,6 @@
 
   time.timeZone = "Europe/Berlin";
 
-  security.rngd.enable = true;
-
   # So that boot does not fill up with old kernels
   boot.loader.grub.configurationLimit = 5;
 
@@ -32,7 +31,10 @@
     Defaults timestamp_type=global, timestamp_timeout=15
   ";
 
-  networking.firewall.allowPing = true;
+  networking = {
+    firewall.allowPing = true;
+    useDHCP = false;
+  };
 
   services = {
     sshd.enable = true;
diff --git a/system/init_ssh.nix b/system/init_ssh.nix
deleted file mode 100644
index 4e031b43..00000000
--- a/system/init_ssh.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  boot.initrd.network = {
-    enable = true;
-    ssh = {
-      enable = true;
-      authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-
-      # generate file with
-      # dropbearkey -t rsa -f /etc/nixos/boot_rsa
-      # nix-env -iA nixos.dropbear
-      hostRSAKey = /etc/nixos/local/boot_rsa;
-    };
-  };
-}
diff --git a/system/modules/init_ssh.nix b/system/modules/init_ssh.nix
new file mode 100644
index 00000000..6e6ca773
--- /dev/null
+++ b/system/modules/init_ssh.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, lib, ... }:
+with lib;
+{
+
+config = mkIf config.m-0.server.enable {
+  boot.initrd = {
+    network = {
+      enable = true;
+      ssh = {
+        enable = true;
+        authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
+
+        # generate file with
+        # dropbearkey -t rsa -f /etc/nixos/boot_rsa
+        # nix-env -iA nixos.dropbear
+        hostRSAKey = ../../local/secret/boot_rsa;
+      };
+    };
+    postMountCommands = "ip link set eth0 down";
+  };
+};
+
+}
diff --git a/system/modules/laptop.nix b/system/modules/laptop.nix
index a3a3ca79..4583c97c 100644
--- a/system/modules/laptop.nix
+++ b/system/modules/laptop.nix
@@ -4,6 +4,7 @@ with lib;
   options = {
     m-0.laptop.enable = mkOption {
       type = types.bool;
+      default = false;
     };
   };
   config = mkIf config.m-0.laptop.enable {
diff --git a/system/modules/server.nix b/system/modules/server.nix
index 241ff8cd..9945b609 100644
--- a/system/modules/server.nix
+++ b/system/modules/server.nix
@@ -1,21 +1,26 @@
-{ config, pkgs, ... }:
-
+{ config, pkgs, lib, ... }:
+with lib;
 {
-  options = {
-    m-0.server.enable = mkOption {
-      type = types.bool;
-    };
-  };
 
-  config = mkIf config.m-0.server.enable {
-    nix = {
-      gc = {
-         automatic = true;
-         options = "--delete-older-than 5d";
-      };
-      optimise.automatic = true;
-    };
-    system.autoUpgrade.enable = true;
-    system.autoUpgrade.dates = "22:00";
+imports = [ ./init_ssh.nix ];
+
+options = {
+  m-0.server.enable = mkOption {
+    type = types.bool;
+    default = false;
   };
+};
+
+config = mkIf config.m-0.server.enable {
+  nix = {
+    gc = {
+       automatic = true;
+       options = "--delete-older-than 5d";
+    };
+    optimise.automatic = true;
+  };
+  system.autoUpgrade.enable = true;
+  system.autoUpgrade.dates = "22:00";
+};
+
 }