Add initial configuration

2023-03-31 18:27:25 +02:00 · 2023-03-31 18:27:25 +02:00 · 52eed708f0
commit 52eed708f0
8 changed files with 216 additions and 0 deletions
--- a/boot.nix
+++ b/boot.nix
@ -0,0 +1,16 @@
+{ ... }:
+
+{
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+
+  # Select the this using the ID to avoid mismatches
+  boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";
+
+  # Enable serial console
+  boot.kernelParams = [
+    "console=tty1"
+    "console=ttyS0,115200"
+  ];
+}
--- a/configuration.nix
+++ b/configuration.nix
@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+
+    ./boot.nix
+    ./fs.nix
+    ./gitlab-runner.nix
+    ./net.nix
+    ./ssh.nix
+    ./users.nix
+  ];
+
+  systemd.services."serial-getty@ttyS0" = {
+    enable = true;
+    wantedBy = [ "getty.target" ];
+    serviceConfig.Restart = "always";
+  };
+
+  time.timeZone = "Europe/Madrid";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  environment.systemPackages = with pkgs; [
+    vim wget git htop
+  ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
--- a/fs.nix
+++ b/fs.nix
@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  # Mount the home via NFS
+  fileSystems."/home" = {
+    device = "10.0.40.30:/home";
+    fsType = "nfs";
+    options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" ];
+  };
+}
--- a/gitlab-runner.nix
+++ b/gitlab-runner.nix
@ -0,0 +1,46 @@
+{ pkgs, lib, config, ... }:
+
+{
+  services.gitlab-runner = {
+    enable = true;
+    services = {
+      # runner for executing stuff on host system (very insecure!)
+      # make sure to add required packages (including git!)
+      # to `environment.systemPackages`
+      shell = {
+        # File should contain at least these two variables:
+        # `CI_SERVER_URL`
+        # `REGISTRATION_TOKEN`
+        registrationConfigFile = "/run/secrets/gitlab-runner-registration";
+        executor = "shell";
+        tagList = [ "nix" "xeon" ];
+        environmentVariables = {
+          SHELL = "${pkgs.bash}/bin/bash";
+        };
+      };
+    #  # runner for everything else
+    #  default = {
+    #    # File should contain at least these two variables:
+    #    # `CI_SERVER_URL`
+    #    # `REGISTRATION_TOKEN`
+    #    registrationConfigFile = "/run/secrets/gitlab-runner-registration";
+    #    dockerImage = "debian:stable";
+    #  };
+    };
+  };
+
+  #systemd.services.gitlab-runner.serviceConfig.Shell = "${pkgs.bash}/bin/bash";
+  systemd.services.gitlab-runner.serviceConfig.DynamicUser = lib.mkForce false;
+  systemd.services.gitlab-runner.serviceConfig.User = "gitlab-runner";
+  systemd.services.gitlab-runner.serviceConfig.Group = "gitlab-runner";
+
+  users.users.gitlab-runner = {
+    uid = config.ids.uids.gitlab-runner;
+    #isNormalUser = true;
+    home = "/var/lib/gitlab-runner";
+    description = "Gitlab Runner";
+    group = "gitlab-runner";
+    createHome = true;
+  };
+  users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner;
+}
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "nvme" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/289f78d9-b339-47de-b321-0a6796b9a79b";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/2bac02f9-7ea1-4868-9536-23710f19baca"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ib0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/net.nix
+++ b/net.nix
@ -0,0 +1,26 @@
+{ ... }:
+
+{
+  networking = {
+    hostName = "xeon07";
+
+    useDHCP = false;
+    defaultGateway = "10.0.40.30";
+    nameservers = ["8.8.8.8"];
+    interfaces.eno1.useDHCP = false;
+    interfaces.eno1.ipv4.addresses = [ {
+      address = "10.0.40.7";
+      prefixLength = 24;
+    } ];
+
+    proxy = {
+      default = "http://localhost:23080/";
+      noProxy = "127.0.0.1,localhost,internal.domain";
+    };
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 80 443 ];
+    };
+  };
+}
--- a/ssh.nix
+++ b/ssh.nix
@ -0,0 +1,24 @@
+{ ... }:
+
+{
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Connect to intranet git hosts via proxy
+  programs.ssh.extraConfig = ''
+    Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
+      User git
+      ProxyCommand nc -X connect -x localhost:23080 %h %p
+  '';
+
+  # Authorize keys
+  users.users = {
+    root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBOf4r4lzQfyO0bx5BaREePREw8Zw5+xYgZhXwOZoBO ram@hop" ];
+    rarias.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBOf4r4lzQfyO0bx5BaREePREw8Zw5+xYgZhXwOZoBO ram@hop" ];
+  };
+
+  programs.ssh.knownHosts = {
+    "gitlab-internal.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9arsAOSRB06hdy71oTvJHG2Mg8zfebADxpvc37lZo3";
+    "bscpm03.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2NuSUPsEhqz1j5b4Gqd+MWFnRqyqY57+xMvBUqHYUS";
+  };
+}
--- a/users.nix
+++ b/users.nix
@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  users = {
+    mutableUsers = false;
+    users.rarias = {
+      uid = 1880;
+      isNormalUser = true;
+      home = "/home/Computational/rarias";
+      description = "Rodrigo Arias";
+      extraGroups = [ "wheel" ];
+      hashedPassword = "$6$u06tkCy13enReBsb$xiI.twRvvTfH4jdS3s68NZ7U9PSbGKs5.LXU/UgoawSwNWhZo2hRAjNL5qG0/lAckzcho2LjD0r3NfVPvthY6/";
+    };
+  };
+}