about summary refs log tree commit diff
path: root/nix/hosts/gamont
diff options
context:
space:
mode:
authorEmile <git@emile.space>2024-08-16 23:33:53 +0200
committerEmile <git@emile.space>2024-08-16 23:33:53 +0200
commitcea6896788a42c0ea40f99deb4b5987d6741e360 (patch)
tree7b65658ce082cab4f552b0a42fa171745f003bd2 /nix/hosts/gamont
parentdcfc18774fe2d4207c2996b2d16ea67499b70228 (diff)
big dump, forgot to commit...
Diffstat (limited to 'nix/hosts/gamont')
-rw-r--r--nix/hosts/gamont/README.md3
-rw-r--r--nix/hosts/gamont/configuration.nix127
2 files changed, 130 insertions, 0 deletions
diff --git a/nix/hosts/gamont/README.md b/nix/hosts/gamont/README.md
new file mode 100644
index 0000000..dc77dc0
--- /dev/null
+++ b/nix/hosts/gamont/README.md
@@ -0,0 +1,3 @@
+# gamont
+
+The WIFI Cableā„¢
diff --git a/nix/hosts/gamont/configuration.nix b/nix/hosts/gamont/configuration.nix
new file mode 100644
index 0000000..4ea1678
--- /dev/null
+++ b/nix/hosts/gamont/configuration.nix
@@ -0,0 +1,127 @@
+{ config, pkgs, lib, ... }:
+
+let
+  user = "nixos";
+  password = "";
+  SSID = "%p%p%p";
+  SSIDpassword = "";
+  interface = "wlan0";
+  hostname = "gamont";
+  keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZi43zHEsoWaQomLGaftPE5k0RqVrZyiTtGqZlpWsew emile@caladan"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzLZ56SEgwZZ0OusTdSDDhpMlxSg1zPNdRLuxKOfrR5 emile@chusuk"
+  ];
+in {
+
+  boot = {
+    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
+    kernel.sysctl = {
+      "net.ipv4.conf.all.forwarding" = true;
+    };
+    initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
+    loader = {
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+      options = [ "noatime" ];
+    };
+  };
+
+  networking = {
+    hostName = hostname;
+    wireless = {
+      enable = true;
+      networks."${SSID}".psk = SSIDpassword;
+      interfaces = [ interface ];
+    };
+
+    firewall = {
+      allowedTCPPorts = [ 53 ];
+      allowedUDPPorts = [ 53 ];
+    };
+
+    interfaces.end0 = {
+      ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
+    };
+
+    nftables = {
+      enable = true;
+      ruleset = ''
+        table inet filter {
+          chain input {
+            type filter hook input priority 0;            
+            accept
+          }
+
+          chain output {
+            type filter hook output priority 0;
+            accept
+          }
+          
+          chain forward {
+            type filter hook forward priority 0;
+            accept
+          }
+        }
+
+        table ip nat {
+        	chain postrouting {
+        		type nat hook postrouting priority srcnat; policy accept;
+        		masquerade
+        	}
+        }
+      '';
+    };
+  };
+
+  environment.systemPackages = with pkgs; [ 
+    helix
+    vim 
+    dnsmasq
+    tcpdump
+    curl
+    iptables nftables
+  ];
+
+  services = {
+    openssh.enable = true;
+    dnsmasq = {
+      enable = true;
+      settings = {
+        server = [
+          "8.8.8.8"
+          "8.8.4.4"
+        ];
+        dhcp-authoritative = true;
+        domain-needed = true;
+        dhcp-range = [ "192.168.1.10,192.168.1.254" ];
+
+        interface = [ "end0" ];
+
+      };
+    };
+  };
+
+  users = {
+    mutableUsers = false;
+    users."${user}" = {
+      isNormalUser = true;
+      password = password;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = keys;
+    };
+
+    users.root = {
+      openssh.authorizedKeys.keys = keys;
+    };
+  };
+
+  hardware.enableRedistributableFirmware = true;
+  system.stateVersion = "23.11";
+}