refactor host/guest profiles + add niangon

profiles/vm/incus.nix

@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  imports = [
+    <nixpkgs/nixos/modules/virtualisation/incus-virtual-machine.nix>
+  ];
+}

profiles/vogon/guest.nix

@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+let
+  inherit (lib) mkOption types;
+  cfg = config.vogon;
+in
+{
+  options.vogon = {
+    networking = {
+      last-octet = mkOption {
+        type = types.ints.between 161 174;
+        description = '''
+          Dernier octet de l'IPv4 de la machine.
+        '';
+        example = 163;
+      };
+      wan-mac = mkOption {
+        type = types.str;
+        description = '''
+          Adresse MAC de l'interface réseau WAN
+          qui portera l'IPv4 interne.
+        '';
+        example = "BC:24:11:B7:AE:80";
+      };
+    };
+  };
+
+  config.systemd.network  = {
+    links."10-wan" = {
+      matchConfig.MACAddress = cfg.networking.wan-mac;
+      linkConfig.Name = "wan";
+    };
+    networks."10-wan" = {
+      matchConfig.Name = "wan";
+      address = [ "193.54.193.${toString cfg.networking.last-octet}/28" ];
+      routes = [ { Gateway = "193.54.193.174"; } ];
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+}

profiles/vogon/host.nix

@@ -0,0 +1,113 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    ../infra.nix
+  ];
+
+  # FIXME I suck. I didn't manage to configure a working ZFS rootfs with disko
+  # It was 1 AM, and the server had to be up and running quickly, so I
+  # partitioned the server manually
+  fileSystems = {
+    "/" = {
+      device = "rpool/root";
+      fsType = "zfs";
+    };
+
+    "/boot1" = {
+      device = "/dev/disk/by-uuid/F121-2F47";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+    "/boot2" = {
+      device = "/dev/disk/by-uuid/F167-8DD8";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+  };
+
+  boot.zfs.extraPools = [ "data" ];
+
+  # We use Grub because systemd-boot does not seem to have a simple equivalent
+  # of mirroredBoots
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    zfsSupport = true; # FIXME useless?
+    mirroredBoots = [
+      { devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; }
+      { devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
+    ];
+  };
+
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.kernelModules = [ ];
+
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "ehci_pci"
+    "megaraid_sas"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "sr_mod"
+  ];
+
+  systemd.network = {
+    links = {
+      "10-phy1" = {
+        matchConfig.MACAddress = "18:66:da:75:da:04";
+        linkConfig.Name = "phy1";
+      };
+      "10-phy2" = {
+        matchConfig.MACAddress = "18:66:da:75:da:05";
+        linkConfig.Name = "phy2";
+      };
+    };
+    netdevs = {
+      "10-wan".netdevConfig = {
+        Name = "wan";
+        Kind = "bridge";
+      };
+      "10-bond" = {
+        netdevConfig = {
+          Name = "bond";
+          Kind = "bond";
+        };
+        bondConfig.Mode = "802.3ad";
+      };
+    };
+    networks = {
+      "10-phy1" = {
+        matchConfig.Name = "phy1";
+        networkConfig.Bond = "bond";
+      };
+      "10-phy2" = {
+        matchConfig.Name = "phy2";
+        networkConfig.Bond = "bond";
+      };
+      "10-bond" = {
+        matchConfig.Name = "bond";
+        networkConfig.Bridge = "wan";
+      };
+      "10-wan" = {
+        matchConfig.Name = "wan";
+        address = [ "193.54.193.161/28" ];
+        routes = [ { Gateway = "193.54.193.174"; } ];
+      };
+    };
+  };
+
+  age.secrets = {
+    vogon-wg-infra-key = {
+      file = ../secrets/vogon-wg-infra-key.age;
+      owner = "root";
+      group = "root";
+    };
+  };
+
+  infra.hub = {
+    privateKeyPath = config.age.secrets.vogon-wg-infra-key.path;
+  };
+}