refactor host/guest profiles + add niangon

hive.nix

@@ -17,6 +17,7 @@ let
   nodeNixpkgs = {
     # FIXME discourse est cassé en unstable
     pendragon = nixpkgs2411;
+    niangon = nixpkgs2411;
   };
 in
 {
@@ -75,7 +76,7 @@ in
     networking.hostId = "1751e2a7";
 
     imports = [
-      ./profiles/vogon.nix
+      ./profiles/vogon/host.nix
       ./profiles/incus.nix
     ];
   };
@@ -90,7 +91,7 @@ in
 
     imports = [
       (disko.config diskConfig)
-      ./profiles/vm.nix
+      ./profiles/vm/pve.nix
       ./profiles/glucagon.nix
       ./profiles/matrix-server.nix
       ./profiles/element.nix
@@ -111,7 +112,7 @@ in
 
     imports = [
       (disko.config diskConfig)
-      ./profiles/vm.nix
+      ./profiles/vm/pve.nix
       ./profiles/glucagon.nix
       ./profiles/vaultwarden.nix
     ];
@@ -129,7 +130,7 @@ in
 
     imports = [
       (disko.config diskConfig)
-      ./profiles/vm.nix
+      ./profiles/vm/pve.nix
       ./profiles/glucagon.nix
       ./profiles/wayf.nix
     ];
@@ -147,7 +148,7 @@ in
 
     imports = [
       (disko.config diskConfig)
-      ./profiles/vm.nix
+      ./profiles/vm/pve.nix
       ./profiles/glucagon.nix
       ./profiles/gitlab.nix
     ];
@@ -165,7 +166,7 @@ in
 
     imports = [
       (disko.config diskConfig)
-      ./profiles/vm.nix
+      ./profiles/vm/pve.nix
       ./profiles/glucagon.nix
       ./profiles/discourse.nix
     ];
@@ -183,7 +184,7 @@ in
 
     imports = [
       (disko.config diskConfig)
-      ./profiles/vm.nix
+      ./profiles/vm/pve.nix
       ./profiles/glucagon.nix
       ./profiles/indico.nix
     ];
@@ -199,7 +200,7 @@ in
 
     imports = [
       (disko.config diskConfig)
-      ./profiles/vm.nix
+      ./profiles/vm/pve.nix
       ./profiles/glucagon.nix
       ./profiles/monitoring
       ./profiles/grafana.nix
@@ -207,4 +208,34 @@ in
 
     system.build.diskoScript = disko.diskoScript diskConfig pkgs;
   };
+
+  jargon = { pkgs, ... }: {
+    deployment.tags = [ "postfix" ];
+
+    vogon.networking = {
+      last-octet = 163;
+      wan-mac = "00:16:3e:c7:aa:78";
+    };
+
+    imports = [
+      ./profiles/vm/incus.nix
+      ./profiles/vogon/guest.nix
+      #./profiles/mail.nix
+    ];
+  };
+
+  niangon = { ... }: {
+    deployment.tags = [ "git" "forgejo" ];
+
+    vogon.networking = {
+      last-octet = 164;
+      wan-mac = "00:16:3e:cc:71:f3";
+    };
+
+    imports = [
+      ./profiles/vm/incus.nix
+      ./profiles/vogon/guest.nix
+      #./profiles/forgejo.nix
+    ];
+  };
 }

network/infra.nix

@@ -50,6 +50,8 @@ in {
       dragon = 16;
       perdrigon = 17;
       martagon = 18;
+      jargon = 19;
+      niangon = 20;
     };
     hubs = builtins.mapAttrs (_: mkHub) {
       vogon = {

profiles/vm/incus.nix

@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  imports = [
+    <nixpkgs/nixos/modules/virtualisation/incus-virtual-machine.nix>
+  ];
+}

profiles/vogon/guest.nix

@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+let
+  inherit (lib) mkOption types;
+  cfg = config.vogon;
+in
+{
+  options.vogon = {
+    networking = {
+      last-octet = mkOption {
+        type = types.ints.between 161 174;
+        description = '''
+          Dernier octet de l'IPv4 de la machine.
+        '';
+        example = 163;
+      };
+      wan-mac = mkOption {
+        type = types.str;
+        description = '''
+          Adresse MAC de l'interface réseau WAN
+          qui portera l'IPv4 interne.
+        '';
+        example = "BC:24:11:B7:AE:80";
+      };
+    };
+  };
+
+  config.systemd.network  = {
+    links."10-wan" = {
+      matchConfig.MACAddress = cfg.networking.wan-mac;
+      linkConfig.Name = "wan";
+    };
+    networks."10-wan" = {
+      matchConfig.Name = "wan";
+      address = [ "193.54.193.${toString cfg.networking.last-octet}/28" ];
+      routes = [ { Gateway = "193.54.193.174"; } ];
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+}

profiles/vogon/host.nix

@@ -0,0 +1,113 @@
+{ config, pkgs, ... }:
+{
+  imports = [
+    ../infra.nix
+  ];
+
+  # FIXME I suck. I didn't manage to configure a working ZFS rootfs with disko
+  # It was 1 AM, and the server had to be up and running quickly, so I
+  # partitioned the server manually
+  fileSystems = {
+    "/" = {
+      device = "rpool/root";
+      fsType = "zfs";
+    };
+
+    "/boot1" = {
+      device = "/dev/disk/by-uuid/F121-2F47";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+    "/boot2" = {
+      device = "/dev/disk/by-uuid/F167-8DD8";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+  };
+
+  boot.zfs.extraPools = [ "data" ];
+
+  # We use Grub because systemd-boot does not seem to have a simple equivalent
+  # of mirroredBoots
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    zfsSupport = true; # FIXME useless?
+    mirroredBoots = [
+      { devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; }
+      { devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
+    ];
+  };
+
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.kernelModules = [ ];
+
+  boot.initrd.availableKernelModules = [
+    "ahci"
+    "ehci_pci"
+    "megaraid_sas"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "sr_mod"
+  ];
+
+  systemd.network = {
+    links = {
+      "10-phy1" = {
+        matchConfig.MACAddress = "18:66:da:75:da:04";
+        linkConfig.Name = "phy1";
+      };
+      "10-phy2" = {
+        matchConfig.MACAddress = "18:66:da:75:da:05";
+        linkConfig.Name = "phy2";
+      };
+    };
+    netdevs = {
+      "10-wan".netdevConfig = {
+        Name = "wan";
+        Kind = "bridge";
+      };
+      "10-bond" = {
+        netdevConfig = {
+          Name = "bond";
+          Kind = "bond";
+        };
+        bondConfig.Mode = "802.3ad";
+      };
+    };
+    networks = {
+      "10-phy1" = {
+        matchConfig.Name = "phy1";
+        networkConfig.Bond = "bond";
+      };
+      "10-phy2" = {
+        matchConfig.Name = "phy2";
+        networkConfig.Bond = "bond";
+      };
+      "10-bond" = {
+        matchConfig.Name = "bond";
+        networkConfig.Bridge = "wan";
+      };
+      "10-wan" = {
+        matchConfig.Name = "wan";
+        address = [ "193.54.193.161/28" ];
+        routes = [ { Gateway = "193.54.193.174"; } ];
+      };
+    };
+  };
+
+  age.secrets = {
+    vogon-wg-infra-key = {
+      file = ../secrets/vogon-wg-infra-key.age;
+      owner = "root";
+      group = "root";
+    };
+  };
+
+  infra.hub = {
+    privateKeyPath = config.age.secrets.vogon-wg-infra-key.path;
+  };
+}