Stuff

2 files changed, 110 insertions, 0 deletions

diff --git a/flake.nix b/flake.nix
index 42106fc..74042ac 100644
--- a/flake.nix
+++ b/flake.nix
@@ -84,6 +84,10 @@
               hostName = "pincer";
               module = ./machines/x1-pincer.nix;
             }
+            {
+              hostName = "pincer2";
+              module = ./machines/x1-pincer-2.nix;
+            }
             { hostName = "dragon"; }
             { hostName = "firelink"; }
             { hostName = "tiny1"; }
diff --git a/machines/x1-pincer-2.nix b/machines/x1-pincer-2.nix
new file mode 100644
index 0000000..483fcd8
--- /dev/null
+++ b/machines/x1-pincer-2.nix
@@ -0,0 +1,106 @@
+{ config, lib, pkgs, ... }:
+{
+  orbekk.gaming.enable = true;
+  orbekk.desktop.enable = true;
+  orbekk.thinkpad.enable = true;
+  orbekk.development.enable = true;
+  orbekk.simple-firewall.enable = lib.mkForce false;
+
+  system.autoUpgrade.enable = lib.mkForce false;
+  services.printing.enable = true;
+  services.printing.drivers = with pkgs; [ gutenprint brlaser ];
+  services.openssh.enable = true;
+
+  networking.networkmanager.enable = false;
+  networking.hostName = "pincer";
+  networking.useDHCP = false;
+  networking.interfaces.enp0s25.ipv4.addresses = [
+    {address = "80.100.100.1"; prefixLength = 24; }
+  ];
+  networking.interfaces.wlp4s0 = {
+    ipv4.addresses = [{ address = "172.20.71.1"; prefixLength = 24; }];
+  };
+  networking.firewall.enable = true;
+  networking.firewall.trustedInterfaces = ["wlp4s0"];
+  networking.nat.enable = true;
+  networking.nat.internalInterfaces = ["wlp4s0"];
+  networking.nat.externalInterface = "enp0s25";
+
+  services.dnsmasq = {
+      enable = true;
+      settings.server = [ "1.1.1.1" "8.8.8.8" "8.8.4.4" ];
+      resolveLocalQueries = false;
+      settings = {
+        no-resolv = true;
+        no-hosts = true;
+        log-debug = true;
+
+        dhcp-authoritative = true;
+        enable-ra = true;
+
+        "address" = ["/localhost/::1" "/localhost/127.0.0.1"];
+
+        dhcp-range = ["172.20.71.10,172.20.71.254,5m"];
+      };
+  };
+
+  services.hostapd = {
+    enable = true;
+    radios = {
+      wlp4s0 = {
+        channel = 6; # Automatic
+        countryCode = "US";
+        networks.wlp4s0 = {
+          ssid = "Merry";
+          authentication.mode = "none";
+        };
+      };
+    };
+  };
+
+  services.miniupnpd.enable = true;
+  services.miniupnpd.externalInterface = "enp0s25";
+  services.miniupnpd.internalIPs = [
+    "wlp4s0"
+  ];
+  services.miniupnpd.appendConfig = ''
+      ipv6_disable=true
+  '';
+
+  boot.kernel.sysctl = {
+    "net.ipv4.conf.all.forwarding" = true;
+    "net.ipv6.conf.all.forwarding" = true;
+    "net.ipv6.conf.all.accept_ra" = 0;
+    "net.ipv6.conf.all.autoconf" = 0;
+    "net.ipv6.conf.all.use_tempaddr" = 0;
+  };
+
+# Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.initrd.luks.devices."luks-e7d79bb8-2c57-45f9-a958-9ee16a63c85a".device = "/dev/disk/by-uuid/e7d79bb8-2c57-45f9-a958-9ee16a63c85a";
+
+  # hardware-configuration.nix
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" ];
+  hardware.enableRedistributableFirmware = lib.mkDefault true;
+  boot.kernelModules = [ "kvm-intel" ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/13de8c13-4f2f-4495-b1aa-6bae3f2d7979";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/ADFD-B161";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/7f4492ff-bdd4-41b0-a81d-f190781add9d"; }
+    ];
+
+  system.stateVersion = "17.04";
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}