bundlewrap/nodes/kunsi-p14s.py

191 lines
5.9 KiB
Python
Raw Normal View History

nodes['kunsi-p14s'] = {
2022-02-12 17:07:47 +00:00
'hostname': 'localhost',
'bundles': {
'arch-with-gui',
2022-02-12 17:56:54 +00:00
'backup-client',
'lldp',
'lm-sensors',
2022-02-13 08:54:06 +00:00
'nfs-client',
2022-02-13 08:24:11 +00:00
'systemd-boot',
'telegraf-battery-usage',
2022-03-11 12:58:38 +00:00
'vmhost',
'zfs',
},
'groups': {
'arch',
},
'metadata': {
'arch-with-gui': {
'autologin_as': 'kunsi',
},
'backup-client': {
# only alert people if we're missing more than a week of backups
'one_backup_every_hours': 7 * 24,
},
'firewall': {
'port_rules': {
# obs websocket thingie - just allow all RFC1918 ips here
#'4444': {
# '10.0.0.0/8',
# '172.16.0.0/12',
# '192.168.0.0/16',
#},
# For the occasional file-share using `python -m http.server`
'8000': {'*'},
},
},
'interfaces': {
'br0': {
2022-02-13 08:54:20 +00:00
'dhcp': True,
},
# there is also wlp3s0, but that's managed by netctl
},
2022-02-13 08:54:06 +00:00
'nfs-client': {
'mounts': {
'nas-scansnap': {
'mountpoint': '/mnt/scansnap',
'serverpath': '172.19.138.20:/srv/scansnap',
'mount_options': {
'retry=0',
'rw',
},
},
'nas-storage': {
'mountpoint': '/mnt/nas',
'serverpath': '172.19.138.20:/storage/nas',
'mount_options': {
'retry=0',
'ro',
},
},
},
},
'openssh': {
'restrict-to': {
'rfc1918',
'ipv6',
},
},
'pacman': {
'linux-lts': True,
'packages': {
# for hardware support
'amd-ucode': {},
'mesa': {},
# various video drivers
'libva-mesa-driver': {},
'mesa-vdpau': {},
'xf86-video-amdgpu': {},
# for i3pystatus
'iw': {},
'wireless_tools': {},
# all that other random stuff one needs
2022-03-05 13:20:29 +00:00
'abcde': {},
2022-02-17 17:03:54 +00:00
'apachedirectorystudio': {},
'claws-mail': {},
'claws-mail-themes': {},
'ferdi-bin': {},
2022-02-13 16:05:51 +00:00
'ffmpeg': {},
'gumbo-parser': {}, # for claws litehtml
'mosquitto': {},
2022-03-05 13:20:29 +00:00
'perl-musicbrainz-discid': {}, # for abcde
'perl-webservice-musicbrainz': {}, # for abcde
2022-03-02 06:12:04 +00:00
'xf86-input-wacom': {},
},
},
2022-02-13 08:24:11 +00:00
'systemd-boot': {
'default': 'arch-lts',
'entries': {
'arch-lts': {
'title': 'Arch Linux (LTS kernel)',
'linux': '/vmlinuz-linux-lts',
'initrd': [
'/amd-ucode.img',
'/initramfs-linux-lts.img',
],
'options': {
'zfs=zroot/system/root',
'rw',
},
},
'arch-lts-fallback': {
'title': 'Arch Linux (LTS kernel, no ucode, fallback initramfs)',
'linux': '/vmlinuz-linux-lts',
'initrd': [
'/initramfs-linux-lts-fallback.img',
],
'options': {
'zfs=zroot/system/root',
'rw',
},
},
},
},
'systemd-networkd': {
'bridges': {
'br0': {
'match': {
'enp2s0f0',
'enp5s0',
},
},
},
},
'timezone': 'Europe/Berlin',
'users': {
'kunsi': {
'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='),
'shell': '/usr/bin/fish',
},
'sophie': {
'delete': True,
},
},
'zfs': {
2022-02-12 17:56:54 +00:00
'datasets': {
# this is not a complete list, but we can't create that
# structure using bundlewrap anyway, so there's no point
# in adding it here.
2022-03-11 12:58:38 +00:00
'zroot': {
'compression': 'lz4',
'relatime': 'on',
'xattr': 'sa',
# encryption is enabled, too.
},
2022-02-13 07:56:52 +00:00
'zroot/system/journal': {
'mountpoint': '/var/log/journal',
'acltype': 'posix',
},
2022-03-11 12:58:38 +00:00
'zroot/system/libvirt': {
'mountpoint': '/var/lib/libvirt',
'needed_by': {
'bundle:vmhost',
},
},
2022-02-12 17:56:54 +00:00
'zroot/system/root': {
'canmount': 'noauto',
'mountpoint': '/',
},
'zroot/user/kunsi': {
'mountpoint': '/home/kunsi',
},
},
'snapshots': {
'retain_per_dataset': {
'zroot/user/kunsi': {
# juuuuuuuust to be sure
'hourly': 100,
},
},
'snapshot_never': {
'zroot/system/journal',
},
},
},
},
'os': 'arch',
}