nodes['kunsi-p14s'] = { 'hostname': 'localhost', 'bundles': { 'arch-with-gui', 'backup-client', 'lldp', 'lm-sensors', #'nfs-client', 'telegraf-battery-usage', 'zfs', }, 'groups': { 'arch', }, 'metadata': { 'arch-with-gui': { 'autologin': { 'username': 'kunsi', 'session': 'i3.desktop', }, 'i3pystatus': { 'deps': { 'colour', 'netifaces', 'basiciw', }, }, }, 'firewall': { 'port_rules': { # obs websocket thingie - just allow all RFC1918 ips here #'4444': { # '10.0.0.0/8', # '172.16.0.0/12', # '192.168.0.0/16', #}, # For the occasional file-share using `python -m http.server` '8000': {'*'}, }, }, #'hosts': { # 'entries': { # '10.101.64.10': { # 'www.wifionice.de', # 'wifionice.de', # }, # }, #}, 'icinga_options': { 'exclude_from_monitoring': True, }, 'interfaces': { 'enp2s0f0': { 'dhcp': True, }, 'enp5s0': { 'ips': { '172.19.138.90', }, 'gateway4': '172.19.138.1', }, # there is also wlp3s0, but that's managed by netctl }, #'nfs-client': { # 'mounts': { # 'nas-scansnap': { # 'mountpoint': '/mnt/scansnap', # 'serverpath': '172.19.138.20:/srv/scansnap', # 'mount_options': { # 'retry=0', # 'rw', # }, # }, # 'nas-storage': { # 'mountpoint': '/mnt/nas', # 'serverpath': '172.19.138.20:/storage/nas', # 'mount_options': { # 'retry=0', # 'ro', # }, # }, # }, #}, 'openssh': { 'restrict-to': { 'rfc1918', 'ipv6', }, }, 'pacman': { 'linux-lts': True, 'packages': { # for hardware support 'amd-ucode': {}, 'mesa': {}, # various video drivers 'libva-mesa-driver': {}, 'mesa-vdpau': {}, 'xf86-input-wacom': {}, 'xf86-video-amdgpu': {}, # for i3pystatus 'iw': {}, 'wireless_tools': {}, # all that other random stuff one needs 'browserpass': {}, 'browserpass-firefox': {}, 'claws-mail': {}, 'claws-mail-themes': {}, 'dunst': {}, 'ferdi-bin': {}, 'mosh': {}, 'mosquitto': {}, 'pass': {}, 'pass-otp': {}, 'xclip': {}, }, }, 'systemd-networkd': { 'enable-resolved': True, }, 'timezone': 'Europe/Berlin', 'users': { 'kunsi': { 'password': vault.decrypt('encrypt$gAAAAABgLmmuQGRUStrQawoPee-758emIYn2u8-8ebrgzNAFSp7ifeFDdXXvs-zL3QogwNYlCtBHboH2xfy1rSj6OF5bbNO-tg=='), 'shell': '/usr/bin/fish', }, 'sophie': { 'delete': True, }, }, 'zfs': { 'datasets': { # this is not a complete list, but we can't create that # structure using bundlewrap anyway, so there's no point # in adding it here. 'zroot/system/root': { 'canmount': 'noauto', 'mountpoint': '/', }, 'zroot/user/kunsi': { 'mountpoint': '/home/kunsi', }, }, 'snapshots': { 'retain_per_dataset': { 'zroot/user/kunsi': { # juuuuuuuust to be sure 'hourly': 100, }, }, 'snapshot_never': { 'zroot/system/journal', }, }, }, }, 'os': 'arch', }