c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Add Server7 host

This commit is contained in:
Ehmry - 2019-11-28 11:38:03 +01:00
parent 7048992e9a
commit 04159778a2
10 changed files with 239 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
hosts/server7/configuration.nix Normal file
View File

@ -0,0 +1,93 @@
{ config, pkgs, lib, ... }:
{
imports = [
<nixpkgs/nixos/modules/profiles/minimal.nix>
../../lib/hq.nix
../../lib/yggdrasil.nix
../../lib/emery.nix
./containers
./hardware-configuration.nix
./yggdrasil-prefix.nix
./hydra.nix
];
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
# DO NOT CHANGE, KINDERGARTEN IS OVER
};
services.yggdrasil = {
openMulticastPort = true;
configFile = "/var/lib/yggdrasil/keys";
config.Peers = [
"tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
"tcp://ygg.thingylabs.io:443" # Nürnberg
"tcp://176.223.130.120:22632" # Wrocław
"tcp://[2a05:9403::8b]:7743" # Praha
];
};
programs.mosh.enable = true;
nix = {
package = pkgs.nixFlakes;
gc.automatic = true;
trustedUsers = [ "root" ];
};
networking = {
hostName = "nixbert";
useDHCP = false;
bridges.br0.interfaces = [ "enp2s0f1" ];
interfaces = {
enp2s0f0 = {
useDHCP = true;
preferTempAddress = true;
ipv4.addresses = [{
address = "172.22.99.245";
prefixLength = 24;
}];
};
enp2s0f1.useDHCP = false;
};
};
environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixfmt ];
services.collectd = {
enable = true;
autoLoadPlugin = true;
extraConfig = ''
Interval 10
<Plugin "cpu">
</Plugin>
<Plugin "memory">
</Plugin>
<Plugin "interface">
</Plugin>
<Plugin "load">
</Plugin>
<Plugin "swap">
</Plugin>
<Plugin "network">
Server "grafana.hq.c3d2.de" "25826"
</Plugin>
'';
};
boot.tmpOnTmpfs = true;
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
time.timeZone = "Europe/Berlin";
system.stateVersion = "19.09"; # Did you read the comment?
}

4
hosts/server7/containers/README Normal file
View File

@ -0,0 +1,4 @@
Each directory containing a file "default.nix" is
evulated as a container guest configuration.
See ./default.nix for the implementation.

19
hosts/server7/containers/adc/default.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }:
{
services.uhub = {
enable = true;
enableTLS = false;
hubConfig = ''
hub_name=c3d2
hub_description=<<</>>
'';
plugins.history.enable = true;
plugins.welcome = {
enable = true;
motd = builtins.readFile ../../../../lib/motd;
};
};
networking.firewall.allowedTCPPorts = [ config.services.uhub.port ];
}

38
hosts/server7/containers/default.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
let
yggaddr = import ../yggaddr.nix;
containerFunc = name:
# Generate a container expression from the directory at `name`.
with builtins;
let
hash = hashString "sha256" name;
hextet0 = substring 0 4 hash;
hextet1 = substring 4 4 hash;
in {
inherit name;
value = {
# These are attributes common to each container
# from the perspective of the host.
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
localAddress6 = "${yggaddr.prefix}:c3d2:${hextet0}:${hextet1}/64";
# Generate a deterministic IPv6 address for the container.
# This address is accessible within HQ and Yggdrasil but not from ARPANET.
config = import (./. + "/${name}");
};
};
containerDir = builtins.readDir ../containers;
containerSubdirs =
lib.filterAttrs (_: kind: kind == "directory") containerDir;
containerNames = builtins.attrNames containerSubdirs;
containers = builtins.listToAttrs (map containerFunc containerNames);
in {
boot.enableContainers = true;
inherit containers;
}

30
hosts/server7/hardware-configuration.nix Normal file
View File

@ -0,0 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f14628ce-0f13-4544-9197-0ddda291f48f";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9812-00B2";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 20;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

63
hosts/hydra/flakebert.nix → hosts/server7/hydra.nix
View File

@ -157,49 +157,32 @@ let
meta.description = "Build of Hydra on ${system}";
passthru.perlDeps = perlDeps;
};
in { ... }:
in { config, pkgs, ... }: {
{
boot.enableContainers = true;
users.users.root.password = "k-ot";
services.hydra = {
enable = true;
hydraURL = "https://flakes.hq.c3d2.de";
logo = ../../hosts/hydra/c3d2.svg;
notificationSender = "hydra@spam.works";
package = hydraFlakes pkgs;
listenHost = "127.0.0.1";
};
networking.nat.enable = true;
networking.nat.internalInterfaces = [ "ve-+" ];
networking.nat.externalInterface = "eth0";
containers.flakebert = {
autoStart = false;
privateNetwork = true;
enableTun = true;
config = { config, pkgs, ... }: {
imports = [ ../../lib/yggdrasil.nix ];
users.users.root.password = "k-ot";
services.hydra = {
enable = true;
hydraURL = "https://hydra.hq.c3d2.de";
logo = ./c3d2.svg;
notificationSender = "hydra@spam.works";
useSubstitutes = false;
package = hydraFlakes pkgs;
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
virtualHosts = {
"flakes.hq.c3d2.de" = {
default = true;
forceSSL = false;
enableACME = false;
locations."/".proxyPass =
"http://127.0.0.1:${toString config.services.hydra.port}";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
virtualHosts = {
"flakes.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://localhost:${toString config.services.hydra.port}";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

1
hosts/server7/ssh_host_ed25519_key.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy root@nixbert

1
hosts/server7/ssh_host_rsa_key.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmCgVZbItFsh+hwfbX5EefNF4+LgSSQw20JmqZ7UOHMtTcmoJlykr82go1L6/Qd/rOoLClEmZ4Dr+6m6LrYpys2EhRX9XNA8JXqaohMvmroYMPR3ttBkxWQq939K2hiZ67vICTYeESrqVf7B5Cj8oLnef6mKLsjQ03EAUEhFWaowUDDceH4+/M5WRwhaqTvYo78Q2lJ2971rng3tbkKdk2hQnjTK4RLsIUgm2HTkoE81kQva+7NhB1S+fNc9pfg7bDDd1CV6H1xLMYPNYgT/ivFGtf+C2JZHGmWFkk1bk96OBD7tbjuXk4hlKDp5wPcQM+hM8jemqk6VHX2QL1JU3hlgbI+LttszzA4tPMeaaUKEs9QMrXlM/9l9meA0gUuFZL1biEXTHxL05t7vYom//PtBlLKtirZQZ2plVDAd37+f1ZCIHOT7goOeOJULhNqzLU7FTQ8Jx3JFVs9EPLqej3RTXDcP99Tc6OwwdcRUWFrRRU8071JkAw5uSKNnyRQxeh8otbXijPKqfw3Hc23E38wlVFoUI9IsohLQhaTTtdqnxAp3qJyONh3zIct+VN9uM87swsKGODEgsSfvb+46H/5pRPPHMJ4DHoG+8yF0Ohu4/fV68M6nIxcl7b3z4mzkQH8mm8kydCw46x7lwQMNon7bVF1dRW0bjRW/4b7od5aQ== root@nixbert

4
hosts/server7/yggaddr.nix Normal file
View File

@ -0,0 +1,4 @@
{
address = "21d:5658:8cee:eb54:d9b6:84e6:9ed8:f07c";
prefix = "31d:5658:8cee:eb54:";
}

26
hosts/server7/yggdrasil-prefix.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
let yggaddr = import ./yggaddr.nix;
in {
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking.interfaces.br0.ipv6.addresses = [{
address = yggaddr.prefix + ":1";
prefixLength = 24;
}];
services.radvd = {
enable = true;
config = ''
interface enp2s0f1
{
AdvSendAdvert on;
prefix ${yggaddr.prefix}:/64 {
AdvOnLink on;
AdvAutonomous on;
};
route 200::/7 {};
};
'';
};
}