c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Merge branch 'master' of ssh://gitea.c3d2.de:2222/C3D2/nix-config into master

This commit is contained in:
Daniel Poelzleithner 2021-01-03 15:00:33 +01:00
parent 60f270224b e66639bad9
commit 256dcd5ec9
38 changed files with 359 additions and 1121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
flake.lock
View File

@ -3,14 +3,18 @@
"hydra": {
"inputs": {
"nix": "nix",
"nixpkgs": "nixpkgs_2"
"nixpkgs": [
"hydra",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1593509723,
"narHash": "sha256-ESv86LNnQQy5cYqeC1S4otpvkA8ABgs/zbge8xp35aE=",
"lastModified": 1603366072,
"narHash": "sha256-9dK7Mx9BZHZTeJ/oolS7nMakVnCdXQlsA2ePWNPhQks=",
"owner": "NixOS",
"repo": "hydra",
"rev": "d0deebc4fc95dbeb0249f7b774b03d366596fbed",
"rev": "be709d450b98a384374228db51c14dc958a3a72a",
"type": "github"
},
"original": {
@ -18,16 +22,33 @@
"type": "indirect"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1598695561,
"narHash": "sha256-gyH/5j+h/nWw0W8AcR2WKvNBUsiQ7QuxqSJNXAwV+8E=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "1705b4a26fbf065d9574dce47a94e8c7c79e052f",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1592818267,
"narHash": "sha256-t66Ny6NDA9sQa0U79iqo4w7tEBitUGgio9U/H6z3QpE=",
"lastModified": 1603189103,
"narHash": "sha256-KVS/Z6FzMBOl5XCyOLwfiVoX7G2LQRa9HMGNnJRPCoo=",
"owner": "NixOS",
"repo": "nix",
"rev": "334e26bfc2ce82912602e8a0f9f9c7e0fb5c3221",
"rev": "e0ca98c2071b815578470e280df8fdb750c7e23b",
"type": "github"
},
"original": {
@ -37,41 +58,39 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1591633336,
"narHash": "sha256-oVXv4xAnDJB03LvZGbC72vSVlIbbJr8tpjEW5o/Fdek=",
"lastModified": 1602702596,
"narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70717a337f7ae4e486ba71a500367cad697e5f09",
"rev": "ad0d20345219790533ebe06571f82ed6b034db31",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-20.03-small",
"ref": "nixos-20.09-small",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1592263354,
"narHash": "sha256-1wHPn5qKfzfG06dZhpXDEg5Zt6HwvfyPPgW1tkYFejg=",
"owner": "NixOS",
"lastModified": 1603722914,
"narHash": "sha256-V3cst4osjvfsrR5Qpk8CYWRFQiGm1Rm4lanjMWooH2o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a84b797b28eb104db758b5cb2b61ba8face6744b",
"rev": "e3ce7e1002de96da39e1d59dda97360f456a56ad",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-20.03",
"type": "indirect"
"owner": "nixos",
"ref": "release-20.09",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"hydra": "hydra",
"nixpkgs": [
"hydra",
"nixpkgs"
]
"nixpkgs": "nixpkgs_2"
}
}
},

8
flake.nix
View File

@ -2,8 +2,7 @@
description = "C3D2 NixOS configurations";
inputs = {
nixpkgs.follows = "hydra/nixpkgs";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
# secrets.url = "git+file:///etc/nixos/secrets";
};
@ -31,11 +30,6 @@
system = "aarch64-linux";
};
server7 = nixpkgs.lib.nixosSystem {
modules = [ ./hosts/server7 hydra.nixosModules.hydra ];
system = "x86_64-linux";
};
};
nixosModules.c3d2 = import ./lib;

2
host-registry.nix
View File

@ -59,8 +59,6 @@ rec {
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
'';
};
server7.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
storage.publicKey = "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
};

7
hosts/containers/deployer/configuration.nix
View File

@ -60,8 +60,11 @@
permitRootLogin = "yes";
};
nix.buildCores = 32;
nix.maxJobs = 32;
nix = {
buildCores = 32;
maxJobs = 32;
autoOptimiseStore = true;
};
users.extraUsers.k-ot = {
isNormalUser = true;

2
hosts/containers/elastic/configuration.nix
View File

@ -77,6 +77,6 @@
'';
};
system.stateVersion = "18.09"; # Did you read the comment?
system.stateVersion = "20.09"; # Did you read the comment?
}

2
hosts/containers/logging/configuration.nix
View File

@ -81,6 +81,6 @@
systemd.services.graylog.serviceConfig.Restart = "always";
system.stateVersion = "19.03"; # Did you read the comment?
system.stateVersion = "20.09"; # Did you read the comment?
}

2
hosts/containers/prometheus/configuration.nix
View File

@ -100,6 +100,6 @@
};
};
system.stateVersion = "19.03"; # Did you read the comment?
system.stateVersion = "20.09"; # Did you read the comment?
}

12
hosts/containers/public-access-proxy/configuration.nix
View File

@ -34,6 +34,18 @@
hostNames = [ "kibana.hq.c3d2.de" "kibana-es.hq.c3d2.de" ];
proxyTo = { host = "kibana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
}
{
hostNames = [ "robo1.hq.c3d2.de" ];
proxyTo = { host = "172.20.79.62"; httpPort = 80; };
}
{
hostNames = [ "robots.datenspuren.de" ];
proxyTo = { host = "172.22.99.170"; httpPort = 80; httpsPort = 443; };
}
{
hostNames = [ "error.hq.c3d2.de.de" ];
proxyTo = { host = "172.20.73.47"; httpPort = 80; httpsPort = 443; };
}
];
};

10
hosts/containers/public-access-proxy/proxy.nix
View File

@ -79,7 +79,7 @@ in {
frontend http-in
bind :::80 v4v6
timeout client 30000
option http-tunnel
option http-keep-alive
default_backend proxy-backend-http
backend proxy-backend-http
@ -89,8 +89,8 @@ in {
mode http
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ http
reqadd X-Forwarded-Port:\ 80
http-request set-header X-Forwarded-Proto http
http-request set-header X-Forwarded-Port 80
${concatMapStringsSep "\n" (proxyHost:
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
concatMapStringsSep "\n" (hostname: ''
@ -112,8 +112,8 @@ in {
timeout check 5000
timeout server 30000
option http-server-close
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Port 443
${concatMapStringsSep "\n" (proxyHost:
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
concatMapStringsSep "\n" (hostname: ''

10
hosts/glotzbert/configuration.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ../../lib ];
imports = [ <this-host/hardware-configuration.nix> <lib> ];
c3d2 = {
users.k-ot = true;
@ -110,10 +110,10 @@
services.xserver.displayManager = {
lightdm = {
enable = true;
autoLogin = {
enable = true;
user = "k-ot";
};
};
autoLogin = {
enable = true;
user = "k-ot";
};
defaultSession = "gnome-xorg";
};

24
hosts/glotzbert/x11vnc-service.nix
View File

@ -1,24 +0,0 @@
{ stdenv, pkgs, ... }:
with pkgs;
stdenv.mkDerivation rec {
name = "x11vnc-service";
version = "0.0.0";
src = ./.;
buildInputs = [ x11vnc ];
dontBuild = true;
installPhase = ''
cat > $out/lib/systemd/user/x11vnc.service <<_EOF_
[Unit]
Description=VNC server
[Service]
Type=simple
ExecStart=${x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
Restart=on-failure
_EOF_
'';
}

2
hosts/hydra/configuration.nix
View File

@ -46,7 +46,7 @@
options = "--delete-older-than 14d";
};
sshServe.enable = true;
trustedUsers = [ "root" ];
trustedUsers = [ "@wheel" ];
};
boot = {

15
hosts/hydra/hydra.nix
View File

@ -3,26 +3,15 @@
{
nix = {
binaryCaches = [
"https://cache.server7.hq.c3d2.de"
"https://cache.nixos.org"
"https://cache.dhall-lang.org"
"https://genodepkgs.cachix.org"
];
binaryCachePublicKeys = [
"cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
"cache.dhall-lang.org:I9/H18WHd60olG5GsIjolp7CtepSgJmM2CsO813VTmM="
"genodepkgs.cachix.org-1:j6xcYrUP9Q9c+WbS+MbkJR26cqeytOVdC4SmhOYj2Sw="
];
extraOptions = ''
allowed-uris = http:// https://
'';
buildMachines = [{
hostName = "server7.hq";
sshUser = "hydra";
sshKey = "/var/lib/hydra/queue-runner/id_rsa";
system = "x86_64-linux";
speedFactor = 2;
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 8;
}];
};
services.hydra = {

81
hosts/inbert-containers/ticker/configuration.nix Normal file
View File

@ -0,0 +1,81 @@
{ config, lib, pkgs, ... }:
with lib;
let
tickerSrc = builtins.fetchGit {
url = "https://gitea.c3d2.de/astro/ticker.git";
};
in
{ boot.isContainer = true;
#boot.loader.initScript.enable = true;
networking.hostName = mkDefault "ticker";
networking.useDHCP = false;
networking.firewall.allowedTCPPorts = [ 8400 ];
nix.useSandbox = false;
environment.systemPackages = with pkgs; [ vim git ];
imports = [ "${tickerSrc}/nixos-module.nix" ];
services.ticker.updateInterval = "hourly";
services.ticker.config.calendars = {
c3d2 = {
url = "https://c3d2.de/ical.ics";
color = "#BFBF3F";
};
dresden-science = {
url = "https://www.dresden-science-calendar.de/calendar/de/iCalSync.ics";
color = "#00007F";
};
gruenes-brett = {
url = "https://gruenesbrett.net/events.ics";
color = "#00BF00";
};
stura-htw = {
url = "http://www.stura.htw-dresden.de/events/aggregator/ics_view";
color = "#BFA73F";
};
malobeo = {
url = "https://malobeo.org/events/list/?ical=1&tribe_display=all";
color = "#FF3F3F";
};
hicknhack = {
url = "https://www.google.com/calendar/ical/grhnk1uaotql6gv2dkf9ldmqjc%40group.calendar.google.com/public/basic.ics";
color = "#A700A7";
};
palaissommer = {
url = "https://palaissommer.de/programm/?event=all";
color = "#BF003F";
};
kreta = {
url = "https://www.kreta-dresden.org/kreta.ics";
color = "#BF3F7F";
};
zentralwerk = {
url = "https://ics.teamup.com/feed/ksayh65fgotv2prcas/0.ics";
color = "#FF3F3F";
};
and = {
url = "https://and.notraces.net/events/?ical=1";
color = "#FF7F00";
};
rosenwerk-home = {
url = "https://www.google.com/calendar/ical/bj85d742g31mgkblbaiusmk3s8%40group.calendar.google.com/public/basic.ics";
color = "#BF003F";
};
rosenwerk-extern = {
url = "https://www.google.com/calendar/ical/ogo94kraeq5ckmu3jsr0uus2mo%40group.calendar.google.com/private-8d048bfa99cca84705ffa675aacfe22a/basic.ics";
color = "#BF002F";
};
rosenwerk-kultur = {
url = "https://www.google.com/calendar/ical/93enn926ddhgr79hnqp83ipj3g%40group.calendar.google.com/public/basic.ics";
color = "#BF001F";
};
haengemathe = {
url = "https://club-haengemathe.de/termine.ics";
color = "#FF7F3F";
};
bitsundbaeumedresden = {
url = "https://dresden.bits-und-baeume.org/termine.ics";
color = "#3FBF3F";
};
};
}

10
hosts/server7/borgbackup.nix
View File

@ -1,10 +0,0 @@
{ config, ... }:
{
services.borgbackup.repos.emery = {
allowSubRepos = true;
authorizedKeys = config.users.users.emery.openssh.authorizedKeys.keys;
path = "/srv/ceph/c3d2/backups/emery";
quota = "200G";
};
}

4
hosts/server7/containers/README
View File

@ -1,4 +0,0 @@
Each directory containing a file "default.nix" is
evulated as a container guest configuration.
See ./default.nix for the implementation.

32
hosts/server7/containers/adc/default.nix
View File

@ -1,32 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.yggdrasil.enableGateway = true;
networking.firewall.allowedTCPPorts = [ config.services.uhub.port ];
networking.interfaces.eth0.ipv6.addresses = [{
address = "310:5217:69c0:9afc:0:576d:1184:c3d2";
prefixLength = 64;
}]; # Old address used by some clients
services.uhub = {
enable = true;
enableTLS = false;
hubConfig = ''
hub_name=c3d2
hub_description=<<</>>
'';
plugins.history.enable = true;
plugins.welcome = {
enable = true;
motd = config.users.motd;
};
};
};
}

29
hosts/server7/containers/default.nix
View File

@ -1,29 +0,0 @@
{ lib, ... }:
let
containerFunc = name:
# Generate a container expression from the directory at `name`.
{
inherit name;
value = import (./. + "/${name}") name;
};
containerDir = builtins.readDir ../containers;
containerSubdirs =
lib.filterAttrs (_: kind: kind == "directory") containerDir;
containerNames = builtins.attrNames containerSubdirs;
containers = builtins.listToAttrs (map containerFunc containerNames);
in {
boot.enableContainers = true;
inherit containers;
imports = [ ../../../lib/lxc ];
lxc.containers = {
trivial = {
nixos-config = "/tmp/trivial.nix";
lxc = { };
};
};
}

35
hosts/server7/containers/hydra7/default.nix
View File

@ -1,35 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
ephemeral = true;
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.yggdrasil.enableGateway = true;
networking.firewall.enable = false;
networking.interfaces.eth0.useDHCP = true;
security.acme = {
acceptTerms = true;
email = "mail@c3d2.de";
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"hydra7.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://172.22.99.245:3000";
};
"hydra7.y.c3d2.de" = {
default = true;
addSSL = false;
locations."/".proxyPass = "http://172.22.99.245:3000";
};
};
};
};
}

8
hosts/server7/containers/inner-defaults.nix
View File

@ -1,8 +0,0 @@
{ ... }: {
imports = [ ../../../lib ];
c3d2 = {
isInHq = true;
mapHqHosts = true;
hq.interface = "eth0";
};
}

33
hosts/server7/containers/mpd-index/default.nix
View File

@ -1,33 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/mnt/music" = {
hostPath = "/srv/ceph/c3d2/rpool/Music";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }:
{
imports = [ ../inner-defaults.nix ];
services.mpd = {
enable = true;
network.listenAddress = "any";
musicDirectory = "/mnt/music";
extraConfig = ''
default_permissions "read,add,control,admin"
audio_output {
type "null"
name "My Null Output"
}
filesystem_charset "UTF-8"
'';
};
};
}

29
hosts/server7/containers/ncdc/default.nix
View File

@ -1,29 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/ceph/c3d2" = {
hostPath = "/srv/ceph/c3d2";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }:
let ncdcPort = 1512;
in {
imports = [ ../inner-defaults.nix ];
c3d2 = {
users.k-ot = true;
hq.statistics.enable = true;
hq.yggdrasil.enableGateway = true;
};
services.openssh.enable = true;
programs.mosh.enable = true;
environment.systemPackages = with pkgs; [ tmux ncdc ];
networking.firewall.enable = false;
};
}

23
hosts/server7/containers/nfs/default.nix
View File

@ -1,23 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/nfs" = {
hostPath = "/srv/ceph/c3d2/nfs";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.statistics.enable = true;
services.nfs.server = {
enable = true;
exports = "/srv/nfs *(rw)";
};
networking.firewall.enable = false;
};
}

10
hosts/server7/containers/outer-defaults.nix
View File

@ -1,10 +0,0 @@
name:
let yggaddr = import ../../../lib/server7-yggaddr.nix;
in {
# These the container defaults from the perspective of the host.
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
}

45
hosts/server7/containers/samba/default.nix
View File

@ -1,45 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/files" = {
hostPath = "/srv/ceph/c3d2/files";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.statistics.enable = true;
networking = {
useDHCP = false;
interfaces.eth0.useDHCP = true;
};
services.samba = {
enable = true;
enableNmbd = true;
extraConfig = ''
workgroup = HQ
server string = storage
netbios name = storage
hosts allow = 172.20.0.0/14 127.0.0.0/8
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = Bad user
'';
shares = {
c3d2 = {
path = "/srv/files";
browseable = "yes";
"read only" = "yes";
"guest ok" = "yes";
};
};
};
networking.firewall.enable = false;
};
}

75
hosts/server7/containers/storage/default.nix
View File

@ -1,75 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/c3d2" = {
hostPath = "/srv/ceph/c3d2";
isReadOnly = false;
};
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2 = {
users.k-ot = true;
hq.statistics.enable = true;
hq.yggdrasil.enableGateway = true;
};
services.openssh = {
enable = true;
allowSFTP = true;
};
environment.systemPackages = with pkgs; [ git borgbackup ];
services.nginx = {
enable = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ fancyindex ];
};
virtualHosts = {
"storage-ng.hq.c3d2.de".extraConfig = ''
server_name storage-ng.hq.c3d2.de;
return 301 $scheme://storage.hq.c3d2.de$request_uri;
'';
"storage.hq.c3d2.de" = {
default = true;
http2 = true;
# addSSL = true;
locations = {
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in {
alias = "/srv/c3d2/files/";
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
fancyindex on;
# autoindex on;
dav_access all:r;
'';
};
};
};
};
};
networking.interfaces.eth0 = {
ipv4 = {
addresses = [{
address = "172.22.99.20";
prefixLength = 24;
}];
routes = [{
address = "0.0.0.0";
prefixLength = 0;
via = "172.22.99.1";
}];
};
};
networking.firewall.enable = false;
};
}

226
hosts/server7/default.nix
View File

@ -1,226 +0,0 @@
{ config, pkgs, lib, ... }:
let yggaddr = import ../../lib/server7-yggaddr.nix;
in {
imports = [
../../lib
../../lib/default-gateway.nix
./borgbackup.nix
./containers
./hardware-configuration.nix
./hydra.nix
./nix-serve.nix
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
security.acme = {
email = "mail@c3d2.de";
acceptTerms = true;
};
c3d2 = {
users = {
emery = true;
windsleep = true;
};
isInHq = true;
mapHqHosts = true;
hq = {
interface = "br0";
statistics.enable = true;
};
};
fileSystems."/srv/ceph" = {
#device = "172.22.99.13:6789:/";
device = "172.20.72.53:6789:/";
fsType = "ceph";
options = [
"name=storage2"
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
"noatime,_netdev"
"noauto"
"x-systemd.automount"
"x-systemd.device-timeout=175"
"users"
];
};
fileSystems."/var/lib/ceph/osd/ceph-7" = { fsType = "tmpfs"; };
# Route IPv6
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Obtain global IPv6 despite being a router myself
boot.kernel.sysctl."net.ipv6.conf.br0.accept_ra" = 2;
services.yggdrasil = {
enable = true;
configFile = "/var/lib/yggdrasil/keys";
config = {
Peers = [
# Deutschland
"tcp://45.11.19.26:5001"
"tcp://82.165.69.111:61216"
"tcp://[2001:8d8:1800:8224::1]:61216"
# Czechia
"tcp://195.123.245.146:7743"
"tcp://37.205.14.171:46370"
"tcp://[2a03:3b40:fe:ab::1]:46370"
"tcp://[2a05:9403::8b]:7743"
# Poland
"tcp://176.223.130.120:22632"
"tcp://51.75.44.73:50001"
"tcp://54.37.137.221:37145"
"tcp://[2001:41d0:601:1100::cf2]:37145"
"tcp://n2o.ddns.net:22632"
"tls://54.37.137.221:14987"
"tls://[2001:41d0:601:1100::cf2]:14987"
];
NodeInfo = {
location = "Dresden";
name = "server7.y.c3d2.de";
admin =
"toxid:DF0AC9107E0A30E7201C6832B017AC836FBD1EDAC390EE99B68625D73C3FD929FB47F1872CA4";
};
};
};
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
passwordAuthentication = false;
# DO NOT CHANGE, KINDERGARTEN IS OVER
};
programs.mosh.enable = true;
nix = {
package = pkgs.nixFlakes;
gc.automatic = true;
optimise.automatic = true;
extraOptions = ''
experimental-features = nix-command flakes ca-references
post-build-hook = ${
pkgs.writeScript "post-build-sign-paths" ''
#!${pkgs.runtimeShell}
nix sign-paths --key-file /var/lib/nix-serve.key $OUT_PATHS
''
}
'';
};
nixpkgs.overlays = [
(self: super: {
nix = super.nix // { meta.platforms = lib.platforms.linux; };
})
];
virtualisation.docker.enable = true;
# docker osd.7 container
# docker run --rm --net=host --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph
# -e 172.22.99.245 -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-osd -i 7 --setuser ceph --setgroup ceph -f
docker-containers.ceph-osd-7 = {
cmd = ["ceph-osd" "-i" "7" "--setuser" "ceph" "--setgroup" "ceph" "-d"];
environment = {
OSD_DEVICE = "/dev/sdb";
};
image = "ceph/ceph:v14.2.9";
log-driver = "journald";
extraDockerOptions = [
"--rm"
"--net=host"
"--ipc=host"
"--privileged=true"
];
volumes = [
"/dev:/dev"
"/etc/ceph:/etc/ceph"
"/var/lib/ceph/:/var/lib/ceph"
];
};
# FIXME
# systemd.services.docker-ceph-osd-7.serviceConfig = {
# ExecStartPre = ["mount | grep ^/var/lib/ceph/osd/ceph-7 || mount -t tmpfs tmpfs /var/lib/ceph/osd/ceph-7"
# ''docker run --rm --net=host --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-volume lvm activate --all''
# ];
#};
networking = {
firewall.enable = false;
firewall.trustedInterfaces = [ "br0" ];
hostName = "server7";
hostId = "454fe12c";
useDHCP = false;
bridges.br0.interfaces = [ "enp2s0f0" ];
interfaces = {
br0 = {
useDHCP = true;
tempAddress = "disabled";
ipv4.addresses = [{
address = "172.22.99.245";
prefixLength = 24;
}];
ipv6.addresses = [{
address = yggaddr.prefix64 + "::1";
prefixLength = 64;
}];
};
enp2s0f1.useDHCP = false;
};
};
boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
environment.systemPackages = with pkgs; [
tmux
htop
vim
gitMinimal
nixfmt
zfsStable
];
services.collectd.extraConfig = ''
LoadPlugin memory
LoadPlugin processes
LoadPlugin disk
LoadPlugin df
LoadPlugin cpu
LoadPlugin entropy
LoadPlugin load
LoadPlugin swap
LoadPlugin cgroups
LoadPlugin vmem
LoadPlugin interface
'';
boot.tmpOnTmpfs = true;
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
time.timeZone = "Europe/Berlin";
system.stateVersion = "19.09"; # Did you read the comment?
users.extraUsers.hydra.openssh.authorizedKeys.keys = [
# allow the old hydra to build here
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HuDlyTlPC4rCjwhklY8kiYIxdgPhiu6wxs29ksnpKZmJa2R7qoD02N3ACm9cTb1GVkIWukAXI3KvU9h08+WLQJqUH0cHVBj3V1sDYmkN2QecE59gz3e1gfN3zPtwmQEUe6xvHWK3X3qdH45pGPUtxk1eDTZl45037C0NClWF7RXI4m6UXng4bL9wnPvoVqCI+ySsNWaTkHDLE/D9s/VrqGxJ1w2KiJb1F73g9/x/zjL8Ixb16wkPmLE0e50MQAQa7EMFTyPZoEskFnEviLYXM9pDexABAjJfbfZ39lLyMgVYGwnzEDbjDlm68dE6wQWUY1OV6wbt8uYreB2IRrlb root@hydra"
];
services.dhcpd4 = {
enable = false;
interfaces = [ "br0" ];
extraConfig = "not authoritative;";
};
}

179
hosts/server7/hardware-configuration.nix
View File

@ -1,179 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/f14628ce-0f13-4544-9197-0ddda291f48f";
fsType = "ext4";
};
fileSystems."/var/lib/ceph/osd/ceph-7" = {
device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9812-00B2";
fsType = "vfat";
};
fileSystems."/nvme0n1" = {
device = "nvme0n1";
fsType = "zfs";
};
fileSystems."/zones/b090f14b-0a60-4451-e82a-c5291e5951de/cores" = {
device = "nvme0n1/cores/b090f14b-0a60-4451-e82a-c5291e5951de";
fsType = "zfs";
};
fileSystems."/zones/9a9880d3-82db-c500-fcaa-d4e5a5cc617d/cores" = {
device = "nvme0n1/cores/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
fsType = "zfs";
};
fileSystems."/zones/archive" = {
device = "nvme0n1/archive";
fsType = "zfs";
};
fileSystems."/zones/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5/cores" = {
device = "nvme0n1/cores/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
fsType = "zfs";
};
fileSystems."/zones/9f467f1e-000b-e771-e117-b32261e48220/cores" = {
device = "nvme0n1/cores/9f467f1e-000b-e771-e117-b32261e48220";
fsType = "zfs";
};
fileSystems."/zones/e71d4460-8eef-6623-a875-dd5ec20b650f/cores" = {
device = "nvme0n1/cores/e71d4460-8eef-6623-a875-dd5ec20b650f";
fsType = "zfs";
};
fileSystems."/zones/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3/cores" = {
device = "nvme0n1/cores/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
fsType = "zfs";
};
fileSystems."/zones/3516ab22-69b0-e327-95ec-f9be8852ee44/cores" = {
device = "nvme0n1/cores/3516ab22-69b0-e327-95ec-f9be8852ee44";
fsType = "zfs";
};
fileSystems."/zones/global/cores" = {
device = "nvme0n1/cores/global";
fsType = "zfs";
};
fileSystems."/nvme0n1/c3d2.de" = {
device = "nvme0n1/c3d2.de";
fsType = "zfs";
};
fileSystems."/nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3" = {
device = "nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
fsType = "zfs";
};
fileSystems."/nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317" = {
device = "nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317";
fsType = "zfs";
};
fileSystems."/nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de" = {
device = "nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de";
fsType = "zfs";
};
fileSystems."/nvme0n1/55bcd862-bb70-11e9-9991-7b9a40d4e95f" = {
device = "nvme0n1/55bcd862-bb70-11e9-9991-7b9a40d4e95f";
fsType = "zfs";
};
fileSystems."/nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4" = {
device = "nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4";
fsType = "zfs";
};
fileSystems."/nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d" = {
device = "nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
fsType = "zfs";
};
fileSystems."/nvme0n1/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5" = {
device = "nvme0n1/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
fsType = "zfs";
};
fileSystems."/nvme0n1/9f467f1e-000b-e771-e117-b32261e48220" = {
device = "nvme0n1/9f467f1e-000b-e771-e117-b32261e48220";
fsType = "zfs";
};
fileSystems."/nvme0n1/9651893f-4b85-293a-2d72-60ea3b541bc3" = {
device = "nvme0n1/9651893f-4b85-293a-2d72-60ea3b541bc3";
fsType = "zfs";
};
fileSystems."/nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89" = {
device = "nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89";
fsType = "zfs";
};
fileSystems."/nvme0n1/7644820f-5ce5-f9f1-94b7-4537ee598f43" = {
device = "nvme0n1/7644820f-5ce5-f9f1-94b7-4537ee598f43";
fsType = "zfs";
};
fileSystems."/nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9" = {
device = "nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9";
fsType = "zfs";
};
fileSystems."/nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d" = {
device = "nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d";
fsType = "zfs";
};
fileSystems."/nvme0n1/c3d2.de/admin" = {
device = "nvme0n1/c3d2.de/admin";
fsType = "zfs";
};
fileSystems."/nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75" = {
device = "nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75";
fsType = "zfs";
};
fileSystems."/nvme0n1/c3d2.de/templates" = {
device = "nvme0n1/c3d2.de/templates";
fsType = "zfs";
};
fileSystems."/nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f" = {
device = "nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f";
fsType = "zfs";
};
fileSystems."/nvme0n1/c3d2.de/iso" = {
device = "nvme0n1/c3d2.de/iso";
fsType = "zfs";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 40;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

49
hosts/server7/hydra.nix
View File

@ -1,49 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.hydra-dev = {
enable = true;
debugServer = true;
extraEnv.HYDRA_DEBUG = "1";
hydraURL = "https://server7.hq.c3d2.de";
logo = ./hydra.svg;
notificationSender = "hydra@spam.works";
# package = pkgs.hydra-unstable;
listenHost = "172.22.99.245";
# listenHost = "*";
useSubstitutes = true;
minimumDiskFree = 2;
minimumDiskFreeEvaluator = 2;
extraConfig = ''
<sotest>
authfile = /var/lib/hydra/sotest.auth
</sotest>
'';
};
nix.trustedUsers = [ "hydra" ];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 8;
}];
nix.binaryCachePublicKeys =
[ "nix-serve.hq.c3d2.de-2:elqZouiiQP4XNfmEekwXH/YRPL1pXlN5JgVSzT1Ctoc=" ];
nix.binaryCaches = [ "http://nix-serve.hq.c3d2.de" ];
services.nginx = {
enable = true;
virtualHosts = {
"server7.hq.c3d2.de" = {
addSSL = true;
enableACME = true;
globalRedirect = "hydra7.hq.c3d2.de";
};
};
};
}

163
hosts/server7/hydra.svg
View File

@ -1,163 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="594.28000pt"
height="194.89000pt"
id="svg1"
sodipodi:version="0.32"
inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
sodipodi:docname="hydra.svg"
version="1.1">
<defs
id="defs3" />
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.43415836"
inkscape:cx="497.42201"
inkscape:cy="266.76371"
inkscape:current-layer="svg1"
showgrid="false"
inkscape:grid-bbox="true"
inkscape:grid-points="true"
inkscape:guide-bbox="true"
inkscape:guide-points="true"
guidetolerance="2.0000000px"
inkscape:window-width="1362"
inkscape:window-height="740"
inkscape:window-x="0"
inkscape:window-y="12"
inkscape:window-maximized="0">
<inkscape:grid
id="GridFromPre046Settings"
type="xygrid"
originx="0"
originy="0"
spacingx="1.3333333"
spacingy="1.3333333"
color="#3f3fff"
empcolor="#3f3fff"
opacity="0.15"
empopacity="0.38"
empspacing="5" />
</sodipodi:namedview>
<metadata
id="metadata4">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1" />
<path
d="M 5,123.6125 80,4.8625031 c 0,0 68.75,0 68.75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 0,0 68.75,116.25 68.75,116.25 h -75 z"
id="path4772"
style="fill:#5175c0;fill-opacity:1" />
<path
d="M 92.5,123.6125 161.25,4.8625031 c 0,0 75,0 75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 l 68.75,116.25 h -75 z"
id="path4770"
style="fill:#7eb3de;fill-opacity:1" />
<path
d="M 180,123.6125 248.75,4.8625031 c 0,0 75,0 75,0 0,0 -67.5,118.7499969 -67.5,118.7499969 l 67.5,116.25 h -75 z"
id="path4768"
style="fill:#5175c0;fill-opacity:1" />
<path
d="m 423.75,4.8625031 c 0,0 68.75,0 68.75,0 L 405,239.8625 h -68.75 z"
id="path4766"
style="fill:#7eb3de;fill-opacity:1" />
<path
d="m 573.75,123.6125 c 0,0 -68.75,-118.7499969 -68.75,-118.7499969 0,0 75,0 75,0 0,0 68.75,118.7499969 68.75,118.7499969 L 580,239.8625 h -75 c 0,0 68.75,-116.25 68.75,-116.25 z"
id="path4764"
style="fill:#5175c0;fill-opacity:1" />
<path
d="m 592.5,239.8625 c 0,0 68.75,-116.25 68.75,-116.25 0,0 -68.75,-118.7499969 -68.75,-118.7499969 h 75 L 736.25,123.6125 667.5,239.8625 c 0,0 -75,0 -75,0 z"
id="path1103"
style="fill:#7eb3de;fill-opacity:1" />
<path
style="opacity:0;fill:#ffffff;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4748"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4750"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4752"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4754"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4756"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
id="path4758" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
id="path4774"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
id="path4776"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
id="path4778"
inkscape:connector-curvature="0" />
<flowRoot
xml:space="preserve"
id="flowRoot8463"
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:96px;line-height:125%;font-family:'Liberation Mono';-inkscape-font-specification:'Liberation Mono Bold';letter-spacing:0px;word-spacing:0px;fill:#ff0000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
transform="matrix(1.7228087,0,0,2.5200722,-118.4561,-151.78401)"><flowRegion
id="flowRegion8465"
style="font-size:96px;fill:#ff0000"><rect
id="rect8467"
width="679.47559"
height="191.17448"
x="108.25543"
y="57.162315"
style="font-size:96px;fill:#ff0000" /></flowRegion><flowPara
id="flowPara8469">FLAKES</flowPara></flowRoot> <flowRoot
xml:space="preserve"
id="flowRoot8479"
style="fill:black;stroke:none;stroke-opacity:1;stroke-width:1px;stroke-linejoin:miter;stroke-linecap:butt;fill-opacity:1;font-family:'Liberation Mono';font-style:normal;font-weight:bold;font-size:40px;line-height:125%;letter-spacing:0px;word-spacing:0px;-inkscape-font-specification:'Liberation Mono Bold';font-stretch:normal;font-variant:normal"><flowRegion
id="flowRegion8481"><rect
id="rect8483"
width="71.034798"
height="46.411858"
x="92.5"
y="123.6125" /></flowRegion><flowPara
id="flowPara8485"></flowPara></flowRoot></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 9.7 KiB

28
hosts/server7/nix-serve.nix
View File

@ -1,28 +0,0 @@
{ config, ... }:
{
nix.sshServe.enable = true;
services.nix-serve = {
enable = true;
secretKeyFile = "/var/lib/nix-serve.key";
};
services.nginx = {
enable = true;
virtualHosts = let
vhost.locations."/".proxyPass =
"http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
in {
"cache.server7.hq.c3d2.de" = vhost // {
addSSL = true;
enableACME = true;
};
"nix-serve.y.c3d2.de" = vhost;
};
};
}

27
hosts/server7/yggdrasil-prefix.nix
View File

@ -1,27 +0,0 @@
{ config, pkgs, lib, ... }:
let yggaddr = import ../../lib/server7-yggaddr.nix;
in {
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking.interfaces.br0.ipv6.addresses = [{
address = yggaddr.prefix + ":1";
prefixLength = 24;
}];
services.radvd = {
enable = true;
config = ''
interface enp2s0f1
{
AdvSendAdvert on;
AdvRouteLifetime 0;
prefix ${yggaddr.prefix}:/64 {
AdvOnLink on;
AdvAutonomous on;
};
route 200::/7 {};
};
'';
};
}

125
hosts/storage-ng/configuration.nix Normal file
View File

@ -0,0 +1,125 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, strings, ... }:
let eth0 = "ens18";
in {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
../../lib
../../lib/hq.nix
../../lib/shared.nix
../../lib/default-gateway.nix
];
c3d2 = {
users.k-ot = true;
isInHq = true;
mapHqHosts = true;
hq.interface = eth0;
};
hq.yggdrasil = {
enable = true;
interface = eth0;
};
boot.loader.systemd-boot.enable = true;
systemd.enableEmergencyMode = false;
networking = {
hostName = "storage-ng";
# usePredictableInterfacenames = false;
interfaces.${eth0} = {
ipv4.addresses = [{
address = "172.22.99.20";
prefixLength = 24;
}];
ipv6.addresses = [{
address = "2a02:8106:208:5201::20";
prefixLength = 64;
}];
};
defaultGateway.interface = eth0;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
vim
screen
zsh
lftp
lsof
psmisc
gitAndTools.git-annex
gitAndTools.git
tmux
mpv
iotop
];
services.ceph = {
enable = false;
client.enable = true;
};
# fixme, we need a floating ip here
# correct is floating ip 172.22.99.21
# does not exist yet
# secretfile does not work :(
fileSystems."/mnt/cephfs" = {
device = "172.22.99.13:6789:/";
fsType = "ceph";
options = [
"name=storage2"
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
"noatime,_netdev"
"noauto"
"x-systemd.automount"
"x-systemd.device-timeout=175"
"users"
];
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.bash.enableCompletion = true;
programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
allowSFTP = true;
};
services.atftpd = {
enable = true;
root = "/mnt/cephfs/c3d2/tftp";
};
/* # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
23
];
networking.firewall.allowedUDPPorts = [
69
];
*/
networking.firewall.enable = false;
system.stateVersion = "19.03"; # Did you read the comment?
}

30
hosts/storage-ng/hardware-configuration.nix Normal file
View File

@ -0,0 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/vda1";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/vda3";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/vda2"; }
];
nix.maxJobs = lib.mkDefault 4;
}

12
hosts/storage-ng/www/index.html Normal file
View File

@ -0,0 +1,12 @@
<html>
<head><title>storage.hq.c3d2.de</title></head>
<body>
<h1>storage-ng</h1>
services available:
<ul>
<li><a href="/c3d2">c3d2 files http</a></li>
<li>SAMBA/Windows Access: storage-ng.hq.c3d2.de</li>
<li>tftp</li>
</ul>
</body>
</html>

12
krops.nix
View File

@ -5,11 +5,11 @@ let
lib = import "${krops}/lib";
pkgs = import "${krops}/pkgs" {};
hostSource = path:
hostSource = path: nixos-branch:
lib.evalSource [ {
nixpkgs.git = {
ref = "origin/nixos-20.03";
url = "https://github.com/NixOS/nixpkgs-channels.git";
ref = "origin/${nixos-branch}";
url = "https://github.com/NixOS/nixpkgs.git";
};
nixpkgs-unstable.git = {
ref = "origin/master";
@ -24,7 +24,7 @@ let
deployContainer = containerName: host:
pkgs.krops.writeDeploy containerName {
source = hostSource "containers/${containerName}";
source = hostSource "containers/${containerName}" "nixos-20.09";
target = "root@${host}";
};
in {
@ -34,13 +34,13 @@ in {
kibana = deployContainer "kibana" "172.20.73.44";
glotzbert = pkgs.krops.writeDeploy "glotzbert" {
source = hostSource "glotzbert";
source = hostSource "glotzbert" "nixos-20.09";
target = lib.mkTarget "k-ot@glotzbert.hq.c3d2.de" // {
sudo = true;
};
};
pulsebert = pkgs.krops.writeDeploy "pulsebert" {
source = hostSource "pulsebert";
source = hostSource "pulsebert" "nixos-unstable";
target = lib.mkTarget "k-ot@pulsebert.hq.c3d2.de" // {
sudo = true;
};

27
lib/default.nix
View File

@ -8,8 +8,6 @@ let
hqPrefix64 = "fd23:42:c3d2:523";
# TODO: Is this stable? Is there a better place to specifiy this?
server7Ygg = import ./server7-yggaddr.nix;
# Generate a deterministic IPv6 address for a 64 bit prefix
# and seed string. Prefix must not contain trailing ':'.
toIpv6Address = prefix64: seed:
@ -23,8 +21,6 @@ let
# for the HQ networking using a seed string.
toHqPrivateAddress = toIpv6Address hqPrefix64;
toServer7Address = toIpv6Address server7Ygg.prefix64;
# toHqPublicAddress = toIpv6Address publicPrefix64;
cfg = config.c3d2;
@ -171,10 +167,6 @@ in {
name = ip6;
value = [ "${hostName}.hq" hostName ];
}
{
name = toServer7Address hostName;
value = [ "${hostName}.y.c3d2.de" "${hostName}.y" ];
}
] ++ lib.optional (hasAttr "ip4" host) {
name = host.ip4;
value = [ "${hostName}.hq" hostName ];
@ -202,16 +194,7 @@ in {
ipv6.addresses = [{
address = toHqPrivateAddress config.networking.hostName;
prefixLength = 64;
}] ++ lib.optional (cfg.hq.yggdrasil.enableGateway) {
address = toServer7Address config.networking.hostName;
prefixLength = 64;
};
ipv6.routes = lib.optional (cfg.hq.yggdrasil.enableGateway) {
address = "200::";
options.pref = "low";
prefixLength = 7;
via = server7Ygg.prefix64 + "::1";
};
}];
};
});
@ -282,14 +265,6 @@ in {
# Only builds > 19.09
};
nix = lib.mkIf
(cfg.hq.enableBinaryCache && config.networking.hostName != "server7") {
binaryCaches = [ "https://cache.server7.hq.c3d2.de" ];
binaryCachePublicKeys = [
"cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
];
};
services.mpd.extraConfig = lib.mkIf cfg.hq.enableMpdProxy ''
database {
plugin "proxy"

29
lib/users/poelzi.nix Normal file
View File

@ -0,0 +1,29 @@
{ pkgs, ... }:
let
keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQbziwBjiSZqzE2b4iOqz1HxjinqHbGjAv1XHLOq+AFfNwMc4wiyQ/u2LpuRG2HlwK9pBeIY/gZSUP3YJZ1RumnrEOxY2Tgmzko0W9ME+hvK1OHZcXI69QA/ctxEVgOUMvTtS8XssFLAbQfkXJYeTL/5yr/Qrs3MDDfa+1UGY7LQlyzh6c4pQ+pBgWJALyzztc0orqgSVUJ2u8naQ210Jv3dQnpE+bwfeG9IuWjQqBXWHwlqxwRDxnnDBVcUj4z24XsMmHHWd/zizD+4C0Qx/rBiFhYBDXP+320U5gpgFzRl3t1HQXiPCb/LAgp2CLpZ8Eh4u9tgIhp6Z6l9r0B+vQ== poelzi@poelzi.org"
];
in {
nix.trustedUsers = [ "poelzi" ];
programs = {
fish.enable = true;
tmux.enable = true;
};
users.users.poelzi = {
isNormalUser = true;
description = "poelzi";
extraGroups = [ "users" "wheel" ];
hashedPassword =
"$6$SoesSFadpfcSfEOe$pmkiIMvxTAaEAyqDoZ3a7jk7GZsEXqX1N8r8UvGnaPsb85csX6FC2bwFQyyu8I8QoG/wO85WnHIMMMQAglKSK/";
openssh.authorizedKeys.keys = keys;
shell = pkgs.fish;
};
users.users.root.openssh.authorizedKeys.keys = keys;
nix.sshServe.keys = keys;
}