c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Remove server7

This commit is contained in:
Ehmry - 2020-10-26 16:00:08 +01:00
parent f7230c5829
commit 7dab4f4c8d
22 changed files with 1 additions and 1035 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
flake.nix
View File

@ -31,11 +31,6 @@
system = "aarch64-linux";
};
server7 = nixpkgs.lib.nixosSystem {
modules = [ ./hosts/server7 hydra.nixosModules.hydra ];
system = "x86_64-linux";
};
};
nixosModules.c3d2 = import ./lib;

2
host-registry.nix
View File

@ -59,8 +59,6 @@ rec {
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
'';
};
server7.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
storage.publicKey = "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
};

13
hosts/hydra/hydra.nix
View File

@ -3,26 +3,13 @@
{
nix = {
binaryCaches = [
"https://cache.server7.hq.c3d2.de"
"https://cache.nixos.org"
"https://cache.dhall-lang.org"
];
binaryCachePublicKeys = [
"cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
"cache.dhall-lang.org:I9/H18WHd60olG5GsIjolp7CtepSgJmM2CsO813VTmM="
];
extraOptions = ''
allowed-uris = http:// https://
'';
buildMachines = [{
hostName = "server7.hq";
sshUser = "hydra";
sshKey = "/var/lib/hydra/queue-runner/id_rsa";
system = "x86_64-linux";
speedFactor = 2;
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 8;
}];
};
services.hydra = {

10
hosts/server7/borgbackup.nix
View File

@ -1,10 +0,0 @@
{ config, ... }:
{
services.borgbackup.repos.emery = {
allowSubRepos = true;
authorizedKeys = config.users.users.emery.openssh.authorizedKeys.keys;
path = "/srv/ceph/c3d2/backups/emery";
quota = "200G";
};
}

4
hosts/server7/containers/README
View File

@ -1,4 +0,0 @@
Each directory containing a file "default.nix" is
evulated as a container guest configuration.
See ./default.nix for the implementation.

32
hosts/server7/containers/adc/default.nix
View File

@ -1,32 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.yggdrasil.enableGateway = true;
networking.firewall.allowedTCPPorts = [ config.services.uhub.port ];
networking.interfaces.eth0.ipv6.addresses = [{
address = "310:5217:69c0:9afc:0:576d:1184:c3d2";
prefixLength = 64;
}]; # Old address used by some clients
services.uhub = {
enable = true;
enableTLS = false;
hubConfig = ''
hub_name=c3d2
hub_description=<<</>>
'';
plugins.history.enable = true;
plugins.welcome = {
enable = true;
motd = config.users.motd;
};
};
};
}

29
hosts/server7/containers/default.nix
View File

@ -1,29 +0,0 @@
{ lib, ... }:
let
containerFunc = name:
# Generate a container expression from the directory at `name`.
{
inherit name;
value = import (./. + "/${name}") name;
};
containerDir = builtins.readDir ../containers;
containerSubdirs =
lib.filterAttrs (_: kind: kind == "directory") containerDir;
containerNames = builtins.attrNames containerSubdirs;
containers = builtins.listToAttrs (map containerFunc containerNames);
in {
boot.enableContainers = true;
inherit containers;
imports = [ ../../../lib/lxc ];
lxc.containers = {
trivial = {
nixos-config = "/tmp/trivial.nix";
lxc = { };
};
};
}

35
hosts/server7/containers/hydra7/default.nix
View File

@ -1,35 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
ephemeral = true;
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.yggdrasil.enableGateway = true;
networking.firewall.enable = false;
networking.interfaces.eth0.useDHCP = true;
security.acme = {
acceptTerms = true;
email = "mail@c3d2.de";
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"hydra7.hq.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://172.22.99.245:3000";
};
"hydra7.y.c3d2.de" = {
default = true;
addSSL = false;
locations."/".proxyPass = "http://172.22.99.245:3000";
};
};
};
};
}

8
hosts/server7/containers/inner-defaults.nix
View File

@ -1,8 +0,0 @@
{ ... }: {
imports = [ ../../../lib ];
c3d2 = {
isInHq = true;
mapHqHosts = true;
hq.interface = "eth0";
};
}

33
hosts/server7/containers/mpd-index/default.nix
View File

@ -1,33 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/mnt/music" = {
hostPath = "/srv/ceph/c3d2/rpool/Music";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }:
{
imports = [ ../inner-defaults.nix ];
services.mpd = {
enable = true;
network.listenAddress = "any";
musicDirectory = "/mnt/music";
extraConfig = ''
default_permissions "read,add,control,admin"
audio_output {
type "null"
name "My Null Output"
}
filesystem_charset "UTF-8"
'';
};
};
}

29
hosts/server7/containers/ncdc/default.nix
View File

@ -1,29 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/ceph/c3d2" = {
hostPath = "/srv/ceph/c3d2";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }:
let ncdcPort = 1512;
in {
imports = [ ../inner-defaults.nix ];
c3d2 = {
users.k-ot = true;
hq.statistics.enable = true;
hq.yggdrasil.enableGateway = true;
};
services.openssh.enable = true;
programs.mosh.enable = true;
environment.systemPackages = with pkgs; [ tmux ncdc ];
networking.firewall.enable = false;
};
}

23
hosts/server7/containers/nfs/default.nix
View File

@ -1,23 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/nfs" = {
hostPath = "/srv/ceph/c3d2/nfs";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.statistics.enable = true;
services.nfs.server = {
enable = true;
exports = "/srv/nfs *(rw)";
};
networking.firewall.enable = false;
};
}

10
hosts/server7/containers/outer-defaults.nix
View File

@ -1,10 +0,0 @@
name:
let yggaddr = import ../../../lib/server7-yggaddr.nix;
in {
# These the container defaults from the perspective of the host.
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
}

45
hosts/server7/containers/samba/default.nix
View File

@ -1,45 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/files" = {
hostPath = "/srv/ceph/c3d2/files";
isReadOnly = true;
};
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2.hq.statistics.enable = true;
networking = {
useDHCP = false;
interfaces.eth0.useDHCP = true;
};
services.samba = {
enable = true;
enableNmbd = true;
extraConfig = ''
workgroup = HQ
server string = storage
netbios name = storage
hosts allow = 172.20.0.0/14 127.0.0.0/8
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = Bad user
'';
shares = {
c3d2 = {
path = "/srv/files";
browseable = "yes";
"read only" = "yes";
"guest ok" = "yes";
};
};
};
networking.firewall.enable = false;
};
}

75
hosts/server7/containers/storage/default.nix
View File

@ -1,75 +0,0 @@
name:
(import ../outer-defaults.nix name) // {
bindMounts."/srv/c3d2" = {
hostPath = "/srv/ceph/c3d2";
isReadOnly = false;
};
config = { config, pkgs, lib, ... }: {
imports = [ ../inner-defaults.nix ];
c3d2 = {
users.k-ot = true;
hq.statistics.enable = true;
hq.yggdrasil.enableGateway = true;
};
services.openssh = {
enable = true;
allowSFTP = true;
};
environment.systemPackages = with pkgs; [ git borgbackup ];
services.nginx = {
enable = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ fancyindex ];
};
virtualHosts = {
"storage-ng.hq.c3d2.de".extraConfig = ''
server_name storage-ng.hq.c3d2.de;
return 301 $scheme://storage.hq.c3d2.de$request_uri;
'';
"storage.hq.c3d2.de" = {
default = true;
http2 = true;
# addSSL = true;
locations = {
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in {
alias = "/srv/c3d2/files/";
extraConfig = ''
auth_basic "Chaos";
auth_basic_user_file ${authFile};
fancyindex on;
# autoindex on;
dav_access all:r;
'';
};
};
};
};
};
networking.interfaces.eth0 = {
ipv4 = {
addresses = [{
address = "172.22.99.20";
prefixLength = 24;
}];
routes = [{
address = "0.0.0.0";
prefixLength = 0;
via = "172.22.99.1";
}];
};
};
networking.firewall.enable = false;
};
}

210
hosts/server7/default.nix
View File

@ -1,210 +0,0 @@
{ config, pkgs, lib, ... }:
let yggaddr = import ../../lib/server7-yggaddr.nix;
in {
imports = [
../../lib
../../lib/default-gateway.nix
./borgbackup.nix
./containers
./hardware-configuration.nix
./hydra.nix
./nix-serve.nix
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
security.acme = {
email = "mail@c3d2.de";
acceptTerms = true;
};
c3d2 = {
users = {
emery = true;
windsleep = true;
};
isInHq = true;
mapHqHosts = true;
hq = {
interface = "br0";
statistics.enable = true;
};
};
fileSystems."/srv/ceph" = {
#device = "172.22.99.13:6789:/";
device = "172.20.72.55:6789,172.20.72.56:6789,172.20.72.53:6789:/";
fsType = "ceph";
options = [
"name=storage2"
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
"noatime,_netdev"
"noauto"
"x-systemd.automount"
"x-systemd.device-timeout=175"
"users"
];
};
fileSystems."/var/lib/ceph/osd/ceph-7" = { fsType = "tmpfs"; };
# Route IPv6
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Obtain global IPv6 despite being a router myself
boot.kernel.sysctl."net.ipv6.conf.br0.accept_ra" = 2;
services.yggdrasil = {
enable = true;
configFile = "/var/lib/yggdrasil/keys";
config = {
Peers = [
# Deutschland
"tcp://45.11.19.26:5001"
"tcp://82.165.69.111:61216"
"tcp://[2001:8d8:1800:8224::1]:61216"
# Czechia
"tcp://195.123.245.146:7743"
"tcp://37.205.14.171:46370"
"tcp://[2a03:3b40:fe:ab::1]:46370"
"tcp://[2a05:9403::8b]:7743"
# Poland
"tcp://176.223.130.120:22632"
"tcp://51.75.44.73:50001"
"tcp://54.37.137.221:37145"
"tcp://[2001:41d0:601:1100::cf2]:37145"
"tcp://n2o.ddns.net:22632"
"tls://54.37.137.221:14987"
"tls://[2001:41d0:601:1100::cf2]:14987"
];
NodeInfo = {
location = "Dresden";
name = "server7.y.c3d2.de";
admin =
"toxid:DF0AC9107E0A30E7201C6832B017AC836FBD1EDAC390EE99B68625D73C3FD929FB47F1872CA4";
};
};
};
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
passwordAuthentication = false;
# DO NOT CHANGE, KINDERGARTEN IS OVER
};
programs.mosh.enable = true;
nix = {
package = pkgs.nixFlakes;
gc.automatic = true;
optimise.automatic = true;
extraOptions = ''
experimental-features = nix-command flakes ca-references
post-build-hook = ${
pkgs.writeScript "post-build-sign-paths" ''
#!${pkgs.runtimeShell}
nix sign-paths --key-file /var/lib/nix-serve.key $OUT_PATHS
''
}
'';
};
nixpkgs.overlays = [
(self: super: {
nix = super.nix // { meta.platforms = lib.platforms.linux; };
})
];
virtualisation.docker.enable = true;
docker-containers.ceph-osd-7 = {
cmd = [ "ceph-osd" "-i" "7" "--setuser" "ceph" "--setgroup" "ceph" "-d" ];
environment = { OSD_DEVICE = "/dev/sdb"; };
image = "ceph/ceph:v14.2.9";
log-driver = "journald";
extraDockerOptions =
[ "--rm" "--net=host" "--ipc=host" "--privileged=true" ];
volumes =
[ "/dev:/dev" "/etc/ceph:/etc/ceph" "/var/lib/ceph/:/var/lib/ceph" ];
};
systemd.services.docker-ceph-osd-7.preStart =
"-${pkgs.docker}/bin/docker run --rm --net=host --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-volume lvm activate --all --no-systemd";
networking = {
firewall.enable = false;
firewall.trustedInterfaces = [ "br0" ];
hostName = "server7";
hostId = "454fe12c";
useDHCP = false;
bridges.br0.interfaces = [ "enp2s0f0" ];
interfaces = {
br0 = {
useDHCP = true;
tempAddress = "disabled";
ipv4.addresses = [{
address = "172.22.99.245";
prefixLength = 24;
}];
ipv6.addresses = [{
address = yggaddr.prefix64 + "::1";
prefixLength = 64;
}];
};
enp2s0f1.useDHCP = false;
};
};
boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
environment.systemPackages = with pkgs; [
tmux
htop
vim
gitMinimal
nixfmt
zfsStable
];
services.collectd.extraConfig = ''
LoadPlugin memory
LoadPlugin processes
LoadPlugin disk
LoadPlugin df
LoadPlugin cpu
LoadPlugin entropy
LoadPlugin load
LoadPlugin swap
LoadPlugin cgroups
LoadPlugin vmem
LoadPlugin interface
'';
boot.tmpOnTmpfs = true;
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
time.timeZone = "Europe/Berlin";
system.stateVersion = "19.09"; # Did you read the comment?
users.extraUsers.hydra.openssh.authorizedKeys.keys = [
# allow the old hydra to build here
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HuDlyTlPC4rCjwhklY8kiYIxdgPhiu6wxs29ksnpKZmJa2R7qoD02N3ACm9cTb1GVkIWukAXI3KvU9h08+WLQJqUH0cHVBj3V1sDYmkN2QecE59gz3e1gfN3zPtwmQEUe6xvHWK3X3qdH45pGPUtxk1eDTZl45037C0NClWF7RXI4m6UXng4bL9wnPvoVqCI+ySsNWaTkHDLE/D9s/VrqGxJ1w2KiJb1F73g9/x/zjL8Ixb16wkPmLE0e50MQAQa7EMFTyPZoEskFnEviLYXM9pDexABAjJfbfZ39lLyMgVYGwnzEDbjDlm68dE6wQWUY1OV6wbt8uYreB2IRrlb root@hydra"
];
services.dhcpd4 = {
enable = false;
interfaces = [ "br0" ];
extraConfig = "not authoritative;";
};
}

179
hosts/server7/hardware-configuration.nix
View File

@ -1,179 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/f14628ce-0f13-4544-9197-0ddda291f48f";
fsType = "ext4";
};
fileSystems."/var/lib/ceph/osd/ceph-7" = {
device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9812-00B2";
fsType = "vfat";
};
fileSystems."/nvme0n1" = {
device = "nvme0n1";
fsType = "zfs";
};
fileSystems."/zones/b090f14b-0a60-4451-e82a-c5291e5951de/cores" = {
device = "nvme0n1/cores/b090f14b-0a60-4451-e82a-c5291e5951de";
fsType = "zfs";
};
fileSystems."/zones/9a9880d3-82db-c500-fcaa-d4e5a5cc617d/cores" = {
device = "nvme0n1/cores/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
fsType = "zfs";
};
fileSystems."/zones/archive" = {
device = "nvme0n1/archive";
fsType = "zfs";
};
fileSystems."/zones/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5/cores" = {
device = "nvme0n1/cores/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
fsType = "zfs";
};
fileSystems."/zones/9f467f1e-000b-e771-e117-b32261e48220/cores" = {
device = "nvme0n1/cores/9f467f1e-000b-e771-e117-b32261e48220";
fsType = "zfs";
};
fileSystems."/zones/e71d4460-8eef-6623-a875-dd5ec20b650f/cores" = {
device = "nvme0n1/cores/e71d4460-8eef-6623-a875-dd5ec20b650f";
fsType = "zfs";
};
fileSystems."/zones/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3/cores" = {
device = "nvme0n1/cores/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
fsType = "zfs";
};
fileSystems."/zones/3516ab22-69b0-e327-95ec-f9be8852ee44/cores" = {
device = "nvme0n1/cores/3516ab22-69b0-e327-95ec-f9be8852ee44";
fsType = "zfs";
};
fileSystems."/zones/global/cores" = {
device = "nvme0n1/cores/global";
fsType = "zfs";
};
fileSystems."/nvme0n1/c3d2.de" = {
device = "nvme0n1/c3d2.de";
fsType = "zfs";
};
fileSystems."/nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3" = {
device = "nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
fsType = "zfs";
};
fileSystems."/nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317" = {
device = "nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317";
fsType = "zfs";
};
fileSystems."/nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de" = {
device = "nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de";
fsType = "zfs";
};
fileSystems."/nvme0n1/55bcd862-bb70-11e9-9991-7b9a40d4e95f" = {
device = "nvme0n1/55bcd862-bb70-11e9-9991-7b9a40d4e95f";
fsType = "zfs";
};
fileSystems."/nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4" = {
device = "nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4";
fsType = "zfs";
};
fileSystems."/nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d" = {
device = "nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
fsType = "zfs";
};
fileSystems."/nvme0n1/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5" = {
device = "nvme0n1/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
fsType = "zfs";
};
fileSystems."/nvme0n1/9f467f1e-000b-e771-e117-b32261e48220" = {
device = "nvme0n1/9f467f1e-000b-e771-e117-b32261e48220";
fsType = "zfs";
};
fileSystems."/nvme0n1/9651893f-4b85-293a-2d72-60ea3b541bc3" = {
device = "nvme0n1/9651893f-4b85-293a-2d72-60ea3b541bc3";
fsType = "zfs";
};
fileSystems."/nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89" = {
device = "nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89";
fsType = "zfs";
};
fileSystems."/nvme0n1/7644820f-5ce5-f9f1-94b7-4537ee598f43" = {
device = "nvme0n1/7644820f-5ce5-f9f1-94b7-4537ee598f43";
fsType = "zfs";
};
fileSystems."/nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9" = {
device = "nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9";
fsType = "zfs";
};
fileSystems."/nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d" = {
device = "nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d";
fsType = "zfs";
};
fileSystems."/nvme0n1/c3d2.de/admin" = {
device = "nvme0n1/c3d2.de/admin";
fsType = "zfs";
};
fileSystems."/nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75" = {
device = "nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75";
fsType = "zfs";
};
fileSystems."/nvme0n1/c3d2.de/templates" = {
device = "nvme0n1/c3d2.de/templates";
fsType = "zfs";
};
fileSystems."/nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f" = {
device = "nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f";
fsType = "zfs";
};
fileSystems."/nvme0n1/c3d2.de/iso" = {
device = "nvme0n1/c3d2.de/iso";
fsType = "zfs";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 40;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

49
hosts/server7/hydra.nix
View File

@ -1,49 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.hydra-dev = {
enable = true;
debugServer = true;
extraEnv.HYDRA_DEBUG = "1";
hydraURL = "https://server7.hq.c3d2.de";
logo = ./hydra.svg;
notificationSender = "hydra@spam.works";
# package = pkgs.hydra-unstable;
listenHost = "172.22.99.245";
# listenHost = "*";
useSubstitutes = true;
minimumDiskFree = 2;
minimumDiskFreeEvaluator = 2;
extraConfig = ''
<sotest>
authfile = /var/lib/hydra/sotest.auth
</sotest>
'';
};
nix.trustedUsers = [ "hydra" ];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 8;
}];
nix.binaryCachePublicKeys =
[ "nix-serve.hq.c3d2.de-2:elqZouiiQP4XNfmEekwXH/YRPL1pXlN5JgVSzT1Ctoc=" ];
nix.binaryCaches = [ "http://nix-serve.hq.c3d2.de" ];
services.nginx = {
enable = true;
virtualHosts = {
"server7.hq.c3d2.de" = {
addSSL = true;
enableACME = true;
globalRedirect = "hydra7.hq.c3d2.de";
};
};
};
}

163
hosts/server7/hydra.svg
View File

@ -1,163 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="594.28000pt"
height="194.89000pt"
id="svg1"
sodipodi:version="0.32"
inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
sodipodi:docname="hydra.svg"
version="1.1">
<defs
id="defs3" />
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.43415836"
inkscape:cx="497.42201"
inkscape:cy="266.76371"
inkscape:current-layer="svg1"
showgrid="false"
inkscape:grid-bbox="true"
inkscape:grid-points="true"
inkscape:guide-bbox="true"
inkscape:guide-points="true"
guidetolerance="2.0000000px"
inkscape:window-width="1362"
inkscape:window-height="740"
inkscape:window-x="0"
inkscape:window-y="12"
inkscape:window-maximized="0">
<inkscape:grid
id="GridFromPre046Settings"
type="xygrid"
originx="0"
originy="0"
spacingx="1.3333333"
spacingy="1.3333333"
color="#3f3fff"
empcolor="#3f3fff"
opacity="0.15"
empopacity="0.38"
empspacing="5" />
</sodipodi:namedview>
<metadata
id="metadata4">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1" />
<path
d="M 5,123.6125 80,4.8625031 c 0,0 68.75,0 68.75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 0,0 68.75,116.25 68.75,116.25 h -75 z"
id="path4772"
style="fill:#5175c0;fill-opacity:1" />
<path
d="M 92.5,123.6125 161.25,4.8625031 c 0,0 75,0 75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 l 68.75,116.25 h -75 z"
id="path4770"
style="fill:#7eb3de;fill-opacity:1" />
<path
d="M 180,123.6125 248.75,4.8625031 c 0,0 75,0 75,0 0,0 -67.5,118.7499969 -67.5,118.7499969 l 67.5,116.25 h -75 z"
id="path4768"
style="fill:#5175c0;fill-opacity:1" />
<path
d="m 423.75,4.8625031 c 0,0 68.75,0 68.75,0 L 405,239.8625 h -68.75 z"
id="path4766"
style="fill:#7eb3de;fill-opacity:1" />
<path
d="m 573.75,123.6125 c 0,0 -68.75,-118.7499969 -68.75,-118.7499969 0,0 75,0 75,0 0,0 68.75,118.7499969 68.75,118.7499969 L 580,239.8625 h -75 c 0,0 68.75,-116.25 68.75,-116.25 z"
id="path4764"
style="fill:#5175c0;fill-opacity:1" />
<path
d="m 592.5,239.8625 c 0,0 68.75,-116.25 68.75,-116.25 0,0 -68.75,-118.7499969 -68.75,-118.7499969 h 75 L 736.25,123.6125 667.5,239.8625 c 0,0 -75,0 -75,0 z"
id="path1103"
style="fill:#7eb3de;fill-opacity:1" />
<path
style="opacity:0;fill:#ffffff;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4748"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4750"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4752"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4754"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
id="path4756"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
id="path4758" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
id="path4774"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
id="path4776"
inkscape:connector-curvature="0" />
<path
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
id="path4778"
inkscape:connector-curvature="0" />
<flowRoot
xml:space="preserve"
id="flowRoot8463"
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:96px;line-height:125%;font-family:'Liberation Mono';-inkscape-font-specification:'Liberation Mono Bold';letter-spacing:0px;word-spacing:0px;fill:#ff0000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
transform="matrix(1.7228087,0,0,2.5200722,-118.4561,-151.78401)"><flowRegion
id="flowRegion8465"
style="font-size:96px;fill:#ff0000"><rect
id="rect8467"
width="679.47559"
height="191.17448"
x="108.25543"
y="57.162315"
style="font-size:96px;fill:#ff0000" /></flowRegion><flowPara
id="flowPara8469">FLAKES</flowPara></flowRoot> <flowRoot
xml:space="preserve"
id="flowRoot8479"
style="fill:black;stroke:none;stroke-opacity:1;stroke-width:1px;stroke-linejoin:miter;stroke-linecap:butt;fill-opacity:1;font-family:'Liberation Mono';font-style:normal;font-weight:bold;font-size:40px;line-height:125%;letter-spacing:0px;word-spacing:0px;-inkscape-font-specification:'Liberation Mono Bold';font-stretch:normal;font-variant:normal"><flowRegion
id="flowRegion8481"><rect
id="rect8483"
width="71.034798"
height="46.411858"
x="92.5"
y="123.6125" /></flowRegion><flowPara
id="flowPara8485"></flowPara></flowRoot></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 9.7 KiB

28
hosts/server7/nix-serve.nix
View File

@ -1,28 +0,0 @@
{ config, ... }:
{
nix.sshServe.enable = true;
services.nix-serve = {
enable = true;
secretKeyFile = "/var/lib/nix-serve.key";
};
services.nginx = {
enable = true;
virtualHosts = let
vhost.locations."/".proxyPass =
"http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
in {
"cache.server7.hq.c3d2.de" = vhost // {
addSSL = true;
enableACME = true;
};
"nix-serve.y.c3d2.de" = vhost;
};
};
}

27
hosts/server7/yggdrasil-prefix.nix
View File

@ -1,27 +0,0 @@
{ config, pkgs, lib, ... }:
let yggaddr = import ../../lib/server7-yggaddr.nix;
in {
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking.interfaces.br0.ipv6.addresses = [{
address = yggaddr.prefix + ":1";
prefixLength = 24;
}];
services.radvd = {
enable = true;
config = ''
interface enp2s0f1
{
AdvSendAdvert on;
AdvRouteLifetime 0;
prefix ${yggaddr.prefix}:/64 {
AdvOnLink on;
AdvAutonomous on;
};
route 200::/7 {};
};
'';
};
}

27
lib/default.nix
View File

@ -8,8 +8,6 @@ let
hqPrefix64 = "fd23:42:c3d2:523";
# TODO: Is this stable? Is there a better place to specifiy this?
server7Ygg = import ./server7-yggaddr.nix;
# Generate a deterministic IPv6 address for a 64 bit prefix
# and seed string. Prefix must not contain trailing ':'.
toIpv6Address = prefix64: seed:
@ -23,8 +21,6 @@ let
# for the HQ networking using a seed string.
toHqPrivateAddress = toIpv6Address hqPrefix64;
toServer7Address = toIpv6Address server7Ygg.prefix64;
# toHqPublicAddress = toIpv6Address publicPrefix64;
cfg = config.c3d2;
@ -171,10 +167,6 @@ in {
name = ip6;
value = [ "${hostName}.hq" hostName ];
}
{
name = toServer7Address hostName;
value = [ "${hostName}.y.c3d2.de" "${hostName}.y" ];
}
] ++ lib.optional (hasAttr "ip4" host) {
name = host.ip4;
value = [ "${hostName}.hq" hostName ];
@ -202,16 +194,7 @@ in {
ipv6.addresses = [{
address = toHqPrivateAddress config.networking.hostName;
prefixLength = 64;
}] ++ lib.optional (cfg.hq.yggdrasil.enableGateway) {
address = toServer7Address config.networking.hostName;
prefixLength = 64;
};
ipv6.routes = lib.optional (cfg.hq.yggdrasil.enableGateway) {
address = "200::";
options.pref = "low";
prefixLength = 7;
via = server7Ygg.prefix64 + "::1";
};
}];
};
});
@ -282,14 +265,6 @@ in {
# Only builds > 19.09
};
nix = lib.mkIf
(cfg.hq.enableBinaryCache && config.networking.hostName != "server7") {
binaryCaches = [ "https://cache.server7.hq.c3d2.de" ];
binaryCachePublicKeys = [
"cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
];
};
services.mpd.extraConfig = lib.mkIf cfg.hq.enableMpdProxy ''
database {
plugin "proxy"