c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity
nix-config/hosts/server7/default.nix

163 lines
4.0 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let yggaddr = import ./yggaddr.nix;
in {
imports = [
# <nixpkgs/nixos/modules/profiles/minimal.nix>
../../lib
../../lib/default-gateway.nix
./borgbackup.nix
./containers
./hardware-configuration.nix
./hydra.nix
./nix-serve.nix
];
security.acme = {
email = " mail@c3d2.de";
acceptTerms = true;
};
c3d2 = {
users = {
emery = true;
windsleep = true;
};
isInHq = true;
mapHqHosts = true;
hq = {
interface = "br0";
statistics.enable = true;
};
};
fileSystems."/srv/ceph" = {
device = "172.22.99.13:6789:/";
fsType = "ceph";
options = [
"name=storage2"
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
"noatime,_netdev"
"noauto"
"x-systemd.automount"
"x-systemd.device-timeout=175"
"users"
];
};
# Route IPv6
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Obtain global IPv6 despite being a router myself
boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;
services.yggdrasil = {
enable = true;
configFile = "/var/lib/yggdrasil/keys";
config.Peers = [
"tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
"tcp://ygg.thingylabs.io:443" # Nürnberg
"tcp://176.223.130.120:22632" # Wrocław
"tcp://[2a05:9403::8b]:7743" # Praha
];
};
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
passwordAuthentication = false;
# DO NOT CHANGE, KINDERGARTEN IS OVER
};
programs.mosh.enable = true;
nix = {
package = pkgs.nixFlakes;
gc.automatic = true;
optimise.automatic = true;
extraOptions = ''
experimental-features = nix-command flakes ca-references
post-build-hook = ${
pkgs.writeScript "post-build-sign-paths" ''
#!${pkgs.runtimeShell}
nix sign-paths --key-file /var/lib/nix-serve.key $OUT_PATHS
''
}
'';
};
nixpkgs.overlays = [
(self: super: {
nix = super.nix // { meta.platforms = lib.platforms.linux; };
})
];
virtualisation.docker.enable = true;
networking = {
firewall.enable = false;
firewall.trustedInterfaces = [ "br0" ];
hostName = "server7";
hostId = "454fe12c";
useDHCP = false;
bridges.br0.interfaces = [ "enp2s0f0" ];
interfaces = {
br0 = {
useDHCP = true;
tempAddress = "disabled";
ipv4.addresses = [{
address = "172.22.99.245";
prefixLength = 24;
}];
ipv6.addresses = [{
address = yggaddr.prefix64 + "::1";
prefixLength = 64;
}];
};
enp2s0f1.useDHCP = false;
};
};
boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
environment.systemPackages = with pkgs; [
tmux
htop
vim
gitMinimal
nixfmt
zfsStable
];
services.collectd.extraConfig = ''
LoadPlugin memory
LoadPlugin processes
LoadPlugin disk
LoadPlugin df
LoadPlugin cpu
LoadPlugin entropy
LoadPlugin load
LoadPlugin swap
LoadPlugin cgroups
LoadPlugin vmem
LoadPlugin interface
'';
boot.tmpOnTmpfs = true;
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
time.timeZone = "Europe/Berlin";
system.stateVersion = "19.09"; # Did you read the comment?
users.extraUsers.hydra.openssh.authorizedKeys.keys = [
# allow the old hydra to build here
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HuDlyTlPC4rCjwhklY8kiYIxdgPhiu6wxs29ksnpKZmJa2R7qoD02N3ACm9cTb1GVkIWukAXI3KvU9h08+WLQJqUH0cHVBj3V1sDYmkN2QecE59gz3e1gfN3zPtwmQEUe6xvHWK3X3qdH45pGPUtxk1eDTZl45037C0NClWF7RXI4m6UXng4bL9wnPvoVqCI+ySsNWaTkHDLE/D9s/VrqGxJ1w2KiJb1F73g9/x/zjL8Ixb16wkPmLE0e50MQAQa7EMFTyPZoEskFnEviLYXM9pDexABAjJfbfZ39lLyMgVYGwnzEDbjDlm68dE6wQWUY1OV6wbt8uYreB2IRrlb root@hydra"
];
}
Reference in New Issue View Git Blame Copy Permalink