nix-config/hosts/server7/configuration.nix

144 lines
3.3 KiB
Nix

{ config, pkgs, lib, ... }:
let yggaddr = import ./yggaddr.nix;
in {
imports = [
<nixpkgs/nixos/modules/profiles/minimal.nix>
../../lib
../../lib/default-gateway.nix
../../lib/buildfarmer.nix
../../lib/yggdrasil.nix
./containers
./hardware-configuration.nix
./hydra.nix
./nix-serve.nix
];
c3d2 = {
users = {
emery = true;
windsleep = true;
};
isInHq = true;
mapHqHosts = true;
hq = {
interface = "br0";
statistics.enable = true;
};
};
fileSystems."/srv/ceph" = {
device = "172.22.99.13:6789:/";
fsType = "ceph";
options = [
"name=storage2"
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
"noatime,_netdev"
"noauto"
"x-systemd.automount"
"x-systemd.device-timeout=175"
"users"
];
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
statusPage = true;
};
# Route IPv6
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# Obtain global IPv6 despite being a router myself
boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;
services.yggdrasil = {
configFile = "/var/lib/yggdrasil/keys";
config.Peers = [
"tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
"tcp://ygg.thingylabs.io:443" # Nürnberg
"tcp://176.223.130.120:22632" # Wrocław
"tcp://[2a05:9403::8b]:7743" # Praha
];
};
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
passwordAuthentication = false;
# DO NOT CHANGE, KINDERGARTEN IS OVER
};
programs.mosh.enable = true;
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes ca-references";
gc.automatic = true;
optimise.automatic = true;
};
virtualisation.docker.enable = true;
networking = {
firewall.enable = false;
hostName = "server7";
useDHCP = false;
bridges.br0.interfaces = [ "enp2s0f0" ];
interfaces = {
br0 = {
useDHCP = true;
preferTempAddress = false;
ipv4.addresses = [{
address = "172.22.99.245";
prefixLength = 24;
}];
ipv6.addresses = [{
address = yggaddr.prefix + ":1";
prefixLength = 64;
}];
};
enp2s0f1.useDHCP = false;
};
};
boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixfmt ];
services.collectd.extraConfig = ''
LoadPlugin sensors
LoadPlugin memory
LoadPlugin irq
LoadPlugin thermal
LoadPlugin processes
LoadPlugin disk
LoadPlugin hddtemp
LoadPlugin df
LoadPlugin cpu
LoadPlugin cpufreq
LoadPlugin entropy
LoadPlugin load
LoadPlugin swap
LoadPlugin cgroups
LoadPlugin vmem
LoadPlugin interface
'';
boot.tmpOnTmpfs = true;
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
time.timeZone = "Europe/Berlin";
system.stateVersion = "19.09"; # Did you read the comment?
}