nix-config/hosts/caveman/default.nix

{ config, ... }:

{
  system.stateVersion = "22.05";

  c3d2 = {
    deployment.server = "server10";
    hq.statistics.enable = true;
  };
  microvm = {
    vcpu = 8;
    mem = 12 * 1024;
  };

  networking = {
    hostName = "caveman";
    firewall.allowedTCPPorts = [
      # telnet
      23
      # redis
      6379
    ];
  };

  services.journald.extraConfig = ''
    Storage=volatile
  '';

  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      "redis/caveman/requirePass".mode = "0444";
      # Must be readable for DynamicUser caveman-sieve
      "caveman/sieve/privKey".mode = "0444";
    };
  };

  services = {
    redis.servers.caveman = {
      # Listen on the public network
      bind = null;
      # Override default backup schedule to reduce I/O
      save = [
        # Every 2h if at least 1 entry changed
        [ 7200 1 ]
        # Every 30min if at least 10000 entries changed
        [ 1800 10000 ]
      ];
    };

    caveman = {
      redis = {
        # leave 4 GB for caveman services
        maxmemory = (config.microvm.mem - 4) * 1024 * 1024;
        passwordFile = config.sops.secrets."redis/caveman/requirePass".path;
      };

      hunter = {
        enable = true;
        settings = {
          prometheus_port = 9103;
          max_workers = 384;
          hosts = with builtins;
            filter (line: isString line && line != "") (
              split "\n" (
                readFile ./mastodon-instances.txt
              )
            );
        };
      };
      sieve = {
        enable = true;
        settings.priv_key_file = config.sops.secrets."caveman/sieve/privKey".path;
      };
      butcher.enable = true;
      gatherer.enable = true;
      smokestack.enable = true;
    };

    nginx = {
      enable = true;
      virtualHosts."fedi.buzz" = {
        default = true;
        forceSSL = true;
        enableACME = true;
        serverAliases = [
          "www.fedi.buzz"
          "caveman.flpk.zentralwerk.org"
        ];
        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.caveman.gatherer.settings.listen_port}/";
      };
    };
  };
}
caveman: init 2022-11-03 20:49:26 +01:00			`{ config, ... }:`

			`{`
			`system.stateVersion = "22.05";`

Default microvm mounts to etc, home, var; random cleanups 2022-12-18 22:16:29 +01:00			`c3d2 = {`
			`deployment.server = "server10";`
			`hq.statistics.enable = true;`
caveman: init 2022-11-03 20:49:26 +01:00			`};`
			`microvm = {`
caveman: enable smokestack, set ram to 8gb 2022-11-17 00:01:22 +01:00			`vcpu = 8;`
server10: free up some RAM 2023-12-16 18:59:12 +01:00			`mem = 12 * 1024;`
caveman: init 2022-11-03 20:49:26 +01:00			`};`

Allow telnet port again 2022-12-20 04:55:17 +01:00			`networking = {`
			`hostName = "caveman";`
buzzrelay, caveman: setup caveman-sieve 2023-10-16 00:21:52 +02:00			`firewall.allowedTCPPorts = [`
			`# telnet`
			`23`
			`# redis`
			`6379`
			`];`
Allow telnet port again 2022-12-20 04:55:17 +01:00			`};`
caveman: init 2022-11-03 20:49:26 +01:00
caveman: don't log to disk, set more workers 2022-11-06 13:53:33 +01:00			`services.journald.extraConfig = ''`
			`Storage=volatile`
			`'';`

caveman: add backup creds for server8 2023-08-09 00:27:12 +02:00			`sops = {`
			`defaultSopsFile = ./secrets.yaml;`
			`secrets = {`
caveman: set a redis password 2023-10-12 21:54:05 +02:00			`"redis/caveman/requirePass".mode = "0444";`
buzzrelay, caveman: setup caveman-sieve 2023-10-16 00:21:52 +02:00			`# Must be readable for DynamicUser caveman-sieve`
			`"caveman/sieve/privKey".mode = "0444";`
caveman: add backup creds for server8 2023-08-09 00:27:12 +02:00			`};`
			`};`

Format 2023-01-06 23:57:20 +01:00			`services = {`
caveman: set a redis password 2023-10-12 21:54:05 +02:00			`redis.servers.caveman = {`
			`# Listen on the public network`
			`bind = null;`
			`# Override default backup schedule to reduce I/O`
			`save = [`
			`# Every 2h if at least 1 entry changed`
			`[ 7200 1 ]`
			`# Every 30min if at least 10000 entries changed`
			`[ 1800 10000 ]`
			`];`
			`};`
caveman: set redis backup schedule 2023-03-31 20:21:22 +02:00
Format 2023-01-06 23:57:20 +01:00			`caveman = {`
caveman: set a redis password 2023-10-12 21:54:05 +02:00			`redis = {`
			`# leave 4 GB for caveman services`
			`maxmemory = (config.microvm.mem - 4) * 1024 * 1024;`
			`passwordFile = config.sops.secrets."redis/caveman/requirePass".path;`
			`};`
caveman: init 2022-11-03 20:49:26 +01:00
Format 2023-01-06 23:57:20 +01:00			`hunter = {`
			`enable = true;`
			`settings = {`
caveman: update hunter prometheus_port to fix port conflict 2023-04-24 21:43:26 +02:00			`prometheus_port = 9103;`
Format 2023-01-06 23:57:20 +01:00			`max_workers = 384;`
			`hosts = with builtins;`
caveman: filter mastodon-instances.txt for empty lines 2023-10-12 21:23:35 +02:00			`filter (line: isString line && line != "") (`
Format 2023-01-06 23:57:20 +01:00			`split "\n" (`
			`readFile ./mastodon-instances.txt`
			`)`
			`);`
			`};`
caveman: init 2022-11-03 20:49:26 +01:00			`};`
buzzrelay, caveman: setup caveman-sieve 2023-10-16 00:21:52 +02:00			`sieve = {`
			`enable = true;`
			`settings.priv_key_file = config.sops.secrets."caveman/sieve/privKey".path;`
			`};`
caveman: enable caveman-butcher 2023-01-22 21:03:23 +01:00			`butcher.enable = true;`
Format 2023-01-06 23:57:20 +01:00			`gatherer.enable = true;`
			`smokestack.enable = true;`
caveman: init 2022-11-03 20:49:26 +01:00			`};`

Format 2023-01-06 23:57:20 +01:00			`nginx = {`
cavemem: deploy gatherer, bump resources 2022-11-16 00:50:26 +01:00			`enable = true;`
			`virtualHosts."fedi.buzz" = {`
			`default = true;`
			`forceSSL = true;`
			`enableACME = true;`
			`serverAliases = [`
			`"www.fedi.buzz"`
			`"caveman.flpk.zentralwerk.org"`
			`];`
			`locations."/".proxyPass = "http://127.0.0.1:${toString config.services.caveman.gatherer.settings.listen_port}/";`
			`};`
			`};`
			`};`
caveman: init 2022-11-03 20:49:26 +01:00			`}`