nix-config/hosts/server7/configuration.nix

{ config, pkgs, lib, ... }:

let yggaddr = import ./yggaddr.nix;
in {
  imports = [
    <nixpkgs/nixos/modules/profiles/minimal.nix>
    ../../lib/hq.nix
    ../../lib/default-gateway.nix
    ../../lib/emery.nix
    ../../lib/buildfarmer.nix
    ../../lib/known-hosts.nix
    ../../lib/yggdrasil.nix
    ./containers
    ./hardware-configuration.nix
    ./hydra.nix
    ./nix-serve.nix
  ];

  # Route IPv6
  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
  # Obtain global IPv6 despite being a router myself
  boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;

  services.yggdrasil = {
    configFile = "/var/lib/yggdrasil/keys";
    config.Peers = [
      "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
      "tcp://ygg.thingylabs.io:443" # Nürnberg
      "tcp://176.223.130.120:22632" # Wrocław
      "tcp://[2a05:9403::8b]:7743" # Praha
    ];
  };

  security.sudo.wheelNeedsPassword = false;
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
    # DO NOT CHANGE, KINDERGARTEN IS OVER
  };

  programs.mosh.enable = true;

  nix = {
    package = pkgs.nixFlakes;
    extraOptions = "experimental-features = nix-command flakes";
    gc.automatic = true;
    distributedBuilds = true;
    buildMachines = [{
      hostName = "hydra.hq.c3d2.de";
      system = "x86_64-linux";
      sshUser = "buildfarmer";
      sshKey = "/root/.ssh/id_ed25519";
    }];
  };

  networking = {
    firewall.enable = false;
    hostName = "server7";
    useDHCP = false;
    bridges.br0.interfaces = [ "enp2s0f0" ];
    interfaces = {
      br0 = {
        useDHCP = true;
        preferTempAddress = false;
        ipv4.addresses = [{
          address = "172.22.99.245";
          prefixLength = 24;
        }];
        ipv6.addresses = [{
          address = yggaddr.prefix + ":1";
          prefixLength = 64;
        }];
      };
      enp2s0f1.useDHCP = false;
    };
  };

  environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixfmt ];

  services.collectd = {
    enable = true;
    autoLoadPlugin = true;
    extraConfig = ''
      HostName "${config.networking.hostName}"
      FQDNLookup false
      Interval 10

      LoadPlugin sensors
      LoadPlugin memory
      LoadPlugin irq
      LoadPlugin thermal
      LoadPlugin processes
      LoadPlugin disk
      LoadPlugin hddtemp
      LoadPlugin df
      LoadPlugin cpu
      LoadPlugin cpufreq
      LoadPlugin entropy
      LoadPlugin load
      LoadPlugin swap
      LoadPlugin cgroups
      LoadPlugin vmem
      LoadPlugin interface
      LoadPlugin network
      <Plugin "network">
        Server "grafana.hq.c3d2.de" "25826"
      </Plugin>
    '';
  };

  boot.tmpOnTmpfs = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };

  time.timeZone = "Europe/Berlin";

  system.stateVersion = "19.09"; # Did you read the comment?
}
Add Server7 host 2019-11-28 11:38:03 +01:00			`{ config, pkgs, lib, ... }:`

server7: move yggdrasil out of container 2019-11-29 23:33:30 +01:00			`let yggaddr = import ./yggaddr.nix;`
			`in {`
Add Server7 host 2019-11-28 11:38:03 +01:00			`imports = [`
			`<nixpkgs/nixos/modules/profiles/minimal.nix>`
			`../../lib/hq.nix`
server7: move yggdrasil out of container 2019-11-29 23:33:30 +01:00			`../../lib/default-gateway.nix`
Add Server7 host 2019-11-28 11:38:03 +01:00			`../../lib/emery.nix`
Add "buildfarmer" user to hydra and server7 2019-11-30 17:56:34 +01:00			`../../lib/buildfarmer.nix`
Add lib/known-hosts.nix 2019-12-01 14:18:39 +01:00			`../../lib/known-hosts.nix`
server7: move yggdrasil out of container 2019-11-29 23:33:30 +01:00			`../../lib/yggdrasil.nix`
Add Server7 host 2019-11-28 11:38:03 +01:00			`./containers`
			`./hardware-configuration.nix`
			`./hydra.nix`
Add nix-serve to Server7, enable flakes for hydra 2019-11-29 15:52:06 +01:00			`./nix-serve.nix`
Add Server7 host 2019-11-28 11:38:03 +01:00			`];`

server7: move yggdrasil out of container 2019-11-29 23:33:30 +01:00			`# Route IPv6`
			`boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;`
			`# Obtain global IPv6 despite being a router myself`
			`boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;`

			`services.yggdrasil = {`
			`configFile = "/var/lib/yggdrasil/keys";`
			`config.Peers = [`
			`"tcp://[2a03:3b40:fe:ab::1]:46370" # Praha`
			`"tcp://ygg.thingylabs.io:443" # Nürnberg`
			`"tcp://176.223.130.120:22632" # Wrocław`
			`"tcp://[2a05:9403::8b]:7743" # Praha`
			`];`
			`};`

Add Server7 host 2019-11-28 11:38:03 +01:00			`security.sudo.wheelNeedsPassword = false;`
			`services.openssh = {`
			`enable = true;`
			`passwordAuthentication = false;`
			`# DO NOT CHANGE, KINDERGARTEN IS OVER`
			`};`

			`programs.mosh.enable = true;`

			`nix = {`
			`package = pkgs.nixFlakes;`
Add nix-serve to Server7, enable flakes for hydra 2019-11-29 15:52:06 +01:00			`extraOptions = "experimental-features = nix-command flakes";`
Add Server7 host 2019-11-28 11:38:03 +01:00			`gc.automatic = true;`
Add "buildfarmer" user to hydra and server7 2019-11-30 17:56:34 +01:00			`distributedBuilds = true;`
Add nix-serve to Server7, enable flakes for hydra 2019-11-29 15:52:06 +01:00			`buildMachines = [{`
			`hostName = "hydra.hq.c3d2.de";`
			`system = "x86_64-linux";`
Add "buildfarmer" user to hydra and server7 2019-11-30 17:56:34 +01:00			`sshUser = "buildfarmer";`
			`sshKey = "/root/.ssh/id_ed25519";`
Add nix-serve to Server7, enable flakes for hydra 2019-11-29 15:52:06 +01:00			`}];`
Add Server7 host 2019-11-28 11:38:03 +01:00			`};`

			`networking = {`
Add nix-serve to Server7, enable flakes for hydra 2019-11-29 15:52:06 +01:00			`firewall.enable = false;`
Fix server7 hostname 2019-11-29 18:09:04 +01:00			`hostName = "server7";`
Add Server7 host 2019-11-28 11:38:03 +01:00			`useDHCP = false;`
server7: reduce network to just one bridge 2019-11-29 20:33:22 +01:00			`bridges.br0.interfaces = [ "enp2s0f0" ];`
Add Server7 host 2019-11-28 11:38:03 +01:00			`interfaces = {`
server7: reduce network to just one bridge 2019-11-29 20:33:22 +01:00			`br0 = {`
Add Server7 host 2019-11-28 11:38:03 +01:00			`useDHCP = true;`
server7: reduce network to just one bridge 2019-11-29 20:33:22 +01:00			`preferTempAddress = false;`
Add Server7 host 2019-11-28 11:38:03 +01:00			`ipv4.addresses = [{`
			`address = "172.22.99.245";`
			`prefixLength = 24;`
			`}];`
server7: move yggdrasil out of container 2019-11-29 23:33:30 +01:00			`ipv6.addresses = [{`
			`address = yggaddr.prefix + ":1";`
			`prefixLength = 64;`
			`}];`
Add Server7 host 2019-11-28 11:38:03 +01:00			`};`
			`enp2s0f1.useDHCP = false;`
			`};`
			`};`
server7: move yggdrasil out of container 2019-11-29 23:33:30 +01:00
Add Server7 host 2019-11-28 11:38:03 +01:00			`environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixfmt ];`

			`services.collectd = {`
			`enable = true;`
			`autoLoadPlugin = true;`
			`extraConfig = ''`
server7: add more collectd plugins 2019-11-29 22:20:19 +01:00			`HostName "${config.networking.hostName}"`
			`FQDNLookup false`
Add Server7 host 2019-11-28 11:38:03 +01:00			`Interval 10`
server7: add more collectd plugins 2019-11-29 22:20:19 +01:00
			`LoadPlugin sensors`
			`LoadPlugin memory`
			`LoadPlugin irq`
			`LoadPlugin thermal`
			`LoadPlugin processes`
			`LoadPlugin disk`
			`LoadPlugin hddtemp`
			`LoadPlugin df`
			`LoadPlugin cpu`
			`LoadPlugin cpufreq`
			`LoadPlugin entropy`
			`LoadPlugin load`
			`LoadPlugin swap`
			`LoadPlugin cgroups`
			`LoadPlugin vmem`
			`LoadPlugin interface`
			`LoadPlugin network`
Add Server7 host 2019-11-28 11:38:03 +01:00			`<Plugin "network">`
			`Server "grafana.hq.c3d2.de" "25826"`
			`</Plugin>`
			`'';`
			`};`

			`boot.tmpOnTmpfs = true;`

			`# Use the systemd-boot EFI boot loader.`
			`boot.loader = {`
			`systemd-boot.enable = true;`
			`efi.canTouchEfiVariables = true;`
			`};`

			`time.timeZone = "Europe/Berlin";`

			`system.stateVersion = "19.09"; # Did you read the comment?`
			`}`