2019-11-28 11:38:03 +01:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
2020-06-19 18:20:10 +02:00
|
|
|
let yggaddr = import ../../lib/server7-yggaddr.nix;
|
2019-11-29 23:33:30 +01:00
|
|
|
in {
|
2019-11-28 11:38:03 +01:00
|
|
|
imports = [
|
2020-03-25 19:52:13 +01:00
|
|
|
# <nixpkgs/nixos/modules/profiles/minimal.nix>
|
2019-12-03 15:01:10 +01:00
|
|
|
../../lib
|
2019-11-29 23:33:30 +01:00
|
|
|
../../lib/default-gateway.nix
|
2020-03-26 06:00:45 +01:00
|
|
|
./borgbackup.nix
|
2019-11-28 11:38:03 +01:00
|
|
|
./containers
|
|
|
|
./hardware-configuration.nix
|
|
|
|
./hydra.nix
|
2019-11-29 15:52:06 +01:00
|
|
|
./nix-serve.nix
|
2019-11-28 11:38:03 +01:00
|
|
|
];
|
|
|
|
|
2020-07-29 13:27:50 +02:00
|
|
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
|
|
|
2020-04-14 08:42:13 +02:00
|
|
|
security.acme = {
|
2020-07-07 20:49:20 +02:00
|
|
|
email = "mail@c3d2.de";
|
2020-04-14 08:42:13 +02:00
|
|
|
acceptTerms = true;
|
|
|
|
};
|
|
|
|
|
2019-12-03 15:01:10 +01:00
|
|
|
c3d2 = {
|
2020-01-26 15:43:20 +01:00
|
|
|
users = {
|
|
|
|
emery = true;
|
|
|
|
windsleep = true;
|
|
|
|
};
|
2019-12-03 15:01:10 +01:00
|
|
|
isInHq = true;
|
|
|
|
mapHqHosts = true;
|
|
|
|
hq = {
|
|
|
|
interface = "br0";
|
|
|
|
statistics.enable = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2020-08-04 08:52:41 +02:00
|
|
|
fileSystems."/srv/ceph" = {
|
|
|
|
#device = "172.22.99.13:6789:/";
|
|
|
|
device = "172.20.72.53:6789:/";
|
|
|
|
fsType = "ceph";
|
|
|
|
options = [
|
|
|
|
"name=storage2"
|
|
|
|
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
|
|
|
|
"noatime,_netdev"
|
|
|
|
"noauto"
|
|
|
|
"x-systemd.automount"
|
|
|
|
"x-systemd.device-timeout=175"
|
|
|
|
"users"
|
|
|
|
];
|
|
|
|
};
|
2020-07-07 20:49:20 +02:00
|
|
|
|
|
|
|
fileSystems."/var/lib/ceph/osd/ceph-7" = { fsType = "tmpfs"; };
|
2020-07-07 15:59:02 +02:00
|
|
|
|
2019-11-29 23:33:30 +01:00
|
|
|
# Route IPv6
|
|
|
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
|
|
# Obtain global IPv6 despite being a router myself
|
2020-08-04 08:52:41 +02:00
|
|
|
boot.kernel.sysctl."net.ipv6.conf.br0.accept_ra" = 2;
|
2019-11-29 23:33:30 +01:00
|
|
|
|
|
|
|
services.yggdrasil = {
|
2020-03-25 19:52:13 +01:00
|
|
|
enable = true;
|
2019-11-29 23:33:30 +01:00
|
|
|
configFile = "/var/lib/yggdrasil/keys";
|
2020-06-05 19:53:54 +02:00
|
|
|
config = {
|
|
|
|
Peers = [
|
2020-08-04 08:52:41 +02:00
|
|
|
|
|
|
|
# Deutschland
|
|
|
|
"tcp://45.11.19.26:5001"
|
|
|
|
"tcp://82.165.69.111:61216"
|
|
|
|
"tcp://[2001:8d8:1800:8224::1]:61216"
|
|
|
|
|
|
|
|
# Czechia
|
|
|
|
"tcp://195.123.245.146:7743"
|
|
|
|
"tcp://37.205.14.171:46370"
|
|
|
|
"tcp://[2a03:3b40:fe:ab::1]:46370"
|
|
|
|
"tcp://[2a05:9403::8b]:7743"
|
|
|
|
|
|
|
|
# Poland
|
|
|
|
"tcp://176.223.130.120:22632"
|
|
|
|
"tcp://51.75.44.73:50001"
|
|
|
|
"tcp://54.37.137.221:37145"
|
|
|
|
"tcp://[2001:41d0:601:1100::cf2]:37145"
|
|
|
|
"tcp://n2o.ddns.net:22632"
|
|
|
|
"tls://54.37.137.221:14987"
|
|
|
|
"tls://[2001:41d0:601:1100::cf2]:14987"
|
|
|
|
|
2020-06-05 19:53:54 +02:00
|
|
|
];
|
|
|
|
NodeInfo = {
|
|
|
|
location = "Dresden";
|
|
|
|
name = "server7.y.c3d2.de";
|
|
|
|
admin =
|
|
|
|
"toxid:DF0AC9107E0A30E7201C6832B017AC836FBD1EDAC390EE99B68625D73C3FD929FB47F1872CA4";
|
|
|
|
};
|
|
|
|
};
|
2019-11-29 23:33:30 +01:00
|
|
|
};
|
|
|
|
|
2019-11-28 11:38:03 +01:00
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
passwordAuthentication = false;
|
|
|
|
# DO NOT CHANGE, KINDERGARTEN IS OVER
|
|
|
|
};
|
|
|
|
|
|
|
|
programs.mosh.enable = true;
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
package = pkgs.nixFlakes;
|
|
|
|
gc.automatic = true;
|
2020-01-24 15:30:11 +01:00
|
|
|
optimise.automatic = true;
|
2020-04-15 18:56:00 +02:00
|
|
|
extraOptions = ''
|
|
|
|
experimental-features = nix-command flakes ca-references
|
|
|
|
post-build-hook = ${
|
|
|
|
pkgs.writeScript "post-build-sign-paths" ''
|
|
|
|
#!${pkgs.runtimeShell}
|
|
|
|
nix sign-paths --key-file /var/lib/nix-serve.key $OUT_PATHS
|
|
|
|
''
|
|
|
|
}
|
|
|
|
'';
|
2019-11-28 11:38:03 +01:00
|
|
|
};
|
2020-04-24 10:14:08 +02:00
|
|
|
nixpkgs.overlays = [
|
|
|
|
(self: super: {
|
|
|
|
nix = super.nix // { meta.platforms = lib.platforms.linux; };
|
|
|
|
})
|
|
|
|
];
|
2019-11-28 11:38:03 +01:00
|
|
|
|
2020-01-06 19:57:36 +01:00
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
|
2020-06-11 07:47:30 +02:00
|
|
|
docker-containers.ceph-osd-7 = {
|
|
|
|
cmd = [ "ceph-osd" "-i" "7" "--setuser" "ceph" "--setgroup" "ceph" "-d" ];
|
|
|
|
environment = { OSD_DEVICE = "/dev/sdb"; };
|
|
|
|
image = "ceph/ceph:v14.2.9";
|
|
|
|
log-driver = "journald";
|
|
|
|
extraDockerOptions =
|
|
|
|
[ "--rm" "--net=host" "--ipc=host" "--privileged=true" ];
|
|
|
|
volumes =
|
|
|
|
[ "/dev:/dev" "/etc/ceph:/etc/ceph" "/var/lib/ceph/:/var/lib/ceph" ];
|
|
|
|
};
|
2020-07-07 15:59:02 +02:00
|
|
|
systemd.services.docker-ceph-osd-7.serviceConfig = {
|
2020-07-07 20:49:20 +02:00
|
|
|
ExecStartPre = [
|
|
|
|
"-${pkgs.docker}/bin/docker run --rm --net=host --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-volume lvm activate --all"
|
|
|
|
];
|
2020-07-07 15:59:02 +02:00
|
|
|
};
|
2020-06-11 07:47:30 +02:00
|
|
|
|
2019-11-28 11:38:03 +01:00
|
|
|
networking = {
|
2019-11-29 15:52:06 +01:00
|
|
|
firewall.enable = false;
|
2020-04-21 13:44:42 +02:00
|
|
|
firewall.trustedInterfaces = [ "br0" ];
|
2019-11-29 18:09:04 +01:00
|
|
|
hostName = "server7";
|
2020-03-26 06:00:45 +01:00
|
|
|
hostId = "454fe12c";
|
2019-11-28 11:38:03 +01:00
|
|
|
useDHCP = false;
|
2019-11-29 20:33:22 +01:00
|
|
|
bridges.br0.interfaces = [ "enp2s0f0" ];
|
2019-11-28 11:38:03 +01:00
|
|
|
interfaces = {
|
2019-11-29 20:33:22 +01:00
|
|
|
br0 = {
|
2019-11-28 11:38:03 +01:00
|
|
|
useDHCP = true;
|
2020-03-26 06:00:45 +01:00
|
|
|
tempAddress = "disabled";
|
2019-11-28 11:38:03 +01:00
|
|
|
ipv4.addresses = [{
|
|
|
|
address = "172.22.99.245";
|
|
|
|
prefixLength = 24;
|
|
|
|
}];
|
2019-11-29 23:33:30 +01:00
|
|
|
ipv6.addresses = [{
|
2020-04-21 13:44:42 +02:00
|
|
|
address = yggaddr.prefix64 + "::1";
|
2019-11-29 23:33:30 +01:00
|
|
|
prefixLength = 64;
|
|
|
|
}];
|
2019-11-28 11:38:03 +01:00
|
|
|
};
|
|
|
|
enp2s0f1.useDHCP = false;
|
|
|
|
};
|
|
|
|
};
|
2019-11-29 23:33:30 +01:00
|
|
|
|
2020-01-26 22:36:37 +01:00
|
|
|
boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
|
|
|
|
boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
|
|
|
|
boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
|
|
|
|
|
2020-03-26 06:00:45 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
tmux
|
|
|
|
htop
|
|
|
|
vim
|
|
|
|
gitMinimal
|
|
|
|
nixfmt
|
|
|
|
zfsStable
|
|
|
|
];
|
2019-11-28 11:38:03 +01:00
|
|
|
|
2019-12-03 15:01:10 +01:00
|
|
|
services.collectd.extraConfig = ''
|
|
|
|
LoadPlugin memory
|
|
|
|
LoadPlugin processes
|
|
|
|
LoadPlugin disk
|
|
|
|
LoadPlugin df
|
|
|
|
LoadPlugin cpu
|
|
|
|
LoadPlugin entropy
|
|
|
|
LoadPlugin load
|
|
|
|
LoadPlugin swap
|
|
|
|
LoadPlugin cgroups
|
|
|
|
LoadPlugin vmem
|
|
|
|
LoadPlugin interface
|
|
|
|
'';
|
2019-11-28 11:38:03 +01:00
|
|
|
|
|
|
|
boot.tmpOnTmpfs = true;
|
|
|
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
boot.loader = {
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
|
|
|
|
system.stateVersion = "19.09"; # Did you read the comment?
|
2020-04-23 19:06:12 +02:00
|
|
|
|
|
|
|
users.extraUsers.hydra.openssh.authorizedKeys.keys = [
|
|
|
|
# allow the old hydra to build here
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HuDlyTlPC4rCjwhklY8kiYIxdgPhiu6wxs29ksnpKZmJa2R7qoD02N3ACm9cTb1GVkIWukAXI3KvU9h08+WLQJqUH0cHVBj3V1sDYmkN2QecE59gz3e1gfN3zPtwmQEUe6xvHWK3X3qdH45pGPUtxk1eDTZl45037C0NClWF7RXI4m6UXng4bL9wnPvoVqCI+ySsNWaTkHDLE/D9s/VrqGxJ1w2KiJb1F73g9/x/zjL8Ixb16wkPmLE0e50MQAQa7EMFTyPZoEskFnEviLYXM9pDexABAjJfbfZ39lLyMgVYGwnzEDbjDlm68dE6wQWUY1OV6wbt8uYreB2IRrlb root@hydra"
|
|
|
|
];
|
2020-07-07 20:49:20 +02:00
|
|
|
|
|
|
|
services.dhcpd4 = {
|
|
|
|
enable = false;
|
|
|
|
interfaces = [ "br0" ];
|
|
|
|
extraConfig = "not authoritative;";
|
|
|
|
};
|
2019-11-28 11:38:03 +01:00
|
|
|
}
|