Merge branch 'master' of ssh://gitea.c3d2.de:2222/C3D2/nix-config into master
This commit is contained in:
commit
256dcd5ec9
63
flake.lock
63
flake.lock
|
@ -3,14 +3,18 @@
|
||||||
"hydra": {
|
"hydra": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nix": "nix",
|
"nix": "nix",
|
||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": [
|
||||||
|
"hydra",
|
||||||
|
"nix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1593509723,
|
"lastModified": 1603366072,
|
||||||
"narHash": "sha256-ESv86LNnQQy5cYqeC1S4otpvkA8ABgs/zbge8xp35aE=",
|
"narHash": "sha256-9dK7Mx9BZHZTeJ/oolS7nMakVnCdXQlsA2ePWNPhQks=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "hydra",
|
"repo": "hydra",
|
||||||
"rev": "d0deebc4fc95dbeb0249f7b774b03d366596fbed",
|
"rev": "be709d450b98a384374228db51c14dc958a3a72a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -18,16 +22,33 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"lowdown-src": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1598695561,
|
||||||
|
"narHash": "sha256-gyH/5j+h/nWw0W8AcR2WKvNBUsiQ7QuxqSJNXAwV+8E=",
|
||||||
|
"owner": "kristapsdz",
|
||||||
|
"repo": "lowdown",
|
||||||
|
"rev": "1705b4a26fbf065d9574dce47a94e8c7c79e052f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "kristapsdz",
|
||||||
|
"repo": "lowdown",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nix": {
|
"nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"lowdown-src": "lowdown-src",
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1592818267,
|
"lastModified": 1603189103,
|
||||||
"narHash": "sha256-t66Ny6NDA9sQa0U79iqo4w7tEBitUGgio9U/H6z3QpE=",
|
"narHash": "sha256-KVS/Z6FzMBOl5XCyOLwfiVoX7G2LQRa9HMGNnJRPCoo=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nix",
|
"repo": "nix",
|
||||||
"rev": "334e26bfc2ce82912602e8a0f9f9c7e0fb5c3221",
|
"rev": "e0ca98c2071b815578470e280df8fdb750c7e23b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -37,41 +58,39 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1591633336,
|
"lastModified": 1602702596,
|
||||||
"narHash": "sha256-oVXv4xAnDJB03LvZGbC72vSVlIbbJr8tpjEW5o/Fdek=",
|
"narHash": "sha256-fqJ4UgOb4ZUnCDIapDb4gCrtAah5Rnr2/At3IzMitig=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "70717a337f7ae4e486ba71a500367cad697e5f09",
|
"rev": "ad0d20345219790533ebe06571f82ed6b034db31",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "nixpkgs",
|
"id": "nixpkgs",
|
||||||
"ref": "nixos-20.03-small",
|
"ref": "nixos-20.09-small",
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1592263354,
|
"lastModified": 1603722914,
|
||||||
"narHash": "sha256-1wHPn5qKfzfG06dZhpXDEg5Zt6HwvfyPPgW1tkYFejg=",
|
"narHash": "sha256-V3cst4osjvfsrR5Qpk8CYWRFQiGm1Rm4lanjMWooH2o=",
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a84b797b28eb104db758b5cb2b61ba8face6744b",
|
"rev": "e3ce7e1002de96da39e1d59dda97360f456a56ad",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "nixpkgs",
|
"owner": "nixos",
|
||||||
"ref": "nixos-20.03",
|
"ref": "release-20.09",
|
||||||
"type": "indirect"
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"hydra": "hydra",
|
"hydra": "hydra",
|
||||||
"nixpkgs": [
|
"nixpkgs": "nixpkgs_2"
|
||||||
"hydra",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -2,8 +2,7 @@
|
||||||
description = "C3D2 NixOS configurations";
|
description = "C3D2 NixOS configurations";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.follows = "hydra/nixpkgs";
|
nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
|
||||||
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
||||||
# secrets.url = "git+file:///etc/nixos/secrets";
|
# secrets.url = "git+file:///etc/nixos/secrets";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -31,11 +30,6 @@
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
};
|
};
|
||||||
|
|
||||||
server7 = nixpkgs.lib.nixosSystem {
|
|
||||||
modules = [ ./hosts/server7 hydra.nixosModules.hydra ];
|
|
||||||
system = "x86_64-linux";
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModules.c3d2 = import ./lib;
|
nixosModules.c3d2 = import ./lib;
|
||||||
|
|
|
@ -59,8 +59,6 @@ rec {
|
||||||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
|
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
server7.publicKey =
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
|
|
||||||
storage.publicKey = "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
|
storage.publicKey = "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -60,8 +60,11 @@
|
||||||
permitRootLogin = "yes";
|
permitRootLogin = "yes";
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.buildCores = 32;
|
nix = {
|
||||||
nix.maxJobs = 32;
|
buildCores = 32;
|
||||||
|
maxJobs = 32;
|
||||||
|
autoOptimiseStore = true;
|
||||||
|
};
|
||||||
|
|
||||||
users.extraUsers.k-ot = {
|
users.extraUsers.k-ot = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
|
|
@ -77,6 +77,6 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "18.09"; # Did you read the comment?
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,6 +81,6 @@
|
||||||
|
|
||||||
systemd.services.graylog.serviceConfig.Restart = "always";
|
systemd.services.graylog.serviceConfig.Restart = "always";
|
||||||
|
|
||||||
system.stateVersion = "19.03"; # Did you read the comment?
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -100,6 +100,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "19.03"; # Did you read the comment?
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,6 +34,18 @@
|
||||||
hostNames = [ "kibana.hq.c3d2.de" "kibana-es.hq.c3d2.de" ];
|
hostNames = [ "kibana.hq.c3d2.de" "kibana-es.hq.c3d2.de" ];
|
||||||
proxyTo = { host = "kibana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
|
proxyTo = { host = "kibana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
hostNames = [ "robo1.hq.c3d2.de" ];
|
||||||
|
proxyTo = { host = "172.20.79.62"; httpPort = 80; };
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostNames = [ "robots.datenspuren.de" ];
|
||||||
|
proxyTo = { host = "172.22.99.170"; httpPort = 80; httpsPort = 443; };
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostNames = [ "error.hq.c3d2.de.de" ];
|
||||||
|
proxyTo = { host = "172.20.73.47"; httpPort = 80; httpsPort = 443; };
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -79,7 +79,7 @@ in {
|
||||||
frontend http-in
|
frontend http-in
|
||||||
bind :::80 v4v6
|
bind :::80 v4v6
|
||||||
timeout client 30000
|
timeout client 30000
|
||||||
option http-tunnel
|
option http-keep-alive
|
||||||
default_backend proxy-backend-http
|
default_backend proxy-backend-http
|
||||||
|
|
||||||
backend proxy-backend-http
|
backend proxy-backend-http
|
||||||
|
@ -89,8 +89,8 @@ in {
|
||||||
mode http
|
mode http
|
||||||
option http-server-close
|
option http-server-close
|
||||||
option forwardfor
|
option forwardfor
|
||||||
reqadd X-Forwarded-Proto:\ http
|
http-request set-header X-Forwarded-Proto http
|
||||||
reqadd X-Forwarded-Port:\ 80
|
http-request set-header X-Forwarded-Port 80
|
||||||
${concatMapStringsSep "\n" (proxyHost:
|
${concatMapStringsSep "\n" (proxyHost:
|
||||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||||
concatMapStringsSep "\n" (hostname: ''
|
concatMapStringsSep "\n" (hostname: ''
|
||||||
|
@ -112,8 +112,8 @@ in {
|
||||||
timeout check 5000
|
timeout check 5000
|
||||||
timeout server 30000
|
timeout server 30000
|
||||||
option http-server-close
|
option http-server-close
|
||||||
reqadd X-Forwarded-Proto:\ https
|
http-request set-header X-Forwarded-Proto https
|
||||||
reqadd X-Forwarded-Port:\ 443
|
http-request set-header X-Forwarded-Port 443
|
||||||
${concatMapStringsSep "\n" (proxyHost:
|
${concatMapStringsSep "\n" (proxyHost:
|
||||||
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
|
||||||
concatMapStringsSep "\n" (hostname: ''
|
concatMapStringsSep "\n" (hostname: ''
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ ./hardware-configuration.nix ../../lib ];
|
imports = [ <this-host/hardware-configuration.nix> <lib> ];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
users.k-ot = true;
|
users.k-ot = true;
|
||||||
|
@ -110,10 +110,10 @@
|
||||||
services.xserver.displayManager = {
|
services.xserver.displayManager = {
|
||||||
lightdm = {
|
lightdm = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autoLogin = {
|
};
|
||||||
enable = true;
|
autoLogin = {
|
||||||
user = "k-ot";
|
enable = true;
|
||||||
};
|
user = "k-ot";
|
||||||
};
|
};
|
||||||
defaultSession = "gnome-xorg";
|
defaultSession = "gnome-xorg";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
{ stdenv, pkgs, ... }:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
name = "x11vnc-service";
|
|
||||||
version = "0.0.0";
|
|
||||||
src = ./.;
|
|
||||||
|
|
||||||
buildInputs = [ x11vnc ];
|
|
||||||
|
|
||||||
dontBuild = true;
|
|
||||||
installPhase = ''
|
|
||||||
cat > $out/lib/systemd/user/x11vnc.service <<_EOF_
|
|
||||||
[Unit]
|
|
||||||
Description=VNC server
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
ExecStart=${x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
|
|
||||||
Restart=on-failure
|
|
||||||
|
|
||||||
_EOF_
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -46,7 +46,7 @@
|
||||||
options = "--delete-older-than 14d";
|
options = "--delete-older-than 14d";
|
||||||
};
|
};
|
||||||
sshServe.enable = true;
|
sshServe.enable = true;
|
||||||
trustedUsers = [ "root" ];
|
trustedUsers = [ "@wheel" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
|
@ -3,26 +3,15 @@
|
||||||
{
|
{
|
||||||
nix = {
|
nix = {
|
||||||
binaryCaches = [
|
binaryCaches = [
|
||||||
"https://cache.server7.hq.c3d2.de"
|
|
||||||
"https://cache.nixos.org"
|
"https://cache.nixos.org"
|
||||||
"https://cache.dhall-lang.org"
|
"https://genodepkgs.cachix.org"
|
||||||
];
|
];
|
||||||
binaryCachePublicKeys = [
|
binaryCachePublicKeys = [
|
||||||
"cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
|
"genodepkgs.cachix.org-1:j6xcYrUP9Q9c+WbS+MbkJR26cqeytOVdC4SmhOYj2Sw="
|
||||||
"cache.dhall-lang.org:I9/H18WHd60olG5GsIjolp7CtepSgJmM2CsO813VTmM="
|
|
||||||
];
|
];
|
||||||
extraOptions = ''
|
extraOptions = ''
|
||||||
allowed-uris = http:// https://
|
allowed-uris = http:// https://
|
||||||
'';
|
'';
|
||||||
buildMachines = [{
|
|
||||||
hostName = "server7.hq";
|
|
||||||
sshUser = "hydra";
|
|
||||||
sshKey = "/var/lib/hydra/queue-runner/id_rsa";
|
|
||||||
system = "x86_64-linux";
|
|
||||||
speedFactor = 2;
|
|
||||||
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
|
|
||||||
maxJobs = 8;
|
|
||||||
}];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.hydra = {
|
services.hydra = {
|
||||||
|
|
|
@ -0,0 +1,81 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
tickerSrc = builtins.fetchGit {
|
||||||
|
url = "https://gitea.c3d2.de/astro/ticker.git";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{ boot.isContainer = true;
|
||||||
|
#boot.loader.initScript.enable = true;
|
||||||
|
networking.hostName = mkDefault "ticker";
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8400 ];
|
||||||
|
nix.useSandbox = false;
|
||||||
|
environment.systemPackages = with pkgs; [ vim git ];
|
||||||
|
imports = [ "${tickerSrc}/nixos-module.nix" ];
|
||||||
|
services.ticker.updateInterval = "hourly";
|
||||||
|
services.ticker.config.calendars = {
|
||||||
|
c3d2 = {
|
||||||
|
url = "https://c3d2.de/ical.ics";
|
||||||
|
color = "#BFBF3F";
|
||||||
|
};
|
||||||
|
dresden-science = {
|
||||||
|
url = "https://www.dresden-science-calendar.de/calendar/de/iCalSync.ics";
|
||||||
|
color = "#00007F";
|
||||||
|
};
|
||||||
|
gruenes-brett = {
|
||||||
|
url = "https://gruenesbrett.net/events.ics";
|
||||||
|
color = "#00BF00";
|
||||||
|
};
|
||||||
|
stura-htw = {
|
||||||
|
url = "http://www.stura.htw-dresden.de/events/aggregator/ics_view";
|
||||||
|
color = "#BFA73F";
|
||||||
|
};
|
||||||
|
malobeo = {
|
||||||
|
url = "https://malobeo.org/events/list/?ical=1&tribe_display=all";
|
||||||
|
color = "#FF3F3F";
|
||||||
|
};
|
||||||
|
hicknhack = {
|
||||||
|
url = "https://www.google.com/calendar/ical/grhnk1uaotql6gv2dkf9ldmqjc%40group.calendar.google.com/public/basic.ics";
|
||||||
|
color = "#A700A7";
|
||||||
|
};
|
||||||
|
palaissommer = {
|
||||||
|
url = "https://palaissommer.de/programm/?event=all";
|
||||||
|
color = "#BF003F";
|
||||||
|
};
|
||||||
|
kreta = {
|
||||||
|
url = "https://www.kreta-dresden.org/kreta.ics";
|
||||||
|
color = "#BF3F7F";
|
||||||
|
};
|
||||||
|
zentralwerk = {
|
||||||
|
url = "https://ics.teamup.com/feed/ksayh65fgotv2prcas/0.ics";
|
||||||
|
color = "#FF3F3F";
|
||||||
|
};
|
||||||
|
and = {
|
||||||
|
url = "https://and.notraces.net/events/?ical=1";
|
||||||
|
color = "#FF7F00";
|
||||||
|
};
|
||||||
|
rosenwerk-home = {
|
||||||
|
url = "https://www.google.com/calendar/ical/bj85d742g31mgkblbaiusmk3s8%40group.calendar.google.com/public/basic.ics";
|
||||||
|
color = "#BF003F";
|
||||||
|
};
|
||||||
|
rosenwerk-extern = {
|
||||||
|
url = "https://www.google.com/calendar/ical/ogo94kraeq5ckmu3jsr0uus2mo%40group.calendar.google.com/private-8d048bfa99cca84705ffa675aacfe22a/basic.ics";
|
||||||
|
color = "#BF002F";
|
||||||
|
};
|
||||||
|
rosenwerk-kultur = {
|
||||||
|
url = "https://www.google.com/calendar/ical/93enn926ddhgr79hnqp83ipj3g%40group.calendar.google.com/public/basic.ics";
|
||||||
|
color = "#BF001F";
|
||||||
|
};
|
||||||
|
haengemathe = {
|
||||||
|
url = "https://club-haengemathe.de/termine.ics";
|
||||||
|
color = "#FF7F3F";
|
||||||
|
};
|
||||||
|
bitsundbaeumedresden = {
|
||||||
|
url = "https://dresden.bits-und-baeume.org/termine.ics";
|
||||||
|
color = "#3FBF3F";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,10 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.borgbackup.repos.emery = {
|
|
||||||
allowSubRepos = true;
|
|
||||||
authorizedKeys = config.users.users.emery.openssh.authorizedKeys.keys;
|
|
||||||
path = "/srv/ceph/c3d2/backups/emery";
|
|
||||||
quota = "200G";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
Each directory containing a file "default.nix" is
|
|
||||||
evulated as a container guest configuration.
|
|
||||||
|
|
||||||
See ./default.nix for the implementation.
|
|
|
@ -1,32 +0,0 @@
|
||||||
name:
|
|
||||||
|
|
||||||
(import ../outer-defaults.nix name) // {
|
|
||||||
config = { config, pkgs, lib, ... }: {
|
|
||||||
imports = [ ../inner-defaults.nix ];
|
|
||||||
|
|
||||||
c3d2.hq.yggdrasil.enableGateway = true;
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.uhub.port ];
|
|
||||||
|
|
||||||
networking.interfaces.eth0.ipv6.addresses = [{
|
|
||||||
address = "310:5217:69c0:9afc:0:576d:1184:c3d2";
|
|
||||||
prefixLength = 64;
|
|
||||||
}]; # Old address used by some clients
|
|
||||||
|
|
||||||
services.uhub = {
|
|
||||||
enable = true;
|
|
||||||
enableTLS = false;
|
|
||||||
hubConfig = ''
|
|
||||||
hub_name=c3d2
|
|
||||||
hub_description=<<</>>
|
|
||||||
'';
|
|
||||||
plugins.history.enable = true;
|
|
||||||
plugins.welcome = {
|
|
||||||
enable = true;
|
|
||||||
motd = config.users.motd;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,29 +0,0 @@
|
||||||
{ lib, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
containerFunc = name:
|
|
||||||
# Generate a container expression from the directory at `name`.
|
|
||||||
{
|
|
||||||
inherit name;
|
|
||||||
value = import (./. + "/${name}") name;
|
|
||||||
};
|
|
||||||
|
|
||||||
containerDir = builtins.readDir ../containers;
|
|
||||||
containerSubdirs =
|
|
||||||
lib.filterAttrs (_: kind: kind == "directory") containerDir;
|
|
||||||
containerNames = builtins.attrNames containerSubdirs;
|
|
||||||
|
|
||||||
containers = builtins.listToAttrs (map containerFunc containerNames);
|
|
||||||
|
|
||||||
in {
|
|
||||||
boot.enableContainers = true;
|
|
||||||
inherit containers;
|
|
||||||
|
|
||||||
imports = [ ../../../lib/lxc ];
|
|
||||||
lxc.containers = {
|
|
||||||
trivial = {
|
|
||||||
nixos-config = "/tmp/trivial.nix";
|
|
||||||
lxc = { };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
name:
|
|
||||||
|
|
||||||
(import ../outer-defaults.nix name) // {
|
|
||||||
|
|
||||||
ephemeral = true;
|
|
||||||
|
|
||||||
config = { config, pkgs, lib, ... }: {
|
|
||||||
imports = [ ../inner-defaults.nix ];
|
|
||||||
c3d2.hq.yggdrasil.enableGateway = true;
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
email = "mail@c3d2.de";
|
|
||||||
};
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
virtualHosts = {
|
|
||||||
"hydra7.hq.c3d2.de" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/".proxyPass = "http://172.22.99.245:3000";
|
|
||||||
};
|
|
||||||
"hydra7.y.c3d2.de" = {
|
|
||||||
default = true;
|
|
||||||
addSSL = false;
|
|
||||||
locations."/".proxyPass = "http://172.22.99.245:3000";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
{ ... }: {
|
|
||||||
imports = [ ../../../lib ];
|
|
||||||
c3d2 = {
|
|
||||||
isInHq = true;
|
|
||||||
mapHqHosts = true;
|
|
||||||
hq.interface = "eth0";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,33 +0,0 @@
|
||||||
name:
|
|
||||||
|
|
||||||
(import ../outer-defaults.nix name) // {
|
|
||||||
|
|
||||||
bindMounts."/mnt/music" = {
|
|
||||||
hostPath = "/srv/ceph/c3d2/rpool/Music";
|
|
||||||
isReadOnly = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = { config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [ ../inner-defaults.nix ];
|
|
||||||
|
|
||||||
services.mpd = {
|
|
||||||
enable = true;
|
|
||||||
network.listenAddress = "any";
|
|
||||||
musicDirectory = "/mnt/music";
|
|
||||||
extraConfig = ''
|
|
||||||
default_permissions "read,add,control,admin"
|
|
||||||
|
|
||||||
audio_output {
|
|
||||||
type "null"
|
|
||||||
name "My Null Output"
|
|
||||||
}
|
|
||||||
|
|
||||||
filesystem_charset "UTF-8"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,29 +0,0 @@
|
||||||
name:
|
|
||||||
|
|
||||||
(import ../outer-defaults.nix name) // {
|
|
||||||
|
|
||||||
bindMounts."/srv/ceph/c3d2" = {
|
|
||||||
hostPath = "/srv/ceph/c3d2";
|
|
||||||
isReadOnly = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = { config, pkgs, lib, ... }:
|
|
||||||
let ncdcPort = 1512;
|
|
||||||
in {
|
|
||||||
imports = [ ../inner-defaults.nix ];
|
|
||||||
|
|
||||||
c3d2 = {
|
|
||||||
users.k-ot = true;
|
|
||||||
hq.statistics.enable = true;
|
|
||||||
hq.yggdrasil.enableGateway = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
|
||||||
programs.mosh.enable = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ tmux ncdc ];
|
|
||||||
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
name:
|
|
||||||
|
|
||||||
(import ../outer-defaults.nix name) // {
|
|
||||||
|
|
||||||
bindMounts."/srv/nfs" = {
|
|
||||||
hostPath = "/srv/ceph/c3d2/nfs";
|
|
||||||
isReadOnly = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = { config, pkgs, lib, ... }: {
|
|
||||||
imports = [ ../inner-defaults.nix ];
|
|
||||||
|
|
||||||
c3d2.hq.statistics.enable = true;
|
|
||||||
|
|
||||||
services.nfs.server = {
|
|
||||||
enable = true;
|
|
||||||
exports = "/srv/nfs *(rw)";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,10 +0,0 @@
|
||||||
name:
|
|
||||||
|
|
||||||
let yggaddr = import ../../../lib/server7-yggaddr.nix;
|
|
||||||
in {
|
|
||||||
# These the container defaults from the perspective of the host.
|
|
||||||
|
|
||||||
autoStart = true;
|
|
||||||
privateNetwork = true;
|
|
||||||
hostBridge = "br0";
|
|
||||||
}
|
|
|
@ -1,45 +0,0 @@
|
||||||
name:
|
|
||||||
|
|
||||||
(import ../outer-defaults.nix name) // {
|
|
||||||
|
|
||||||
bindMounts."/srv/files" = {
|
|
||||||
hostPath = "/srv/ceph/c3d2/files";
|
|
||||||
isReadOnly = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = { config, pkgs, lib, ... }: {
|
|
||||||
imports = [ ../inner-defaults.nix ];
|
|
||||||
|
|
||||||
c3d2.hq.statistics.enable = true;
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
useDHCP = false;
|
|
||||||
interfaces.eth0.useDHCP = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.samba = {
|
|
||||||
enable = true;
|
|
||||||
enableNmbd = true;
|
|
||||||
extraConfig = ''
|
|
||||||
workgroup = HQ
|
|
||||||
server string = storage
|
|
||||||
netbios name = storage
|
|
||||||
hosts allow = 172.20.0.0/14 127.0.0.0/8
|
|
||||||
hosts deny = 0.0.0.0/0
|
|
||||||
guest account = nobody
|
|
||||||
map to guest = Bad user
|
|
||||||
'';
|
|
||||||
shares = {
|
|
||||||
c3d2 = {
|
|
||||||
path = "/srv/files";
|
|
||||||
browseable = "yes";
|
|
||||||
"read only" = "yes";
|
|
||||||
"guest ok" = "yes";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,75 +0,0 @@
|
||||||
name:
|
|
||||||
|
|
||||||
(import ../outer-defaults.nix name) // {
|
|
||||||
|
|
||||||
bindMounts."/srv/c3d2" = {
|
|
||||||
hostPath = "/srv/ceph/c3d2";
|
|
||||||
isReadOnly = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = { config, pkgs, lib, ... }: {
|
|
||||||
imports = [ ../inner-defaults.nix ];
|
|
||||||
|
|
||||||
c3d2 = {
|
|
||||||
users.k-ot = true;
|
|
||||||
hq.statistics.enable = true;
|
|
||||||
hq.yggdrasil.enableGateway = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
allowSFTP = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ git borgbackup ];
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.nginx.override {
|
|
||||||
modules = with pkgs.nginxModules; [ fancyindex ];
|
|
||||||
};
|
|
||||||
virtualHosts = {
|
|
||||||
"storage-ng.hq.c3d2.de".extraConfig = ''
|
|
||||||
server_name storage-ng.hq.c3d2.de;
|
|
||||||
return 301 $scheme://storage.hq.c3d2.de$request_uri;
|
|
||||||
'';
|
|
||||||
|
|
||||||
"storage.hq.c3d2.de" = {
|
|
||||||
default = true;
|
|
||||||
http2 = true;
|
|
||||||
# addSSL = true;
|
|
||||||
locations = {
|
|
||||||
"/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
|
||||||
in {
|
|
||||||
alias = "/srv/c3d2/files/";
|
|
||||||
extraConfig = ''
|
|
||||||
auth_basic "Chaos";
|
|
||||||
auth_basic_user_file ${authFile};
|
|
||||||
fancyindex on;
|
|
||||||
# autoindex on;
|
|
||||||
dav_access all:r;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.interfaces.eth0 = {
|
|
||||||
ipv4 = {
|
|
||||||
addresses = [{
|
|
||||||
address = "172.22.99.20";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
routes = [{
|
|
||||||
address = "0.0.0.0";
|
|
||||||
prefixLength = 0;
|
|
||||||
via = "172.22.99.1";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,226 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
let yggaddr = import ../../lib/server7-yggaddr.nix;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
../../lib
|
|
||||||
../../lib/default-gateway.nix
|
|
||||||
./borgbackup.nix
|
|
||||||
./containers
|
|
||||||
./hardware-configuration.nix
|
|
||||||
./hydra.nix
|
|
||||||
./nix-serve.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
email = "mail@c3d2.de";
|
|
||||||
acceptTerms = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
c3d2 = {
|
|
||||||
users = {
|
|
||||||
emery = true;
|
|
||||||
windsleep = true;
|
|
||||||
};
|
|
||||||
isInHq = true;
|
|
||||||
mapHqHosts = true;
|
|
||||||
hq = {
|
|
||||||
interface = "br0";
|
|
||||||
statistics.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/srv/ceph" = {
|
|
||||||
#device = "172.22.99.13:6789:/";
|
|
||||||
device = "172.20.72.53:6789:/";
|
|
||||||
fsType = "ceph";
|
|
||||||
options = [
|
|
||||||
"name=storage2"
|
|
||||||
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
|
|
||||||
"noatime,_netdev"
|
|
||||||
"noauto"
|
|
||||||
"x-systemd.automount"
|
|
||||||
"x-systemd.device-timeout=175"
|
|
||||||
"users"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/lib/ceph/osd/ceph-7" = { fsType = "tmpfs"; };
|
|
||||||
|
|
||||||
# Route IPv6
|
|
||||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
||||||
# Obtain global IPv6 despite being a router myself
|
|
||||||
boot.kernel.sysctl."net.ipv6.conf.br0.accept_ra" = 2;
|
|
||||||
|
|
||||||
services.yggdrasil = {
|
|
||||||
enable = true;
|
|
||||||
configFile = "/var/lib/yggdrasil/keys";
|
|
||||||
config = {
|
|
||||||
Peers = [
|
|
||||||
|
|
||||||
# Deutschland
|
|
||||||
"tcp://45.11.19.26:5001"
|
|
||||||
"tcp://82.165.69.111:61216"
|
|
||||||
"tcp://[2001:8d8:1800:8224::1]:61216"
|
|
||||||
|
|
||||||
# Czechia
|
|
||||||
"tcp://195.123.245.146:7743"
|
|
||||||
"tcp://37.205.14.171:46370"
|
|
||||||
"tcp://[2a03:3b40:fe:ab::1]:46370"
|
|
||||||
"tcp://[2a05:9403::8b]:7743"
|
|
||||||
|
|
||||||
# Poland
|
|
||||||
"tcp://176.223.130.120:22632"
|
|
||||||
"tcp://51.75.44.73:50001"
|
|
||||||
"tcp://54.37.137.221:37145"
|
|
||||||
"tcp://[2001:41d0:601:1100::cf2]:37145"
|
|
||||||
"tcp://n2o.ddns.net:22632"
|
|
||||||
"tls://54.37.137.221:14987"
|
|
||||||
"tls://[2001:41d0:601:1100::cf2]:14987"
|
|
||||||
|
|
||||||
];
|
|
||||||
NodeInfo = {
|
|
||||||
location = "Dresden";
|
|
||||||
name = "server7.y.c3d2.de";
|
|
||||||
admin =
|
|
||||||
"toxid:DF0AC9107E0A30E7201C6832B017AC836FBD1EDAC390EE99B68625D73C3FD929FB47F1872CA4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
passwordAuthentication = false;
|
|
||||||
# DO NOT CHANGE, KINDERGARTEN IS OVER
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.mosh.enable = true;
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
package = pkgs.nixFlakes;
|
|
||||||
gc.automatic = true;
|
|
||||||
optimise.automatic = true;
|
|
||||||
extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes ca-references
|
|
||||||
post-build-hook = ${
|
|
||||||
pkgs.writeScript "post-build-sign-paths" ''
|
|
||||||
#!${pkgs.runtimeShell}
|
|
||||||
nix sign-paths --key-file /var/lib/nix-serve.key $OUT_PATHS
|
|
||||||
''
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
nixpkgs.overlays = [
|
|
||||||
(self: super: {
|
|
||||||
nix = super.nix // { meta.platforms = lib.platforms.linux; };
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
|
||||||
|
|
||||||
# docker osd.7 container
|
|
||||||
# docker run --rm --net=host --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph
|
|
||||||
# -e 172.22.99.245 -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-osd -i 7 --setuser ceph --setgroup ceph -f
|
|
||||||
docker-containers.ceph-osd-7 = {
|
|
||||||
cmd = ["ceph-osd" "-i" "7" "--setuser" "ceph" "--setgroup" "ceph" "-d"];
|
|
||||||
environment = {
|
|
||||||
OSD_DEVICE = "/dev/sdb";
|
|
||||||
};
|
|
||||||
image = "ceph/ceph:v14.2.9";
|
|
||||||
log-driver = "journald";
|
|
||||||
extraDockerOptions = [
|
|
||||||
"--rm"
|
|
||||||
"--net=host"
|
|
||||||
"--ipc=host"
|
|
||||||
"--privileged=true"
|
|
||||||
];
|
|
||||||
volumes = [
|
|
||||||
"/dev:/dev"
|
|
||||||
"/etc/ceph:/etc/ceph"
|
|
||||||
"/var/lib/ceph/:/var/lib/ceph"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
# FIXME
|
|
||||||
# systemd.services.docker-ceph-osd-7.serviceConfig = {
|
|
||||||
# ExecStartPre = ["mount | grep ^/var/lib/ceph/osd/ceph-7 || mount -t tmpfs tmpfs /var/lib/ceph/osd/ceph-7"
|
|
||||||
# ''docker run --rm --net=host --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-volume lvm activate --all''
|
|
||||||
# ];
|
|
||||||
#};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
firewall.enable = false;
|
|
||||||
firewall.trustedInterfaces = [ "br0" ];
|
|
||||||
hostName = "server7";
|
|
||||||
hostId = "454fe12c";
|
|
||||||
useDHCP = false;
|
|
||||||
bridges.br0.interfaces = [ "enp2s0f0" ];
|
|
||||||
interfaces = {
|
|
||||||
br0 = {
|
|
||||||
useDHCP = true;
|
|
||||||
tempAddress = "disabled";
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = "172.22.99.245";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
ipv6.addresses = [{
|
|
||||||
address = yggaddr.prefix64 + "::1";
|
|
||||||
prefixLength = 64;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
enp2s0f1.useDHCP = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
|
|
||||||
boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
|
|
||||||
boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
tmux
|
|
||||||
htop
|
|
||||||
vim
|
|
||||||
gitMinimal
|
|
||||||
nixfmt
|
|
||||||
zfsStable
|
|
||||||
];
|
|
||||||
|
|
||||||
services.collectd.extraConfig = ''
|
|
||||||
LoadPlugin memory
|
|
||||||
LoadPlugin processes
|
|
||||||
LoadPlugin disk
|
|
||||||
LoadPlugin df
|
|
||||||
LoadPlugin cpu
|
|
||||||
LoadPlugin entropy
|
|
||||||
LoadPlugin load
|
|
||||||
LoadPlugin swap
|
|
||||||
LoadPlugin cgroups
|
|
||||||
LoadPlugin vmem
|
|
||||||
LoadPlugin interface
|
|
||||||
'';
|
|
||||||
|
|
||||||
boot.tmpOnTmpfs = true;
|
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
|
||||||
boot.loader = {
|
|
||||||
systemd-boot.enable = true;
|
|
||||||
efi.canTouchEfiVariables = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
system.stateVersion = "19.09"; # Did you read the comment?
|
|
||||||
|
|
||||||
users.extraUsers.hydra.openssh.authorizedKeys.keys = [
|
|
||||||
# allow the old hydra to build here
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HuDlyTlPC4rCjwhklY8kiYIxdgPhiu6wxs29ksnpKZmJa2R7qoD02N3ACm9cTb1GVkIWukAXI3KvU9h08+WLQJqUH0cHVBj3V1sDYmkN2QecE59gz3e1gfN3zPtwmQEUe6xvHWK3X3qdH45pGPUtxk1eDTZl45037C0NClWF7RXI4m6UXng4bL9wnPvoVqCI+ySsNWaTkHDLE/D9s/VrqGxJ1w2KiJb1F73g9/x/zjL8Ixb16wkPmLE0e50MQAQa7EMFTyPZoEskFnEviLYXM9pDexABAjJfbfZ39lLyMgVYGwnzEDbjDlm68dE6wQWUY1OV6wbt8uYreB2IRrlb root@hydra"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.dhcpd4 = {
|
|
||||||
enable = false;
|
|
||||||
interfaces = [ "br0" ];
|
|
||||||
extraConfig = "not authoritative;";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,179 +0,0 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules =
|
|
||||||
[ "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-uuid/f14628ce-0f13-4544-9197-0ddda291f48f";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/lib/ceph/osd/ceph-7" = {
|
|
||||||
device = "tmpfs";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/9812-00B2";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1" = {
|
|
||||||
device = "nvme0n1";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/b090f14b-0a60-4451-e82a-c5291e5951de/cores" = {
|
|
||||||
device = "nvme0n1/cores/b090f14b-0a60-4451-e82a-c5291e5951de";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/9a9880d3-82db-c500-fcaa-d4e5a5cc617d/cores" = {
|
|
||||||
device = "nvme0n1/cores/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/archive" = {
|
|
||||||
device = "nvme0n1/archive";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5/cores" = {
|
|
||||||
device = "nvme0n1/cores/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/9f467f1e-000b-e771-e117-b32261e48220/cores" = {
|
|
||||||
device = "nvme0n1/cores/9f467f1e-000b-e771-e117-b32261e48220";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/e71d4460-8eef-6623-a875-dd5ec20b650f/cores" = {
|
|
||||||
device = "nvme0n1/cores/e71d4460-8eef-6623-a875-dd5ec20b650f";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3/cores" = {
|
|
||||||
device = "nvme0n1/cores/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/3516ab22-69b0-e327-95ec-f9be8852ee44/cores" = {
|
|
||||||
device = "nvme0n1/cores/3516ab22-69b0-e327-95ec-f9be8852ee44";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/global/cores" = {
|
|
||||||
device = "nvme0n1/cores/global";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/c3d2.de" = {
|
|
||||||
device = "nvme0n1/c3d2.de";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3" = {
|
|
||||||
device = "nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317" = {
|
|
||||||
device = "nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de" = {
|
|
||||||
device = "nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/55bcd862-bb70-11e9-9991-7b9a40d4e95f" = {
|
|
||||||
device = "nvme0n1/55bcd862-bb70-11e9-9991-7b9a40d4e95f";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4" = {
|
|
||||||
device = "nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d" = {
|
|
||||||
device = "nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5" = {
|
|
||||||
device = "nvme0n1/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/9f467f1e-000b-e771-e117-b32261e48220" = {
|
|
||||||
device = "nvme0n1/9f467f1e-000b-e771-e117-b32261e48220";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/9651893f-4b85-293a-2d72-60ea3b541bc3" = {
|
|
||||||
device = "nvme0n1/9651893f-4b85-293a-2d72-60ea3b541bc3";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89" = {
|
|
||||||
device = "nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/7644820f-5ce5-f9f1-94b7-4537ee598f43" = {
|
|
||||||
device = "nvme0n1/7644820f-5ce5-f9f1-94b7-4537ee598f43";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9" = {
|
|
||||||
device = "nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d" = {
|
|
||||||
device = "nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/c3d2.de/admin" = {
|
|
||||||
device = "nvme0n1/c3d2.de/admin";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75" = {
|
|
||||||
device = "nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/c3d2.de/templates" = {
|
|
||||||
device = "nvme0n1/c3d2.de/templates";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f" = {
|
|
||||||
device = "nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/c3d2.de/iso" = {
|
|
||||||
device = "nvme0n1/c3d2.de/iso";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 40;
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.hydra-dev = {
|
|
||||||
enable = true;
|
|
||||||
debugServer = true;
|
|
||||||
extraEnv.HYDRA_DEBUG = "1";
|
|
||||||
hydraURL = "https://server7.hq.c3d2.de";
|
|
||||||
logo = ./hydra.svg;
|
|
||||||
notificationSender = "hydra@spam.works";
|
|
||||||
# package = pkgs.hydra-unstable;
|
|
||||||
listenHost = "172.22.99.245";
|
|
||||||
# listenHost = "*";
|
|
||||||
useSubstitutes = true;
|
|
||||||
minimumDiskFree = 2;
|
|
||||||
minimumDiskFreeEvaluator = 2;
|
|
||||||
extraConfig = ''
|
|
||||||
<sotest>
|
|
||||||
authfile = /var/lib/hydra/sotest.auth
|
|
||||||
</sotest>
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.trustedUsers = [ "hydra" ];
|
|
||||||
|
|
||||||
nix.buildMachines = [{
|
|
||||||
hostName = "localhost";
|
|
||||||
system = "x86_64-linux";
|
|
||||||
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
|
|
||||||
maxJobs = 8;
|
|
||||||
}];
|
|
||||||
|
|
||||||
nix.binaryCachePublicKeys =
|
|
||||||
[ "nix-serve.hq.c3d2.de-2:elqZouiiQP4XNfmEekwXH/YRPL1pXlN5JgVSzT1Ctoc=" ];
|
|
||||||
nix.binaryCaches = [ "http://nix-serve.hq.c3d2.de" ];
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
virtualHosts = {
|
|
||||||
"server7.hq.c3d2.de" = {
|
|
||||||
addSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
globalRedirect = "hydra7.hq.c3d2.de";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,163 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
|
||||||
|
|
||||||
<svg
|
|
||||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
|
||||||
xmlns:cc="http://creativecommons.org/ns#"
|
|
||||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
|
||||||
xmlns:svg="http://www.w3.org/2000/svg"
|
|
||||||
xmlns="http://www.w3.org/2000/svg"
|
|
||||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
|
||||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
|
||||||
width="594.28000pt"
|
|
||||||
height="194.89000pt"
|
|
||||||
id="svg1"
|
|
||||||
sodipodi:version="0.32"
|
|
||||||
inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
|
|
||||||
sodipodi:docname="hydra.svg"
|
|
||||||
version="1.1">
|
|
||||||
<defs
|
|
||||||
id="defs3" />
|
|
||||||
<sodipodi:namedview
|
|
||||||
id="base"
|
|
||||||
pagecolor="#ffffff"
|
|
||||||
bordercolor="#666666"
|
|
||||||
borderopacity="1.0"
|
|
||||||
inkscape:pageopacity="0.0"
|
|
||||||
inkscape:pageshadow="2"
|
|
||||||
inkscape:zoom="0.43415836"
|
|
||||||
inkscape:cx="497.42201"
|
|
||||||
inkscape:cy="266.76371"
|
|
||||||
inkscape:current-layer="svg1"
|
|
||||||
showgrid="false"
|
|
||||||
inkscape:grid-bbox="true"
|
|
||||||
inkscape:grid-points="true"
|
|
||||||
inkscape:guide-bbox="true"
|
|
||||||
inkscape:guide-points="true"
|
|
||||||
guidetolerance="2.0000000px"
|
|
||||||
inkscape:window-width="1362"
|
|
||||||
inkscape:window-height="740"
|
|
||||||
inkscape:window-x="0"
|
|
||||||
inkscape:window-y="12"
|
|
||||||
inkscape:window-maximized="0">
|
|
||||||
<inkscape:grid
|
|
||||||
id="GridFromPre046Settings"
|
|
||||||
type="xygrid"
|
|
||||||
originx="0"
|
|
||||||
originy="0"
|
|
||||||
spacingx="1.3333333"
|
|
||||||
spacingy="1.3333333"
|
|
||||||
color="#3f3fff"
|
|
||||||
empcolor="#3f3fff"
|
|
||||||
opacity="0.15"
|
|
||||||
empopacity="0.38"
|
|
||||||
empspacing="5" />
|
|
||||||
</sodipodi:namedview>
|
|
||||||
<metadata
|
|
||||||
id="metadata4">
|
|
||||||
<rdf:RDF>
|
|
||||||
<cc:Work
|
|
||||||
rdf:about="">
|
|
||||||
<dc:format>image/svg+xml</dc:format>
|
|
||||||
<dc:type
|
|
||||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
|
||||||
<dc:title></dc:title>
|
|
||||||
</cc:Work>
|
|
||||||
</rdf:RDF>
|
|
||||||
</metadata>
|
|
||||||
<g
|
|
||||||
inkscape:label="Layer 1"
|
|
||||||
inkscape:groupmode="layer"
|
|
||||||
id="layer1" />
|
|
||||||
<path
|
|
||||||
d="M 5,123.6125 80,4.8625031 c 0,0 68.75,0 68.75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 0,0 68.75,116.25 68.75,116.25 h -75 z"
|
|
||||||
id="path4772"
|
|
||||||
style="fill:#5175c0;fill-opacity:1" />
|
|
||||||
<path
|
|
||||||
d="M 92.5,123.6125 161.25,4.8625031 c 0,0 75,0 75,0 0,0 -68.75,118.7499969 -68.75,118.7499969 l 68.75,116.25 h -75 z"
|
|
||||||
id="path4770"
|
|
||||||
style="fill:#7eb3de;fill-opacity:1" />
|
|
||||||
<path
|
|
||||||
d="M 180,123.6125 248.75,4.8625031 c 0,0 75,0 75,0 0,0 -67.5,118.7499969 -67.5,118.7499969 l 67.5,116.25 h -75 z"
|
|
||||||
id="path4768"
|
|
||||||
style="fill:#5175c0;fill-opacity:1" />
|
|
||||||
<path
|
|
||||||
d="m 423.75,4.8625031 c 0,0 68.75,0 68.75,0 L 405,239.8625 h -68.75 z"
|
|
||||||
id="path4766"
|
|
||||||
style="fill:#7eb3de;fill-opacity:1" />
|
|
||||||
<path
|
|
||||||
d="m 573.75,123.6125 c 0,0 -68.75,-118.7499969 -68.75,-118.7499969 0,0 75,0 75,0 0,0 68.75,118.7499969 68.75,118.7499969 L 580,239.8625 h -75 c 0,0 68.75,-116.25 68.75,-116.25 z"
|
|
||||||
id="path4764"
|
|
||||||
style="fill:#5175c0;fill-opacity:1" />
|
|
||||||
<path
|
|
||||||
d="m 592.5,239.8625 c 0,0 68.75,-116.25 68.75,-116.25 0,0 -68.75,-118.7499969 -68.75,-118.7499969 h 75 L 736.25,123.6125 667.5,239.8625 c 0,0 -75,0 -75,0 z"
|
|
||||||
id="path1103"
|
|
||||||
style="fill:#7eb3de;fill-opacity:1" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ffffff;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
|
|
||||||
id="path4748"
|
|
||||||
inkscape:connector-curvature="0" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
|
|
||||||
id="path4750"
|
|
||||||
inkscape:connector-curvature="0" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
|
|
||||||
id="path4752"
|
|
||||||
inkscape:connector-curvature="0" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
|
|
||||||
id="path4754"
|
|
||||||
inkscape:connector-curvature="0" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="M 40.243955,182.04068 C 21.723264,150.70357 6.4358654,124.63858 6.2719589,124.11847 6.1080523,123.59834 22.729551,96.636025 43.208622,64.202186 L 80.443296,5.2315697 h 33.427314 c 27.32714,0 33.32015,0.279289 32.84004,1.5304274 C 146.25213,7.9568785 106.54016,76.84926 83.109504,117.09734 l -3.777885,6.48948 33.859941,57.25975 c 18.62297,31.49287 33.85994,57.46471 33.85994,57.71521 0,0.2505 -16.45505,0.45545 -36.56678,0.45545 H 73.917939 Z"
|
|
||||||
id="path4756"
|
|
||||||
inkscape:connector-curvature="0" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
|
|
||||||
id="path4758" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="M 39.798247,182.97391 C 21.194881,151.51668 5.8549221,124.95667 5.7094473,123.95167 5.5639725,122.94667 22.182803,95.693953 42.640183,63.390072 L 79.835419,4.6557429 114.01929,4.3506923 c 22.26699,-0.1987067 34.18387,0.097179 34.18387,0.8487563 0,0.6345938 -15.27869,27.5376884 -33.95263,59.7846534 l -33.952629,58.630848 33.952629,57.40622 c 18.67394,31.57343 33.95263,57.79806 33.95263,58.27697 0,0.47891 -16.78064,0.87075 -37.29031,0.87075 H 73.622545 Z"
|
|
||||||
id="path4774"
|
|
||||||
inkscape:connector-curvature="0" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
|
|
||||||
id="path4776"
|
|
||||||
inkscape:connector-curvature="0" />
|
|
||||||
<path
|
|
||||||
style="opacity:0;fill:#ff0000;fill-opacity:1;stroke-width:1.15165353"
|
|
||||||
d="m 336.47317,238.17057 c 0.44551,-1.11786 18.66473,-49.97005 40.48715,-108.56042 C 398.78275,71.019777 418.2387,18.806685 420.19578,13.581058 l 3.55833,-9.5011418 h 34.39672 c 18.9182,0 34.38454,0.388683 34.36966,0.8637401 -0.0148,0.4750571 -19.62584,53.4655147 -43.57989,117.7565737 l -43.55283,116.89283 -34.86232,0.30499 c -32.91995,0.28801 -34.81718,0.19175 -34.05228,-1.72748 z"
|
|
||||||
id="path4778"
|
|
||||||
inkscape:connector-curvature="0" />
|
|
||||||
<flowRoot
|
|
||||||
xml:space="preserve"
|
|
||||||
id="flowRoot8463"
|
|
||||||
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:96px;line-height:125%;font-family:'Liberation Mono';-inkscape-font-specification:'Liberation Mono Bold';letter-spacing:0px;word-spacing:0px;fill:#ff0000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
|
|
||||||
transform="matrix(1.7228087,0,0,2.5200722,-118.4561,-151.78401)"><flowRegion
|
|
||||||
id="flowRegion8465"
|
|
||||||
style="font-size:96px;fill:#ff0000"><rect
|
|
||||||
id="rect8467"
|
|
||||||
width="679.47559"
|
|
||||||
height="191.17448"
|
|
||||||
x="108.25543"
|
|
||||||
y="57.162315"
|
|
||||||
style="font-size:96px;fill:#ff0000" /></flowRegion><flowPara
|
|
||||||
id="flowPara8469">FLAKES</flowPara></flowRoot> <flowRoot
|
|
||||||
xml:space="preserve"
|
|
||||||
id="flowRoot8479"
|
|
||||||
style="fill:black;stroke:none;stroke-opacity:1;stroke-width:1px;stroke-linejoin:miter;stroke-linecap:butt;fill-opacity:1;font-family:'Liberation Mono';font-style:normal;font-weight:bold;font-size:40px;line-height:125%;letter-spacing:0px;word-spacing:0px;-inkscape-font-specification:'Liberation Mono Bold';font-stretch:normal;font-variant:normal"><flowRegion
|
|
||||||
id="flowRegion8481"><rect
|
|
||||||
id="rect8483"
|
|
||||||
width="71.034798"
|
|
||||||
height="46.411858"
|
|
||||||
x="92.5"
|
|
||||||
y="123.6125" /></flowRegion><flowPara
|
|
||||||
id="flowPara8485"></flowPara></flowRoot></svg>
|
|
Before Width: | Height: | Size: 9.7 KiB |
|
@ -1,28 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
nix.sshServe.enable = true;
|
|
||||||
|
|
||||||
services.nix-serve = {
|
|
||||||
enable = true;
|
|
||||||
secretKeyFile = "/var/lib/nix-serve.key";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
virtualHosts = let
|
|
||||||
vhost.locations."/".proxyPass =
|
|
||||||
"http://${config.services.nix-serve.bindAddress}:${
|
|
||||||
toString config.services.nix-serve.port
|
|
||||||
}";
|
|
||||||
in {
|
|
||||||
"cache.server7.hq.c3d2.de" = vhost // {
|
|
||||||
addSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
};
|
|
||||||
"nix-serve.y.c3d2.de" = vhost;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
let yggaddr = import ../../lib/server7-yggaddr.nix;
|
|
||||||
in {
|
|
||||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
||||||
|
|
||||||
networking.interfaces.br0.ipv6.addresses = [{
|
|
||||||
address = yggaddr.prefix + ":1";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
|
|
||||||
services.radvd = {
|
|
||||||
enable = true;
|
|
||||||
config = ''
|
|
||||||
interface enp2s0f1
|
|
||||||
{
|
|
||||||
AdvSendAdvert on;
|
|
||||||
AdvRouteLifetime 0;
|
|
||||||
prefix ${yggaddr.prefix}:/64 {
|
|
||||||
AdvOnLink on;
|
|
||||||
AdvAutonomous on;
|
|
||||||
};
|
|
||||||
route 200::/7 {};
|
|
||||||
};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -0,0 +1,125 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, strings, ... }:
|
||||||
|
|
||||||
|
let eth0 = "ens18";
|
||||||
|
in {
|
||||||
|
imports = [ # Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../../lib
|
||||||
|
../../lib/hq.nix
|
||||||
|
../../lib/shared.nix
|
||||||
|
../../lib/default-gateway.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
c3d2 = {
|
||||||
|
users.k-ot = true;
|
||||||
|
isInHq = true;
|
||||||
|
mapHqHosts = true;
|
||||||
|
hq.interface = eth0;
|
||||||
|
};
|
||||||
|
|
||||||
|
hq.yggdrasil = {
|
||||||
|
enable = true;
|
||||||
|
interface = eth0;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
systemd.enableEmergencyMode = false;
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "storage-ng";
|
||||||
|
# usePredictableInterfacenames = false;
|
||||||
|
interfaces.${eth0} = {
|
||||||
|
ipv4.addresses = [{
|
||||||
|
address = "172.22.99.20";
|
||||||
|
prefixLength = 24;
|
||||||
|
}];
|
||||||
|
ipv6.addresses = [{
|
||||||
|
address = "2a02:8106:208:5201::20";
|
||||||
|
prefixLength = 64;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
defaultGateway.interface = eth0;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
wget
|
||||||
|
vim
|
||||||
|
screen
|
||||||
|
zsh
|
||||||
|
lftp
|
||||||
|
lsof
|
||||||
|
psmisc
|
||||||
|
gitAndTools.git-annex
|
||||||
|
gitAndTools.git
|
||||||
|
tmux
|
||||||
|
|
||||||
|
mpv
|
||||||
|
iotop
|
||||||
|
];
|
||||||
|
|
||||||
|
services.ceph = {
|
||||||
|
enable = false;
|
||||||
|
client.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# fixme, we need a floating ip here
|
||||||
|
# correct is floating ip 172.22.99.21
|
||||||
|
# does not exist yet
|
||||||
|
|
||||||
|
# secretfile does not work :(
|
||||||
|
|
||||||
|
fileSystems."/mnt/cephfs" = {
|
||||||
|
device = "172.22.99.13:6789:/";
|
||||||
|
fsType = "ceph";
|
||||||
|
options = [
|
||||||
|
"name=storage2"
|
||||||
|
"secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
|
||||||
|
"noatime,_netdev"
|
||||||
|
"noauto"
|
||||||
|
"x-systemd.automount"
|
||||||
|
"x-systemd.device-timeout=175"
|
||||||
|
"users"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
programs.bash.enableCompletion = true;
|
||||||
|
programs.mtr.enable = true;
|
||||||
|
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
allowSFTP = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.atftpd = {
|
||||||
|
enable = true;
|
||||||
|
root = "/mnt/cephfs/c3d2/tftp";
|
||||||
|
};
|
||||||
|
|
||||||
|
/* # Open ports in the firewall.
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
23
|
||||||
|
];
|
||||||
|
networking.firewall.allowedUDPPorts = [
|
||||||
|
69
|
||||||
|
];
|
||||||
|
*/
|
||||||
|
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/vda1";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/vda3";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[ { device = "/dev/vda2"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
nix.maxJobs = lib.mkDefault 4;
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
<html>
|
||||||
|
<head><title>storage.hq.c3d2.de</title></head>
|
||||||
|
<body>
|
||||||
|
<h1>storage-ng</h1>
|
||||||
|
services available:
|
||||||
|
<ul>
|
||||||
|
<li><a href="/c3d2">c3d2 files http</a></li>
|
||||||
|
<li>SAMBA/Windows Access: storage-ng.hq.c3d2.de</li>
|
||||||
|
<li>tftp</li>
|
||||||
|
</ul>
|
||||||
|
</body>
|
||||||
|
</html>
|
12
krops.nix
12
krops.nix
|
@ -5,11 +5,11 @@ let
|
||||||
lib = import "${krops}/lib";
|
lib = import "${krops}/lib";
|
||||||
pkgs = import "${krops}/pkgs" {};
|
pkgs = import "${krops}/pkgs" {};
|
||||||
|
|
||||||
hostSource = path:
|
hostSource = path: nixos-branch:
|
||||||
lib.evalSource [ {
|
lib.evalSource [ {
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
ref = "origin/nixos-20.03";
|
ref = "origin/${nixos-branch}";
|
||||||
url = "https://github.com/NixOS/nixpkgs-channels.git";
|
url = "https://github.com/NixOS/nixpkgs.git";
|
||||||
};
|
};
|
||||||
nixpkgs-unstable.git = {
|
nixpkgs-unstable.git = {
|
||||||
ref = "origin/master";
|
ref = "origin/master";
|
||||||
|
@ -24,7 +24,7 @@ let
|
||||||
|
|
||||||
deployContainer = containerName: host:
|
deployContainer = containerName: host:
|
||||||
pkgs.krops.writeDeploy containerName {
|
pkgs.krops.writeDeploy containerName {
|
||||||
source = hostSource "containers/${containerName}";
|
source = hostSource "containers/${containerName}" "nixos-20.09";
|
||||||
target = "root@${host}";
|
target = "root@${host}";
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
@ -34,13 +34,13 @@ in {
|
||||||
kibana = deployContainer "kibana" "172.20.73.44";
|
kibana = deployContainer "kibana" "172.20.73.44";
|
||||||
|
|
||||||
glotzbert = pkgs.krops.writeDeploy "glotzbert" {
|
glotzbert = pkgs.krops.writeDeploy "glotzbert" {
|
||||||
source = hostSource "glotzbert";
|
source = hostSource "glotzbert" "nixos-20.09";
|
||||||
target = lib.mkTarget "k-ot@glotzbert.hq.c3d2.de" // {
|
target = lib.mkTarget "k-ot@glotzbert.hq.c3d2.de" // {
|
||||||
sudo = true;
|
sudo = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
pulsebert = pkgs.krops.writeDeploy "pulsebert" {
|
pulsebert = pkgs.krops.writeDeploy "pulsebert" {
|
||||||
source = hostSource "pulsebert";
|
source = hostSource "pulsebert" "nixos-unstable";
|
||||||
target = lib.mkTarget "k-ot@pulsebert.hq.c3d2.de" // {
|
target = lib.mkTarget "k-ot@pulsebert.hq.c3d2.de" // {
|
||||||
sudo = true;
|
sudo = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -8,8 +8,6 @@ let
|
||||||
hqPrefix64 = "fd23:42:c3d2:523";
|
hqPrefix64 = "fd23:42:c3d2:523";
|
||||||
# TODO: Is this stable? Is there a better place to specifiy this?
|
# TODO: Is this stable? Is there a better place to specifiy this?
|
||||||
|
|
||||||
server7Ygg = import ./server7-yggaddr.nix;
|
|
||||||
|
|
||||||
# Generate a deterministic IPv6 address for a 64 bit prefix
|
# Generate a deterministic IPv6 address for a 64 bit prefix
|
||||||
# and seed string. Prefix must not contain trailing ':'.
|
# and seed string. Prefix must not contain trailing ':'.
|
||||||
toIpv6Address = prefix64: seed:
|
toIpv6Address = prefix64: seed:
|
||||||
|
@ -23,8 +21,6 @@ let
|
||||||
# for the HQ networking using a seed string.
|
# for the HQ networking using a seed string.
|
||||||
toHqPrivateAddress = toIpv6Address hqPrefix64;
|
toHqPrivateAddress = toIpv6Address hqPrefix64;
|
||||||
|
|
||||||
toServer7Address = toIpv6Address server7Ygg.prefix64;
|
|
||||||
|
|
||||||
# toHqPublicAddress = toIpv6Address publicPrefix64;
|
# toHqPublicAddress = toIpv6Address publicPrefix64;
|
||||||
|
|
||||||
cfg = config.c3d2;
|
cfg = config.c3d2;
|
||||||
|
@ -171,10 +167,6 @@ in {
|
||||||
name = ip6;
|
name = ip6;
|
||||||
value = [ "${hostName}.hq" hostName ];
|
value = [ "${hostName}.hq" hostName ];
|
||||||
}
|
}
|
||||||
{
|
|
||||||
name = toServer7Address hostName;
|
|
||||||
value = [ "${hostName}.y.c3d2.de" "${hostName}.y" ];
|
|
||||||
}
|
|
||||||
] ++ lib.optional (hasAttr "ip4" host) {
|
] ++ lib.optional (hasAttr "ip4" host) {
|
||||||
name = host.ip4;
|
name = host.ip4;
|
||||||
value = [ "${hostName}.hq" hostName ];
|
value = [ "${hostName}.hq" hostName ];
|
||||||
|
@ -202,16 +194,7 @@ in {
|
||||||
ipv6.addresses = [{
|
ipv6.addresses = [{
|
||||||
address = toHqPrivateAddress config.networking.hostName;
|
address = toHqPrivateAddress config.networking.hostName;
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
}] ++ lib.optional (cfg.hq.yggdrasil.enableGateway) {
|
}];
|
||||||
address = toServer7Address config.networking.hostName;
|
|
||||||
prefixLength = 64;
|
|
||||||
};
|
|
||||||
ipv6.routes = lib.optional (cfg.hq.yggdrasil.enableGateway) {
|
|
||||||
address = "200::";
|
|
||||||
options.pref = "low";
|
|
||||||
prefixLength = 7;
|
|
||||||
via = server7Ygg.prefix64 + "::1";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -282,14 +265,6 @@ in {
|
||||||
# Only builds > 19.09
|
# Only builds > 19.09
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = lib.mkIf
|
|
||||||
(cfg.hq.enableBinaryCache && config.networking.hostName != "server7") {
|
|
||||||
binaryCaches = [ "https://cache.server7.hq.c3d2.de" ];
|
|
||||||
binaryCachePublicKeys = [
|
|
||||||
"cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.mpd.extraConfig = lib.mkIf cfg.hq.enableMpdProxy ''
|
services.mpd.extraConfig = lib.mkIf cfg.hq.enableMpdProxy ''
|
||||||
database {
|
database {
|
||||||
plugin "proxy"
|
plugin "proxy"
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQbziwBjiSZqzE2b4iOqz1HxjinqHbGjAv1XHLOq+AFfNwMc4wiyQ/u2LpuRG2HlwK9pBeIY/gZSUP3YJZ1RumnrEOxY2Tgmzko0W9ME+hvK1OHZcXI69QA/ctxEVgOUMvTtS8XssFLAbQfkXJYeTL/5yr/Qrs3MDDfa+1UGY7LQlyzh6c4pQ+pBgWJALyzztc0orqgSVUJ2u8naQ210Jv3dQnpE+bwfeG9IuWjQqBXWHwlqxwRDxnnDBVcUj4z24XsMmHHWd/zizD+4C0Qx/rBiFhYBDXP+320U5gpgFzRl3t1HQXiPCb/LAgp2CLpZ8Eh4u9tgIhp6Z6l9r0B+vQ== poelzi@poelzi.org"
|
||||||
|
];
|
||||||
|
in {
|
||||||
|
|
||||||
|
nix.trustedUsers = [ "poelzi" ];
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
fish.enable = true;
|
||||||
|
tmux.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.poelzi = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = "poelzi";
|
||||||
|
extraGroups = [ "users" "wheel" ];
|
||||||
|
hashedPassword =
|
||||||
|
"$6$SoesSFadpfcSfEOe$pmkiIMvxTAaEAyqDoZ3a7jk7GZsEXqX1N8r8UvGnaPsb85csX6FC2bwFQyyu8I8QoG/wO85WnHIMMMQAglKSK/";
|
||||||
|
openssh.authorizedKeys.keys = keys;
|
||||||
|
shell = pkgs.fish;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = keys;
|
||||||
|
|
||||||
|
nix.sshServe.keys = keys;
|
||||||
|
}
|
Loading…
Reference in New Issue