Merge branch 'master' of ssh://gitea.c3d2.de:2222/C3D2/nix-config
This commit is contained in:
commit
60f270224b
65
flake.lock
65
flake.lock
|
@ -1,39 +1,33 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"hydra": {
|
"hydra": {
|
||||||
"info": {
|
|
||||||
"lastModified": 1587883324,
|
|
||||||
"narHash": "sha256-WQxv9rrG2HX8j2UfXjifeBkMjgea3uIAEB3Swv+IIus="
|
|
||||||
},
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nix": "nix",
|
"nix": "nix",
|
||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": "nixpkgs_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"owner": "ehmry",
|
"lastModified": 1593509723,
|
||||||
|
"narHash": "sha256-ESv86LNnQQy5cYqeC1S4otpvkA8ABgs/zbge8xp35aE=",
|
||||||
|
"owner": "NixOS",
|
||||||
"repo": "hydra",
|
"repo": "hydra",
|
||||||
"rev": "e93c36aab1bf96cf392ab0e40157b0620638b599",
|
"rev": "d0deebc4fc95dbeb0249f7b774b03d366596fbed",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "ehmry",
|
"id": "hydra",
|
||||||
"ref": "sotest",
|
"type": "indirect"
|
||||||
"repo": "hydra",
|
|
||||||
"type": "github"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nix": {
|
"nix": {
|
||||||
"info": {
|
|
||||||
"lastModified": 1586440843,
|
|
||||||
"narHash": "sha256-7YxrpRPmAOoCSl6KtepKCXcae5MUm1Pl+lwDunBFGoo="
|
|
||||||
},
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
"lastModified": 1592818267,
|
||||||
|
"narHash": "sha256-t66Ny6NDA9sQa0U79iqo4w7tEBitUGgio9U/H6z3QpE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nix",
|
"repo": "nix",
|
||||||
"rev": "3aaceeb7e2d3fb8a07a1aa5a21df1dca6bbaa0ef",
|
"rev": "334e26bfc2ce82912602e8a0f9f9c7e0fb5c3221",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -42,14 +36,12 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"info": {
|
|
||||||
"lastModified": 1585405475,
|
|
||||||
"narHash": "sha256-bESW0n4KgPmZ0luxvwJ+UyATrC6iIltVCsGdLiphVeE="
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
|
"lastModified": 1591633336,
|
||||||
|
"narHash": "sha256-oVXv4xAnDJB03LvZGbC72vSVlIbbJr8tpjEW5o/Fdek=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b88ff468e9850410070d4e0ccd68c7011f15b2be",
|
"rev": "70717a337f7ae4e486ba71a500367cad697e5f09",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -59,14 +51,12 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"info": {
|
|
||||||
"lastModified": 1586219474,
|
|
||||||
"narHash": "sha256-fvfrMnEA2lDnXvH/eInGV5i0sO/EGLVHa4pOek8VG78="
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
|
"lastModified": 1592263354,
|
||||||
|
"narHash": "sha256-1wHPn5qKfzfG06dZhpXDEg5Zt6HwvfyPPgW1tkYFejg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "29eddfc36d720dcc4822581175217543b387b1e8",
|
"rev": "a84b797b28eb104db758b5cb2b61ba8face6744b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -75,31 +65,16 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
|
||||||
"info": {
|
|
||||||
"lastModified": 1586724123,
|
|
||||||
"narHash": "sha256-VQ7zZy2xpz6dULpjar4jxNaQ0N/2q68l+EYO2nXaXDo="
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs-channels",
|
|
||||||
"rev": "708cb6b307b04ad862cc50de792e57e7a4a8bb5a",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-20.03",
|
|
||||||
"repo": "nixpkgs-channels",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"hydra": "hydra",
|
"hydra": "hydra",
|
||||||
"nixpkgs": "nixpkgs_3"
|
"nixpkgs": [
|
||||||
|
"hydra",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
"version": 5
|
"version": 7
|
||||||
}
|
}
|
||||||
|
|
23
flake.nix
23
flake.nix
|
@ -1,17 +1,18 @@
|
||||||
{
|
{
|
||||||
description = "C3D2 NixOS configurations";
|
description = "C3D2 NixOS configurations";
|
||||||
|
|
||||||
edition = 201909;
|
inputs = {
|
||||||
|
nixpkgs.follows = "hydra/nixpkgs";
|
||||||
inputs.nixpkgs.url = "github:nixos/nixpkgs-channels/nixos-20.03";
|
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
inputs.hydra.url = "github:ehmry/hydra/sotest";
|
# secrets.url = "git+file:///etc/nixos/secrets";
|
||||||
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, hydra }: {
|
outputs = { self, nixpkgs, hydra }: {
|
||||||
|
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
|
|
||||||
server7 = nixpkgs.lib.nixosSystem {
|
glotzbert = nixpkgs.lib.nixosSystem {
|
||||||
modules = [ ./hosts/server7 hydra.nixosModules.hydra ];
|
modules = [ ./hosts/glotzbert/configuration.nix ];
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -20,8 +21,18 @@
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
kibana = nixpkgs.lib.nixosSystem {
|
||||||
|
modules = [ ./hosts/containers/kibana/configuration.nix ];
|
||||||
|
system = "x86_64-linux";
|
||||||
|
};
|
||||||
|
|
||||||
pulsebert = nixpkgs.lib.nixosSystem {
|
pulsebert = nixpkgs.lib.nixosSystem {
|
||||||
modules = [ ./hosts/pulsebert/configuration.nix ];
|
modules = [ ./hosts/pulsebert/configuration.nix ];
|
||||||
|
system = "aarch64-linux";
|
||||||
|
};
|
||||||
|
|
||||||
|
server7 = nixpkgs.lib.nixosSystem {
|
||||||
|
modules = [ ./hosts/server7 hydra.nixosModules.hydra ];
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ rec {
|
||||||
ledstripes = {};
|
ledstripes = {};
|
||||||
|
|
||||||
glotzbert.publicKey =
|
glotzbert.publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPrkD07abpTU/66fEjmiMYsUfJCSF62MVFe8BED7wu4";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
|
||||||
|
|
||||||
hydra.publicKey =
|
hydra.publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
|
||||||
|
|
|
@ -25,6 +25,9 @@
|
||||||
htop
|
htop
|
||||||
];
|
];
|
||||||
|
|
||||||
|
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.16"; prefixLength = 26; } ];
|
||||||
|
networking.defaultGateway = "172.20.73.1";
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "deployer";
|
hostName = "deployer";
|
||||||
# usePredictableInterfacenames = false;
|
# usePredictableInterfacenames = false;
|
||||||
|
|
|
@ -31,7 +31,10 @@
|
||||||
services.dhcpd4 = {
|
services.dhcpd4 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
interfaces = [ "eth0" ];
|
interfaces = [ "eth0" ];
|
||||||
extraConfig = builtins.readFile ../../../secrets/hosts/dhcp/config;
|
extraConfig = ''
|
||||||
|
authoritative;
|
||||||
|
|
||||||
|
'' + builtins.readFile ../../../secrets/hosts/dhcp/config;
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
|
|
|
@ -30,8 +30,6 @@ in {
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
vim
|
vim
|
||||||
# for `vtysh`
|
|
||||||
quagga
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# SSH for nixops
|
# SSH for nixops
|
||||||
|
@ -41,6 +39,12 @@ in {
|
||||||
# No Firewalling!
|
# No Firewalling!
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
|
boot.postBootCommands = ''
|
||||||
|
if [ ! -c /dev/net/tun ]; then
|
||||||
|
mkdir -p /dev/net
|
||||||
|
mknod -m 666 /dev/net/tun c 10 200
|
||||||
|
fi
|
||||||
|
'';
|
||||||
services.openvpn =
|
services.openvpn =
|
||||||
let
|
let
|
||||||
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
||||||
|
@ -63,7 +67,9 @@ in {
|
||||||
secret ${keyfile name}
|
secret ${keyfile name}
|
||||||
'';
|
'';
|
||||||
up = ''
|
up = ''
|
||||||
${pkgs.iproute}/bin/ip a a fe80::deca:fbad/64 dev $1
|
${pkgs.iproute}/bin/ip addr flush dev $1
|
||||||
|
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name} peer ${conf.address4}/32
|
||||||
|
${pkgs.iproute}/bin/ip addr add ${address6}/64 dev $1
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.8"; prefixLength = 26; } ];
|
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.8"; prefixLength = 26; } ];
|
||||||
networking.defaultGateway = "172.20.73.1";
|
networking.defaultGateway = "172.20.73.1";
|
||||||
services.resolved.enable = false;
|
services.resolved.enable = false;
|
||||||
|
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
@ -73,6 +74,7 @@
|
||||||
"::1/128"
|
"::1/128"
|
||||||
"172.20.72.0/21"
|
"172.20.72.0/21"
|
||||||
"10.0.0.0/24"
|
"10.0.0.0/24"
|
||||||
|
"10.200.0.0/15"
|
||||||
"172.22.99.0/24"
|
"172.22.99.0/24"
|
||||||
"127.0.0.0/8"
|
"127.0.0.0/8"
|
||||||
];
|
];
|
||||||
|
@ -217,7 +219,7 @@
|
||||||
Exec "collectd" "${pkgs.ruby}/bin/ruby" "${unboundScript}"
|
Exec "collectd" "${pkgs.ruby}/bin/ruby" "${unboundScript}"
|
||||||
'';
|
'';
|
||||||
network = ''
|
network = ''
|
||||||
Server "grafana.hq.c3d2.de" "25826"
|
Server "grafana.serv.zentralwerk.dn42" "25826"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
|
|
@ -17,6 +17,8 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "elastic1";
|
hostName = "elastic1";
|
||||||
|
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.15"; prefixLength = 26; } ];
|
||||||
|
defaultGateway = "172.20.73.1";
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
22
|
22
|
||||||
|
|
|
@ -56,7 +56,7 @@ stdenv.mkDerivation {
|
||||||
--replace awk ${gawk}/bin/awk
|
--replace awk ${gawk}/bin/awk
|
||||||
'' +
|
'' +
|
||||||
lib.strings.concatStrings (lib.attrsets.mapAttrsToList (
|
lib.strings.concatStrings (lib.attrsets.mapAttrsToList (
|
||||||
var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(nvram get ${var})"} '${value}'\n"
|
var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"} '${value}'\n"
|
||||||
) nvram);
|
) nvram);
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
pwd
|
pwd
|
||||||
|
|
|
@ -1,24 +1,22 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
../../../lib
|
../../../lib
|
||||||
../../../lib/lxc-container.nix
|
../../../lib/lxc-container.nix
|
||||||
../../../lib/shared.nix
|
../../../lib/shared.nix
|
||||||
../../../lib/admins.nix
|
../../../lib/admins.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2.isInHq = false;
|
||||||
isInHq = true;
|
|
||||||
hq.interface = "eth0";
|
|
||||||
enableHail = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
networking.hostName = "grafana";
|
networking.hostName = "grafana";
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
|
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.43"; prefixLength = 26; } ];
|
||||||
|
networking.defaultGateway = "172.20.73.1";
|
||||||
|
|
||||||
# http https influxdb
|
# http https influxdb
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 8086 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 8086 ];
|
||||||
|
@ -39,7 +37,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
org_name = "Chaos";
|
org_name = "Chaos";
|
||||||
};
|
};
|
||||||
users.allowSignUp = true;
|
users.allowSignUp = false;
|
||||||
};
|
};
|
||||||
services.influxdb = let
|
services.influxdb = let
|
||||||
collectdTypes = pkgs.stdenv.mkDerivation {
|
collectdTypes = pkgs.stdenv.mkDerivation {
|
||||||
|
|
|
@ -0,0 +1,66 @@
|
||||||
|
{ config, pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
|
../../../lib
|
||||||
|
../../../lib/lxc-container.nix
|
||||||
|
../../../lib/shared.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hostName = "kibana";
|
||||||
|
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
|
||||||
|
networking.defaultGateway = "172.20.73.1";
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
# Required for krops
|
||||||
|
services.openssh.enable = true;
|
||||||
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
services.elasticsearch = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.elasticsearch7;
|
||||||
|
};
|
||||||
|
services.kibana = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.kibana7;
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
email = "mail@c3d2.de";
|
||||||
|
};
|
||||||
|
services.nginx =
|
||||||
|
let
|
||||||
|
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||||
|
vhost = url: {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = url;
|
||||||
|
extraConfig = ''
|
||||||
|
auth_basic "Chaos";
|
||||||
|
auth_basic_user_file ${authFile};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
enable = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
virtualHosts = {
|
||||||
|
"kibana.hq.c3d2.de" =
|
||||||
|
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
|
||||||
|
"kibana-es.hq.c3d2.de" =
|
||||||
|
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# This value determines the NixOS release with which your system is to be
|
||||||
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
# should.
|
||||||
|
system.stateVersion = "20.03"; # Did you read the comment?
|
||||||
|
}
|
|
@ -1,11 +1,11 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
<lib>
|
../../../lib
|
||||||
<lib/lxc-container.nix>
|
../../../lib/lxc-container.nix
|
||||||
<lib/shared.nix>
|
../../../lib/shared.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
@ -22,8 +22,7 @@
|
||||||
environment.systemPackages = [ pkgs.git ];
|
environment.systemPackages = [ pkgs.git ];
|
||||||
|
|
||||||
systemd.services.ledball =
|
systemd.services.ledball =
|
||||||
let
|
let pile = import ../../../lib/pkgs/pile.nix { inherit pkgs; };
|
||||||
pile = import (toString <lib/pkgs/pile.nix>) { inherit pkgs; };
|
|
||||||
in {
|
in {
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
|
@ -17,6 +17,8 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "logging";
|
hostName = "logging";
|
||||||
|
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.13"; prefixLength = 26; } ];
|
||||||
|
defaultGateway = "172.20.73.1";
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
22
|
22
|
||||||
|
|
|
@ -2,15 +2,15 @@
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [
|
||||||
[ ../../lib/lxc-container.nix
|
../../lib/lxc-container.nix
|
||||||
../../lib/shared.nix
|
../../lib/shared.nix
|
||||||
../../lib/admins.nix
|
../../lib/admins.nix
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "nixbert"; # Define your hostname.
|
networking.hostName = "nixbert"; # Define your hostname.
|
||||||
networking.useNetworkd = false;
|
networking.useNetworkd = false;
|
||||||
|
|
|
@ -18,6 +18,8 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "mongo";
|
hostName = "mongo";
|
||||||
|
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.21"; prefixLength = 26; } ];
|
||||||
|
defaultGateway = "172.20.73.1";
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
22
|
22
|
||||||
|
|
|
@ -12,11 +12,9 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "mucbot";
|
networking.hostName = "mucbot";
|
||||||
networking.useNetworkd = true;
|
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.27"; prefixLength = 26; } ];
|
||||||
networking.useDHCP = false;
|
networking.defaultGateway = "172.20.73.1";
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
|
||||||
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||||
services.resolved.enable = false;
|
|
||||||
|
|
||||||
users.users.tigger = {
|
users.users.tigger = {
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
|
|
@ -9,13 +9,15 @@
|
||||||
[ ../../../lib/lxc-container.nix
|
[ ../../../lib/lxc-container.nix
|
||||||
../../../lib/shared.nix
|
../../../lib/shared.nix
|
||||||
../../../lib/admins.nix
|
../../../lib/admins.nix
|
||||||
../../../lib/default-gateway.nix
|
|
||||||
./proxy.nix
|
./proxy.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "public-access-proxy";
|
networking.hostName = "public-access-proxy";
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
networking.dhcpcd.enable = lib.mkForce true;
|
networking.interfaces.eth0 = {
|
||||||
|
ipv4.addresses = [ { address = "172.20.73.45"; prefixLength = 26; } ];
|
||||||
|
};
|
||||||
|
networking.defaultGateway = "172.20.73.1";
|
||||||
|
|
||||||
my.services.proxy = {
|
my.services.proxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -24,6 +26,14 @@
|
||||||
hostNames = [ "cloud.bombenverleih.de" "unifi.arkom.men" ];
|
hostNames = [ "cloud.bombenverleih.de" "unifi.arkom.men" ];
|
||||||
proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
|
proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
hostNames = [ "grafana.hq.c3d2.de" ];
|
||||||
|
proxyTo = { host = "grafana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostNames = [ "kibana.hq.c3d2.de" "kibana-es.hq.c3d2.de" ];
|
||||||
|
proxyTo = { host = "kibana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,21 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
freifunkNodes = {
|
||||||
|
"1139" = "10.200.4.120";
|
||||||
|
"1487" = "10.200.5.213";
|
||||||
|
"1884" = "10.200.7.100";
|
||||||
|
"1891" = "10.200.7.107";
|
||||||
|
"1768" = "10.200.6.239";
|
||||||
|
"1176" = "10.200.7.80";
|
||||||
|
"1099" = "10.200.4.80";
|
||||||
|
};
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
<lib>
|
../../../lib
|
||||||
<lib/lxc-container.nix>
|
../../../lib/lxc-container.nix
|
||||||
<lib/shared.nix>
|
../../../lib/shared.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
@ -16,7 +26,8 @@
|
||||||
|
|
||||||
|
|
||||||
networking.hostName = "scrape";
|
networking.hostName = "scrape";
|
||||||
networking.useNetworkd = true;
|
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.32"; prefixLength = 26; } ];
|
||||||
|
networking.defaultGateway = "172.20.73.1";
|
||||||
|
|
||||||
# Required for krops
|
# Required for krops
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
@ -35,6 +46,13 @@
|
||||||
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
|
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
|
||||||
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
|
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
|
||||||
matematLogin = import <secrets/hosts/scrape/matemat.nix>;
|
matematLogin = import <secrets/hosts/scrape/matemat.nix>;
|
||||||
|
makeNodeScraper = nodeId: {
|
||||||
|
name = "scrape-node${nodeId}";
|
||||||
|
value = makeService {
|
||||||
|
script = "freifunk_node";
|
||||||
|
host = freifunkNodes.${nodeId};
|
||||||
|
};
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
scrape-xeri = makeService {
|
scrape-xeri = makeService {
|
||||||
script = "xerox";
|
script = "xerox";
|
||||||
|
@ -55,81 +73,28 @@
|
||||||
host = "matemat.hq.c3d2.de";
|
host = "matemat.hq.c3d2.de";
|
||||||
inherit (matematLogin) user password;
|
inherit (matematLogin) user password;
|
||||||
};
|
};
|
||||||
scrape-node1139 = makeService {
|
} // builtins.listToAttrs (map makeNodeScraper (builtins.attrNames freifunkNodes));
|
||||||
script = "freifunk_node";
|
|
||||||
host = "10.200.4.120";
|
systemd.timers =
|
||||||
|
let
|
||||||
|
makeTimer = service: interval: {
|
||||||
|
partOf = [ "${service}.service" ];
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig.OnCalendar = interval;
|
||||||
};
|
};
|
||||||
scrape-node1487 = makeService {
|
makeNodeScraperTimer = nodeId:
|
||||||
script = "freifunk_node";
|
let
|
||||||
host = "10.200.5.213";
|
name = "scrape-node${nodeId}";
|
||||||
};
|
in {
|
||||||
scrape-node1884 = makeService {
|
inherit name;
|
||||||
script = "freifunk_node";
|
value = makeTimer name "minutely";
|
||||||
host = "10.200.7.100";
|
};
|
||||||
};
|
in {
|
||||||
scrape-node1891 = makeService {
|
scrape-xeri = makeTimer "scrape-xeri.service" "minutely";
|
||||||
script = "freifunk_node";
|
scrape-roxi = makeTimer "scrape-roxi.service" "minutely";
|
||||||
host = "10.200.7.107";
|
scrape-fhem = makeTimer "scrape-fhem.service" "minutely";
|
||||||
};
|
scrape-matemat = makeTimer "scrape-matemat.service" "minutely";
|
||||||
scrape-node1768 = makeService {
|
} // builtins.listToAttrs (map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
|
||||||
script = "freifunk_node";
|
|
||||||
host = "10.200.6.239";
|
|
||||||
};
|
|
||||||
scrape-node1176 = makeService {
|
|
||||||
script = "freifunk_node";
|
|
||||||
host = "10.200.7.80";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-xeri = {
|
|
||||||
partOf = [ "scrape-xeri.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-roxi = {
|
|
||||||
partOf = [ "scrape-roxi.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-fhem = {
|
|
||||||
partOf = [ "scrape-fhem.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-matemat = {
|
|
||||||
partOf = [ "scrape-matemat.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-node1139 = {
|
|
||||||
partOf = [ "scrape-node1139.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-node1487 = {
|
|
||||||
partOf = [ "scrape-node1487.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-node1884 = {
|
|
||||||
partOf = [ "scrape-node1884.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-node1891 = {
|
|
||||||
partOf = [ "scrape-node1894.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-node1768 = {
|
|
||||||
partOf = [ "scrape-node1768.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
systemd.timers.scrape-node1176 = {
|
|
||||||
partOf = [ "scrape-node1176.service" ];
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "minutely";
|
|
||||||
};
|
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
|
|
@ -8,14 +8,13 @@ in
|
||||||
[ ../../../lib/lxc-container.nix
|
[ ../../../lib/lxc-container.nix
|
||||||
../../../lib/shared.nix
|
../../../lib/shared.nix
|
||||||
../../../lib/admins.nix
|
../../../lib/admins.nix
|
||||||
../../../lib/default-gateway.nix
|
|
||||||
"${spacemsgGit}/spaceapi/module.nix"
|
"${spacemsgGit}/spaceapi/module.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "spaceapi";
|
networking.hostName = "spaceapi";
|
||||||
networking.useNetworkd = true;
|
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.25"; prefixLength = 26; } ];
|
||||||
networking.useDHCP = lib.mkForce true;
|
networking.defaultGateway = "172.20.73.1";
|
||||||
networking.firewall.allowedTCPPorts = [ 3000 3001 ];
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
services.spaceapi = {
|
services.spaceapi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -6,41 +6,48 @@
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
users.k-ot = true;
|
users.k-ot = true;
|
||||||
isInHq = true;
|
isInHq = true;
|
||||||
hq.interface = "enp0s10";
|
hq.interface = "eno1";
|
||||||
enableHail = true;
|
hq.enableBinaryCache = false;
|
||||||
|
enableHail = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
nix = {
|
nix = {
|
||||||
useSandbox = true;
|
useSandbox = true;
|
||||||
buildCores = 2;
|
buildCores = 4;
|
||||||
|
maxJobs = 4;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.kernelPackages = pkgs.linuxPackages_4_19;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
networking.hostName = "glotzbert"; # Define your hostname.
|
networking.hostName = "glotzbert"; # Define your hostname.
|
||||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
networking.interfaces.eno1.useDHCP = true;
|
||||||
|
|
||||||
# Configure network proxy if necessary
|
# Configure network proxy if necessary
|
||||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
|
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
i18n = {
|
console = {
|
||||||
consoleFont = "Lat2-Terminus16";
|
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
||||||
consoleKeyMap = "de";
|
keyMap = "de";
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
};
|
};
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [ wget vim x11vnc ];
|
environment.systemPackages = with pkgs; [
|
||||||
|
wget vim git tmux screen
|
||||||
|
chromium firefox
|
||||||
|
mpv kodi
|
||||||
|
];
|
||||||
|
|
||||||
systemd.user.services.x11vnc = {
|
systemd.user.services.x11vnc = {
|
||||||
description = "X11 VNC server";
|
description = "X11 VNC server";
|
||||||
|
@ -108,11 +115,11 @@
|
||||||
user = "k-ot";
|
user = "k-ot";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
defaultSession = "gnome-xorg";
|
||||||
};
|
};
|
||||||
services.xserver.desktopManager = {
|
services.xserver.desktopManager = {
|
||||||
gnome3.enable = true;
|
gnome3.enable = true;
|
||||||
kodi.enable = true;
|
kodi.enable = true;
|
||||||
default = "kodi";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
security.sudo = {
|
security.sudo = {
|
||||||
|
@ -123,7 +130,6 @@
|
||||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
users.groups."k-ot" = { gid = 1000; };
|
users.groups."k-ot" = { gid = 1000; };
|
||||||
users.users."k-ot" = {
|
users.users."k-ot" = {
|
||||||
password = "k-ot";
|
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
group = "k-ot";
|
group = "k-ot";
|
||||||
|
@ -133,6 +139,8 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
# This value determines the NixOS release with which your system is to be
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
# servers. You should change this only after NixOS release notes say you
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
|
|
@ -1,33 +1,27 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
boot.kernelModules = [ "kvm-intel" "wl" "forcedeth" "b43" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.kernelParams = [ "irqpoll" "hpet=off" ]; # noapic seems to improve things
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
{ device = "/dev/disk/by-uuid/4568bf11-6e40-4514-9bc9-3194a299c45f";
|
{ device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
|
||||||
fsType = "btrfs";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" =
|
||||||
{ device = "/dev/disk/by-uuid/67E3-17ED";
|
{ device = "/dev/disk/by-uuid/6490-45A0";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
zramSwap = { enable = true; priority = 1000; };
|
swapDevices = [ ];
|
||||||
swapDevices = [
|
|
||||||
{ device = "/dev/disk/by-uuid/f602ea23-99e5-416b-98d2-ef76cbc5c934";
|
|
||||||
} ];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 2;
|
nix.maxJobs = lib.mkDefault 4;
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
services.xserver.videoDriver = "nouveau";
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,164 +4,116 @@
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
{
|
||||||
ympdPort = 8080;
|
|
||||||
mpdVhost = "mpd.hq.c3d2.de";
|
|
||||||
in {
|
|
||||||
imports = [ # Include the results of the hardware scan.
|
imports = [ # Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../lib
|
|
||||||
../../lib/admins.nix
|
|
||||||
../../lib/hq.nix
|
|
||||||
./mpdConsole.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
boot.loader.grub.enable = false;
|
||||||
users = {
|
boot.loader.generic-extlinux-compatible.enable = false;
|
||||||
emery = true;
|
boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
|
||||||
k-ot = true;
|
#boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
||||||
};
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
isInHq = true;
|
|
||||||
mapHqHosts = true;
|
|
||||||
hq = {
|
|
||||||
interface = "eno1";
|
|
||||||
enableMpdProxy = true;
|
|
||||||
yggdrasi.enableGateway = true;
|
|
||||||
};
|
|
||||||
enableHail = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
boot.tmpOnTmpfs = true;
|
||||||
boot.loader.systemd-boot.enable = true;
|
nix.buildCores = 4;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
nix.maxJobs = 4;
|
||||||
boot.kernelPackages = pkgs.linuxPackages_4_19;
|
|
||||||
|
|
||||||
networking.hostName = "pulsebert"; # Define your hostname.
|
networking.hostName = "pulsebert"; # Define your hostname.
|
||||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
networking.interfaces.wlan0.useDHCP = true;
|
||||||
|
|
||||||
# Configure network proxy if necessary
|
# Configure network proxy if necessary
|
||||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
|
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
i18n = {
|
# i18n.defaultLocale = "en_US.UTF-8";
|
||||||
consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
# console = {
|
||||||
consoleKeyMap = "us";
|
# font = "Lat2-Terminus16";
|
||||||
defaultLocale = "en_US.UTF-8";
|
# keyMap = "us";
|
||||||
};
|
# };
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
# time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
# specific printer drivers for our printers
|
wget vim git
|
||||||
epson-escpr
|
raspberrypi-tools
|
||||||
splix
|
|
||||||
# utilities
|
|
||||||
nix-index
|
|
||||||
usbutils
|
|
||||||
tmux
|
|
||||||
vim
|
|
||||||
git
|
|
||||||
openssl
|
|
||||||
# NCurses Music Player Client (Plus Plus)
|
|
||||||
# a commandline front-end client for mpd
|
|
||||||
# 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
|
|
||||||
# ncmpcpp
|
|
||||||
home-manager
|
|
||||||
mumble
|
|
||||||
ncpamixer
|
|
||||||
ffmpeg
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
# started in user sessions.
|
# started in user sessions.
|
||||||
# programs.mtr.enable = true;
|
# programs.mtr.enable = true;
|
||||||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
# programs.gnupg.agent = {
|
||||||
|
# enable = true;
|
||||||
|
# enableSSHSupport = true;
|
||||||
|
# pinentryFlavor = "gnome3";
|
||||||
|
# };
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Do not log to flash:
|
||||||
|
services.journald.extraConfig = ''
|
||||||
|
Storage=volatile
|
||||||
|
'';
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
services.openssh.permitRootLogin = "yes";
|
||||||
|
security.sudo = {
|
||||||
|
enable = true;
|
||||||
|
wheelNeedsPassword = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.k-ot = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "wheel" "audio" ];
|
||||||
|
};
|
||||||
|
|
||||||
# X11 Forwarding for mumble...
|
|
||||||
programs.ssh.forwardX11 = true;
|
|
||||||
services.openssh.forwardX11 = true;
|
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
networking.firewall.allowedTCPPorts = [
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
4713 # PulseAudio
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
631 # cups
|
|
||||||
80
|
|
||||||
443 # Web/ympd
|
|
||||||
5000 # shairport
|
|
||||||
config.services.mpd.network.port
|
|
||||||
];
|
|
||||||
networking.firewall.allowedUDPPorts = [ 631 ];
|
|
||||||
networking.firewall.extraCommands = ''
|
|
||||||
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
|
|
||||||
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
|
|
||||||
''; # networking.firewall.allowedUDPPorts = [ ... ];
|
|
||||||
# Or disable the firewall altogether.
|
# Or disable the firewall altogether.
|
||||||
# networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
# Enable CUPS to print documents.
|
# Enable CUPS to print documents.
|
||||||
services.printing = {
|
# services.printing.enable = true;
|
||||||
enable = true;
|
|
||||||
browsing = true;
|
|
||||||
listenAddresses = [ "*:631" ];
|
|
||||||
defaultShared = true;
|
|
||||||
# logLevel = "debug";
|
|
||||||
drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
|
|
||||||
extraConf =
|
|
||||||
''
|
|
||||||
DefaultAuthType Basic
|
|
||||||
<Location />
|
|
||||||
Order allow,deny
|
|
||||||
Allow ALL
|
|
||||||
</Location>
|
|
||||||
<Location /admin>
|
|
||||||
Order allow,deny
|
|
||||||
Allow ALL
|
|
||||||
</Location>
|
|
||||||
<Location /admin/conf>
|
|
||||||
AuthType Basic
|
|
||||||
Require user @SYSTEM
|
|
||||||
Order allow,deny
|
|
||||||
Allow ALL
|
|
||||||
</Location>
|
|
||||||
<Policy default>
|
|
||||||
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
|
|
||||||
Require user @OWNER @SYSTEM
|
|
||||||
Order deny,allow
|
|
||||||
</Limit>
|
|
||||||
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
|
|
||||||
AuthType Basic
|
|
||||||
Require user @SYSTEM
|
|
||||||
Order deny,allow
|
|
||||||
</Limit>
|
|
||||||
<Limit Cancel-Job CUPS-Authenticate-Job>
|
|
||||||
Require user @OWNER @SYSTEM
|
|
||||||
Order deny,allow
|
|
||||||
</Limit>
|
|
||||||
<Limit All>
|
|
||||||
Order deny,allow
|
|
||||||
</Limit>
|
|
||||||
</Policy>
|
|
||||||
'';
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable sound.
|
# Enable sound.
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
hardware.pulseaudio.enable = true;
|
hardware.bluetooth = {
|
||||||
# PulseAudio as-a-Service
|
enable = true;
|
||||||
hardware.pulseaudio.systemWide = true;
|
config = {
|
||||||
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
|
Policy.AutoEnable = true;
|
||||||
"127.0.0.0/8" "::1/128"
|
General = {
|
||||||
"172.22.99.0/24" "2a02:8106:208:5201:58::/64"
|
Enable = "Source,Sink,Media,Socket";
|
||||||
];
|
#DiscoverableTimeout = 0;
|
||||||
hardware.pulseaudio.tcp.enable = true;
|
#Discoverable = true;
|
||||||
hardware.pulseaudio.zeroconf.publish.enable = true;
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
hardware.pulseaudio = {
|
||||||
|
enable = true;
|
||||||
|
systemWide = true;
|
||||||
|
tcp.enable = true;
|
||||||
|
tcp.anonymousClients.allowedIpRanges = [
|
||||||
|
"127.0.0.0/8" "::1/128"
|
||||||
|
"172.22.99.0/24" "2a02:8106:208:5201:58::/64"
|
||||||
|
];
|
||||||
|
zeroconf.publish.enable = true;
|
||||||
|
package = pkgs.pulseaudioFull;
|
||||||
|
extraModules = [ pkgs.pulseaudio-modules-bt ];
|
||||||
|
};
|
||||||
|
|
||||||
# tell Avahi to publish CUPS and PulseAudio
|
# tell Avahi to publish CUPS and PulseAudio
|
||||||
services.avahi = {
|
services.avahi = {
|
||||||
|
@ -170,9 +122,6 @@ in {
|
||||||
publish.userServices = true;
|
publish.userServices = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable Audio streaming for Mac clients
|
|
||||||
services.shairport-sync.enable = true;
|
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
# services.xserver.enable = true;
|
# services.xserver.enable = true;
|
||||||
# services.xserver.layout = "us";
|
# services.xserver.layout = "us";
|
||||||
|
@ -185,88 +134,19 @@ in {
|
||||||
# services.xserver.displayManager.sddm.enable = true;
|
# services.xserver.displayManager.sddm.enable = true;
|
||||||
# services.xserver.desktopManager.plasma5.enable = true;
|
# services.xserver.desktopManager.plasma5.enable = true;
|
||||||
|
|
||||||
security.pam.enableSSHAgentAuth = true;
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
security.sudo = {
|
# users.users.jane = {
|
||||||
enable = true;
|
# isNormalUser = true;
|
||||||
wheelNeedsPassword = false;
|
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
};
|
# };
|
||||||
|
|
||||||
users.users.k-ot.extraGroups = [ "wheel" ];
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
|
||||||
# compatible, in order to avoid breaking some software such as database
|
|
||||||
# servers. You should change this only after NixOS release notes say you
|
|
||||||
# should.
|
|
||||||
system.stateVersion = "18.09"; # Did you read the comment?
|
|
||||||
|
|
||||||
# vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
|
|
||||||
#### https://nixos.org/nixos/options.html#services.mpd.enable
|
|
||||||
# See ../../mpd.nix
|
|
||||||
services.mpd = {
|
|
||||||
enable = true;
|
|
||||||
dbFile = null;
|
|
||||||
musicDirectory = "/mnt/storage/Music";
|
|
||||||
playlistDirectory = "/home/k-ot/Playlists";
|
|
||||||
network.listenAddress = "any";
|
|
||||||
|
|
||||||
extraConfig = ''
|
|
||||||
audio_output {
|
|
||||||
type "pulse"
|
|
||||||
name "/proc"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.caddy = {
|
|
||||||
enable = true;
|
|
||||||
agree = true;
|
|
||||||
# TODO: add auth?
|
|
||||||
config = ''
|
|
||||||
${mpdVhost} {
|
|
||||||
proxy / localhost:${toString ympdPort}
|
|
||||||
}
|
|
||||||
|
|
||||||
:80 {
|
|
||||||
redir https://${mpdVhost}{uri}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/mnt/storage" = {
|
|
||||||
#device = "storage-ng.hq.c3d2.de:/mnt/zroot/storage/rpool";
|
|
||||||
#device = "storage-ng.hq.c3d2.de:/c3d2/rpool";
|
|
||||||
device =
|
|
||||||
"172.22.99.13:6789,172.22.99.15:6789,172.22.99.16:6789:/c3d2/rpool";
|
|
||||||
fsType = "ceph";
|
|
||||||
options = [
|
|
||||||
"rw"
|
|
||||||
"relatime"
|
|
||||||
"name=public"
|
|
||||||
"secret=AQDgER1chJcMORAAK1ysRTN59B5x/MyniwVXFQ=="
|
|
||||||
"acl"
|
|
||||||
"wsize=16777216"
|
|
||||||
"_netdev"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# MPD music playing daemon with webinterface
|
|
||||||
services.ympd = {
|
|
||||||
enable = true;
|
|
||||||
webPort = toString ympdPort;
|
|
||||||
};
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
|
|
||||||
ympd = ympd.overrideAttrs (oldAttrs: {
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "c3d2";
|
|
||||||
repo = "ympd";
|
|
||||||
rev = "feature/somafm_browser";
|
|
||||||
sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
|
|
||||||
};
|
|
||||||
});
|
|
||||||
};
|
|
||||||
programs.bash.shellAliases = {
|
|
||||||
mpv = "mpv --no-vid";
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,29 +1,39 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
#imports =
|
||||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
# [ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
# ];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "usbhid" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
boot.kernelParams = [
|
||||||
|
"snd_bcm2835.enable_headphones=1"
|
||||||
|
];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
{ device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
|
{ device = "/dev/disk/by-label/NIXOS_SD";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" =
|
||||||
{ device = "/dev/disk/by-uuid/6490-45A0";
|
{ device = "/dev/disk/by-label/FIRMWARE";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
hardware.enableRedistributableFirmware = true;
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
#networking.wireless.enable = true;
|
||||||
|
boot.loader.raspberryPi.firmwareConfig = ''
|
||||||
|
gpu_mem=192
|
||||||
|
dtparam=audio=on
|
||||||
|
'';
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
htop
|
|
||||||
fortune
|
|
||||||
ddate
|
|
||||||
mpv
|
|
||||||
ncmpcpp
|
|
||||||
schedtool
|
|
||||||
screen
|
|
||||||
tmux
|
|
||||||
pulsemixer
|
|
||||||
ncpamixer
|
|
||||||
python35.withPackages(ps: with ps; [ youtube-dl ])
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
let tty = "tty1";
|
|
||||||
in {
|
|
||||||
boot.extraTTYs = [ tty ];
|
|
||||||
|
|
||||||
systemd.services.ncmpcpp = {
|
|
||||||
description = "Mpd console";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
conflicts = [ "getty@${tty}.service" ];
|
|
||||||
serviceConfig = {
|
|
||||||
User = "k-ot";
|
|
||||||
ExecStart = "${pkgs.ncmpcpp}/bin/ncmpcpp";
|
|
||||||
StandardInput = "tty";
|
|
||||||
StandardOutput = "tty";
|
|
||||||
TTYPath = "/dev/${tty}";
|
|
||||||
TTYReset = true;
|
|
||||||
TTYVTDisallocate = true;
|
|
||||||
Restart = "always";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,6 +1,6 @@
|
||||||
name:
|
name:
|
||||||
|
|
||||||
let yggaddr = import ../yggaddr.nix;
|
let yggaddr = import ../../../lib/server7-yggaddr.nix;
|
||||||
in {
|
in {
|
||||||
# These the container defaults from the perspective of the host.
|
# These the container defaults from the perspective of the host.
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,20 @@ name:
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.interfaces.eth0 = {
|
||||||
|
ipv4 = {
|
||||||
|
addresses = [{
|
||||||
|
address = "172.22.99.20";
|
||||||
|
prefixLength = 24;
|
||||||
|
}];
|
||||||
|
routes = [{
|
||||||
|
address = "0.0.0.0";
|
||||||
|
prefixLength = 0;
|
||||||
|
via = "172.22.99.1";
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let yggaddr = import ./yggaddr.nix;
|
let yggaddr = import ../../lib/server7-yggaddr.nix;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
# <nixpkgs/nixos/modules/profiles/minimal.nix>
|
|
||||||
../../lib
|
../../lib
|
||||||
../../lib/default-gateway.nix
|
../../lib/default-gateway.nix
|
||||||
./borgbackup.nix
|
./borgbackup.nix
|
||||||
|
@ -13,8 +12,10 @@ in {
|
||||||
./nix-serve.nix
|
./nix-serve.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
email = " mail@c3d2.de";
|
email = "mail@c3d2.de";
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -32,7 +33,8 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/srv/ceph" = {
|
fileSystems."/srv/ceph" = {
|
||||||
device = "172.22.99.13:6789:/";
|
#device = "172.22.99.13:6789:/";
|
||||||
|
device = "172.20.72.53:6789:/";
|
||||||
fsType = "ceph";
|
fsType = "ceph";
|
||||||
options = [
|
options = [
|
||||||
"name=storage2"
|
"name=storage2"
|
||||||
|
@ -45,20 +47,47 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/ceph/osd/ceph-7" = { fsType = "tmpfs"; };
|
||||||
|
|
||||||
# Route IPv6
|
# Route IPv6
|
||||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||||
# Obtain global IPv6 despite being a router myself
|
# Obtain global IPv6 despite being a router myself
|
||||||
boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;
|
boot.kernel.sysctl."net.ipv6.conf.br0.accept_ra" = 2;
|
||||||
|
|
||||||
services.yggdrasil = {
|
services.yggdrasil = {
|
||||||
enable = true;
|
enable = true;
|
||||||
configFile = "/var/lib/yggdrasil/keys";
|
configFile = "/var/lib/yggdrasil/keys";
|
||||||
config.Peers = [
|
config = {
|
||||||
"tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
|
Peers = [
|
||||||
"tcp://ygg.thingylabs.io:443" # Nürnberg
|
|
||||||
"tcp://176.223.130.120:22632" # Wrocław
|
# Deutschland
|
||||||
"tcp://[2a05:9403::8b]:7743" # Praha
|
"tcp://45.11.19.26:5001"
|
||||||
];
|
"tcp://82.165.69.111:61216"
|
||||||
|
"tcp://[2001:8d8:1800:8224::1]:61216"
|
||||||
|
|
||||||
|
# Czechia
|
||||||
|
"tcp://195.123.245.146:7743"
|
||||||
|
"tcp://37.205.14.171:46370"
|
||||||
|
"tcp://[2a03:3b40:fe:ab::1]:46370"
|
||||||
|
"tcp://[2a05:9403::8b]:7743"
|
||||||
|
|
||||||
|
# Poland
|
||||||
|
"tcp://176.223.130.120:22632"
|
||||||
|
"tcp://51.75.44.73:50001"
|
||||||
|
"tcp://54.37.137.221:37145"
|
||||||
|
"tcp://[2001:41d0:601:1100::cf2]:37145"
|
||||||
|
"tcp://n2o.ddns.net:22632"
|
||||||
|
"tls://54.37.137.221:14987"
|
||||||
|
"tls://[2001:41d0:601:1100::cf2]:14987"
|
||||||
|
|
||||||
|
];
|
||||||
|
NodeInfo = {
|
||||||
|
location = "Dresden";
|
||||||
|
name = "server7.y.c3d2.de";
|
||||||
|
admin =
|
||||||
|
"toxid:DF0AC9107E0A30E7201C6832B017AC836FBD1EDAC390EE99B68625D73C3FD929FB47F1872CA4";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
@ -188,4 +217,10 @@ in {
|
||||||
# allow the old hydra to build here
|
# allow the old hydra to build here
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HuDlyTlPC4rCjwhklY8kiYIxdgPhiu6wxs29ksnpKZmJa2R7qoD02N3ACm9cTb1GVkIWukAXI3KvU9h08+WLQJqUH0cHVBj3V1sDYmkN2QecE59gz3e1gfN3zPtwmQEUe6xvHWK3X3qdH45pGPUtxk1eDTZl45037C0NClWF7RXI4m6UXng4bL9wnPvoVqCI+ySsNWaTkHDLE/D9s/VrqGxJ1w2KiJb1F73g9/x/zjL8Ixb16wkPmLE0e50MQAQa7EMFTyPZoEskFnEviLYXM9pDexABAjJfbfZ39lLyMgVYGwnzEDbjDlm68dE6wQWUY1OV6wbt8uYreB2IRrlb root@hydra"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HuDlyTlPC4rCjwhklY8kiYIxdgPhiu6wxs29ksnpKZmJa2R7qoD02N3ACm9cTb1GVkIWukAXI3KvU9h08+WLQJqUH0cHVBj3V1sDYmkN2QecE59gz3e1gfN3zPtwmQEUe6xvHWK3X3qdH45pGPUtxk1eDTZl45037C0NClWF7RXI4m6UXng4bL9wnPvoVqCI+ySsNWaTkHDLE/D9s/VrqGxJ1w2KiJb1F73g9/x/zjL8Ixb16wkPmLE0e50MQAQa7EMFTyPZoEskFnEviLYXM9pDexABAjJfbfZ39lLyMgVYGwnzEDbjDlm68dE6wQWUY1OV6wbt8uYreB2IRrlb root@hydra"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.dhcpd4 = {
|
||||||
|
enable = false;
|
||||||
|
interfaces = [ "br0" ];
|
||||||
|
extraConfig = "not authoritative;";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,70 +1,59 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
# imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules =
|
boot.initrd.availableKernelModules =
|
||||||
[ "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
|
[ "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "/dev/disk/by-uuid/f14628ce-0f13-4544-9197-0ddda291f48f";
|
device = "/dev/disk/by-uuid/f14628ce-0f13-4544-9197-0ddda291f48f";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/ceph/osd/ceph-7" = {
|
||||||
|
device = "tmpfs";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/disk/by-uuid/9812-00B2";
|
device = "/dev/disk/by-uuid/9812-00B2";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/zones/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3/cores" = {
|
|
||||||
device = "nvme0n1/cores/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1" = {
|
fileSystems."/nvme0n1" = {
|
||||||
device = "nvme0n1";
|
device = "nvme0n1";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/zones/9f467f1e-000b-e771-e117-b32261e48220/cores" = {
|
|
||||||
device = "nvme0n1/cores/9f467f1e-000b-e771-e117-b32261e48220";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/archive" = {
|
|
||||||
device = "nvme0n1/archive";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/9a9880d3-82db-c500-fcaa-d4e5a5cc617d/cores" = {
|
|
||||||
device = "nvme0n1/cores/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5/cores" = {
|
|
||||||
device = "nvme0n1/cores/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/global/cores" = {
|
|
||||||
device = "nvme0n1/cores/global";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/zones/b090f14b-0a60-4451-e82a-c5291e5951de/cores" = {
|
fileSystems."/zones/b090f14b-0a60-4451-e82a-c5291e5951de/cores" = {
|
||||||
device = "nvme0n1/cores/b090f14b-0a60-4451-e82a-c5291e5951de";
|
device = "nvme0n1/cores/b090f14b-0a60-4451-e82a-c5291e5951de";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/zones/3516ab22-69b0-e327-95ec-f9be8852ee44/cores" = {
|
fileSystems."/zones/9a9880d3-82db-c500-fcaa-d4e5a5cc617d/cores" = {
|
||||||
device = "nvme0n1/cores/3516ab22-69b0-e327-95ec-f9be8852ee44";
|
device = "nvme0n1/cores/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/zones/archive" = {
|
||||||
|
device = "nvme0n1/archive";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/zones/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5/cores" = {
|
||||||
|
device = "nvme0n1/cores/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/zones/9f467f1e-000b-e771-e117-b32261e48220/cores" = {
|
||||||
|
device = "nvme0n1/cores/9f467f1e-000b-e771-e117-b32261e48220";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -73,11 +62,36 @@
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/zones/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3/cores" = {
|
||||||
|
device = "nvme0n1/cores/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/zones/3516ab22-69b0-e327-95ec-f9be8852ee44/cores" = {
|
||||||
|
device = "nvme0n1/cores/3516ab22-69b0-e327-95ec-f9be8852ee44";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/zones/global/cores" = {
|
||||||
|
device = "nvme0n1/cores/global";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/nvme0n1/c3d2.de" = {
|
fileSystems."/nvme0n1/c3d2.de" = {
|
||||||
device = "nvme0n1/c3d2.de";
|
device = "nvme0n1/c3d2.de";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3" = {
|
||||||
|
device = "nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317" = {
|
||||||
|
device = "nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de" = {
|
fileSystems."/nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de" = {
|
||||||
device = "nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de";
|
device = "nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
|
@ -88,43 +102,13 @@
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d" = {
|
|
||||||
device = "nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3" = {
|
|
||||||
device = "nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/c3d2.de/admin" = {
|
|
||||||
device = "nvme0n1/c3d2.de/admin";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/c3d2.de/templates" = {
|
|
||||||
device = "nvme0n1/c3d2.de/templates";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89" = {
|
|
||||||
device = "nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4" = {
|
fileSystems."/nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4" = {
|
||||||
device = "nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4";
|
device = "nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75" = {
|
fileSystems."/nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d" = {
|
||||||
device = "nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75";
|
device = "nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nvme0n1/9f467f1e-000b-e771-e117-b32261e48220" = {
|
|
||||||
device = "nvme0n1/9f467f1e-000b-e771-e117-b32261e48220";
|
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -133,8 +117,8 @@
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317" = {
|
fileSystems."/nvme0n1/9f467f1e-000b-e771-e117-b32261e48220" = {
|
||||||
device = "nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317";
|
device = "nvme0n1/9f467f1e-000b-e771-e117-b32261e48220";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -143,8 +127,8 @@
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9" = {
|
fileSystems."/nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89" = {
|
||||||
device = "nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9";
|
device = "nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -153,11 +137,31 @@
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9" = {
|
||||||
|
device = "nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d" = {
|
fileSystems."/nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d" = {
|
||||||
device = "nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d";
|
device = "nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/nvme0n1/c3d2.de/admin" = {
|
||||||
|
device = "nvme0n1/c3d2.de/admin";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75" = {
|
||||||
|
device = "nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nvme0n1/c3d2.de/templates" = {
|
||||||
|
device = "nvme0n1/c3d2.de/templates";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f" = {
|
fileSystems."/nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f" = {
|
||||||
device = "nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f";
|
device = "nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
|
@ -170,7 +174,6 @@
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 10;
|
nix.maxJobs = lib.mkDefault 40;
|
||||||
nix.buildCores = lib.mkDefault 40;
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,15 +10,17 @@
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts = {
|
virtualHosts = let
|
||||||
"cache.server7.hq.c3d2.de" = {
|
vhost.locations."/".proxyPass =
|
||||||
|
"http://${config.services.nix-serve.bindAddress}:${
|
||||||
|
toString config.services.nix-serve.port
|
||||||
|
}";
|
||||||
|
in {
|
||||||
|
"cache.server7.hq.c3d2.de" = vhost // {
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/".proxyPass =
|
|
||||||
"http://${config.services.nix-serve.bindAddress}:${
|
|
||||||
toString config.services.nix-serve.port
|
|
||||||
}";
|
|
||||||
};
|
};
|
||||||
|
"nix-serve.y.c3d2.de" = vhost;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let yggaddr = import ./yggaddr.nix;
|
let yggaddr = import ../../lib/server7-yggaddr.nix;
|
||||||
in {
|
in {
|
||||||
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
||||||
|
|
||||||
|
@ -15,6 +15,7 @@ in {
|
||||||
interface enp2s0f1
|
interface enp2s0f1
|
||||||
{
|
{
|
||||||
AdvSendAdvert on;
|
AdvSendAdvert on;
|
||||||
|
AdvRouteLifetime 0;
|
||||||
prefix ${yggaddr.prefix}:/64 {
|
prefix ${yggaddr.prefix}:/64 {
|
||||||
AdvOnLink on;
|
AdvOnLink on;
|
||||||
AdvAutonomous on;
|
AdvAutonomous on;
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
hosts/containers/grafana/configuration.nix
|
hosts/containers/grafana/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "grafana.hq.c3d2.de";
|
targetHost = "grafana.serv.zentralwerk.dn42";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
hosts/containers/public-access-proxy/configuration.nix
|
hosts/containers/public-access-proxy/configuration.nix
|
||||||
];
|
];
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "2a02:8106:208:5201:1024:5fff:febd:9be7";
|
targetHost = "172.20.73.45";
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
14
krops.nix
14
krops.nix
|
@ -31,4 +31,18 @@ in {
|
||||||
scrape = deployContainer "scrape" "172.20.73.32";
|
scrape = deployContainer "scrape" "172.20.73.32";
|
||||||
ledstripes = deployContainer "ledstripes" "172.22.99.168";
|
ledstripes = deployContainer "ledstripes" "172.22.99.168";
|
||||||
freifunk = deployContainer "freifunk" "172.20.72.40";
|
freifunk = deployContainer "freifunk" "172.20.72.40";
|
||||||
|
kibana = deployContainer "kibana" "172.20.73.44";
|
||||||
|
|
||||||
|
glotzbert = pkgs.krops.writeDeploy "glotzbert" {
|
||||||
|
source = hostSource "glotzbert";
|
||||||
|
target = lib.mkTarget "k-ot@glotzbert.hq.c3d2.de" // {
|
||||||
|
sudo = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
pulsebert = pkgs.krops.writeDeploy "pulsebert" {
|
||||||
|
source = hostSource "pulsebert";
|
||||||
|
target = lib.mkTarget "k-ot@pulsebert.hq.c3d2.de" // {
|
||||||
|
sudo = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@ let
|
||||||
hqPrefix64 = "fd23:42:c3d2:523";
|
hqPrefix64 = "fd23:42:c3d2:523";
|
||||||
# TODO: Is this stable? Is there a better place to specifiy this?
|
# TODO: Is this stable? Is there a better place to specifiy this?
|
||||||
|
|
||||||
server7Ygg = import ../hosts/server7/yggaddr.nix;
|
server7Ygg = import ./server7-yggaddr.nix;
|
||||||
|
|
||||||
# Generate a deterministic IPv6 address for a 64 bit prefix
|
# Generate a deterministic IPv6 address for a 64 bit prefix
|
||||||
# and seed string. Prefix must not contain trailing ':'.
|
# and seed string. Prefix must not contain trailing ':'.
|
||||||
|
@ -257,7 +257,7 @@ in {
|
||||||
File STDOUT
|
File STDOUT
|
||||||
'';
|
'';
|
||||||
network = ''
|
network = ''
|
||||||
Server "grafana.hq.c3d2.de" "25826"
|
Server "grafana.serv.zentralwerk.dn42" "25826"
|
||||||
'';
|
'';
|
||||||
memory = "";
|
memory = "";
|
||||||
processes = "";
|
processes = "";
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [
|
||||||
[ <nixpkgs/nixos/modules/profiles/minimal.nix>
|
(modulesPath + "/profiles/minimal.nix")
|
||||||
<nixpkgs/nixos/modules/profiles/docker-container.nix>
|
(modulesPath + "/profiles/docker-container.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.networkmanager.dns = "unbound";
|
networking.networkmanager.dns = "unbound";
|
||||||
networking.useHostResolvConf = false;
|
networking.useHostResolvConf = false;
|
||||||
|
@ -12,10 +12,13 @@
|
||||||
nix.useSandbox = false;
|
nix.useSandbox = false;
|
||||||
nix.maxJobs = lib.mkDefault 1;
|
nix.maxJobs = lib.mkDefault 1;
|
||||||
nix.buildCores = lib.mkDefault 4;
|
nix.buildCores = lib.mkDefault 4;
|
||||||
|
networking.useNetworkd = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
|
services.resolved.enable = false;
|
||||||
|
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||||
|
|
||||||
networking.interfaces.eth0 = {
|
networking.interfaces.eth0 = {
|
||||||
useDHCP = true;
|
useDHCP = false;
|
||||||
preferTempAddress = false;
|
preferTempAddress = false;
|
||||||
};
|
};
|
||||||
systemd.network.networks."40-eth0" = {
|
systemd.network.networks."40-eth0" = {
|
||||||
|
|
2
secrets
2
secrets
|
@ -1 +1 @@
|
||||||
Subproject commit edfc43c84dfd93bb7df12d2125ba94bf3f6d1081
|
Subproject commit 0efb7df81d358c033a72fcc0c65016ff86f54858
|
Loading…
Reference in New Issue