Default microvm mounts to etc, home, var; random cleanups

pull/105/head
Sandro - 2022-12-18 22:16:29 +01:00
parent 62deb81a62
commit 8e5f6731d4
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
29 changed files with 134 additions and 193 deletions

View File

@ -1,12 +1,7 @@
{ config, ... }:
{
c3d2 = {
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
};
c3d2.deployment.server = "server10";
system.stateVersion = "22.05";

View File

@ -20,26 +20,23 @@ in
c3d2 = {
isInHq = false;
hq.statistics.enable = true;
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
deployment.server = "server10";
};
system.stateVersion = "22.05";
networking.hostName = "bind";
networking.firewall.allowedTCPPorts = [
# DNS
53
# HTTP(s)
80 443
];
networking.firewall.allowedUDPPorts = [
# DNS
53
];
networking = {
hostName = "bind";
firewall = {
allowedTCPPorts = [
53 # DNS
80 443 # HTTP(s)
];
allowedUDPPorts = [
53 # DNS
];
};
};
# DNS server
services.bind = {

View File

@ -1,11 +1,9 @@
{ config, ... }:
{
microvm.mem = 2048;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
system.stateVersion = "22.05";
c3d2.deployment.server = "server10";
networking = {
hostName = "blogs";
firewall.allowedTCPPorts = [
@ -27,10 +25,14 @@
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."blogs.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:7878";
services.nginx = {
enable = true;
virtualHosts."blogs.c3d2.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:7878";
};
};
system.stateVersion = "22.05";
}

View File

@ -12,12 +12,7 @@ let
mqttWebsocketPort = 9001;
in
{
c3d2 = {
deployment = {
server = "server10";
mounts = [ "etc" "var"];
};
};
c3d2.deployment.server = "server10";
microvm.mem = 1024;

View File

@ -5,15 +5,15 @@ let
deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service";
in
{
microvm.vcpu = 8;
microvm.mem = 1024;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
microvm = {
vcpu = 8;
mem = 1024;
};
c3d2.deployment.server = "server10";
boot.tmpOnTmpfs = true;
system.stateVersion = "22.05";
# Network setup
networking.hostName = "c3d2-web";
networking.firewall.allowedTCPPorts = [
# telme10
@ -154,17 +154,22 @@ in
};
# Build user
users.groups.c3d2-web = {};
users.users.c3d2-web = {
isSystemUser = true;
group = "c3d2-web";
home = "/var/lib/c3d2-web";
};
users.groups.telme10 = {};
users.users.telme10 = {
isSystemUser = true;
group = "telme10";
users = {
groups = {
c3d2-web = { };
telme10 = { };
};
users = {
c3d2-web = {
isSystemUser = true;
group = "c3d2-web";
home = "/var/lib/c3d2-web";
};
telme10 = {
isSystemUser = true;
group = "telme10";
};
};
};
systemd.tmpfiles.rules = with config.users.users.c3d2-web; [

View File

@ -3,10 +3,9 @@
{
system.stateVersion = "22.05";
c3d2.hq.statistics.enable = true;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
c3d2 = {
deployment.server = "server10";
hq.statistics.enable = true;
};
microvm = {
vcpu = 8;

View File

@ -1,27 +1,31 @@
{ config, pkgs, ... }:
{
networking.hostName = "direkthilfe";
microvm.mem = 1024;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
c3d2.deployment.server = "server10";
networking = {
firewall.allowedTCPPorts = [ 22 80 443 ];
hostName = "direkthilfe";
};
service.openssh = {
enable = true;
extraConfig = ''
Match Group sftponly
# ChrootDirectory /home/%u
ForceCommand internal-sftp
AllowTcpForwarding no
'';
};
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
services.openssh.enable = true;
services.openssh.extraConfig = ''
Match Group sftponly
# ChrootDirectory /home/%u
ForceCommand internal-sftp
AllowTcpForwarding no
'';
users.groups.sftponly = {};
users.users.hilfe = {
isNormalUser = true;
group = "users";
extraGroups = [ "sftponly" ];
};
environment.systemPackages = with pkgs; [ vim git ];
services.engelsystem = {

View File

@ -18,11 +18,9 @@ in {
interface = "c3d2";
statistics.enable = true;
};
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
deployment.server = "server10";
};
services.collectd.plugins.exec =
let
routecount = pkgs.writeScript "run-routecount" ''

View File

@ -1,12 +1,7 @@
{ config, lib, ... }:
{
c3d2 = {
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
};
c3d2.deployment.server = "server10";
microvm.mem = 8 * 1024;

View File

@ -43,7 +43,6 @@ in {
hq.statistics.enable = true;
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
autoNetSetup = false;
};
};

View File

@ -1,23 +1,18 @@
{ config, pkgs, ... }:
{
c3d2 = {
deployment = {
server = "server9";
mounts = [ "etc" "var"];
};
};
c3d2.deployment.server = "server9";
microvm.mem = 1024;
microvm.shares = [
{
microvm = {
mem = 1024;
shares = [{
tag = "ftp";
source = "/tank/storage/ftp";
mountPoint = "/var/www";
proto = "virtiofs";
socket = "ftp.socket";
}
];
}];
};
networking = {
hostName = "ftp";

View File

@ -1,12 +1,7 @@
{ config, pkgs, lib, zentralwerk, ... }:
{
c3d2 = {
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
};
c3d2.deployment.server = "server10";
microvm.mem = 4 * 1024;

View File

@ -1,14 +1,11 @@
{ config, pkgs, ... }:
let
restartServices = [ "grafana" "influxdb" ];
in {
{
microvm.mem = 4096;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
c3d2 = {
deployment.server = "server10";
isInHq = false;
};
c3d2.isInHq = false;
services.openssh.enable = true;
@ -91,7 +88,7 @@ in {
Restart = "always";
};
}
) {} restartServices
) {} [ "grafana" "influxdb" ]
// {
# work around our slow storage that can't keep up
influxdb.serviceConfig.LimitNOFILE = "1048576:1048576";

View File

@ -1,12 +1,7 @@
{ config, pkgs, zentralwerk, ... }:
{
c3d2 = {
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
};
c3d2.deployment.server = "server10";
microvm.mem = 1024;

View File

@ -37,13 +37,11 @@ in
};
c3d2 = {
isInHq = false;
deployment.server = "server10";
hq.statistics.enable = true;
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
isInHq = false;
};
services.collectd.plugins.exec = ''
Exec "${config.services.collectd.user}" "${pkgs.ruby}/bin/ruby" "${./prosody-stats.rb}"
'';

View File

@ -42,12 +42,9 @@ in
};
c3d2 = {
isInHq = false;
deployment.server = "server10";
hq.statistics.enable = true;
deployment = {
server = "server10";
mounts = [ "etc" "var" ];
};
isInHq = false;
};
sops.defaultSopsFile = ./secrets.yaml;

View File

@ -1,17 +1,10 @@
{ pkgs, ... }:
{
c3d2 = {
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
};
c3d2.deployment.server = "server10";
microvm.mem = 2 * 1024;
system.stateVersion = "22.05";
networking = {
hostName = "matemat";
firewall.allowedTCPPorts = [ 80 443 ];
@ -56,4 +49,6 @@
from = "nek0@c3d2.de";
};
};
system.stateVersion = "22.05";
}

View File

@ -1,14 +1,13 @@
{ config, lib, pkgs, ... }:
{
networking.hostName = "mediawiki";
networking.firewall.allowedTCPPorts = [ 80 443 ];
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var" ];
networking = {
firewall.allowedTCPPorts = [ 80 443 ];
hostName = "mediawiki";
};
c3d2.deployment.server = "server10";
services.postgresql =
let
cfg = config.services.mediawiki;

View File

@ -1,12 +1,12 @@
{ config, pkgs, ... }:
{
c3d2.isInHq = false;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
c3d2 = {
deployment.server = "server10";
isInHq = false;
};
microvm.mem = 2048;
system.stateVersion = "22.05";
networking = {
hostName = "mobilizon";
firewall.allowedTCPPorts = [ 80 443 ];
@ -47,4 +47,6 @@
enableACME = true;
};
};
system.stateVersion = "22.05";
}

View File

@ -1,12 +1,9 @@
{ zentralwerk, pkgs, ... }:
{
system.stateVersion = "22.05";
c3d2.hq.statistics.enable = true;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
c3d2 = {
hq.statistics.enable = true;
deployment.server = "server10";
};
networking = {
@ -27,4 +24,6 @@
};
};
};
system.stateVersion = "22.05";
}

View File

@ -25,10 +25,8 @@ in {
autoCreate = false;
}) nfsExports;
};
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
c3d2.deployment.server = "server10";
fileSystems = builtins.foldl' (fileSystems: export: fileSystems // {
"/${export}".options = [ "relatime" "discard" ];

View File

@ -9,12 +9,13 @@
mac = "de:ec:9a:6f:3f:63";
}];
c3d2.mergeNncpSettings = false;
c3d2.hq.statistics.enable = true;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var" ];
autoNetSetup = false;
c3d2 = {
deployment = {
server = "server10";
autoNetSetup = false;
};
hq.statistics.enable = true;
mergeNncpSettings = false;
};
system.stateVersion = "22.05";
@ -68,5 +69,4 @@
extraArgs = [ "-autotoss" ];
};
};
}

View File

@ -4,10 +4,7 @@ let
ratsinfo-scraper = import oparl-scraper { inherit pkgs; };
in
{
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
c3d2.deployment.server = "server10";
microvm.mem = 1024;
networking.hostName = "oparl";

View File

@ -6,10 +6,7 @@
./stats.nix
];
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
};
c3d2.deployment.server = "server10";
networking.hostName = "public-access-proxy";

View File

@ -12,10 +12,7 @@ let
in {
c3d2 = {
isInHq = false;
deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
deployment.server = "server10";
};
networking.hostName = "scrape";

View File

@ -1,22 +1,17 @@
_:
{
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
c3d2.deployment.server = "server10";
networking = {
firewall.enable = false;
hostName = "spaceapi";
};
networking.hostName = "spaceapi";
networking.firewall.enable = false;
services.spaceapi = { enable = true; };
services.spaceapi.enable = true;
# HACK for ekg-json-0.1.0.6 nixos-22.05
nixpkgs.config.allowBroken = true;
# nixpkgs.config.allowBroken = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.03"; # Did you read the comment?
system.stateVersion = "19.03";
}

View File

@ -3,10 +3,9 @@
{
system.stateVersion = "22.05";
c3d2.hq.statistics.enable = true;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "var"];
c3d2 = {
deployment.server = "server10";
hq.statistics.enable = true;
};
networking = {

View File

@ -3,10 +3,7 @@
{
networking.hostName = "zengel";
microvm.mem = 1024;
c3d2.deployment = {
server = "server10";
mounts = [ "etc" "home" "var"];
};
c3d2.deployment.server = "server10";
networking.firewall.allowedTCPPorts = [ 80 443 ];

View File

@ -56,7 +56,7 @@ in
mounts = mkOption {
description = "Persistent filesystems to create, without leading /.";
type = with types; listOf str;
default = [ "etc" ];
default = [ "etc" "home" "var" ];
};
mountBase = mkOption {