diff --git a/hosts/auth/default.nix b/hosts/auth/default.nix index eb535c3c..d30841f5 100644 --- a/hosts/auth/default.nix +++ b/hosts/auth/default.nix @@ -1,12 +1,7 @@ { config, ... }: { - c3d2 = { - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; - }; + c3d2.deployment.server = "server10"; system.stateVersion = "22.05"; diff --git a/hosts/bind/default.nix b/hosts/bind/default.nix index aec76fdf..c3b3813a 100644 --- a/hosts/bind/default.nix +++ b/hosts/bind/default.nix @@ -20,26 +20,23 @@ in c3d2 = { isInHq = false; hq.statistics.enable = true; - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; + deployment.server = "server10"; }; system.stateVersion = "22.05"; - networking.hostName = "bind"; - - networking.firewall.allowedTCPPorts = [ - # DNS - 53 - # HTTP(s) - 80 443 - ]; - networking.firewall.allowedUDPPorts = [ - # DNS - 53 - ]; + networking = { + hostName = "bind"; + firewall = { + allowedTCPPorts = [ + 53 # DNS + 80 443 # HTTP(s) + ]; + allowedUDPPorts = [ + 53 # DNS + ]; + }; + }; # DNS server services.bind = { diff --git a/hosts/blogs/default.nix b/hosts/blogs/default.nix index 357bf17a..4a8c9f16 100644 --- a/hosts/blogs/default.nix +++ b/hosts/blogs/default.nix @@ -1,11 +1,9 @@ { config, ... }: + { microvm.mem = 2048; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; - system.stateVersion = "22.05"; + c3d2.deployment.server = "server10"; + networking = { hostName = "blogs"; firewall.allowedTCPPorts = [ @@ -27,10 +25,14 @@ }; }; - services.nginx.enable = true; - services.nginx.virtualHosts."blogs.c3d2.de" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:7878"; + services.nginx = { + enable = true; + virtualHosts."blogs.c3d2.de" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:7878"; + }; }; + + system.stateVersion = "22.05"; } diff --git a/hosts/broker/default.nix b/hosts/broker/default.nix index 3c31cc64..7d275869 100644 --- a/hosts/broker/default.nix +++ b/hosts/broker/default.nix @@ -12,12 +12,7 @@ let mqttWebsocketPort = 9001; in { - c3d2 = { - deployment = { - server = "server10"; - mounts = [ "etc" "var"]; - }; - }; + c3d2.deployment.server = "server10"; microvm.mem = 1024; diff --git a/hosts/c3d2-web/default.nix b/hosts/c3d2-web/default.nix index 10e7fb41..4739845c 100644 --- a/hosts/c3d2-web/default.nix +++ b/hosts/c3d2-web/default.nix @@ -5,15 +5,15 @@ let deployCommand = "${pkgs.systemd}/bin/systemctl start deploy-c3d2-web.service"; in { - microvm.vcpu = 8; - microvm.mem = 1024; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; + microvm = { + vcpu = 8; + mem = 1024; }; + c3d2.deployment.server = "server10"; + boot.tmpOnTmpfs = true; system.stateVersion = "22.05"; - # Network setup + networking.hostName = "c3d2-web"; networking.firewall.allowedTCPPorts = [ # telme10 @@ -154,17 +154,22 @@ in }; # Build user - users.groups.c3d2-web = {}; - users.users.c3d2-web = { - isSystemUser = true; - group = "c3d2-web"; - home = "/var/lib/c3d2-web"; - }; - - users.groups.telme10 = {}; - users.users.telme10 = { - isSystemUser = true; - group = "telme10"; + users = { + groups = { + c3d2-web = { }; + telme10 = { }; + }; + users = { + c3d2-web = { + isSystemUser = true; + group = "c3d2-web"; + home = "/var/lib/c3d2-web"; + }; + telme10 = { + isSystemUser = true; + group = "telme10"; + }; + }; }; systemd.tmpfiles.rules = with config.users.users.c3d2-web; [ diff --git a/hosts/caveman/default.nix b/hosts/caveman/default.nix index ea127a8c..7caa449d 100644 --- a/hosts/caveman/default.nix +++ b/hosts/caveman/default.nix @@ -3,10 +3,9 @@ { system.stateVersion = "22.05"; - c3d2.hq.statistics.enable = true; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "var"]; + c3d2 = { + deployment.server = "server10"; + hq.statistics.enable = true; }; microvm = { vcpu = 8; diff --git a/hosts/direkthilfe/default.nix b/hosts/direkthilfe/default.nix index e289dc4a..c9276448 100644 --- a/hosts/direkthilfe/default.nix +++ b/hosts/direkthilfe/default.nix @@ -1,27 +1,31 @@ { config, pkgs, ... }: { - networking.hostName = "direkthilfe"; microvm.mem = 1024; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; + c3d2.deployment.server = "server10"; + + networking = { + firewall.allowedTCPPorts = [ 22 80 443 ]; + hostName = "direkthilfe"; + }; + + service.openssh = { + enable = true; + extraConfig = '' + Match Group sftponly + # ChrootDirectory /home/%u + ForceCommand internal-sftp + AllowTcpForwarding no + ''; }; - networking.firewall.allowedTCPPorts = [ 22 80 443 ]; - services.openssh.enable = true; - services.openssh.extraConfig = '' - Match Group sftponly - # ChrootDirectory /home/%u - ForceCommand internal-sftp - AllowTcpForwarding no - ''; users.groups.sftponly = {}; users.users.hilfe = { isNormalUser = true; group = "users"; extraGroups = [ "sftponly" ]; }; + environment.systemPackages = with pkgs; [ vim git ]; services.engelsystem = { diff --git a/hosts/dn42/default.nix b/hosts/dn42/default.nix index f2db903a..e37bac5c 100644 --- a/hosts/dn42/default.nix +++ b/hosts/dn42/default.nix @@ -18,11 +18,9 @@ in { interface = "c3d2"; statistics.enable = true; }; - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; + deployment.server = "server10"; }; + services.collectd.plugins.exec = let routecount = pkgs.writeScript "run-routecount" '' diff --git a/hosts/factorio/default.nix b/hosts/factorio/default.nix index 9a7109ff..0c5c04ad 100644 --- a/hosts/factorio/default.nix +++ b/hosts/factorio/default.nix @@ -1,12 +1,7 @@ { config, lib, ... }: { - c3d2 = { - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; - }; + c3d2.deployment.server = "server10"; microvm.mem = 8 * 1024; diff --git a/hosts/freifunk/default.nix b/hosts/freifunk/default.nix index 5adbc422..6f2efd34 100644 --- a/hosts/freifunk/default.nix +++ b/hosts/freifunk/default.nix @@ -43,7 +43,6 @@ in { hq.statistics.enable = true; deployment = { server = "server10"; - mounts = [ "etc" "home" "var"]; autoNetSetup = false; }; }; diff --git a/hosts/ftp/default.nix b/hosts/ftp/default.nix index 63afffdb..ce9529f8 100644 --- a/hosts/ftp/default.nix +++ b/hosts/ftp/default.nix @@ -1,23 +1,18 @@ { config, pkgs, ... }: { - c3d2 = { - deployment = { - server = "server9"; - mounts = [ "etc" "var"]; - }; - }; + c3d2.deployment.server = "server9"; - microvm.mem = 1024; - microvm.shares = [ - { + microvm = { + mem = 1024; + shares = [{ tag = "ftp"; source = "/tank/storage/ftp"; mountPoint = "/var/www"; proto = "virtiofs"; socket = "ftp.socket"; - } - ]; + }]; + }; networking = { hostName = "ftp"; diff --git a/hosts/gitea/default.nix b/hosts/gitea/default.nix index 0b32c641..1cae55b9 100644 --- a/hosts/gitea/default.nix +++ b/hosts/gitea/default.nix @@ -1,12 +1,7 @@ { config, pkgs, lib, zentralwerk, ... }: { - c3d2 = { - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; - }; + c3d2.deployment.server = "server10"; microvm.mem = 4 * 1024; diff --git a/hosts/grafana/default.nix b/hosts/grafana/default.nix index 936cce9c..63f928db 100644 --- a/hosts/grafana/default.nix +++ b/hosts/grafana/default.nix @@ -1,14 +1,11 @@ { config, pkgs, ... }: -let - restartServices = [ "grafana" "influxdb" ]; -in { +{ microvm.mem = 4096; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; + c3d2 = { + deployment.server = "server10"; + isInHq = false; }; - c3d2.isInHq = false; services.openssh.enable = true; @@ -91,7 +88,7 @@ in { Restart = "always"; }; } - ) {} restartServices + ) {} [ "grafana" "influxdb" ] // { # work around our slow storage that can't keep up influxdb.serviceConfig.LimitNOFILE = "1048576:1048576"; diff --git a/hosts/hedgedoc/default.nix b/hosts/hedgedoc/default.nix index 74525e36..db65bbe1 100644 --- a/hosts/hedgedoc/default.nix +++ b/hosts/hedgedoc/default.nix @@ -1,12 +1,7 @@ { config, pkgs, zentralwerk, ... }: { - c3d2 = { - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; - }; + c3d2.deployment.server = "server10"; microvm.mem = 1024; diff --git a/hosts/jabber/default.nix b/hosts/jabber/default.nix index 5ad26a50..2c520392 100644 --- a/hosts/jabber/default.nix +++ b/hosts/jabber/default.nix @@ -37,13 +37,11 @@ in }; c3d2 = { - isInHq = false; + deployment.server = "server10"; hq.statistics.enable = true; - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; + isInHq = false; }; + services.collectd.plugins.exec = '' Exec "${config.services.collectd.user}" "${pkgs.ruby}/bin/ruby" "${./prosody-stats.rb}" ''; diff --git a/hosts/mailtngbert/default.nix b/hosts/mailtngbert/default.nix index 6a25db17..a91bd4c7 100644 --- a/hosts/mailtngbert/default.nix +++ b/hosts/mailtngbert/default.nix @@ -42,12 +42,9 @@ in }; c3d2 = { - isInHq = false; + deployment.server = "server10"; hq.statistics.enable = true; - deployment = { - server = "server10"; - mounts = [ "etc" "var" ]; - }; + isInHq = false; }; sops.defaultSopsFile = ./secrets.yaml; diff --git a/hosts/matemat/default.nix b/hosts/matemat/default.nix index 0ca0bceb..6b8e950d 100644 --- a/hosts/matemat/default.nix +++ b/hosts/matemat/default.nix @@ -1,17 +1,10 @@ { pkgs, ... }: { - c3d2 = { - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; - }; + c3d2.deployment.server = "server10"; microvm.mem = 2 * 1024; - system.stateVersion = "22.05"; - networking = { hostName = "matemat"; firewall.allowedTCPPorts = [ 80 443 ]; @@ -56,4 +49,6 @@ from = "nek0@c3d2.de"; }; }; + + system.stateVersion = "22.05"; } diff --git a/hosts/mediawiki/default.nix b/hosts/mediawiki/default.nix index 1a561f31..d9b411c0 100644 --- a/hosts/mediawiki/default.nix +++ b/hosts/mediawiki/default.nix @@ -1,14 +1,13 @@ { config, lib, pkgs, ... }: { - networking.hostName = "mediawiki"; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var" ]; + networking = { + firewall.allowedTCPPorts = [ 80 443 ]; + hostName = "mediawiki"; }; + c3d2.deployment.server = "server10"; + services.postgresql = let cfg = config.services.mediawiki; diff --git a/hosts/mobilizon/default.nix b/hosts/mobilizon/default.nix index 8dec9874..4cf628ee 100644 --- a/hosts/mobilizon/default.nix +++ b/hosts/mobilizon/default.nix @@ -1,12 +1,12 @@ { config, pkgs, ... }: { - c3d2.isInHq = false; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; + c3d2 = { + deployment.server = "server10"; + isInHq = false; }; + microvm.mem = 2048; - system.stateVersion = "22.05"; + networking = { hostName = "mobilizon"; firewall.allowedTCPPorts = [ 80 443 ]; @@ -47,4 +47,6 @@ enableACME = true; }; }; + + system.stateVersion = "22.05"; } diff --git a/hosts/network-homepage/default.nix b/hosts/network-homepage/default.nix index 6143ab63..ed84a475 100644 --- a/hosts/network-homepage/default.nix +++ b/hosts/network-homepage/default.nix @@ -1,12 +1,9 @@ { zentralwerk, pkgs, ... }: { - system.stateVersion = "22.05"; - - c3d2.hq.statistics.enable = true; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "var"]; + c3d2 = { + hq.statistics.enable = true; + deployment.server = "server10"; }; networking = { @@ -27,4 +24,6 @@ }; }; }; + + system.stateVersion = "22.05"; } diff --git a/hosts/nfsroot/default.nix b/hosts/nfsroot/default.nix index c913d0b0..e6499c90 100644 --- a/hosts/nfsroot/default.nix +++ b/hosts/nfsroot/default.nix @@ -25,10 +25,8 @@ in { autoCreate = false; }) nfsExports; }; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; + + c3d2.deployment.server = "server10"; fileSystems = builtins.foldl' (fileSystems: export: fileSystems // { "/${export}".options = [ "relatime" "discard" ]; diff --git a/hosts/nncp/default.nix b/hosts/nncp/default.nix index 997115df..f455fda5 100644 --- a/hosts/nncp/default.nix +++ b/hosts/nncp/default.nix @@ -9,12 +9,13 @@ mac = "de:ec:9a:6f:3f:63"; }]; - c3d2.mergeNncpSettings = false; - c3d2.hq.statistics.enable = true; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var" ]; - autoNetSetup = false; + c3d2 = { + deployment = { + server = "server10"; + autoNetSetup = false; + }; + hq.statistics.enable = true; + mergeNncpSettings = false; }; system.stateVersion = "22.05"; @@ -68,5 +69,4 @@ extraArgs = [ "-autotoss" ]; }; }; - } diff --git a/hosts/oparl/default.nix b/hosts/oparl/default.nix index fd741dc6..e1151569 100644 --- a/hosts/oparl/default.nix +++ b/hosts/oparl/default.nix @@ -4,10 +4,7 @@ let ratsinfo-scraper = import oparl-scraper { inherit pkgs; }; in { - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; + c3d2.deployment.server = "server10"; microvm.mem = 1024; networking.hostName = "oparl"; diff --git a/hosts/public-access-proxy/default.nix b/hosts/public-access-proxy/default.nix index e2e16cc0..8f242272 100644 --- a/hosts/public-access-proxy/default.nix +++ b/hosts/public-access-proxy/default.nix @@ -6,10 +6,7 @@ ./stats.nix ]; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "var"]; - }; + c3d2.deployment.server = "server10"; networking.hostName = "public-access-proxy"; diff --git a/hosts/scrape/default.nix b/hosts/scrape/default.nix index fe8fa315..3318ca57 100644 --- a/hosts/scrape/default.nix +++ b/hosts/scrape/default.nix @@ -12,10 +12,7 @@ let in { c3d2 = { isInHq = false; - deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; + deployment.server = "server10"; }; networking.hostName = "scrape"; diff --git a/hosts/spaceapi/default.nix b/hosts/spaceapi/default.nix index 5861ef59..59fbd505 100644 --- a/hosts/spaceapi/default.nix +++ b/hosts/spaceapi/default.nix @@ -1,22 +1,17 @@ _: { - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "var"]; + c3d2.deployment.server = "server10"; + + networking = { + firewall.enable = false; + hostName = "spaceapi"; }; - networking.hostName = "spaceapi"; - networking.firewall.enable = false; - - services.spaceapi = { enable = true; }; + services.spaceapi.enable = true; # HACK for ‘ekg-json-0.1.0.6’ nixos-22.05 - nixpkgs.config.allowBroken = true; + # nixpkgs.config.allowBroken = true; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "19.03"; # Did you read the comment? + system.stateVersion = "19.03"; } diff --git a/hosts/ticker/default.nix b/hosts/ticker/default.nix index 154daefd..68cc8e1e 100644 --- a/hosts/ticker/default.nix +++ b/hosts/ticker/default.nix @@ -3,10 +3,9 @@ { system.stateVersion = "22.05"; - c3d2.hq.statistics.enable = true; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "var"]; + c3d2 = { + deployment.server = "server10"; + hq.statistics.enable = true; }; networking = { diff --git a/hosts/zengel/default.nix b/hosts/zengel/default.nix index 57ef41a5..1afc96de 100644 --- a/hosts/zengel/default.nix +++ b/hosts/zengel/default.nix @@ -3,10 +3,7 @@ { networking.hostName = "zengel"; microvm.mem = 1024; - c3d2.deployment = { - server = "server10"; - mounts = [ "etc" "home" "var"]; - }; + c3d2.deployment.server = "server10"; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/modules/microvm.nix b/modules/microvm.nix index 9f1db3c3..bbe94f3c 100644 --- a/modules/microvm.nix +++ b/modules/microvm.nix @@ -56,7 +56,7 @@ in mounts = mkOption { description = "Persistent filesystems to create, without leading /."; type = with types; listOf str; - default = [ "etc" ]; + default = [ "etc" "home" "var" ]; }; mountBase = mkOption {