From b26478db1325e30989795579b3cad1f891bc0cc9 Mon Sep 17 00:00:00 2001 From: Astro Date: Sat, 6 Mar 2021 01:13:27 +0100 Subject: [PATCH] =?UTF-8?q?matemat:=20=F0=9F=8E=86=20init?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.lock | 20 ++++++++++++++++++- flake.nix | 16 +++++++++++++-- host-registry.nix | 4 ++++ hosts/containers/matemat/default.nix | 29 ++++++++++++++++++++++++++-- 4 files changed, 64 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 4caf0cd9..13d35270 100644 --- a/flake.lock +++ b/flake.lock @@ -34,7 +34,8 @@ "inputs": { "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "secrets": "secrets" + "secrets": "secrets", + "yammat": "yammat" } }, "secrets": { @@ -51,6 +52,23 @@ "type": "git", "url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git" } + }, + "yammat": { + "flake": false, + "locked": { + "lastModified": 1607031946, + "narHash": "sha256-pFHSzcyJwn6c2LUHdZ1TZDAgYmEXtNtYcnjgcBBLCGE=", + "ref": "nix", + "rev": "68507c174ab506d1704b95b3168c4023790ee124", + "revCount": 387, + "type": "git", + "url": "https://gitea.c3d2.de/astro/yammat.git" + }, + "original": { + "ref": "nix", + "type": "git", + "url": "https://gitea.c3d2.de/astro/yammat.git" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 285fae9e..a3ca291e 100644 --- a/flake.nix +++ b/flake.nix @@ -4,9 +4,11 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/release-20.09"; secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"; + yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix"; + yammat.flake = false; }; - outputs = { self, nixpkgs, secrets, nixos-hardware }: + outputs = { self, nixpkgs, secrets, nixos-hardware, yammat }: let forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]; @@ -63,6 +65,8 @@ yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62"; freifunk-nixos-rebuild = mkDeploy "freifunk" "freifunk.core.zentralwerk.org"; + + matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4; }); nixosConfigurations = let @@ -131,9 +135,17 @@ system = "x86_64-linux"; }; + matemat = nixosSystem' { + modules = [ + ./lib/lxc-container.nix + ./hosts/containers/matemat + "${yammat}/nixos-module.nix" + ]; + system = "x86_64-linux"; + }; + }; nixosModules.c3d2 = import ./lib; - }; } diff --git a/host-registry.nix b/host-registry.nix index 95c0425d..e4ae3825 100644 --- a/host-registry.nix +++ b/host-registry.nix @@ -77,6 +77,10 @@ rec { ip4 = "172.20.72.40"; ip6 = "2a02:8106:208:5281:8000::1"; }; + matemat = { + ip4 = "172.22.99.133"; + ip6 = "2a02:8106:208:5201:f82b:1bff:fedc:8572"; + }; }; hqGlobal = builtins.attrNames hosts; diff --git a/hosts/containers/matemat/default.nix b/hosts/containers/matemat/default.nix index 84b6dad2..87524ae3 100644 --- a/hosts/containers/matemat/default.nix +++ b/hosts/containers/matemat/default.nix @@ -1,4 +1,29 @@ -{ ... }: +{ lib, ... }: { - c3d2 = { isInHq = true; }; + c3d2 = { + isInHq = true; + hq.interface = "eth0"; + }; + networking = { + hostName = "matemat"; + interfaces.eth0.useDHCP = lib.mkForce true; + firewall.allowedTCPPorts = [ 80 443 ]; + }; + + services.yammat.enable = true; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts."matemat.hq.c3d2.de" = { + default = true; + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:3000"; + }; + }; + security.acme = { + acceptTerms = true; + email = "mail@c3d2.de"; + }; }