From fc905397bb9134bdb9a9888963a08d67320a86a6 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Sat, 9 Nov 2019 15:16:02 +0100
Subject: [PATCH] Update hydra with active local modifications

---
 hosts/hydra/cache.nix         |  4 +--
 hosts/hydra/configuration.nix | 58 ++++++++++++++++++++++++++++++-----
 2 files changed, 51 insertions(+), 11 deletions(-)

diff --git a/hosts/hydra/cache.nix b/hosts/hydra/cache.nix
index ba29afb9..20ecfa84 100644
--- a/hosts/hydra/cache.nix
+++ b/hosts/hydra/cache.nix
@@ -6,13 +6,11 @@
     secretKeyFile = "/var/cache-priv-key.pem";
   };
 
-  networking.firewall.allowedTCPPorts = [ config.services.nix-serve.port ];
-
   services.nginx.virtualHosts."nix-serve.hq.c3d2.de" = {
     forceSSL = true;
     enableACME = true;
     locations."/".extraConfig = ''
-      proxy_pass http://localhost:${toString config.services.nix-serve.port};
+      proxy_pass http://127.0.0.1:${toString config.services.nix-serve.port};
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/hosts/hydra/configuration.nix b/hosts/hydra/configuration.nix
index 548a8c15..a14ccc44 100644
--- a/hosts/hydra/configuration.nix
+++ b/hosts/hydra/configuration.nix
@@ -10,22 +10,43 @@
     ./../../lib/yggdrasil.nix
   ];
 
+  services.yggdrasil.config.Peers = [
+    "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
+    "tcp://ygg.thingylabs.io:443" # Nürnberg
+    "tcp://176.223.130.120:22632" # Wrocław
+    "tcp://[2a05:9403::8b]:7743" # Praha
+  ];
+
   nixpkgs.config.allowUnfree = true;
 
   security.pam.enableSSHAgentAuth = true;
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
   ];
+
   services.openssh.enable = true;
+  programs.mosh.enable = true;
 
-  nix.useSandbox = false;
-  nix.maxJobs = lib.mkDefault 4;
-  nix.autoOptimiseStore = true;
-  nix.gc = { automatic = true; dates = "06:00"; options = "--delete-older-than 7d"; };
+  nix = {
+    package = pkgs.nixFlakes;
+    useSandbox = false;
+    maxJobs = lib.mkDefault 4;
+    autoOptimiseStore = true;
+    gc = {
+      automatic = true;
+      dates = "06:00";
+      options = "--delete-older-than 14d";
+    };
+    sshServe.enable = true;
+    trustedUsers = [ "root" ];
+  };
 
-  boot.isContainer = true;
-  boot.loader.initScript.enable = true;
-  boot.loader.grub.enable = false;
+  boot = {
+    tmpOnTmpfs = true;
+    isContainer = true;
+    loader.initScript.enable = true;
+    loader.grub.enable = false;
+  };
 
   fileSystems."/" = {
     fsType = "rootfs";
@@ -46,7 +67,7 @@
     supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
   };
 
-  environment.systemPackages = with pkgs; [ tmux htop vim ];
+  environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal ];
 
   # Create a few files early before packing tarball for Proxmox
   # architecture/OS detection.
@@ -57,6 +78,27 @@
     ln -s ../init $out/sbin/init
   '';
 
+  services.collectd = {
+    enable = true;
+    autoLoadPlugin = true;
+    extraConfig = ''
+      Interval 10
+      <Plugin "cpu">
+      </Plugin>
+      <Plugin "memory">
+      </Plugin>
+      <Plugin "interface">
+      </Plugin>
+      <Plugin "load">
+      </Plugin>
+      <Plugin "swap">
+      </Plugin>
+      <Plugin "network">
+        Server "grafana.hq.c3d2.de" "25826"
+      </Plugin>
+    '';
+  };
+
   # This value determines the NixOS release with which your system is to be
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you