c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Drop c3d2.isInHq

This commit is contained in:
Sandro - 2022-12-21 19:43:47 +01:00
parent 3f493722ba
commit fe8683f01f
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
19 changed files with 31 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -290,6 +290,8 @@ nix flake lock . --update-input secrets
# Laptops / Desktops
Note: currently being rebuild!
This repository contains a NixOS module that can be used with personal machines
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
@ -309,7 +311,6 @@ in {
];
c3d2 = {
isInHq = false; # not in HQ, this is the default.
enableMotd = true; # Set the login shell message to the <<</>> logo.
};

27
config/default.nix
View File

@ -3,12 +3,21 @@
# this file contains default configuration that may be turned on depending on other config settings.
# options should go to modules.
lib.mkIf config.services.nginx.enable {
services.nginx = {
openFirewall = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
}
lib.mkMerge [
{
assertions = [{
assertion = config.users.users.root.password == null;
message = "Root passwords not allowed in HQ";
}];
}
(lib.mkIf config.services.nginx.enable {
services.nginx = {
openFirewall = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
})
]

1
hosts/bind/default.nix
View File

@ -18,7 +18,6 @@ let
in
{
c3d2 = {
isInHq = false;
hq.statistics.enable = true;
deployment.server = "server10";
};

2
hosts/dacbert/default.nix
View File

@ -35,7 +35,6 @@ let
in
{
c3d2 = {
isInHq = true;
hq.interface = "eth0";
hq.statistics.enable = true;
audioServer.enable = true;
@ -103,6 +102,7 @@ in
};
networking = {
domain = "hq.c3d2.de";
hostName = "dacbert"; # Define your hostname.
useDHCP = false;
interfaces.eth0.useDHCP = true;

2
hosts/dn42/default.nix
View File

@ -6,6 +6,7 @@ let
inherit (pkgs) neighbors;
in {
networking = {
domain = "hq.c3d2.de";
hostName = "dn42";
useNetworkd = true;
# No Firewalling!
@ -13,7 +14,6 @@ in {
};
services.resolved.enable = false;
c3d2 = {
isInHq = true;
hq = {
interface = "c3d2";
statistics.enable = true;

1
hosts/freifunk/default.nix
View File

@ -39,7 +39,6 @@ in {
fi
'';
c3d2 = {
isInHq = false;
hq.statistics.enable = true;
deployment = {
server = "server10";

2
hosts/glotzbert/default.nix
View File

@ -4,7 +4,6 @@
imports = [ ./hardware-configuration.nix ];
c3d2 = {
isInHq = true;
hq.interface = "eno1";
k-ot.enable = true;
autoUpdate = true;
@ -31,6 +30,7 @@
};
networking = {
domain = "hq.c3d2.de";
hostName = "glotzbert";
interfaces.eno1.useDHCP = true;
};

5
hosts/grafana/default.nix
View File

@ -2,10 +2,7 @@
{
microvm.mem = 4096;
c3d2 = {
deployment.server = "server10";
isInHq = false;
};
c3d2.deployment.server = "server10";
environment.systemPackages = with pkgs; [ influxdb ];

1
hosts/jabber/default.nix
View File

@ -39,7 +39,6 @@ in
c3d2 = {
deployment.server = "server10";
hq.statistics.enable = true;
isInHq = false;
};
services.collectd.plugins.exec = ''

1
hosts/mailtngbert/default.nix
View File

@ -38,7 +38,6 @@ in
c3d2 = {
deployment.server = "server10";
hq.statistics.enable = true;
isInHq = false;
};
sops.defaultSopsFile = ./secrets.yaml;

5
hosts/mobilizon/default.nix
View File

@ -1,9 +1,6 @@
{ config, pkgs, ... }:
{
c3d2 = {
deployment.server = "server10";
isInHq = false;
};
c3d2.deployment.server = "server10";
microvm.mem = 2048;

2
hosts/pulsebert/default.nix
View File

@ -6,7 +6,6 @@
];
c3d2 = {
isInHq = true;
hq.interface = "eth0";
hq.statistics.enable = true;
k-ot.enable = true;
@ -46,6 +45,7 @@
};
networking = {
domain = "hq.c3d2.de";
firewall = {
allowedTCPPorts = [
# pulseaudio/pipewire network sync

1
hosts/radiobert/default.nix
View File

@ -7,7 +7,6 @@
];
c3d2 = {
isInHq = false;
hq.statistics.enable = true;
pi-sensors = if true then [] else [ {
type = "dht22";

1
hosts/rpi-netboot/default.nix
View File

@ -2,7 +2,6 @@
{
c3d2 = {
isInHq = true;
hq.interface = "eth0";
hq.statistics.enable = false;
audioServer.enable = true;

5
hosts/scrape/default.nix
View File

@ -10,10 +10,7 @@ let
};
luftqualitaetStations = [ "1672" "1649" "1680" "1639" ];
in {
c3d2 = {
isInHq = false;
deployment.server = "server10";
};
c3d2.deployment.server = "server10";
networking.hostName = "scrape";

5
hosts/sdrweb/default.nix
View File

@ -5,10 +5,7 @@
vcpu = 16;
needForSpeed = true;
};
c3d2 = {
isInHq = false;
hq.statistics.enable = true;
};
c3d2.hq.statistics.enable = true;
system.stateVersion = "22.05";

2
hosts/server8/default.nix
View File

@ -1,4 +1,4 @@
{ ... }:
{ config, ... }:
{
imports = [

10
hosts/sshlog/default.nix
View File

@ -1,13 +1,7 @@
{ config, lib, pkgs, ... }:
{
deployment = {
persistedShares = [ "/etc" "/home" "/var" ];
mem = 512;
};
c3d2 = {
isInHq = false;
hq.statistics.enable = true;
};
deployment.mem = 512;
c3d2.hq.statistics.enable = true;
networking = {
hostName = "sshlog";

12
modules/c3d2.nix
View File

@ -47,8 +47,6 @@ in
'';
};
isInHq = mkEnableOption "HQ presence (TODO: what is this? association to VLAN 5?)";
enableMotd = mkOption {
type = types.bool;
default = true;
@ -113,7 +111,6 @@ in
config =
let
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
in
{
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
@ -200,13 +197,6 @@ in
};
};
assertions = [
{
assertion = cfg.isInHq -> (config.users.users.root.password == null);
message = "Root passwords not allowed in HQ";
}
];
boot.cleanTmpDir = true;
documentation.nixos.enable = false;
@ -229,8 +219,6 @@ in
};
networking = {
domain = mkIfIsInHq "hq.c3d2.de";
interfaces = lib.mkIf (cfg.hq.interface != null) {
"${cfg.hq.interface}".ipv6.addresses = [{
address = toHqPrivateAddress config.networking.hostName;