Drop c3d2.isInHq
This commit is contained in:
parent
3f493722ba
commit
fe8683f01f
|
@ -290,6 +290,8 @@ nix flake lock . --update-input secrets
|
|||
|
||||
# Laptops / Desktops
|
||||
|
||||
Note: currently being rebuild!
|
||||
|
||||
This repository contains a NixOS module that can be used with personal machines
|
||||
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
|
||||
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
|
||||
|
@ -309,7 +311,6 @@ in {
|
|||
];
|
||||
|
||||
c3d2 = {
|
||||
isInHq = false; # not in HQ, this is the default.
|
||||
enableMotd = true; # Set the login shell message to the <<</>> logo.
|
||||
};
|
||||
|
||||
|
|
|
@ -3,12 +3,21 @@
|
|||
# this file contains default configuration that may be turned on depending on other config settings.
|
||||
# options should go to modules.
|
||||
|
||||
lib.mkIf config.services.nginx.enable {
|
||||
services.nginx = {
|
||||
openFirewall = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
};
|
||||
}
|
||||
lib.mkMerge [
|
||||
{
|
||||
assertions = [{
|
||||
assertion = config.users.users.root.password == null;
|
||||
message = "Root passwords not allowed in HQ";
|
||||
}];
|
||||
}
|
||||
|
||||
(lib.mkIf config.services.nginx.enable {
|
||||
services.nginx = {
|
||||
openFirewall = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
};
|
||||
})
|
||||
]
|
||||
|
|
|
@ -18,7 +18,6 @@ let
|
|||
in
|
||||
{
|
||||
c3d2 = {
|
||||
isInHq = false;
|
||||
hq.statistics.enable = true;
|
||||
deployment.server = "server10";
|
||||
};
|
||||
|
|
|
@ -35,7 +35,6 @@ let
|
|||
in
|
||||
{
|
||||
c3d2 = {
|
||||
isInHq = true;
|
||||
hq.interface = "eth0";
|
||||
hq.statistics.enable = true;
|
||||
audioServer.enable = true;
|
||||
|
@ -103,6 +102,7 @@ in
|
|||
};
|
||||
|
||||
networking = {
|
||||
domain = "hq.c3d2.de";
|
||||
hostName = "dacbert"; # Define your hostname.
|
||||
useDHCP = false;
|
||||
interfaces.eth0.useDHCP = true;
|
||||
|
|
|
@ -6,6 +6,7 @@ let
|
|||
inherit (pkgs) neighbors;
|
||||
in {
|
||||
networking = {
|
||||
domain = "hq.c3d2.de";
|
||||
hostName = "dn42";
|
||||
useNetworkd = true;
|
||||
# No Firewalling!
|
||||
|
@ -13,7 +14,6 @@ in {
|
|||
};
|
||||
services.resolved.enable = false;
|
||||
c3d2 = {
|
||||
isInHq = true;
|
||||
hq = {
|
||||
interface = "c3d2";
|
||||
statistics.enable = true;
|
||||
|
|
|
@ -39,7 +39,6 @@ in {
|
|||
fi
|
||||
'';
|
||||
c3d2 = {
|
||||
isInHq = false;
|
||||
hq.statistics.enable = true;
|
||||
deployment = {
|
||||
server = "server10";
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
c3d2 = {
|
||||
isInHq = true;
|
||||
hq.interface = "eno1";
|
||||
k-ot.enable = true;
|
||||
autoUpdate = true;
|
||||
|
@ -31,6 +30,7 @@
|
|||
};
|
||||
|
||||
networking = {
|
||||
domain = "hq.c3d2.de";
|
||||
hostName = "glotzbert";
|
||||
interfaces.eno1.useDHCP = true;
|
||||
};
|
||||
|
|
|
@ -2,10 +2,7 @@
|
|||
|
||||
{
|
||||
microvm.mem = 4096;
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
isInHq = false;
|
||||
};
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
environment.systemPackages = with pkgs; [ influxdb ];
|
||||
|
||||
|
|
|
@ -39,7 +39,6 @@ in
|
|||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
hq.statistics.enable = true;
|
||||
isInHq = false;
|
||||
};
|
||||
|
||||
services.collectd.plugins.exec = ''
|
||||
|
|
|
@ -38,7 +38,6 @@ in
|
|||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
hq.statistics.enable = true;
|
||||
isInHq = false;
|
||||
};
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
c3d2 = {
|
||||
deployment.server = "server10";
|
||||
isInHq = false;
|
||||
};
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 2048;
|
||||
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
];
|
||||
|
||||
c3d2 = {
|
||||
isInHq = true;
|
||||
hq.interface = "eth0";
|
||||
hq.statistics.enable = true;
|
||||
k-ot.enable = true;
|
||||
|
@ -46,6 +45,7 @@
|
|||
};
|
||||
|
||||
networking = {
|
||||
domain = "hq.c3d2.de";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
# pulseaudio/pipewire network sync
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
];
|
||||
|
||||
c3d2 = {
|
||||
isInHq = false;
|
||||
hq.statistics.enable = true;
|
||||
pi-sensors = if true then [] else [ {
|
||||
type = "dht22";
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
{
|
||||
c3d2 = {
|
||||
isInHq = true;
|
||||
hq.interface = "eth0";
|
||||
hq.statistics.enable = false;
|
||||
audioServer.enable = true;
|
||||
|
|
|
@ -10,10 +10,7 @@ let
|
|||
};
|
||||
luftqualitaetStations = [ "1672" "1649" "1680" "1639" ];
|
||||
in {
|
||||
c3d2 = {
|
||||
isInHq = false;
|
||||
deployment.server = "server10";
|
||||
};
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
networking.hostName = "scrape";
|
||||
|
||||
|
|
|
@ -5,10 +5,7 @@
|
|||
vcpu = 16;
|
||||
needForSpeed = true;
|
||||
};
|
||||
c3d2 = {
|
||||
isInHq = false;
|
||||
hq.statistics.enable = true;
|
||||
};
|
||||
c3d2.hq.statistics.enable = true;
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ ... }:
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
|
|
|
@ -1,13 +1,7 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
deployment = {
|
||||
persistedShares = [ "/etc" "/home" "/var" ];
|
||||
mem = 512;
|
||||
};
|
||||
c3d2 = {
|
||||
isInHq = false;
|
||||
hq.statistics.enable = true;
|
||||
};
|
||||
deployment.mem = 512;
|
||||
c3d2.hq.statistics.enable = true;
|
||||
|
||||
networking = {
|
||||
hostName = "sshlog";
|
||||
|
|
|
@ -47,8 +47,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
isInHq = mkEnableOption "HQ presence (TODO: what is this? association to VLAN 5?)";
|
||||
|
||||
enableMotd = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
@ -113,7 +111,6 @@ in
|
|||
config =
|
||||
let
|
||||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
||||
in
|
||||
{
|
||||
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
||||
|
@ -200,13 +197,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.isInHq -> (config.users.users.root.password == null);
|
||||
message = "Root passwords not allowed in HQ";
|
||||
}
|
||||
];
|
||||
|
||||
boot.cleanTmpDir = true;
|
||||
|
||||
documentation.nixos.enable = false;
|
||||
|
@ -229,8 +219,6 @@ in
|
|||
};
|
||||
|
||||
networking = {
|
||||
domain = mkIfIsInHq "hq.c3d2.de";
|
||||
|
||||
interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||
"${cfg.hq.interface}".ipv6.addresses = [{
|
||||
address = toHqPrivateAddress config.networking.hostName;
|
||||
|
|
Loading…
Reference in New Issue