95 lines
2.1 KiB
Nix
95 lines
2.1 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
system.stateVersion = "22.05";
|
|
|
|
c3d2 = {
|
|
deployment.server = "server10";
|
|
hq.statistics.enable = true;
|
|
};
|
|
microvm = {
|
|
vcpu = 8;
|
|
mem = 12 * 1024;
|
|
};
|
|
|
|
networking = {
|
|
hostName = "caveman";
|
|
firewall.allowedTCPPorts = [
|
|
# telnet
|
|
23
|
|
# redis
|
|
6379
|
|
];
|
|
};
|
|
|
|
services.journald.extraConfig = ''
|
|
Storage=volatile
|
|
'';
|
|
|
|
sops = {
|
|
defaultSopsFile = ./secrets.yaml;
|
|
secrets = {
|
|
"redis/caveman/requirePass".mode = "0444";
|
|
# Must be readable for DynamicUser caveman-sieve
|
|
"caveman/sieve/privKey".mode = "0444";
|
|
};
|
|
};
|
|
|
|
services = {
|
|
redis.servers.caveman = {
|
|
# Listen on the public network
|
|
bind = null;
|
|
# Override default backup schedule to reduce I/O
|
|
save = [
|
|
# Every 2h if at least 1 entry changed
|
|
[ 7200 1 ]
|
|
# Every 30min if at least 10000 entries changed
|
|
[ 1800 10000 ]
|
|
];
|
|
};
|
|
|
|
caveman = {
|
|
redis = {
|
|
# leave 4 GB for caveman services
|
|
maxmemory = (config.microvm.mem - 4) * 1024 * 1024;
|
|
passwordFile = config.sops.secrets."redis/caveman/requirePass".path;
|
|
};
|
|
|
|
hunter = {
|
|
enable = true;
|
|
settings = {
|
|
prometheus_port = 9103;
|
|
max_workers = 384;
|
|
hosts = with builtins;
|
|
filter (line: isString line && line != "") (
|
|
split "\n" (
|
|
readFile ./mastodon-instances.txt
|
|
)
|
|
);
|
|
};
|
|
};
|
|
sieve = {
|
|
enable = true;
|
|
settings.priv_key_file = config.sops.secrets."caveman/sieve/privKey".path;
|
|
};
|
|
butcher.enable = true;
|
|
gatherer.enable = true;
|
|
smokestack.enable = true;
|
|
};
|
|
|
|
nginx = {
|
|
enable = true;
|
|
virtualHosts."fedi.buzz" = {
|
|
default = true;
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
serverAliases = [
|
|
"www.fedi.buzz"
|
|
"caveman.flpk.zentralwerk.org"
|
|
];
|
|
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.caveman.gatherer.settings.listen_port}/";
|
|
};
|
|
};
|
|
};
|
|
}
|