integration of production testing changes(tm)

2024-05-31 13:29:23 +02:00 · 2022-04-25 16:27:57 +02:00 · 2022-04-25 16:27:57 +02:00 · 82395dd97d
commit 82395dd97d
parent d434df993e
8 changed files with 98 additions and 27 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1650825703,
-        "narHash": "sha256-boCxGHSsdT6GphU0+76NnadgQ3UfUK6Yzm87XARllrI=",
+        "lastModified": 1650880000,
+        "narHash": "sha256-+jcDsfPTluqXZd9wLFgyLhywq0YHdSNE3FePqzHYXjk=",
        "owner": "dump-dvb",
        "repo": "data-accumulator",
-        "rev": "cfa9bc965f453ed05d299839679d35c85be9849b",
+        "rev": "6e9eb2b2eea26f469958cd3b4e0c2c5219685344",
        "type": "github"
      },
      "original": {
@ -126,11 +126,11 @@
        "utils": "utils_2"
      },
      "locked": {
-        "lastModified": 1650837917,
-        "narHash": "sha256-YB5TilQCiZrhhqnqi0FvpVVKRiARmfeP16Bfs7Pknys=",
+        "lastModified": 1650884380,
+        "narHash": "sha256-K42PGrFNELBwwMXFP9CHj3IqNOpP3xNnlHn/Vt9Mtfs=",
        "owner": "dump-dvb",
        "repo": "radio-conf",
-        "rev": "deb0dbbcb21e822ac7815307dff277a5289416f7",
+        "rev": "51a6606216fdc59da36c77913fdead94a8584e00",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -40,6 +40,7 @@
            ./hosts/data-hoarder/configuration.nix
            ./modules/data-accumulator.nix
            ./modules/nginx.nix
+	    ./modules/wireguard_server.nix
            {
              nixpkgs.overlays = [ data-accumulator.overlay."x86_64-linux" ];
            }
--- a/hosts/data-hoarder/configuration.nix
+++ b/hosts/data-hoarder/configuration.nix
@ -8,7 +8,7 @@
  imports =
    [
      # Include the results of the hardware scan.
-      #./hardware-configuration.nix
+      ./hardware-configuration.nix

      # Enabled modules
      ../../modules/base.nix
@ -17,34 +17,37 @@
  # Use the GRUB 2 boot loader.
  #boot.loader.grub.enable = true;
  #boot.loader.grub.version = 2;
-  #boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.systemd-boot.configurationLimit = 2;
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only

  networking.hostName = "data-hoarder"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # Set your time zone.
  time.timeZone = "Europe/Berlin";
+  networking.interfaces.ens3 = {
+    useDHCP = false;
+    ipv4.addresses = [
+      {
+        address = "192.109.108.35";
+        prefixLength = 27;
+      }
+    ];
+  };

-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = true;
-  networking.interfaces.eth0.useDHCP = true;
+  networking.defaultGateway = "192.109.108.61";
+
+  networking.nameservers = [ "9.9.9.9" ];

-  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

-
  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.allowedTCPPorts = [ 80 443 22 8080 51820 ];
+  networking.firewall.allowedUDPPorts = [ 22 51820 ];
  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
+  networking.firewall.enable = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
--- a/hosts/data-hoarder/hardware-configuration.nix
+++ b/hosts/data-hoarder/hardware-configuration.nix
@ -0,0 +1,27 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/f986fb01-6d6b-4f9a-b9ec-bc9ba4ac8229";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/5275b0b8-7c5d-4448-a8ea-12baf07dfed9"; }];
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/modules/base.nix
+++ b/modules/base.nix
@ -38,7 +38,7 @@
    wget
    git-crypt
    neovim
-    custom-gnuradio
+    #custom-gnuradio
    iftop
  ];

--- a/modules/data-accumulator.nix
+++ b/modules/data-accumulator.nix
@ -9,7 +9,9 @@
        enable = true;
        wantedBy = [ "multi-user.target" ];

-        script = "exec ${pkgs.data-accumulator}/bin/data-accumulator &";
+        script = ''
+          exec ${pkgs.data-accumulator}/bin/data-accumulator &
+        '';

        environment = {
          "PATH_FORMATTED_DATA" = "/var/lib/data-accumulator/formatted.csv";
@ -29,9 +31,8 @@
      enable = true;
      recommendedProxySettings = true;
      virtualHosts = {
-        "acadamicstrokes.com" = {
+        "academicstrokes.com" = {
          enableACME = true;
-          forceSSL = true;
          locations = {
            "/" = {
              proxyPass = "http://127.0.0.1:8080/";
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@ -1,4 +1,4 @@
-{pkgs, config, lib, ...}: {
+{ pkgs, config, lib, ... }: {
  security.acme.acceptTerms = true;
  security.acme.email = "dump-dvb@protonmail.com";
 }
--- a/modules/wireguard_server.nix
+++ b/modules/wireguard_server.nix
@ -0,0 +1,39 @@
+{ config, ... }:
+
+{
+
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+
+  networking.wg-quick.interfaces = {
+    wg-dvb = {
+      address = [ "10.13.37.1/32" ];
+      privateKeyFile = "/root/wg-seckey";
+      listenPort = 51820;
+      peers =  [
+        { # Tassilo
+          publicKey = "vgo3le9xrFsIbbDZsAhQZpIlX+TuWjfEyUcwkoqUl2Y=";
+          allowedIPs = [ "10.13.37.2/32" ];
+          persistentKeepalive = 25;
+        }
+        { # oxa
+          publicKey = "QbaQaGqudRXIh03IbBNATfBZfpMLmwihlwLs6W9+P1c=";
+          allowedIPs = [ "10.13.37.3/32" ];
+          persistentKeepalive = 25;
+        }
+        { # traffic-stop-box
+          publicKey = "qyStvzZdoqcjJJQckw4ZwvsQUa+8TBWtnsRxURqanno=";
+          allowedIPs = [ "10.13.37.5/32" ];
+          persistentKeepalive = 25;
+        }
+        # { # marenz
+        # { # marenz
+        #   publicKey = "";
+        #   allowedIPs = [ "10.13.37.4/32" ];
+        #   persistentKeepalive = 25;
+        # }
+      ];
+    };
+  };
+}
+
+