mirror of
https://github.com/dump-dvb/nix-config.git
synced 2024-05-31 13:29:23 +02:00
integration of production testing changes(tm)
This commit is contained in:
parent
d434df993e
commit
82395dd97d
12
flake.lock
12
flake.lock
|
@ -7,11 +7,11 @@
|
|||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1650825703,
|
||||
"narHash": "sha256-boCxGHSsdT6GphU0+76NnadgQ3UfUK6Yzm87XARllrI=",
|
||||
"lastModified": 1650880000,
|
||||
"narHash": "sha256-+jcDsfPTluqXZd9wLFgyLhywq0YHdSNE3FePqzHYXjk=",
|
||||
"owner": "dump-dvb",
|
||||
"repo": "data-accumulator",
|
||||
"rev": "cfa9bc965f453ed05d299839679d35c85be9849b",
|
||||
"rev": "6e9eb2b2eea26f469958cd3b4e0c2c5219685344",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -126,11 +126,11 @@
|
|||
"utils": "utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1650837917,
|
||||
"narHash": "sha256-YB5TilQCiZrhhqnqi0FvpVVKRiARmfeP16Bfs7Pknys=",
|
||||
"lastModified": 1650884380,
|
||||
"narHash": "sha256-K42PGrFNELBwwMXFP9CHj3IqNOpP3xNnlHn/Vt9Mtfs=",
|
||||
"owner": "dump-dvb",
|
||||
"repo": "radio-conf",
|
||||
"rev": "deb0dbbcb21e822ac7815307dff277a5289416f7",
|
||||
"rev": "51a6606216fdc59da36c77913fdead94a8584e00",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -40,6 +40,7 @@
|
|||
./hosts/data-hoarder/configuration.nix
|
||||
./modules/data-accumulator.nix
|
||||
./modules/nginx.nix
|
||||
./modules/wireguard_server.nix
|
||||
{
|
||||
nixpkgs.overlays = [ data-accumulator.overlay."x86_64-linux" ];
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
imports =
|
||||
[
|
||||
# Include the results of the hardware scan.
|
||||
#./hardware-configuration.nix
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Enabled modules
|
||||
../../modules/base.nix
|
||||
|
@ -17,34 +17,37 @@
|
|||
# Use the GRUB 2 boot loader.
|
||||
#boot.loader.grub.enable = true;
|
||||
#boot.loader.grub.version = 2;
|
||||
#boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.systemd-boot.configurationLimit = 2;
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
|
||||
|
||||
networking.hostName = "data-hoarder"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
networking.interfaces.ens3 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "192.109.108.35";
|
||||
prefixLength = 27;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||
# replicates the default behaviour.
|
||||
networking.useDHCP = true;
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
networking.defaultGateway = "192.109.108.61";
|
||||
|
||||
networking.nameservers = [ "9.9.9.9" ];
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 22 8080 51820 ];
|
||||
networking.firewall.allowedUDPPorts = [ 22 51820 ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
networking.firewall.enable = true;
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
|
|
27
hosts/data-hoarder/hardware-configuration.nix
Normal file
27
hosts/data-hoarder/hardware-configuration.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/f986fb01-6d6b-4f9a-b9ec-bc9ba4ac8229";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/5275b0b8-7c5d-4448-a8ea-12baf07dfed9"; }];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
|
@ -38,7 +38,7 @@
|
|||
wget
|
||||
git-crypt
|
||||
neovim
|
||||
custom-gnuradio
|
||||
#custom-gnuradio
|
||||
iftop
|
||||
];
|
||||
|
||||
|
|
|
@ -9,7 +9,9 @@
|
|||
enable = true;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
script = "exec ${pkgs.data-accumulator}/bin/data-accumulator &";
|
||||
script = ''
|
||||
exec ${pkgs.data-accumulator}/bin/data-accumulator &
|
||||
'';
|
||||
|
||||
environment = {
|
||||
"PATH_FORMATTED_DATA" = "/var/lib/data-accumulator/formatted.csv";
|
||||
|
@ -29,9 +31,8 @@
|
|||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
"acadamicstrokes.com" = {
|
||||
"academicstrokes.com" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://127.0.0.1:8080/";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{pkgs, config, lib, ...}: {
|
||||
{ pkgs, config, lib, ... }: {
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.email = "dump-dvb@protonmail.com";
|
||||
}
|
||||
|
|
39
modules/wireguard_server.nix
Normal file
39
modules/wireguard_server.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
wg-dvb = {
|
||||
address = [ "10.13.37.1/32" ];
|
||||
privateKeyFile = "/root/wg-seckey";
|
||||
listenPort = 51820;
|
||||
peers = [
|
||||
{ # Tassilo
|
||||
publicKey = "vgo3le9xrFsIbbDZsAhQZpIlX+TuWjfEyUcwkoqUl2Y=";
|
||||
allowedIPs = [ "10.13.37.2/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{ # oxa
|
||||
publicKey = "QbaQaGqudRXIh03IbBNATfBZfpMLmwihlwLs6W9+P1c=";
|
||||
allowedIPs = [ "10.13.37.3/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{ # traffic-stop-box
|
||||
publicKey = "qyStvzZdoqcjJJQckw4ZwvsQUa+8TBWtnsRxURqanno=";
|
||||
allowedIPs = [ "10.13.37.5/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
# { # marenz
|
||||
# { # marenz
|
||||
# publicKey = "";
|
||||
# allowedIPs = [ "10.13.37.4/32" ];
|
||||
# persistentKeepalive = 25;
|
||||
# }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user