forked from c3d2/nix-config
Drop c3d2.isInHq
This commit is contained in:
parent
3f493722ba
commit
fe8683f01f
|
@ -290,6 +290,8 @@ nix flake lock . --update-input secrets
|
||||||
|
|
||||||
# Laptops / Desktops
|
# Laptops / Desktops
|
||||||
|
|
||||||
|
Note: currently being rebuild!
|
||||||
|
|
||||||
This repository contains a NixOS module that can be used with personal machines
|
This repository contains a NixOS module that can be used with personal machines
|
||||||
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
|
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
|
||||||
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
|
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
|
||||||
|
@ -309,7 +311,6 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = false; # not in HQ, this is the default.
|
|
||||||
enableMotd = true; # Set the login shell message to the <<</>> logo.
|
enableMotd = true; # Set the login shell message to the <<</>> logo.
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -3,12 +3,21 @@
|
||||||
# this file contains default configuration that may be turned on depending on other config settings.
|
# this file contains default configuration that may be turned on depending on other config settings.
|
||||||
# options should go to modules.
|
# options should go to modules.
|
||||||
|
|
||||||
lib.mkIf config.services.nginx.enable {
|
lib.mkMerge [
|
||||||
services.nginx = {
|
{
|
||||||
openFirewall = true;
|
assertions = [{
|
||||||
recommendedGzipSettings = true;
|
assertion = config.users.users.root.password == null;
|
||||||
recommendedOptimisation = true;
|
message = "Root passwords not allowed in HQ";
|
||||||
recommendedProxySettings = true;
|
}];
|
||||||
recommendedTlsSettings = true;
|
}
|
||||||
};
|
|
||||||
}
|
(lib.mkIf config.services.nginx.enable {
|
||||||
|
services.nginx = {
|
||||||
|
openFirewall = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
]
|
||||||
|
|
|
@ -18,7 +18,6 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = false;
|
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
deployment.server = "server10";
|
deployment.server = "server10";
|
||||||
};
|
};
|
||||||
|
|
|
@ -35,7 +35,6 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = true;
|
|
||||||
hq.interface = "eth0";
|
hq.interface = "eth0";
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
audioServer.enable = true;
|
audioServer.enable = true;
|
||||||
|
@ -103,6 +102,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
domain = "hq.c3d2.de";
|
||||||
hostName = "dacbert"; # Define your hostname.
|
hostName = "dacbert"; # Define your hostname.
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.eth0.useDHCP = true;
|
interfaces.eth0.useDHCP = true;
|
||||||
|
|
|
@ -6,6 +6,7 @@ let
|
||||||
inherit (pkgs) neighbors;
|
inherit (pkgs) neighbors;
|
||||||
in {
|
in {
|
||||||
networking = {
|
networking = {
|
||||||
|
domain = "hq.c3d2.de";
|
||||||
hostName = "dn42";
|
hostName = "dn42";
|
||||||
useNetworkd = true;
|
useNetworkd = true;
|
||||||
# No Firewalling!
|
# No Firewalling!
|
||||||
|
@ -13,7 +14,6 @@ in {
|
||||||
};
|
};
|
||||||
services.resolved.enable = false;
|
services.resolved.enable = false;
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = true;
|
|
||||||
hq = {
|
hq = {
|
||||||
interface = "c3d2";
|
interface = "c3d2";
|
||||||
statistics.enable = true;
|
statistics.enable = true;
|
||||||
|
|
|
@ -39,7 +39,6 @@ in {
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = false;
|
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
deployment = {
|
deployment = {
|
||||||
server = "server10";
|
server = "server10";
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
imports = [ ./hardware-configuration.nix ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = true;
|
|
||||||
hq.interface = "eno1";
|
hq.interface = "eno1";
|
||||||
k-ot.enable = true;
|
k-ot.enable = true;
|
||||||
autoUpdate = true;
|
autoUpdate = true;
|
||||||
|
@ -31,6 +30,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
domain = "hq.c3d2.de";
|
||||||
hostName = "glotzbert";
|
hostName = "glotzbert";
|
||||||
interfaces.eno1.useDHCP = true;
|
interfaces.eno1.useDHCP = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,10 +2,7 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
microvm.mem = 4096;
|
microvm.mem = 4096;
|
||||||
c3d2 = {
|
c3d2.deployment.server = "server10";
|
||||||
deployment.server = "server10";
|
|
||||||
isInHq = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ influxdb ];
|
environment.systemPackages = with pkgs; [ influxdb ];
|
||||||
|
|
||||||
|
|
|
@ -39,7 +39,6 @@ in
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
deployment.server = "server10";
|
deployment.server = "server10";
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
isInHq = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.collectd.plugins.exec = ''
|
services.collectd.plugins.exec = ''
|
||||||
|
|
|
@ -38,7 +38,6 @@ in
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
deployment.server = "server10";
|
deployment.server = "server10";
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
isInHq = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.defaultSopsFile = ./secrets.yaml;
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
|
|
|
@ -1,9 +1,6 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2.deployment.server = "server10";
|
||||||
deployment.server = "server10";
|
|
||||||
isInHq = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
microvm.mem = 2048;
|
microvm.mem = 2048;
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,6 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = true;
|
|
||||||
hq.interface = "eth0";
|
hq.interface = "eth0";
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
k-ot.enable = true;
|
k-ot.enable = true;
|
||||||
|
@ -46,6 +45,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
domain = "hq.c3d2.de";
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
# pulseaudio/pipewire network sync
|
# pulseaudio/pipewire network sync
|
||||||
|
|
|
@ -7,7 +7,6 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = false;
|
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
pi-sensors = if true then [] else [ {
|
pi-sensors = if true then [] else [ {
|
||||||
type = "dht22";
|
type = "dht22";
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = true;
|
|
||||||
hq.interface = "eth0";
|
hq.interface = "eth0";
|
||||||
hq.statistics.enable = false;
|
hq.statistics.enable = false;
|
||||||
audioServer.enable = true;
|
audioServer.enable = true;
|
||||||
|
|
|
@ -10,10 +10,7 @@ let
|
||||||
};
|
};
|
||||||
luftqualitaetStations = [ "1672" "1649" "1680" "1639" ];
|
luftqualitaetStations = [ "1672" "1649" "1680" "1639" ];
|
||||||
in {
|
in {
|
||||||
c3d2 = {
|
c3d2.deployment.server = "server10";
|
||||||
isInHq = false;
|
|
||||||
deployment.server = "server10";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.hostName = "scrape";
|
networking.hostName = "scrape";
|
||||||
|
|
||||||
|
|
|
@ -5,10 +5,7 @@
|
||||||
vcpu = 16;
|
vcpu = 16;
|
||||||
needForSpeed = true;
|
needForSpeed = true;
|
||||||
};
|
};
|
||||||
c3d2 = {
|
c3d2.hq.statistics.enable = true;
|
||||||
isInHq = false;
|
|
||||||
hq.statistics.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
|
@ -1,13 +1,7 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
deployment = {
|
deployment.mem = 512;
|
||||||
persistedShares = [ "/etc" "/home" "/var" ];
|
c3d2.hq.statistics.enable = true;
|
||||||
mem = 512;
|
|
||||||
};
|
|
||||||
c3d2 = {
|
|
||||||
isInHq = false;
|
|
||||||
hq.statistics.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "sshlog";
|
hostName = "sshlog";
|
||||||
|
|
|
@ -47,8 +47,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
isInHq = mkEnableOption "HQ presence (TODO: what is this? association to VLAN 5?)";
|
|
||||||
|
|
||||||
enableMotd = mkOption {
|
enableMotd = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
|
@ -113,7 +111,6 @@ in
|
||||||
config =
|
config =
|
||||||
let
|
let
|
||||||
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
adminKeys = with builtins; lib.lists.flatten (attrValues cfg.sshKeys);
|
||||||
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
||||||
|
@ -200,13 +197,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
assertions = [
|
|
||||||
{
|
|
||||||
assertion = cfg.isInHq -> (config.users.users.root.password == null);
|
|
||||||
message = "Root passwords not allowed in HQ";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.cleanTmpDir = true;
|
boot.cleanTmpDir = true;
|
||||||
|
|
||||||
documentation.nixos.enable = false;
|
documentation.nixos.enable = false;
|
||||||
|
@ -229,8 +219,6 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
domain = mkIfIsInHq "hq.c3d2.de";
|
|
||||||
|
|
||||||
interfaces = lib.mkIf (cfg.hq.interface != null) {
|
interfaces = lib.mkIf (cfg.hq.interface != null) {
|
||||||
"${cfg.hq.interface}".ipv6.addresses = [{
|
"${cfg.hq.interface}".ipv6.addresses = [{
|
||||||
address = toHqPrivateAddress config.networking.hostName;
|
address = toHqPrivateAddress config.networking.hostName;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user