diff options
author | makefu <github@syntax-fehler.de> | 2023-09-09 19:42:08 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-09-09 19:42:08 +0200 |
commit | 29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (patch) | |
tree | fc4b0695c986a1cda6f1fbbbcbe716e203c54fa3 /lass/1systems/neoprism | |
parent | e157ffa72856e4378aa23b096b2efff233f3cb3d (diff) | |
parent | 083229d0211096daec08673f743ccc45b1d8a0ac (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/neoprism')
-rw-r--r-- | lass/1systems/neoprism/config.nix | 51 | ||||
-rw-r--r-- | lass/1systems/neoprism/disk.nix | 118 | ||||
-rw-r--r-- | lass/1systems/neoprism/physical.nix | 76 |
3 files changed, 0 insertions, 245 deletions
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix deleted file mode 100644 index 79402959e..000000000 --- a/lass/1systems/neoprism/config.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - <stockholm/lass> - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/mail/internet-gateway.nix> - <stockholm/lass/2configs/binary-cache/server.nix> - <stockholm/lass/2configs/matrix.nix> - <stockholm/lass/2configs/gsm-wiki.nix> - - # sync-containers - <stockholm/lass/2configs/consul.nix> - <stockholm/lass/2configs/services/flix/container-host.nix> - <stockholm/lass/2configs/services/radio/container-host.nix> - <stockholm/lass/2configs/ubik-host.nix> - <stockholm/lass/2configs/orange-host.nix> - <stockholm/krebs/2configs/hotdog-host.nix> - - # other containers - <stockholm/lass/2configs/riot.nix> - - # proxying of services - <stockholm/lass/2configs/services/radio/proxy.nix> - <stockholm/lass/2configs/services/flix/proxy.nix> - <stockholm/lass/2configs/services/coms/proxy.nix> - ]; - - krebs.build.host = config.krebs.hosts.neoprism; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.acceptTerms = true; - security.acme.defaults.email = "acme@lassul.us"; - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - enableReload = true; - - virtualHosts.default = { - default = true; - locations."= /etc/os-release".extraConfig = '' - default_type text/plain; - alias /etc/os-release; - ''; - locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge"; - }; - }; -} diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix deleted file mode 100644 index c5bd44c94..000000000 --- a/lass/1systems/neoprism/disk.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ lib, ... }: -{ - disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: { - type = "disk"; - device = disk; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "1G"; - content = { - type = "mdraid"; - name = "boot"; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - })) // { - hdd1 = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "zfs"; - pool = "tank"; - }; - }; - }; - mdadm = { - boot = { - type = "mdadm"; - level = 1; - metadata = "1.0"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - mode = "mirror"; - mountpoint = "/"; - rootFsOptions = { - }; - datasets.reserved = { - type = "zfs_fs"; - options.refreservation = "1G"; - }; - }; - tank = { - type = "zpool"; - datasets = { - reserved = { - type = "zfs_fs"; - options.refreservation = "1G"; - }; - containers = { - type = "zfs_fs"; - mountpoint = "/var/lib/containers"; - options = { - canmount = "noauto"; - }; - }; - home = { - type = "zfs_fs"; - mountpoint = "/home"; - options = { - canmount = "noauto"; - }; - }; - srv = { - type = "zfs_fs"; - mountpoint = "/srv"; - options = { - canmount = "noauto"; - }; - }; - libvirt = { - type = "zfs_fs"; - mountpoint = "/var/lib/libvirt"; - options = { - canmount = "noauto"; - }; - }; - # encrypted = { - # type = "zfs_fs"; - # options = { - # canmount = "noauto"; - # mountpoint = "none"; - # encryption = "aes-256-gcm"; - # keyformat = "passphrase"; - # keylocation = "prompt"; - # }; - # }; - # "encrypted/download" = { - # type = "zfs_fs"; - # mountpoint = "/var/download"; - # options = { - # canmount = "noauto"; - # }; - # }; - }; - }; - }; -} diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix deleted file mode 100644 index f2092d9aa..000000000 --- a/lass/1systems/neoprism/physical.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - imports = [ - ./config.nix - <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - disko.devices = import ./disk.nix; - networking.hostId = "9c0a74ac"; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = true; - boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; - boot.kernelModules = [ "kvm-amd" ]; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - # networking config - networking.useNetworkd = true; - systemd.network = { - enable = true; - config = { - networkConfig.SpeedMeter = true; - }; - # netdevs.ext-br.netdevConfig = { - # Kind = "bridge"; - # Name = "ext-br"; - # MACAddress = "a8:a1:59:0f:2d:69"; - # }; - # networks.ext-br = { - # name = "ext-br"; - # address = [ - # "95.217.192.59/26" - # "2a01:4f9:4a:4f1a::1/64" - # ]; - # gateway = [ - # "95.217.192.1" - # "fe80::1" - # ]; - # }; - networks.eth0 = { - #bridge = [ "ext-br" ]; - matchConfig.Name = "eth0"; - address = [ - "95.217.192.59/26" - "2a01:4f9:4a:4f1a::1/64" - ]; - gateway = [ - "95.217.192.1" - "fe80::1" - ]; - }; - }; - - networking.useDHCP = false; - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - authorizedKeys = [ config.krebs.users.lass.pubkey ]; - port = 2222; - hostKeys = [ - (toString <secrets/ssh.id_ed25519>) - (toString <secrets/ssh.id_rsa>) - ]; - }; - }; - boot.kernelParams = [ - "net.ifnames=0" - "ip=dhcp" - "boot.trace" - ]; -} |