summaryrefslogtreecommitdiffstats
path: root/lass/1systems/neoprism
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-09-09 19:42:08 +0200
committermakefu <github@syntax-fehler.de>2023-09-09 19:42:08 +0200
commit29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (patch)
treefc4b0695c986a1cda6f1fbbbcbe716e203c54fa3 /lass/1systems/neoprism
parente157ffa72856e4378aa23b096b2efff233f3cb3d (diff)
parent083229d0211096daec08673f743ccc45b1d8a0ac (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/neoprism')
-rw-r--r--lass/1systems/neoprism/config.nix51
-rw-r--r--lass/1systems/neoprism/disk.nix118
-rw-r--r--lass/1systems/neoprism/physical.nix76
3 files changed, 0 insertions, 245 deletions
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix
deleted file mode 100644
index 79402959e..000000000
--- a/lass/1systems/neoprism/config.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/mail/internet-gateway.nix>
- <stockholm/lass/2configs/binary-cache/server.nix>
- <stockholm/lass/2configs/matrix.nix>
- <stockholm/lass/2configs/gsm-wiki.nix>
-
- # sync-containers
- <stockholm/lass/2configs/consul.nix>
- <stockholm/lass/2configs/services/flix/container-host.nix>
- <stockholm/lass/2configs/services/radio/container-host.nix>
- <stockholm/lass/2configs/ubik-host.nix>
- <stockholm/lass/2configs/orange-host.nix>
- <stockholm/krebs/2configs/hotdog-host.nix>
-
- # other containers
- <stockholm/lass/2configs/riot.nix>
-
- # proxying of services
- <stockholm/lass/2configs/services/radio/proxy.nix>
- <stockholm/lass/2configs/services/flix/proxy.nix>
- <stockholm/lass/2configs/services/coms/proxy.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.neoprism;
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- security.acme.acceptTerms = true;
- security.acme.defaults.email = "acme@lassul.us";
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
-
- enableReload = true;
-
- virtualHosts.default = {
- default = true;
- locations."= /etc/os-release".extraConfig = ''
- default_type text/plain;
- alias /etc/os-release;
- '';
- locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
- };
- };
-}
diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix
deleted file mode 100644
index c5bd44c94..000000000
--- a/lass/1systems/neoprism/disk.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ lib, ... }:
-{
- disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: {
- type = "disk";
- device = disk;
- content = {
- type = "gpt";
- partitions = {
- boot = {
- size = "1M";
- type = "EF02";
- };
- ESP = {
- size = "1G";
- content = {
- type = "mdraid";
- name = "boot";
- };
- };
- zfs = {
- size = "100%";
- content = {
- type = "zfs";
- pool = "zroot";
- };
- };
- };
- };
- })) // {
- hdd1 = {
- type = "disk";
- device = "/dev/sda";
- content = {
- type = "zfs";
- pool = "tank";
- };
- };
- };
- mdadm = {
- boot = {
- type = "mdadm";
- level = 1;
- metadata = "1.0";
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- };
- };
- };
- zpool = {
- zroot = {
- type = "zpool";
- mode = "mirror";
- mountpoint = "/";
- rootFsOptions = {
- };
- datasets.reserved = {
- type = "zfs_fs";
- options.refreservation = "1G";
- };
- };
- tank = {
- type = "zpool";
- datasets = {
- reserved = {
- type = "zfs_fs";
- options.refreservation = "1G";
- };
- containers = {
- type = "zfs_fs";
- mountpoint = "/var/lib/containers";
- options = {
- canmount = "noauto";
- };
- };
- home = {
- type = "zfs_fs";
- mountpoint = "/home";
- options = {
- canmount = "noauto";
- };
- };
- srv = {
- type = "zfs_fs";
- mountpoint = "/srv";
- options = {
- canmount = "noauto";
- };
- };
- libvirt = {
- type = "zfs_fs";
- mountpoint = "/var/lib/libvirt";
- options = {
- canmount = "noauto";
- };
- };
- # encrypted = {
- # type = "zfs_fs";
- # options = {
- # canmount = "noauto";
- # mountpoint = "none";
- # encryption = "aes-256-gcm";
- # keyformat = "passphrase";
- # keylocation = "prompt";
- # };
- # };
- # "encrypted/download" = {
- # type = "zfs_fs";
- # mountpoint = "/var/download";
- # options = {
- # canmount = "noauto";
- # };
- # };
- };
- };
- };
-}
diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix
deleted file mode 100644
index f2092d9aa..000000000
--- a/lass/1systems/neoprism/physical.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
- imports = [
- ./config.nix
- <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- disko.devices = import ./disk.nix;
- networking.hostId = "9c0a74ac";
-
- boot.loader.grub.enable = true;
- boot.loader.grub.version = 2;
- boot.loader.grub.efiSupport = true;
- boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
- boot.kernelModules = [ "kvm-amd" ];
- hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-
- # networking config
- networking.useNetworkd = true;
- systemd.network = {
- enable = true;
- config = {
- networkConfig.SpeedMeter = true;
- };
- # netdevs.ext-br.netdevConfig = {
- # Kind = "bridge";
- # Name = "ext-br";
- # MACAddress = "a8:a1:59:0f:2d:69";
- # };
- # networks.ext-br = {
- # name = "ext-br";
- # address = [
- # "95.217.192.59/26"
- # "2a01:4f9:4a:4f1a::1/64"
- # ];
- # gateway = [
- # "95.217.192.1"
- # "fe80::1"
- # ];
- # };
- networks.eth0 = {
- #bridge = [ "ext-br" ];
- matchConfig.Name = "eth0";
- address = [
- "95.217.192.59/26"
- "2a01:4f9:4a:4f1a::1/64"
- ];
- gateway = [
- "95.217.192.1"
- "fe80::1"
- ];
- };
- };
-
- networking.useDHCP = false;
- boot.initrd.network = {
- enable = true;
- ssh = {
- enable = true;
- authorizedKeys = [ config.krebs.users.lass.pubkey ];
- port = 2222;
- hostKeys = [
- (toString <secrets/ssh.id_ed25519>)
- (toString <secrets/ssh.id_rsa>)
- ];
- };
- };
- boot.kernelParams = [
- "net.ifnames=0"
- "ip=dhcp"
- "boot.trace"
- ];
-}