summaryrefslogtreecommitdiffstats
path: root/lass/2configs/red-host.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-09-11 14:55:04 +0200
committertv <tv@krebsco.de>2023-09-11 14:55:04 +0200
commit8fc162ee3d9525a2b45346a1ca8f34ccb5ef971b (patch)
treeaa37724dd0452860d4b9b033332587c8832629e3 /lass/2configs/red-host.nix
parent90b1515dcd5b67a85cd92901fb211764b1fa5f83 (diff)
parent083229d0211096daec08673f743ccc45b1d8a0ac (diff)
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'lass/2configs/red-host.nix')
-rw-r--r--lass/2configs/red-host.nix167
1 files changed, 0 insertions, 167 deletions
diff --git a/lass/2configs/red-host.nix b/lass/2configs/red-host.nix
deleted file mode 100644
index 171191dac..000000000
--- a/lass/2configs/red-host.nix
+++ /dev/null
@@ -1,167 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- ctr.name = "red";
-in
-{
- imports = [
- <stockholm/lass/2configs/container-networking.nix>
- ];
-
-
- krebs.sync-containers3.containers.red = {
- sshKey = "${toString <secrets>}/containers/red/sync.key";
- ephemeral = true;
- };
-
- # containers.${ctr.name} = {
- # config = {
- # environment.systemPackages = [
- # pkgs.dhcpcd
- # pkgs.git
- # pkgs.jq
- # ];
- # networking.useDHCP = lib.mkForce true;
- # systemd.services.autoswitch = {
- # environment = {
- # NIX_REMOTE = "daemon";
- # };
- # wantedBy = [ "multi-user.target" ];
- # serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
- # if test -e /var/src/nixos-config; then
- # /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
- # fi
- # '';
- # unitConfig.X-StopOnRemoval = false;
- # };
- # };
- # autoStart = false;
- # enableTun = true;
- # privateNetwork = true;
- # hostBridge = "ctr0";
- # bindMounts = {
- # "/etc/resolv.conf".hostPath = "/etc/resolv.conf";
- # "/var/lib/self-state/disk-image" = {
- # hostPath = "/var/lib/sync-containers3/${ctr.name}";
- # isReadOnly = true;
- # };
- # };
- # };
-
- # systemd.services."${ctr.name}_scheduler" = {
- # wantedBy = [ "multi-user.target" ];
- # path = with pkgs; [
- # coreutils
- # consul
- # cryptsetup
- # mount
- # util-linux
- # systemd
- # untilport
- # ];
- # serviceConfig = {
- # Restart = "always";
- # RestartSec = "15s";
- # ExecStart = "${pkgs.consul}/bin/consul lock container_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-start" ''
- # set -efux
- # trap ${pkgs.writers.writeDash "stop-${ctr.name}" ''
- # set -efux
- # /run/current-system/sw/bin/nixos-container stop ${ctr.name} || :
- # umount /var/lib/nixos-containers/${ctr.name}/var/state || :
- # cryptsetup luksClose ${ctr.name} || :
- # ''} INT TERM EXIT
- # consul kv put containers/${ctr.name}/host ${config.networking.hostName}
- # cryptsetup luksOpen --key-file /var/src/secrets/containers/${ctr.name}/luks /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name}
- # mkdir -p /var/lib/nixos-containers/${ctr.name}/var/state
- # mount /dev/mapper/${ctr.name} /var/lib/nixos-containers/${ctr.name}/var/state
- # ln -frs /var/lib/nixos-containers/${ctr.name}/var/state/var_src /var/lib/nixos-containers/${ctr.name}/var/src
- # /run/current-system/sw/bin/nixos-container start ${ctr.name}
- # set +x
- # until /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done
- # while /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null; do sleep 5; done
- # ''}";
- # };
- # };
-
- # users.groups."container_${ctr.name}" = {};
- # users.users."container_${ctr.name}" = {
- # group = "container_${ctr.name}";
- # isSystemUser = true;
- # home = "/var/lib/sync-containers3/${ctr.name}";
- # createHome = true;
- # homeMode = "705";
- # openssh.authorizedKeys.keys = [
- # config.krebs.users.lass.pubkey
- # ];
- # };
-
- # systemd.timers."${ctr.name}_syncer" = {
- # timerConfig = {
- # RandomizedDelaySec = 300;
- # };
- # };
- # systemd.services."${ctr.name}_syncer" = {
- # path = with pkgs; [
- # coreutils
- # rsync
- # openssh
- # systemd
- # ];
- # startAt = "*:0/1";
- # serviceConfig = {
- # User = "container_${ctr.name}";
- # LoadCredential = [
- # "ssh_key:${toString <secrets>}/containers/${ctr.name}/sync.key"
- # ];
- # ExecCondition = pkgs.writers.writeDash "${ctr.name}_checker" ''
- # set -efu
- # ! systemctl is-active --quiet container@${ctr.name}.service
- # '';
- # ExecStart = pkgs.writers.writeDash "${ctr.name}_syncer" ''
- # set -efu
- # rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk-image/disk $HOME/disk
- # '';
- # };
- # };
-
- # # networking
- # networking.networkmanager.unmanaged = [ "ctr0" ];
- # networking.interfaces.dummy0.virtual = true;
- # networking.bridges.ctr0.interfaces = [ "dummy0" ];
- # networking.interfaces.ctr0.ipv4.addresses = [{
- # address = "10.233.0.1";
- # prefixLength = 24;
- # }];
- # systemd.services."dhcpd-ctr0" = {
- # wantedBy = [ "multi-user.target" ];
- # after = [ "network.target" ];
- # serviceConfig = {
- # Type = "forking";
- # Restart = "always";
- # DynamicUser = true;
- # StateDirectory = "dhcpd-ctr0";
- # User = "dhcpd-ctr0";
- # Group = "dhcpd-ctr0";
- # AmbientCapabilities = [
- # "CAP_NET_RAW" # to send ICMP messages
- # "CAP_NET_BIND_SERVICE" # to bind on DHCP port (67)
- # ];
- # ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases";
- # ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" ''
- # default-lease-time 600;
- # max-lease-time 7200;
- # authoritative;
- # ddns-update-style interim;
- # log-facility local1; # see dhcpd.nix
-
- # option subnet-mask 255.255.255.0;
- # option routers 10.233.0.1;
- # # option domain-name-servers 8.8.8.8; # TODO configure dns server
- # subnet 10.233.0.0 netmask 255.255.255.0 {
- # range 10.233.0.10 10.233.0.250;
- # }
- # ''} ctr0";
- # };
- # };
-
-}
-