DGNum/lab-infra
8
1
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: DGNum:main
Branches Tags
DGNum:main
DGNum:staging
DGNum:small-minecraft-modded
DGNum:mumble
DGNum:homebox01_init
DGNum:dns01_ipv6
..
compare: DGNum:small-minecraft-modded
Branches Tags
DGNum:staging
DGNum:main
DGNum:small-minecraft-modded
DGNum:mumble
DGNum:homebox01_init
DGNum:dns01_ipv6

1 commit
main ... small-mine

Author SHA1 Message Date
catvayor
fd302adf08
feat(minecraft01): init
Some checks failed
Check meta / check_meta (push) Failing after 14s
Details
lint / check (push) Successful in 17s
Details
2025-01-14 17:14:57 +01:00
13 changed files with 102 additions and 190 deletions
Show stats Expand all files Collapse all files

16
machines/minecraft01/_configuration.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, ... }:
lib.extra.mkConfig {
enabledModules = [
# List of modules to enable
];
enabledServices = [
# List of services to enable
"minecraft"
];
extraConfig = { };
root = ./.;
}

38
machines/minecraft01/_hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
loader.systemd-boot.enable = true;
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/c36ca087-a08f-4a1a-a28f-6ab044b84036";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1759-C39E";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
networking.useDHCP = lib.mkDefault false;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

16
machines/minecraft01/minecraft.nix Normal file
View file

@ -0,0 +1,16 @@
{
pkgs,
config,
lib,
...
}:
{
services.minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
};
systemd.services.minecraft-server.serviceConfig.ExecStart = lib.mkForce ''
${pkgs.jre_headless}/bin/java -Xmx9G -jar ${config.services.minecraft-server.dataDir}/server.jar nogui
'';
}

3
machines/minecraft01/secrets/secrets.nix Normal file
View file

@ -0,0 +1,3 @@
(import ../../../keys).mkSecrets [ "minecraft01" ] [
# List of secrets for minecraft01
]

4
machines/roam01/_configuration.nix
View file

@ -8,12 +8,10 @@ lib.extra.mkConfig {
enabledServices = [
# List of services to enable
"wireguard"
"networking"
];
extraConfig = {
networking.interfaces.enp2s0.useDHCP = false;
networking.interfaces.enp3s0.useDHCP = false;
networking.interfaces.enp1s0.useDHCP = true;
};
root = ./.;

139
machines/roam01/networking.nix
View file

@ -1,139 +0,0 @@
{ config, ... }:
{
networking.firewall.trustedInterfaces = [ "wg0" ];
systemd.network = {
networks = {
"10-enp2s0" = {
name = "enp2s0";
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"10-enp3s0" = {
name = "enp3s0";
networkConfig = {
Bridge = "br1";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"20-vlan-apro" = {
name = "vlan-apro";
networkConfig = {
Bridge = "br1";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-gretap1" = {
name = "gretap1";
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-br0" = {
name = "br0";
networkConfig = {
VLAN = [ "vlan-apro" ];
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-br1" = {
name = "br1";
networkConfig = {
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-wg0" = {
name = "wg0";
address = [ "10.10.17.2/30" ];
networkConfig.Tunnel = "gretap1";
};
};
netdevs = {
"20-vlan-apro" = {
netdevConfig = {
Name = "vlan-apro";
Kind = "vlan";
};
vlanConfig.Id = 2000;
};
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = config.age.secrets."systemd-network-wg_vault01_key".path;
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [ "10.10.17.0/30" ];
PublicKey = "ijgcPnWWZ0njUJjsDNSGhlhVO40aUDD+zFLtw/1nfBY=";
Endpoint = "vault01.hyp01.infra.dgnum.eu:1194";
PersistentKeepalive = 25;
};
}
];
};
"50-br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
bridgeConfig = {
VLANFiltering = false;
STP = false;
};
};
"50-br1" = {
netdevConfig = {
Name = "br1";
Kind = "bridge";
};
bridgeConfig = {
VLANFiltering = false;
STP = false;
};
};
"50-gretap1" = {
netdevConfig = {
Name = "gretap1";
Kind = "gretap";
};
tunnelConfig = {
Local = "10.10.17.2";
Remote = "10.10.17.1";
};
};
};
};
}

3
machines/roam01/secrets/secrets.nix
View file

@ -1,5 +1,4 @@
(import ../../../keys).mkSecrets [ "roam01" ] [
# List of secrets for roam01
# List of secrets for router02
"systemd-network-wg_key"
"systemd-network-wg_vault01_key"
]

39
machines/roam01/secrets/systemd-network-wg_vault01_key
View file

@ -1,39 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA +b8R9Lkk3qno5HpIDIV9wg65KLwhzpcvnBV+j5D2Dzs
chHY0aJxdwuwChngmMZXLYj9TU2LIPwUssJbaPGIw/M
-> ssh-ed25519 QlRB9Q XzsvtKi2f9c5VAJDDL9l9w4CaoXl14RkvQlTHANOvBE
EEm5t9EfYPz/U8IwipCT9HeYxNZY7q4NdJcMZF6HLDQ
-> ssh-ed25519 r+nK/Q nWnplGOmsEbl2Q/ZLuV0v0qrKrH7AvxgbMITHC+jKG8
6d1lQNA55QS++Z0WGBVSyhgTzbqyD7H9H9THweyH0aw
-> ssh-rsa krWCLQ
ifYo/u+MBdBOUY8oKSnSNRxIVPjRaxU8Apf5kVu1diLOkuckWdwdvoIzqm+T5xGf
lF4XKrTGZNloiWj5h0OEv91afgD5M197HWxqxfEilNlfdfYwtpI3aIm5lnlp3W7t
gNlxehLEyHrGrYUbpEaTOiqTwTIMGbAchwbZ4YIbgtoBq/3K7L44gWxJB1XwfvHl
qdxB2iD/swgOGgS1o153Dn7AAd/MuJ+PTXYmGHWoAHNujPpCN8aZRvDg7e+Q1Xla
BpdaE3p4mcVhbF7uVllrppw0n1LpMgiOLkPiv1HjYJzbsKCQBf0jdNrSiEqlDObn
gUaDnd4rcrOWdcG75kUHkw
-> ssh-ed25519 /vwQcQ t0f5iikIE47bw7o/1+M8eEKtbDjXQRtoyE+wPNLVfmQ
+s33HNot9ovOVGVXhtpdW2Z3sKFMNNPnLLAZJeg+q5c
-> ssh-ed25519 0R97PA 7gzz2IcQxkmFVA/xbskEcNsEXYvLtYeHa2/M8vaLOzc
yTICGOtGiBhKKlttgvMU4EeTsrvtj2RysryIS+D0XD0
-> ssh-ed25519 JGx7Ng xbc1Degn+fjvUl20buHer1KMhNH+6g/bxJpgcs2C5EY
AcQWrjz+GxPrtqFS/ZcVAQfh28WneRqJvf0rZ2BpMIM
-> ssh-ed25519 bUjjig 5Urn7y2U1w5CRiuCreLJ7m7NZTXxJV4kfFWDpKBu0gI
5kB2pPF51NOon8lcuVgKD1HVOUuawe54Sf1dDG4kvaY
-> ssh-ed25519 5SY7Kg QVg5S/zxuda25YuwnBX0shaSc1e2lgjvwjfirlfbPRI
Uh90/WsKg24GKdch2UYSC0kgmFgTPQWEgdH0jePDrK0
-> ssh-ed25519 p/Mg4Q T+A2Wf6fDoNsPGFqM+T3rd5uMELONb5WTAnZjNSvxjI
TGXNeHk/n/ZP6FAHtDbVTbgQmkxp7kM6K4+2xah1TEg
-> ssh-ed25519 5rrg4g Aq6xc+UFnDRQmV7g4S2V6zJrBDOu88XwEflWMJcLlB8
37rARD2iQHhlYWWkTNyxrmOENXrj0uPciCN+TteZYJ4
-> ssh-ed25519 oRtTqQ oX88qv7t1BXoYhq+Mwxs2yLF2K+41pcWMghgqPGZ8l4
qLQ7YiUxjbmeK7g5DkKdTAHDouYZsKHw/DqOSL1VNFE
-> ssh-ed25519 F2C+8w Ji998tdt/Vkh4OSM+/uTjuPNC55xSZVvYIDSlIMYt0I
TZ+N864aLOXM7KJpdTXhKEFq8Rjhm88+JDVrXL6PY0g
-> ssh-ed25519 PMC4Bw babMt4TQ59hUaC5RIgAtSurlZqxNZ4zn6PovjOHxpHw
iRLb4TkqhELlHGwfPEezbfX7ZsHaIneSx1izlrDNtvY
-> ;F~-grease & :DkVW`pR $9&
UEoJooOslhrTj42WGUl1Js/AfqjXUvb9/H5SnERsuK3sWozOhgLUn7wbv/yQ/G7/
Ljf/j2G+QdLfnfB7pYU8XanwFgWtOG++ukG1ypf1q5AEct1x23XpGza9oQ
--- iHm57JGcwrljzXrZCEaHCB4IXLbcFh/2pRYQJXqaOkk
_?8éŸá±áÃ";Vjþë\Aã§ûÈþÎÛîh-F ([Ô‚:S•@­»-ü€5ÿ°!©6DvÊýÁ·ä:)-ë\´þ¶ÑA·

2
machines/roam01/wireguard.nix
View file

@ -21,7 +21,7 @@ in
{
age-secrets.autoMatch = [ "systemd-network" ];
networking.firewall.trustedInterfaces = [ "wg-mgmt" ];
networking.firewall.trustedInterfaces = [ "wg0" ];
systemd.network = {
networks = {
"50-wg-mgmt" = {

15
meta/network.nix
View file

@ -112,6 +112,21 @@ in
hostId = "4a370ef4";
};
minecraft01 = {
interfaces.ens18 = {
ipv4 = [
{
address = "129.199.146.46";
prefixLength = 24;
}
];
gateways = [ "129.199.146.254" ];
enableDefaultDNS = true;
};
hostId = "f0b2c1cd";
};
router02 = {
interfaces = { };

8
meta/nodes.nix
View file

@ -72,6 +72,14 @@ in
stateVersion = "24.05";
nixpkgs = "24.05";
};
minecraft01 = {
site = "pav01";
hashedPassword = "$y$j9T$PK0/EpPoPNwCa8aDb/Zfb0$X2Q.QaoDa8WP4sxt7ubwdbxSdDZxJ1.jQWHaT18iZpD";
stateVersion = "24.11";
nixpkgs = "unstable";
};
photo01 = {
site = "pav01";

3
meta/options.nix
View file

@ -124,7 +124,6 @@ in
external = mkOption {
type = attrsOf (listOf str);
default = { };
description = ''
External services used by the DGNum organization.
'';
@ -150,7 +149,6 @@ in
};
};
});
default = { };
description = ''
Administrator access of the different DGNum services,
it is mainly indicative as most services cannot configure this statically.
@ -338,7 +336,6 @@ in
netbirdIp = mkOption {
type = nullOr str;
default = null;
description = ''
IP address of the node in the netbird network.
'';

6
npins/sources.json
View file

@ -146,9 +146,9 @@
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
},
"branch": "main",
"revision": "c4ed095021f9b1100bb8936651357561926c4a4d",
"revision": "3ab3e49269d9e2536c8c5f78d4da673d7a3f5286",
"url": null,
"hash": "02m0j2c1y36l7h0i68x4qsmy9mckdi5hkl8dzgc6q59wnpnwgnyi"
"hash": "0b4k0gchxcdlmvs88403hdbidsxswigzxswcba7a3fxz9d884c4y"
},
"nixos-23.11": {
"type": "Channel",
@ -211,4 +211,4 @@
}
},
"version": 3
}
}