DGNum/lab-infra
8
1
Fork 1
Code Issues1 Pull requests1 Projects Releases Packages Wiki Activity Actions

Compare commits

..

1 commit
main ... small-mine

Author SHA1 Message Date
catvayor
fd302adf08
feat(minecraft01): init 2025-01-14 17:14:57 +01:00
13 changed files with 102 additions and 190 deletions

16
machines/minecraft01/_configuration.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, ... }:
lib.extra.mkConfig {
enabledModules = [
# List of modules to enable
];
enabledServices = [
# List of services to enable
"minecraft"
];
extraConfig = { };
root = ./.;
}

38
machines/minecraft01/_hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
loader.systemd-boot.enable = true;
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/c36ca087-a08f-4a1a-a28f-6ab044b84036";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1759-C39E";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
networking.useDHCP = lib.mkDefault false;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

16
machines/minecraft01/minecraft.nix Normal file
View file

@ -0,0 +1,16 @@
{
pkgs,
config,
lib,
...
}:
{
services.minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
};
systemd.services.minecraft-server.serviceConfig.ExecStart = lib.mkForce ''
${pkgs.jre_headless}/bin/java -Xmx9G -jar ${config.services.minecraft-server.dataDir}/server.jar nogui
'';
}

3
machines/minecraft01/secrets/secrets.nix Normal file
View file

@ -0,0 +1,3 @@
(import ../../../keys).mkSecrets [ "minecraft01" ] [
# List of secrets for minecraft01
]

4
machines/roam01/_configuration.nix
View file

@ -8,12 +8,10 @@ lib.extra.mkConfig {
enabledServices = [ enabledServices = [
# List of services to enable # List of services to enable
"wireguard" "wireguard"
"networking"
]; ];
extraConfig = { extraConfig = {
networking.interfaces.enp2s0.useDHCP = false; networking.interfaces.enp1s0.useDHCP = true;
networking.interfaces.enp3s0.useDHCP = false;
}; };
root = ./.; root = ./.;

139
machines/roam01/networking.nix
View file

@ -1,139 +0,0 @@
{ config, ... }:
{
networking.firewall.trustedInterfaces = [ "wg0" ];
systemd.network = {
networks = {
"10-enp2s0" = {
name = "enp2s0";
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"10-enp3s0" = {
name = "enp3s0";
networkConfig = {
Bridge = "br1";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"20-vlan-apro" = {
name = "vlan-apro";
networkConfig = {
Bridge = "br1";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-gretap1" = {
name = "gretap1";
networkConfig = {
Bridge = "br0";
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-br0" = {
name = "br0";
networkConfig = {
VLAN = [ "vlan-apro" ];
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-br1" = {
name = "br1";
networkConfig = {
LinkLocalAddressing = false;
LLDP = false;
EmitLLDP = false;
IPv6AcceptRA = false;
IPv6SendRA = false;
};
};
"50-wg0" = {
name = "wg0";
address = [ "10.10.17.2/30" ];
networkConfig.Tunnel = "gretap1";
};
};
netdevs = {
"20-vlan-apro" = {
netdevConfig = {
Name = "vlan-apro";
Kind = "vlan";
};
vlanConfig.Id = 2000;
};
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = config.age.secrets."systemd-network-wg_vault01_key".path;
wireguardPeers = [
{
wireguardPeerConfig = {
AllowedIPs = [ "10.10.17.0/30" ];
PublicKey = "ijgcPnWWZ0njUJjsDNSGhlhVO40aUDD+zFLtw/1nfBY=";
Endpoint = "vault01.hyp01.infra.dgnum.eu:1194";
PersistentKeepalive = 25;
};
}
];
};
"50-br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
bridgeConfig = {
VLANFiltering = false;
STP = false;
};
};
"50-br1" = {
netdevConfig = {
Name = "br1";
Kind = "bridge";
};
bridgeConfig = {
VLANFiltering = false;
STP = false;
};
};
"50-gretap1" = {
netdevConfig = {
Name = "gretap1";
Kind = "gretap";
};
tunnelConfig = {
Local = "10.10.17.2";
Remote = "10.10.17.1";
};
};
};
};
}

3
machines/roam01/secrets/secrets.nix
View file

@ -1,5 +1,4 @@
(import ../../../keys).mkSecrets [ "roam01" ] [ (import ../../../keys).mkSecrets [ "roam01" ] [
# List of secrets for roam01 # List of secrets for router02
"systemd-network-wg_key" "systemd-network-wg_key"
"systemd-network-wg_vault01_key"
] ]

39
machines/roam01/secrets/systemd-network-wg_vault01_key
View file

@ -1,39 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA +b8R9Lkk3qno5HpIDIV9wg65KLwhzpcvnBV+j5D2Dzs
chHY0aJxdwuwChngmMZXLYj9TU2LIPwUssJbaPGIw/M
-> ssh-ed25519 QlRB9Q XzsvtKi2f9c5VAJDDL9l9w4CaoXl14RkvQlTHANOvBE
EEm5t9EfYPz/U8IwipCT9HeYxNZY7q4NdJcMZF6HLDQ
-> ssh-ed25519 r+nK/Q nWnplGOmsEbl2Q/ZLuV0v0qrKrH7AvxgbMITHC+jKG8
6d1lQNA55QS++Z0WGBVSyhgTzbqyD7H9H9THweyH0aw
-> ssh-rsa krWCLQ
ifYo/u+MBdBOUY8oKSnSNRxIVPjRaxU8Apf5kVu1diLOkuckWdwdvoIzqm+T5xGf
lF4XKrTGZNloiWj5h0OEv91afgD5M197HWxqxfEilNlfdfYwtpI3aIm5lnlp3W7t
gNlxehLEyHrGrYUbpEaTOiqTwTIMGbAchwbZ4YIbgtoBq/3K7L44gWxJB1XwfvHl
qdxB2iD/swgOGgS1o153Dn7AAd/MuJ+PTXYmGHWoAHNujPpCN8aZRvDg7e+Q1Xla
BpdaE3p4mcVhbF7uVllrppw0n1LpMgiOLkPiv1HjYJzbsKCQBf0jdNrSiEqlDObn
gUaDnd4rcrOWdcG75kUHkw
-> ssh-ed25519 /vwQcQ t0f5iikIE47bw7o/1+M8eEKtbDjXQRtoyE+wPNLVfmQ
+s33HNot9ovOVGVXhtpdW2Z3sKFMNNPnLLAZJeg+q5c
-> ssh-ed25519 0R97PA 7gzz2IcQxkmFVA/xbskEcNsEXYvLtYeHa2/M8vaLOzc
yTICGOtGiBhKKlttgvMU4EeTsrvtj2RysryIS+D0XD0
-> ssh-ed25519 JGx7Ng xbc1Degn+fjvUl20buHer1KMhNH+6g/bxJpgcs2C5EY
AcQWrjz+GxPrtqFS/ZcVAQfh28WneRqJvf0rZ2BpMIM
-> ssh-ed25519 bUjjig 5Urn7y2U1w5CRiuCreLJ7m7NZTXxJV4kfFWDpKBu0gI
5kB2pPF51NOon8lcuVgKD1HVOUuawe54Sf1dDG4kvaY
-> ssh-ed25519 5SY7Kg QVg5S/zxuda25YuwnBX0shaSc1e2lgjvwjfirlfbPRI
Uh90/WsKg24GKdch2UYSC0kgmFgTPQWEgdH0jePDrK0
-> ssh-ed25519 p/Mg4Q T+A2Wf6fDoNsPGFqM+T3rd5uMELONb5WTAnZjNSvxjI
TGXNeHk/n/ZP6FAHtDbVTbgQmkxp7kM6K4+2xah1TEg
-> ssh-ed25519 5rrg4g Aq6xc+UFnDRQmV7g4S2V6zJrBDOu88XwEflWMJcLlB8
37rARD2iQHhlYWWkTNyxrmOENXrj0uPciCN+TteZYJ4
-> ssh-ed25519 oRtTqQ oX88qv7t1BXoYhq+Mwxs2yLF2K+41pcWMghgqPGZ8l4
qLQ7YiUxjbmeK7g5DkKdTAHDouYZsKHw/DqOSL1VNFE
-> ssh-ed25519 F2C+8w Ji998tdt/Vkh4OSM+/uTjuPNC55xSZVvYIDSlIMYt0I
TZ+N864aLOXM7KJpdTXhKEFq8Rjhm88+JDVrXL6PY0g
-> ssh-ed25519 PMC4Bw babMt4TQ59hUaC5RIgAtSurlZqxNZ4zn6PovjOHxpHw
iRLb4TkqhELlHGwfPEezbfX7ZsHaIneSx1izlrDNtvY
-> ;F~-grease & :DkVW`pR $9&
UEoJooOslhrTj42WGUl1Js/AfqjXUvb9/H5SnERsuK3sWozOhgLUn7wbv/yQ/G7/
Ljf/j2G+QdLfnfB7pYU8XanwFgWtOG++ukG1ypf1q5AEct1x23XpGza9oQ
--- iHm57JGcwrljzXrZCEaHCB4IXLbcFh/2pRYQJXqaOkk
_?8éŸá±áÃ";Vjþë\Aã§ûÈþÎÛîh-F ([Ô‚:S•@­»-ü€5ÿ°!©6DvÊýÁ·ä:)-ë\´þ¶ÑA·

2
machines/roam01/wireguard.nix
View file

@ -21,7 +21,7 @@ in
{ {
age-secrets.autoMatch = [ "systemd-network" ]; age-secrets.autoMatch = [ "systemd-network" ];
networking.firewall.trustedInterfaces = [ "wg-mgmt" ]; networking.firewall.trustedInterfaces = [ "wg0" ];
systemd.network = { systemd.network = {
networks = { networks = {
"50-wg-mgmt" = { "50-wg-mgmt" = {

15
meta/network.nix
View file

@ -112,6 +112,21 @@ in
hostId = "4a370ef4"; hostId = "4a370ef4";
}; };
minecraft01 = {
interfaces.ens18 = {
ipv4 = [
{
address = "129.199.146.46";
prefixLength = 24;
}
];
gateways = [ "129.199.146.254" ];
enableDefaultDNS = true;
};
hostId = "f0b2c1cd";
};
router02 = { router02 = {
interfaces = { }; interfaces = { };

8
meta/nodes.nix
View file

@ -72,6 +72,14 @@ in
stateVersion = "24.05"; stateVersion = "24.05";
nixpkgs = "24.05"; nixpkgs = "24.05";
}; };
minecraft01 = {
site = "pav01";
hashedPassword = "$y$j9T$PK0/EpPoPNwCa8aDb/Zfb0$X2Q.QaoDa8WP4sxt7ubwdbxSdDZxJ1.jQWHaT18iZpD";
stateVersion = "24.11";
nixpkgs = "unstable";
};
photo01 = { photo01 = {
site = "pav01"; site = "pav01";

3
meta/options.nix
View file

@ -124,7 +124,6 @@ in
external = mkOption { external = mkOption {
type = attrsOf (listOf str); type = attrsOf (listOf str);
default = { };
description = '' description = ''
External services used by the DGNum organization. External services used by the DGNum organization.
''; '';
@ -150,7 +149,6 @@ in
}; };
}; };
}); });
default = { };
description = '' description = ''
Administrator access of the different DGNum services, Administrator access of the different DGNum services,
it is mainly indicative as most services cannot configure this statically. it is mainly indicative as most services cannot configure this statically.
@ -338,7 +336,6 @@ in
netbirdIp = mkOption { netbirdIp = mkOption {
type = nullOr str; type = nullOr str;
default = null;
description = '' description = ''
IP address of the node in the netbird network. IP address of the node in the netbird network.
''; '';

6
npins/sources.json
View file

@ -146,9 +146,9 @@
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs" "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
}, },
"branch": "main", "branch": "main",
"revision": "c4ed095021f9b1100bb8936651357561926c4a4d", "revision": "3ab3e49269d9e2536c8c5f78d4da673d7a3f5286",
"url": null, "url": null,
"hash": "02m0j2c1y36l7h0i68x4qsmy9mckdi5hkl8dzgc6q59wnpnwgnyi" "hash": "0b4k0gchxcdlmvs88403hdbidsxswigzxswcba7a3fxz9d884c4y"
}, },
"nixos-23.11": { "nixos-23.11": {
"type": "Channel", "type": "Channel",
@ -211,4 +211,4 @@
} }
}, },
"version": 3 "version": 3
} }