lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

nixos on watcher

Browse source
This commit is contained in:
catvayor 2024-06-18 09:47:57 +02:00
parent 2e98ba6e2f
commit 1d62b2065f
7 changed files with 305 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
hive.nix
View file

@ -10,6 +10,7 @@ in
}; };
defaults = defaults =
{ {
nodes,
name, name,
pkgs, pkgs,
lib, lib,
@ -34,14 +35,13 @@ in
"nixpkgs=${builtins.storePath pkgs.path}" "nixpkgs=${builtins.storePath pkgs.path}"
"nixos=${builtins.storePath pkgs.path}" "nixos=${builtins.storePath pkgs.path}"
]; ];
channel.enable = false;
package = pkgs.lix; package = pkgs.lix;
}; };
system.build.anywhere = pkgs.writeShellApplication { system.build.anywhere = pkgs.writeShellApplication {
name = "anywhere-deploy_${name}.sh"; name = "anywhere-deploy_${name}.sh";
runtimeInputs = [ pkgs.nixos-anywhere ]; runtimeInputs = [ pkgs.nixos-anywhere ];
text = '' text = ''
nixos-anywhere --store-paths ${config.system.build.diskoScriptNoDeps} ${config.system.build.toplevel} ${config.deployment.targetHost} nixos-anywhere --kexec ${nodes.kat-kexec.config.system.build.kexecTarball}/${nodes.kat-kexec.config.system.kexec-installer.name}-${pkgs.stdenv.hostPlatform.system}.tar.gz --store-paths ${config.system.build.diskoScriptNoDeps} ${config.system.build.toplevel} ${config.deployment.targetHost}
''; '';
}; };
}; };
@ -121,6 +121,16 @@ in
]; ];
}; };
kat-watcher =
{ name, nodes, ... }:
{
deployment.targetHost = "watcher.kat";
imports = [
./machines/kat-watcher
(users.root { ssh = true; })
];
};
kat-iso = kat-iso =
{ {
name, name,
@ -155,4 +165,44 @@ in
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ]; boot.kernelParams = [ "console=ttyS0" ];
}; };
kat-kexec =
{
name,
pkgs,
modulesPath,
lib,
...
}:
{
deployment = {
allowLocalDeployment = false;
targetHost = null;
};
imports = [
("${sources.nixos-images}/nix/kexec-installer/module.nix")
(users.root { ssh = true; })
];
networking = {
networkmanager.enable = false;
wireless.enable = false;
};
console.keyMap = "fr";
environment.systemPackages = with pkgs; [
perl
git
];
programs.zsh.enable = true;
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
boot.supportedFilesystems = {
bcachefs = true;
zfs = lib.mkForce false;
};
};
} }

34
machines/kat-r86s/configuration.nix
View file

@ -114,6 +114,10 @@
recommendedProxySettings = true; recommendedProxySettings = true;
proxyPass = "http://192.168.122.2/"; proxyPass = "http://192.168.122.2/";
}; };
"traque.katvayor.net".locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://192.168.122.4/";
};
}; };
streamConfig = '' streamConfig = ''
upstream kat-virt { upstream kat-virt {
@ -123,18 +127,32 @@
listen 22000; listen 22000;
proxy_pass kat-virt; proxy_pass kat-virt;
} }
upstream kat-traque {
server 192.168.122.4:22;
}
server {
listen 22001;
proxy_pass kat-virt;
}
''; '';
}; };
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ networking.firewall = {
22 allowedTCPPorts = [
53 22
80 53
443 80
22000 443
]; ];
networking.firewall.allowedUDPPorts = [ 67 ]; allowedTCPPortRanges = [
{
from = 22000;
to = 22100;
}
];
allowedUDPPorts = [ 67 ];
};
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;

138
machines/kat-watcher/default.nix Normal file
View file

@ -0,0 +1,138 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./disks.nix
];
boot = {
loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
supportedFilesystems = [ "bcachefs" ];
kernelPackages = pkgs.linuxPackages_latest;
};
time.timeZone = "Europe/Paris";
networking = {
useNetworkd = true;
useDHCP = false;
};
systemd.network = {
enable = true;
networks."10-ens3" = {
name = "ens3";
address = [
"51.83.69.54/32"
"2001:41d0:305:2100::5c52/56"
];
routes = [
{ Destination = "51.83.68.1/32"; }
{
Destination = "213.186.33.99/32";
Gateway = "51.83.68.1";
}
{ Gateway = "51.83.68.1"; }
{ Gateway = "2001:41d0:305:2100::1"; }
];
dns = [ "213.186.33.99" ];
};
};
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "fr";
};
security.acme = {
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
services.nginx = {
enable = true;
virtualHosts = {
"degette.katvayor.net" = {
enableACME = true;
forceSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://100.102.49.84/";
};
};
"traque.katvayor.net" = {
enableACME = true;
forceSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://100.102.49.84/";
};
};
};
streamConfig = ''
upstream kat-virt {
server 100.102.49.84:22000;
}
server {
listen 22000;
proxy_pass kat-virt;
}
upstream kat-traque {
server 100.102.49.84:22001;
}
server {
listen 22001;
proxy_pass kat-virt;
}
'';
};
services.dbus.packages = with pkgs; [ dconf ];
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
wget
nix-search-cli
git
btop
ranger
screen
];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.openssh.enable = true;
services.netbird.enable = true;
networking = {
nftables.enable = true;
firewall = {
allowedTCPPorts = [
22
80
443
];
allowedTCPPortRanges = [
{
from = 22000;
to = 22100;
}
];
};
};
system.stateVersion = "23.11";
}

37
machines/kat-watcher/disks.nix Normal file
View file

@ -0,0 +1,37 @@
{
disko.devices = {
disk = {
sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
type = "EF02";
size = "1M";
priority = 1;
};
ESP = {
type = "EF00";
size = "100M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "bcachefs";
mountpoint = "/";
};
};
};
};
};
};
};
}

31
machines/kat-watcher/hardware-configuration.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

2
modules/ssh.nix
View file

@ -10,7 +10,7 @@
}; };
"watcher.kat" = { "watcher.kat" = {
user = "ubuntu"; user = "root";
hostname = "watcher.katvayor.net"; hostname = "watcher.katvayor.net";
}; };
"r86s.kat" = { "r86s.kat" = {

28
npins/sources.json
View file

@ -8,9 +8,9 @@
"repo": "agenix" "repo": "agenix"
}, },
"branch": "main", "branch": "main",
"revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "revision": "3a56735779db467538fb2e577eda28a9daacaca6",
"url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz", "url": "https://github.com/ryantm/agenix/archive/3a56735779db467538fb2e577eda28a9daacaca6.tar.gz",
"hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah" "hash": "1h66zapc6im07k3kcgvhy3lhzahb70vd6m2ijhz4i0v6mn5l3fk9"
}, },
"disko": { "disko": {
"type": "GitRelease", "type": "GitRelease",
@ -35,15 +35,27 @@
"repo": "home-manager" "repo": "home-manager"
}, },
"branch": "master", "branch": "master",
"revision": "0eb314b4f0ba337e88123e0b1e57ef58346aafd9", "revision": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
"url": "https://github.com/nix-community/home-manager/archive/0eb314b4f0ba337e88123e0b1e57ef58346aafd9.tar.gz", "url": "https://github.com/nix-community/home-manager/archive/0a7ffb28e5df5844d0e8039c9833d7075cdee792.tar.gz",
"hash": "1fwcxx8ilkih855g2dk9n9wvhizkxy1r16x414n3rchqg8knybhw" "hash": "1qd5sdpgpadd0972gmngjl0gf96h4cz0xvmv0186pgj6xgzc7amh"
},
"nixos-images": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "nix-community",
"repo": "nixos-images"
},
"branch": "main",
"revision": "42b13bbd6fce3bcf6272a6ed664a23b9417b82c2",
"url": "https://github.com/nix-community/nixos-images/archive/42b13bbd6fce3bcf6272a6ed664a23b9417b82c2.tar.gz",
"hash": "1ap3z694mjbfrwa2ddqlq1sqbwqy6xrq0r68blwr53cn7nx0rn4f"
}, },
"nixpkgs": { "nixpkgs": {
"type": "Channel", "type": "Channel",
"name": "nixpkgs-unstable", "name": "nixpkgs-unstable",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre633168.6132b0f6e344/nixexprs.tar.xz", "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre639552.e6cea36f8349/nixexprs.tar.xz",
"hash": "0jli5364mw57krjc9csswc3xh1bvbjcv85hf81l9gx7fcp5qkswa" "hash": "0pii8c6wlh7wc6wxwhc85nyn3pk00qi3kn3jah2agf87cbmm9qdk"
} }
}, },
"version": 3 "version": 3