kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity
Files
38b2fd0bcceeed8da7eb736ff3ecc25d0680fa3e
infrastructure/machines/fanny/configuration.nix

181 lines
4.1 KiB
Nix
Raw Blame History

{ inputs, config, ... }:
let
sshKeys = import ../ssh_keys.nix;
in
{
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.wg_private = {};
sops.secrets.shop_auth = {};
imports =
[ # Include the results of the hardware scan.
#./hardware-configuration.nix
../modules/sshd.nix
../modules/minimal_tools.nix
../modules/autoupdate.nix
inputs.self.nixosModules.malobeo.vpn
inputs.self.nixosModules.malobeo.initssh
inputs.self.nixosModules.malobeo.disko
inputs.self.nixosModules.malobeo.microvm
inputs.self.nixosModules.malobeo.metrics
inputs.self.nixosModules.malobeo.users
inputs.self.nixosModules.malobeo.backup
];
virtualisation.vmVariantWithDisko = {
virtualisation = {
memorySize = 4096;
cores = 3;
};
};
malobeo.metrics = {
enable = true;
enablePromtail = true;
logNginx = true;
lokiHost = "10.0.0.14";
};
malobeo.autoUpdate = {
enable = true;
url = "https://hydra.dynamicdiscord.de";
project = "malobeo";
jobset = "infrastructure";
cacheurl = "https://cache.dynamicdiscord.de";
};
malobeo.backup = {
enable = true;
snapshots = [ "storage/encrypted" "zroot/encrypted/var" ];
};
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
#always update microvms
extraOptions = ''
tarball-ttl = 0
'';
};
malobeo.users = {
malobeo = true;
admin = true;
backup = true;
};
malobeo.disks = {
enable = true;
hostId = "a3c3101f";
root = {
disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381";
};
storage = {
enable = true;
disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"];
mirror = true;
};
};
systemd.tmpfiles.rules = [
"L /var/lib/microvms/data - - - - /data/microvms"
"d /data/microvms 0755 root root" #not needed for real host?
];
malobeo.initssh = {
enable = true;
authorizedKeys = sshKeys.admins;
ethernetDrivers = ["r8169"];
};
services.malobeo.vpn = {
enable = true;
name = "fanny";
privateKeyFile = config.sops.secrets.wg_private.path;
};
services.malobeo.microvm.enableHostBridge = true;
services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "nextcloud" "durruti" ];
networking = {
nat = {
enable = true;
externalInterface = "enp1s0";
internalInterfaces = [ "microvm" ];
};
firewall = {
allowedTCPPorts = [ 80 ];
};
};
services.nginx = {
enable = true;
virtualHosts."docs.malobeo.org" = {
locations."/" = {
proxyPass = "http://10.0.0.11:9000";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
virtualHosts."cloud.malobeo.org" = {
locations."/" = {
proxyPass = "http://10.0.0.13";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
virtualHosts."grafana.malobeo.org" = {
locations."/" = {
proxyPass = "http://10.0.0.14";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
virtualHosts."tasklist.malobeo.org" = {
locations."/" = {
proxyPass = "http://10.0.0.5:8080";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
virtualHosts."shop.malobeo.org" = {
# created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo'
# then content of foo.txt put into sops
basicAuthFile = config.sops.secrets.shop_auth.path;
locations."/" = {
proxyPass = "http://10.0.0.15:8080";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
};
services.tor = {
enable = true;
client.enable = true;
};
# needed for printing drivers
nixpkgs.config.allowUnfree = true;
services.acpid.enable = true;
networking.hostName = "fanny";
networking.networkmanager.enable = true;
virtualisation.vmVariant.virtualisation.graphics = false;
time.timeZone = "Europe/Berlin";
system.stateVersion = "23.05"; # Do.. Not.. Change..
}
Reference in New Issue View Git Blame Copy Permalink