machines: add new host

This commit is contained in:
Dmitriy Pleshevskiy 2023-03-02 13:09:07 +03:00
parent 15aab14759
commit 26dd3d4db1
Signed by: pleshevskiy
GPG key ID: 79C4487B44403985
11 changed files with 70 additions and 46 deletions

View file

@ -23,7 +23,8 @@ MACHINES := \
asus-gl553vd
VPS := \
magenta
magenta \
canigou
help:
cat Makefile

View file

@ -114,7 +114,10 @@
RULES = "./.agenix_config.nix";
};
tools = pkgs.mkShell {
packages = [ pkgs.gucharmap ];
packages = with pkgs; [
gucharmap
wireguard-tools
];
};
};
})

View file

@ -0,0 +1,22 @@
{ ... }:
let
data = import ../../data.nix;
in
{
imports = [
./hardware-configuration.nix
./networking.secret.nix # generated at runtime by nixos-infect
../modules/common.nix
../modules/fail2ban.nix
];
boot.cleanTmpDir = true;
zramSwap.enable = true;
networking.hostName = "canigou";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
}

View file

@ -0,0 +1,9 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
}

Binary file not shown.

View file

@ -2,6 +2,15 @@
let
hardware = inputs.hardware.nixosModules;
inherit (inputs.nixpkgs) lib;
inherit (builtins) head;
getTargetHost = file:
let
net = import file { inherit lib; };
ipv4addrs = net.networking.interfaces.eth0.ipv4.addresses;
in
(head ipv4addrs).address;
in
{
home = {
@ -37,10 +46,18 @@ in
magenta = {
system = "x86_64-linux";
targetHost = "45.131.41.215";
targetHost =
getTargetHost ./magenta/networking.secret.nix;
extraModules = [
inputs.mailserver.nixosModule
];
};
canigou = {
system = "x86_64-linux";
targetHost =
getTargetHost ./canigou/networking.secret.nix;
};
}

View file

@ -6,11 +6,12 @@ in
{
imports = [
./hardware-configuration.nix
./networking.nix # generated at runtime by nixos-infect
./networking.secret.nix # generated at runtime by nixos-infect
../modules/common.nix
../modules/nix.nix
../modules/nginx.nix
../modules/fail2ban.nix
./services/mailserver.nix
./services/gitea.nix
@ -18,6 +19,7 @@ in
boot.cleanTmpDir = true;
zramSwap.enable = true;
networking.hostName = "magenta";
services.openssh.enable = true;
@ -27,13 +29,4 @@ in
acceptTerms = true;
defaults.email = "dmitriy@pleshevski.ru";
};
services.fail2ban = {
enable = true;
bantime-increment = {
enable = true;
factor = "4";
maxtime = "48h";
};
};
}

View file

@ -1,33 +0,0 @@
{ lib, ... }:
{
# This file was populated at runtime with the networking
# details gathered from the active system.
networking = {
nameservers = [
"188.93.16.19"
"188.93.17.19"
"8.8.8.8"
];
defaultGateway = "45.131.41.1";
defaultGateway6 = "";
dhcpcd.enable = false;
usePredictableInterfaceNames = lib.mkForce false;
interfaces = {
eth0 = {
ipv4.addresses = [
{ address = "45.131.41.215"; prefixLength = 24; }
];
ipv6.addresses = [
{ address = "fe80::f816:3eff:fe58:d30a"; prefixLength = 64; }
];
ipv4.routes = [{ address = "45.131.41.1"; prefixLength = 32; }];
# ipv6.routes = [{ address = ""; prefixLength = 128; }];
};
};
};
services.udev.extraRules = ''
ATTR{address}=="fa:16:3e:58:d3:0a", NAME="eth0"
'';
}

Binary file not shown.

View file

@ -0,0 +1,12 @@
{ ... }:
{
services.fail2ban = {
enable = true;
bantime-increment = {
enable = true;
factor = "4";
maxtime = "48h";
};
};
}