machines: add new host
This commit is contained in:
parent
15aab14759
commit
26dd3d4db1
11 changed files with 70 additions and 46 deletions
3
Makefile
3
Makefile
|
@ -23,7 +23,8 @@ MACHINES := \
|
|||
asus-gl553vd
|
||||
|
||||
VPS := \
|
||||
magenta
|
||||
magenta \
|
||||
canigou
|
||||
|
||||
help:
|
||||
cat Makefile
|
||||
|
|
|
@ -114,7 +114,10 @@
|
|||
RULES = "./.agenix_config.nix";
|
||||
};
|
||||
tools = pkgs.mkShell {
|
||||
packages = [ pkgs.gucharmap ];
|
||||
packages = with pkgs; [
|
||||
gucharmap
|
||||
wireguard-tools
|
||||
];
|
||||
};
|
||||
};
|
||||
})
|
||||
|
|
22
machines/canigou/default.nix
Normal file
22
machines/canigou/default.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ ... }:
|
||||
|
||||
let
|
||||
data = import ../../data.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./networking.secret.nix # generated at runtime by nixos-infect
|
||||
|
||||
../modules/common.nix
|
||||
../modules/fail2ban.nix
|
||||
];
|
||||
|
||||
boot.cleanTmpDir = true;
|
||||
zramSwap.enable = true;
|
||||
|
||||
networking.hostName = "canigou";
|
||||
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
|
||||
}
|
9
machines/canigou/hardware-configuration.nix
Normal file
9
machines/canigou/hardware-configuration.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||
boot.initrd.kernelModules = [ "nvme" ];
|
||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
}
|
BIN
machines/canigou/networking.secret.nix
Normal file
BIN
machines/canigou/networking.secret.nix
Normal file
Binary file not shown.
|
@ -2,6 +2,15 @@
|
|||
|
||||
let
|
||||
hardware = inputs.hardware.nixosModules;
|
||||
|
||||
inherit (inputs.nixpkgs) lib;
|
||||
inherit (builtins) head;
|
||||
getTargetHost = file:
|
||||
let
|
||||
net = import file { inherit lib; };
|
||||
ipv4addrs = net.networking.interfaces.eth0.ipv4.addresses;
|
||||
in
|
||||
(head ipv4addrs).address;
|
||||
in
|
||||
{
|
||||
home = {
|
||||
|
@ -37,10 +46,18 @@ in
|
|||
magenta = {
|
||||
system = "x86_64-linux";
|
||||
|
||||
targetHost = "45.131.41.215";
|
||||
targetHost =
|
||||
getTargetHost ./magenta/networking.secret.nix;
|
||||
|
||||
extraModules = [
|
||||
inputs.mailserver.nixosModule
|
||||
];
|
||||
};
|
||||
|
||||
canigou = {
|
||||
system = "x86_64-linux";
|
||||
|
||||
targetHost =
|
||||
getTargetHost ./canigou/networking.secret.nix;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,11 +6,12 @@ in
|
|||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./networking.nix # generated at runtime by nixos-infect
|
||||
./networking.secret.nix # generated at runtime by nixos-infect
|
||||
|
||||
../modules/common.nix
|
||||
../modules/nix.nix
|
||||
../modules/nginx.nix
|
||||
../modules/fail2ban.nix
|
||||
|
||||
./services/mailserver.nix
|
||||
./services/gitea.nix
|
||||
|
@ -18,6 +19,7 @@ in
|
|||
|
||||
boot.cleanTmpDir = true;
|
||||
zramSwap.enable = true;
|
||||
|
||||
networking.hostName = "magenta";
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
@ -27,13 +29,4 @@ in
|
|||
acceptTerms = true;
|
||||
defaults.email = "dmitriy@pleshevski.ru";
|
||||
};
|
||||
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
bantime-increment = {
|
||||
enable = true;
|
||||
factor = "4";
|
||||
maxtime = "48h";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
# This file was populated at runtime with the networking
|
||||
# details gathered from the active system.
|
||||
networking = {
|
||||
nameservers = [
|
||||
"188.93.16.19"
|
||||
"188.93.17.19"
|
||||
"8.8.8.8"
|
||||
];
|
||||
defaultGateway = "45.131.41.1";
|
||||
defaultGateway6 = "";
|
||||
dhcpcd.enable = false;
|
||||
usePredictableInterfaceNames = lib.mkForce false;
|
||||
interfaces = {
|
||||
eth0 = {
|
||||
ipv4.addresses = [
|
||||
{ address = "45.131.41.215"; prefixLength = 24; }
|
||||
];
|
||||
ipv6.addresses = [
|
||||
{ address = "fe80::f816:3eff:fe58:d30a"; prefixLength = 64; }
|
||||
];
|
||||
ipv4.routes = [{ address = "45.131.41.1"; prefixLength = 32; }];
|
||||
# ipv6.routes = [{ address = ""; prefixLength = 128; }];
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
services.udev.extraRules = ''
|
||||
ATTR{address}=="fa:16:3e:58:d3:0a", NAME="eth0"
|
||||
'';
|
||||
}
|
BIN
machines/magenta/networking.secret.nix
Normal file
BIN
machines/magenta/networking.secret.nix
Normal file
Binary file not shown.
12
machines/modules/fail2ban.nix
Normal file
12
machines/modules/fail2ban.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
bantime-increment = {
|
||||
enable = true;
|
||||
factor = "4";
|
||||
maxtime = "48h";
|
||||
};
|
||||
};
|
||||
}
|
Binary file not shown.
Loading…
Reference in a new issue