This commit is contained in:
Motiejus Jakštys 2024-07-30 23:06:33 +03:00
parent eb8f07c704
commit 1ae8bcb293
2 changed files with 140 additions and 0 deletions

View File

@ -246,6 +246,32 @@
} // inputs;
};
fra1-b = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
{ nixpkgs.overlays = overlays; }
agenix.nixosModules.default
home-manager.nixosModules.home-manager
./hosts/fra1-b/configuration.nix
./modules
#{
# age.secrets = {
# zfs-passphrase-vno1-oh2.file = ./secrets/vno1-oh2/zfs-passphrase.age;
# borgbackup-password.file = ./secrets/fra1-a/borgbackup-password.age;
# motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
# root-passwd-hash.file = ./secrets/root_passwd_hash.age;
# sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
# };
#}
];
specialArgs = {
inherit myData;
} // inputs;
};
fra1-a = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [

View File

@ -0,0 +1,114 @@
{ myData, modulesPath, ... }:
let
disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_50294864";
in
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ "kvm-intel" ];
loader.systemd-boot.enable = true;
initrd = {
kernelModules = [ "usb_storage" ];
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
];
};
};
fileSystems."/" = {
device = "${disk}-part1";
fsType = "btrfs";
};
swapDevices = [ { device = "${disk}-part2"; } ];
mj = {
stateVersion = "24.05";
timeZone = "UTC";
username = "motiejus";
base = {
users = {
enable = true;
root.initialPassword = "live";
user.initialPassword = "live";
#root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
#user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
};
unitstatus = {
enable = true;
email = "motiejus+alerts@jakstys.lt";
};
};
services = {
node_exporter.enable = true;
sshguard.enable = true;
tailscale.enable = true;
remote-builder.server = {
enable = true;
uidgid = myData.uidgid.remote-builder;
sshAllowSubnet = myData.subnets.tailscale.sshPattern;
publicKeys = map (h: myData.hosts.${h}.publicKey) [
"vno1-oh2.servers.jakst"
"fwminex.motiejus.jakst"
"mtworx.motiejus.jakst"
];
};
#postfix = {
# enable = true;
# saslPasswdPath = config.age.secrets.sasl-passwd.path;
#};
deployerbot = {
follower = {
publicKeys = [
myData.hosts."vno1-oh2.servers.jakst".publicKey
myData.hosts."fwminex.motiejus.jakst".publicKey
];
enable = true;
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
uidgid = myData.uidgid.updaterbot-deployee;
};
};
};
};
services = {
nsd = {
enable = true;
interfaces = [
"0.0.0.0"
"::"
];
zones = {
"jakstys.lt.".data = myData.jakstysLTZone;
"11sync.net.".data = myData.e11syncZone;
};
};
};
networking = {
hostName = "fra1-b";
domain = "servers.jakst";
useDHCP = true;
firewall = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [
22
53
];
};
};
nixpkgs.hostPlatform = "aarch64-linux";
}