vno1-rp3b

This commit is contained in:
Motiejus Jakštys 2023-08-15 07:09:11 +03:00
parent ac2cdc0696
commit 4354cde55e
4 changed files with 122 additions and 2 deletions

View File

@ -98,6 +98,25 @@
specialArgs = {inherit myData;} // inputs; specialArgs = {inherit myData;} // inputs;
}; };
nixosConfigurations.vno1-rp3b = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
./hosts/vno1-rp3b/configuration.nix
./modules
agenix.nixosModules.default
{
age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age;
age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
}
];
specialArgs = {inherit myData;} // inputs;
};
deploy.nodes.hel1-a = { deploy.nodes.hel1-a = {
hostname = myData.hosts."hel1-a.servers.jakst".jakstIP; hostname = myData.hosts."hel1-a.servers.jakst".jakstIP;
profiles = { profiles = {
@ -122,6 +141,18 @@
}; };
}; };
deploy.nodes.vno1-rp3b = {
hostname = "192.168.189.66";
profiles = {
system = {
sshUser = "root";
path =
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vno1-rp3b;
user = "root";
};
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
} }
// flake-utils.lib.eachDefaultSystem (system: let // flake-utils.lib.eachDefaultSystem (system: let

View File

@ -0,0 +1,84 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{
config,
pkgs,
myData,
...
}: {
# previously:
# imports = [(modulesPath + "/installer/scan/not-detected.nix")];
# as of 23.05 that is:
hardware.enableRedistributableFirmware = true;
boot.initrd.availableKernelModules = ["usbhid"];
boot.initrd.kernelModules = [];
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [];
mj = {
stateVersion = "23.05";
timeZone = "Europe/Vilnius";
base = {
users.passwd = {
root.passwordFile = config.age.secrets.root-passwd-hash.path;
motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path;
};
unitstatus = {
enable = true;
email = "motiejus+alerts@jakstys.lt";
};
};
services = {
postfix = {
enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path;
};
};
};
services.tailscale.enable = true;
networking = {
hostId = "4bd17751";
hostName = "vno1-rp3b";
domain = "servers.jakst";
defaultGateway = "192.168.189.4";
nameservers = ["192.168.189.4"];
interfaces.enp3s0.ipv4.addresses = [
{
address = "192.168.189.5";
prefixLength = 24;
}
];
firewall = {
allowedUDPPorts = [];
allowedTCPPorts = [];
logRefusedConnections = false;
checkReversePath = "loose"; # for tailscale
};
};
powerManagement.cpuFreqGovernor = "ondemand";
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

View File

@ -131,7 +131,9 @@
programs = { programs = {
mtr.enable = true; mtr.enable = true;
sysdig.enable = true;
sysdig.enable = pkgs.stdenv.hostPlatform.system == "x86_64-linux";
neovim = { neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;

View File

@ -9,7 +9,10 @@
options.mj.base.unitstatus = with lib.types; { options.mj.base.unitstatus = with lib.types; {
enable = lib.mkEnableOption "alert by email on unit failure"; enable = lib.mkEnableOption "alert by email on unit failure";
email = lib.mkOption {type = str;}; email = lib.mkOption {type = str;};
units = lib.mkOption {type = listOf str;}; units = lib.mkOption {
type = listOf str;
default = [];
};
}; };
config = lib.mkIf config.mj.base.unitstatus.enable { config = lib.mkIf config.mj.base.unitstatus.enable {