motiejus/config
1
Fork 0
Code Packages Releases Activity

rm vno3-rp3b

Browse Source
This commit is contained in:
Motiejus Jakštys
2024-12-01 23:05:41 +02:00
parent 08c740909f
commit e079259376
6 changed files with 40 additions and 235 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
data.nix
View File

@@ -48,11 +48,6 @@ rec {
}; };
hosts = { hosts = {
"vno3-rp3b.servers.jakst" = rec {
extraHostNames = [ jakstIP ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBudUFFEBpUVdr26vLJup8Hk6wj1iDbOPPQnJbv6GUGC";
jakstIP = "100.89.176.2";
};
"fra1-b.servers.jakst" = rec { "fra1-b.servers.jakst" = rec {
extraHostNames = [ extraHostNames = [
"fra1-b.jakstys.lt" "fra1-b.jakstys.lt"

26
flake.nix
View File

@@ -194,21 +194,6 @@
} // inputs; } // inputs;
}; };
vno3-rp3b = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
{ nixpkgs.overlays = overlays; }
./hosts/vno3-rp3b/configuration.nix
./modules
agenix.nixosModules.default
home-manager.nixosModules.home-manager
];
specialArgs = {
inherit myData;
} // inputs;
};
fra1-b = nixpkgs.lib.nixosSystem { fra1-b = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
@@ -260,17 +245,6 @@
}; };
}; };
vno3-rp3b = {
hostname = myData.hosts."vno3-rp3b.servers.jakst".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
path = self.nixosConfigurations.vno3-rp3b.pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.vno3-rp3b;
user = "root";
};
};
};
fra1-b = { fra1-b = {
hostname = myData.hosts."fra1-b.servers.jakst".jakstIP; hostname = myData.hosts."fra1-b.servers.jakst".jakstIP;
profiles = { profiles = {

75
hosts/fwminex/configuration.nix
View File

@@ -496,42 +496,47 @@ in
enable = true; enable = true;
passwordPath = config.age.secrets.borgbackup-password.path; passwordPath = config.age.secrets.borgbackup-password.path;
sshKeyPath = "/etc/ssh/ssh_host_ed25519_key"; sshKeyPath = "/etc/ssh/ssh_host_ed25519_key";
dirs = builtins.concatMap ( dirs =
host: builtins.concatMap
let (
prefix = "${host}:${config.networking.hostName}.${config.networking.domain}"; host:
in let
[ prefix = "${host}:${config.networking.hostName}.${config.networking.domain}";
{ in
subvolume = "/var/lib"; [
repo = "${prefix}-var_lib"; {
paths = [ subvolume = "/var/lib";
"hass" repo = "${prefix}-var_lib";
"gitea" paths = [
"caddy" "hass"
"grafana" "gitea"
"headscale" "caddy"
"bitwarden_rs" "grafana"
"matrix-synapse" "headscale"
"private/soju" "bitwarden_rs"
"matrix-synapse"
"private/soju"
# https://immich.app/docs/administration/backup-and-restore/ # https://immich.app/docs/administration/backup-and-restore/
"immich/library" "immich/library"
"immich/upload" "immich/upload"
"immich/profile" "immich/profile"
"postgresql" "postgresql"
]; ];
patterns = [ "- gitea/data/repo-archive/" ]; patterns = [ "- gitea/data/repo-archive/" ];
backup_at = "*-*-* 01:00:01 UTC"; backup_at = "*-*-* 01:00:01 UTC";
} }
{ {
subvolume = "/home"; subvolume = "/home";
repo = "${prefix}-home-motiejus-annex2"; repo = "${prefix}-home-motiejus-annex2";
paths = [ "motiejus/annex2" ]; paths = [ "motiejus/annex2" ];
backup_at = "*-*-* 02:30:01 UTC"; backup_at = "*-*-* 02:30:01 UTC";
} }
] ]
); )
[
"zh2769@zh2769.rsync.net"
];
}; };
btrfssnapshot = { btrfssnapshot = {

166
hosts/vno3-rp3b/configuration.nix
View File

@@ -1,166 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{
config,
pkgs,
myData,
...
}:
{
imports = [ ../../modules/profiles/sdcard ];
age.secrets = {
motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
};
boot = {
initrd = {
availableKernelModules = [ "usbhid" ];
kernelModules = [
"vc4"
"bcm2835_dma"
];
luks.devices = {
luksdata = {
device = "/dev/disk/by-uuid/efa9b396-9ec0-40f7-a0d0-75edc0f6d5ad";
allowDiscards = true;
keyFileOffset = 9728;
keyFileSize = 512;
keyFile = "/dev/mmcblk1";
};
};
};
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
kernelModules = [ ];
extraModulePackages = [ ];
};
powerManagement.cpuFreqGovernor = "ondemand";
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
"/data" = {
device = "/dev/mapper/luksdata";
fsType = "btrfs";
options = [ "compress=zstd" ];
};
};
swapDevices = [ ];
mj = {
stateVersion = "23.05";
timeZone = "Europe/Vilnius";
username = "motiejus";
base = {
#zfs.enable = true;
users = {
enable = true;
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
};
unitstatus = {
enable = true;
email = "motiejus+alerts@jakstys.lt";
};
#snapshot = {
# enable = true;
# mountpoints = [ "/data/shared" ];
#};
};
services = {
printing.enable = true;
tailscale.enable = true;
node_exporter.enable = true;
ping_exporter.enable = true;
#borgstor = {
# enable = true;
# dataDir = "/data/borg";
# sshKeys = with myData; [
# hosts."fwminex.servers.jakst".publicKey
# people_pubkeys.motiejus
# ];
#};
postfix = {
enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path;
};
deployerbot = {
follower = {
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
enable = true;
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
uidgid = myData.uidgid.updaterbot-deployee;
};
};
#jakstpub = {
# enable = true;
# dataDir = "/data/shared";
# requires = [ "data-shared.mount" ];
# uidgid = myData.uidgid.jakstpub;
# hostname = "hdd.jakstys.lt";
#};
};
};
services = {
chrony.extraConfig = ''
makestep 1 -1
'';
# shared printing
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
publish = {
enable = true;
userServices = true;
};
};
printing = {
openFirewall = true;
allowFrom = [ "all" ];
browsing = true;
defaultShared = true;
};
};
environment.systemPackages = with pkgs; [
raspberrypi-eeprom
libraspberrypi
borgbackup
];
networking = {
hostId = "4bd17751";
hostName = "vno3-rp3b";
domain = "servers.jakst";
dhcpcd.enable = true;
firewall.rejectPackets = true;
};
nixpkgs.hostPlatform = "aarch64-linux";
security.rtkit.enable = true;
}

3
secrets.nix
View File

@@ -10,11 +10,9 @@ let
mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey; mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey; fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey;
vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.motiejus.jakst".publicKey; vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.motiejus.jakst".publicKey;
vno3-rp3b = (import ./data.nix).hosts."vno3-rp3b.servers.jakst".publicKey;
systems = [ systems = [
fra1-b fra1-b
vno1-gdrx vno1-gdrx
vno3-rp3b
fwminex fwminex
mtworx mtworx
]; ];
@@ -31,7 +29,6 @@ let
); );
in in
{ } { }
// mk ([ vno3-rp3b ] ++ motiejus) [ "secrets/vno3-rp3b/datapool-passphrase.age" ]
// mk ([ mtworx ] ++ motiejus) [ // mk ([ mtworx ] ++ motiejus) [
"secrets/motiejus_work_passwd_hash.age" "secrets/motiejus_work_passwd_hash.age"
"secrets/root_work_passwd_hash.age" "secrets/root_work_passwd_hash.age"

BIN
secrets/vno3-rp3b/datapool-passphrase.age
View File

Binary file not shown.