commit ce8ce4878de2d9def524d521408662a70f268589
parent 66c2b4977462079a794d2f066d25cf8b2847fc33
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 12 Mar 2025 10:29:13 +0100
parent 66c2b4977462079a794d2f066d25cf8b2847fc33
Author: Katja (ctucx) <git@ctu.cx>
Date: Wed, 12 Mar 2025 10:29:13 +0100
rename `machines` to `nodes`
19 files changed, 123 insertions(+), 122 deletions(-)
D
|
121
-------------------------------------------------------------------------------
A
|
122
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/flake.nix b/flake.nix @@ -94,7 +94,7 @@ overlays.packages = final: prev: loadDir (path: path: final.callPackage path {}) ./packages/all; overlays.darwinPackages = final: prev: loadDir (path: path: final.callPackage path {}) ./packages/darwin; - nodes = loadDir importLoader ./machines; + nodes = loadDir importLoader ./nodes; lib = loadDir (path: path: import path inputs) ./lib; secrets = loadDir [(inputs.haumea.lib.matchers.extension "age" pathLoader)] ./secrets;
diff --git a/machines/hector/default.nix b/machines/hector/default.nix @@ -1,120 +0,0 @@ -{ - - system = "x86_64-linux"; - - sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILONdCJED/Lmd215tO8KBkJSl1E9ZdMyC+syxSqmo7o"; - - interface = "ens3"; - - ip4IsPrivate = false; - ip4Address = "194.59.205.194"; - ip4PrefixLength = 22; - defaultGateway4 = "194.59.204.1"; - - ip6IsPrivate = false; - ip6Address = "2a03:4000:34:23e::1"; - ip6PrefixLength = 64; - defaultGateway6 = "fe80::1"; - - configuration = { node, secrets, config, dnsNix, ctucxConfig, lib, pkgs, ... }: { - - imports = [ - ./hardware-configuration.nix - - ctucxConfig.services.prometheus-exporters - ctucxConfig.services.dns-server - ctucxConfig.services.syncthingNginx - - # website / webservices - ctucxConfig.websites."ctu.cx" - ctucxConfig.websites."things.ctu.cx" - ctucxConfig.websites."bikemap.ctu.cx" - ctucxConfig.websites."photos.ctu.cx" - ctucxConfig.websites."grocy.ctu.cx" - - # monitoring - ctucxConfig.websites."prometheus.ctu.cx" - ctucxConfig.websites."grafana.ctu.cx" - - # cal-/card-dav server (radicale) - ctucxConfig.websites."dav.ctu.cx" - - # vaultwarden password-store - ctucxConfig.websites."vault.ctu.cx" - - # git server (gitolite+stagit) - ctucxConfig.websites."git.ctu.cx" - - # fediverse server (gotosocial) - ctucxConfig.websites."fedi.ctu.cx" - - # mailserver - ctucxConfig.services.mailserver - - # matrix server - ctucxConfig.services.matrix-synapse - ctucxConfig.services.mautrix-whatsapp - ]; - - dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = dnsNix.combinators.host node.ip4Address node.ip6Address; - - age.secrets.resticServerBriefkasten.file = secrets.allNodes.resticServer.briefkasten; - age.secrets.resticServerWanderduene.file = secrets.allNodes.resticServer.wanderduene; - - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - port = 22; - hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; - authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); - }; - - postCommands = '' - ip link set dev ${node.interface} up - - ip addr add ${node.ip4Address}/${toString node.ip4PrefixLength} dev ${node.interface} - ip route add default via ${node.defaultGateway4} dev ${node.interface} onlink - - ip addr add ${node.ip6Address}/${toString node.ip6PrefixLength} dev ${node.interface} - ip route add default via ${node.defaultGateway6} dev ${node.interface} onlink - - echo 'cryptsetup-askpass' >> /root/.profile - ''; - }; - - networking = { - useNetworkd = true; - useDHCP = false; - - nftables.enable = true; - firewall.enable = true; - - nameservers = [ "8.8.8.8" "1.1.1.1" ]; - - defaultGateway.interface = node.interface; - defaultGateway.address = node.defaultGateway4; - - defaultGateway6.interface = node.interface; - defaultGateway6.address = node.defaultGateway6; - - interfaces.ens3.ipv4.addresses = [{ - address = node.ip4Address; - prefixLength = node.ip4PrefixLength; - }]; - - interfaces.ens3.ipv6.addresses = [{ - address = node.ip6Address; - prefixLength = node.ip6PrefixLength; - }]; - }; - - services.syncthing.dataDir = "/home/katja/syncthing"; - services.email-notify.enable = true; - - system.stateVersion = "24.11"; - home-manager.users.katja.home.stateVersion = "24.11"; - - }; - -}- \ No newline at end of file
diff --git a/nodes/hector/default.nix b/nodes/hector/default.nix @@ -0,0 +1,121 @@ +{ + + system = "x86_64-linux"; + + sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILONdCJED/Lmd215tO8KBkJSl1E9ZdMyC+syxSqmo7o"; + + interface = "ens3"; + + ip4IsPrivate = false; + ip4Address = "194.59.205.194"; + ip4PrefixLength = 22; + defaultGateway4 = "194.59.204.1"; + + ip6IsPrivate = false; + ip6Address = "2a03:4000:34:23e::1"; + ip6PrefixLength = 64; + defaultGateway6 = "fe80::1"; + + configuration = { node, secrets, config, dnsNix, ctucxConfig, lib, pkgs, ... }: { + + imports = [ + ./hardware-configuration.nix + + ctucxConfig.services.prometheus-exporters + ctucxConfig.services.dns-server + ctucxConfig.services.syncthingNginx + + # website / webservices + ctucxConfig.websites."ctu.cx" + ctucxConfig.websites."things.ctu.cx" + ctucxConfig.websites."bikemap.ctu.cx" + ctucxConfig.websites."photos.ctu.cx" + ctucxConfig.websites."oeffi.katja.wtf" + ctucxConfig.websites."grocy.ctu.cx" + + # monitoring + ctucxConfig.websites."prometheus.ctu.cx" + ctucxConfig.websites."grafana.ctu.cx" + + # cal-/card-dav server (radicale) + ctucxConfig.websites."dav.ctu.cx" + + # vaultwarden password-store + ctucxConfig.websites."vault.ctu.cx" + + # git server (gitolite+stagit) + ctucxConfig.websites."git.ctu.cx" + + # fediverse server (gotosocial) + ctucxConfig.websites."fedi.ctu.cx" + + # mailserver + ctucxConfig.services.mailserver + + # matrix server + ctucxConfig.services.matrix-synapse + ctucxConfig.services.mautrix-whatsapp + ]; + + dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = dnsNix.combinators.host node.ip4Address node.ip6Address; + + age.secrets.resticServerBriefkasten.file = secrets.allNodes.resticServer.briefkasten; + age.secrets.resticServerWanderduene.file = secrets.allNodes.resticServer.wanderduene; + + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 22; + hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; + authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); + }; + + postCommands = '' + ip link set dev ${node.interface} up + + ip addr add ${node.ip4Address}/${toString node.ip4PrefixLength} dev ${node.interface} + ip route add default via ${node.defaultGateway4} dev ${node.interface} onlink + + ip addr add ${node.ip6Address}/${toString node.ip6PrefixLength} dev ${node.interface} + ip route add default via ${node.defaultGateway6} dev ${node.interface} onlink + + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + + nftables.enable = true; + firewall.enable = true; + + nameservers = [ "8.8.8.8" "1.1.1.1" ]; + + defaultGateway.interface = node.interface; + defaultGateway.address = node.defaultGateway4; + + defaultGateway6.interface = node.interface; + defaultGateway6.address = node.defaultGateway6; + + interfaces.ens3.ipv4.addresses = [{ + address = node.ip4Address; + prefixLength = node.ip4PrefixLength; + }]; + + interfaces.ens3.ipv6.addresses = [{ + address = node.ip6Address; + prefixLength = node.ip6PrefixLength; + }]; + }; + + services.syncthing.dataDir = "/home/katja/syncthing"; + services.email-notify.enable = true; + + system.stateVersion = "24.11"; + home-manager.users.katja.home.stateVersion = "24.11"; + + }; + +}+ \ No newline at end of file