summaryrefslogtreecommitdiffstats
path: root/machines/jormungand
diff options
context:
space:
mode:
authorDominique Martinet @ jormungand <asmadeus@codewreck.org>2020-05-08 10:54:36 +0200
committerDominique Martinet @ jormungand <asmadeus@codewreck.org>2020-05-08 10:54:36 +0200
commit7056660a12e3d0bf24e032d4a51245e1bd606d51 (patch)
treed40a9e0a74f650a485cb640e807066354aa2832c /machines/jormungand
parente0bd9d4e088750cbfed608cba761abdbfaab5772 (diff)
refactoring: add common modules, move machine-specific stuff to machines/$HOSTNAME...
Diffstat (limited to 'machines/jormungand')
-rw-r--r--machines/jormungand/configuration.nix29
-rw-r--r--machines/jormungand/containers.nix127
-rw-r--r--machines/jormungand/hardware-configuration.nix30
-rw-r--r--machines/jormungand/network.nix31
4 files changed, 217 insertions, 0 deletions
diff --git a/machines/jormungand/configuration.nix b/machines/jormungand/configuration.nix
new file mode 100644
index 0000000..a1ad4ae
--- /dev/null
+++ b/machines/jormungand/configuration.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [
+ ./hardware-configuration.nix
+ ./network.nix
+ ./containers.nix
+ ../../modules/common.nix
+ ../../modules/users.nix
+ ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/sda";
+ boot.tmpOnTmpfs = false;
+
+ # number of parallel tasks
+ nix.buildCores = 4;
+ nix.maxJobs = 4;
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "20.03"; # Did you read the comment?
+}
diff --git a/machines/jormungand/containers.nix b/machines/jormungand/containers.nix
new file mode 100644
index 0000000..48ae465
--- /dev/null
+++ b/machines/jormungand/containers.nix
@@ -0,0 +1,127 @@
+{ config, lib, pkgs, ... }:
+
+let targetConfig = {
+ # minimal.nix a bit more explicit to speed things up
+ documentation.doc.enable = false;
+ documentation.enable = false;
+ documentation.info.enable = false;
+ documentation.man.enable = false;
+ documentation.nixos.enable = false;
+ environment.noXlibs = true;
+ i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
+
+ # prevent nixpkgs to get evaluated multiple times
+ # workaround for https://github.com/NixOS/nixpkgs/issues/65690
+ # also allows to use overlay packages within containers!
+ nixpkgs.pkgs = lib.mkForce pkgs;
+}; in
+{
+
+ containers.nginx = {
+ autoStart = true;
+ config = { config, pkgs, ... }: targetConfig // {
+ security.acme.acceptTerms = true;
+ security.acme.email = "nrfhrvn.ztnnzq-nfp@noclue.notk.org";
+ services.nginx = {
+ enable = true;
+ recommendedTlsSettings = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
+ virtualHosts."jormungand.codewreck.org" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:8080";
+ };
+ extraConfig = ''
+ auth_basic "mpd";
+ auth_basic_user_file /etc/nginx/mpd.htpasswd;
+ '';
+ };
+ };
+ environment.etc."nginx/mpd.htpasswd".text = ''
+ mpd:$6$jFVDaikg7ApzyPSe$ALjy6GmXV6XnKBuAbzRywqnUD/1ZNl50hLUOFIZ2dZuHVCLIzKr6WTl8x4KnCjOzDgIoS0udv7XPbDB6uyKXg/
+ '';
+ };
+ };
+
+ containers.mpd = {
+ autoStart = true;
+ bindMounts = {
+ "/var/lib/mpd/music" = { hostPath = "/home/asmadeus/zik"; };
+ };
+ config = { config, pkgs, ... }: targetConfig // {
+ services.mpd = {
+ enable = true;
+ extraConfig = ''
+ replaygain "auto"
+ volume_normalization "yes"
+ max_output_buffer_size "32768"
+ filesystem_charset "UTF-8"
+ id3v1_encoding "UTF-8"
+ audio_output {
+ type "httpd"
+ name "mpd"
+ encoder "vorbis" # optional, vorbis or lame
+ port "8080"
+ bind_to_address "127.0.0.1" # optional, IPv4 or IPv6
+ quality "5.0" # do not define if bitrate is defined
+ #bitrate "128" # do not define if quality is defined
+ format "44100:16:2"
+ max_clients "0" # optional 0=no limit
+ }
+ '';
+ };
+ environment.systemPackages = with pkgs; [ ashuffle ];
+ systemd.services.ashuffle = {
+ description = "Automagically adds songs";
+ path = [ pkgs.ashuffle ];
+ after = [ "mpd.service" ];
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${pkgs.ashuffle}/bin/ashuffle --queue-buffer 1 -e album drama -e title instrumental -e title 'off vocal'";
+ Restart = "always";
+ DynamicUser = true;
+ };
+ wantedBy = [ "default.target" ];
+ };
+ };
+ };
+
+ containers.tor = {
+ autoStart = true;
+ config = { config, pkgs, ... }: targetConfig // {
+ services.tor = {
+ enable = true;
+ hiddenServices."vaderetro".map = [
+ { port = 80; toPort = 8083; }
+ ];
+ };
+ };
+ };
+
+ containers.vaderetro = {
+ autoStart = true;
+ config = { config, pkgs, ... }: targetConfig // {
+ users.extraUsers.vaderetro = { isNormalUser = true; };
+ environment.systemPackages = with pkgs; [
+ rustup
+ gcc
+ ];
+ systemd.services.vaderetro = {
+ description = "vaderetro server";
+ path = [ pkgs.rustup pkgs.gcc pkgs.bash ];
+ serviceConfig = {
+ Type = "simple";
+ User = "vaderetro";
+ ExecStart = ''
+${pkgs.bash}/bin/bash -c 'cd /home/vaderetro/vr; RUST_LOG=vr=info cargo run --release'
+ '';
+ Restart = "always";
+ };
+ wantedBy = [ "default.target" ];
+ };
+ };
+ };
+}
diff --git a/machines/jormungand/hardware-configuration.nix b/machines/jormungand/hardware-configuration.nix
new file mode 100644
index 0000000..d169d0b
--- /dev/null
+++ b/machines/jormungand/hardware-configuration.nix
@@ -0,0 +1,30 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/c7964da7-b631-4528-8005-98b265233160";
+ fsType = "ext4";
+ };
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/b9911970-b6a3-49e1-a6df-1372b9022962";
+ fsType = "ext4";
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/abf1930c-4e44-4d0c-baa5-138d4216c882"; }
+ ];
+
+ #powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}
diff --git a/machines/jormungand/network.nix b/machines/jormungand/network.nix
new file mode 100644
index 0000000..a5422c5
--- /dev/null
+++ b/machines/jormungand/network.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ ../../modules/dns.nix
+# ../../modules/wireguard.nix
+ ];
+
+ networking.hostName = "jormungand.codewreck.org"; # Define your hostname.
+
+ networking = {
+ useDHCP = false;
+ interfaces.eno0.ipv4.addresses = [{
+ address = "5.196.74.74";
+ prefixLength = 24;
+ }];
+ interfaces.eno0.ipv6.addresses = [{
+ address = "2001:41d0:e:84a::1";
+ prefixLength = 56;
+ }];
+ defaultGateway = "5.196.74.254";
+ defaultGateway6 = "2001:41d0:e:8ff:ff:ff:ff:ff";
+ firewall = {
+ # 8409 = rtorrent
+ allowedTCPPorts = [ 22 80 443 8409 ];
+ # 60000-60010 = mosh ; 8408 = rtorrent dht
+ allowedUDPPortRanges = [ { from = 60000; to = 60010; } ];
+ allowedUDPPorts = [ 8408 ];
+ };
+ };
+}