diff options
author | Dominique Martinet @ jormungand <asmadeus@codewreck.org> | 2020-05-08 10:54:36 +0200 |
---|---|---|
committer | Dominique Martinet @ jormungand <asmadeus@codewreck.org> | 2020-05-08 10:54:36 +0200 |
commit | 7056660a12e3d0bf24e032d4a51245e1bd606d51 (patch) | |
tree | d40a9e0a74f650a485cb640e807066354aa2832c /machines/jormungand | |
parent | e0bd9d4e088750cbfed608cba761abdbfaab5772 (diff) |
refactoring: add common modules, move machine-specific stuff to machines/$HOSTNAME...
Diffstat (limited to 'machines/jormungand')
-rw-r--r-- | machines/jormungand/configuration.nix | 29 | ||||
-rw-r--r-- | machines/jormungand/containers.nix | 127 | ||||
-rw-r--r-- | machines/jormungand/hardware-configuration.nix | 30 | ||||
-rw-r--r-- | machines/jormungand/network.nix | 31 |
4 files changed, 217 insertions, 0 deletions
diff --git a/machines/jormungand/configuration.nix b/machines/jormungand/configuration.nix new file mode 100644 index 0000000..a1ad4ae --- /dev/null +++ b/machines/jormungand/configuration.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ./network.nix + ./containers.nix + ../../modules/common.nix + ../../modules/users.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + boot.tmpOnTmpfs = false; + + # number of parallel tasks + nix.buildCores = 4; + nix.maxJobs = 4; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.03"; # Did you read the comment? +} diff --git a/machines/jormungand/containers.nix b/machines/jormungand/containers.nix new file mode 100644 index 0000000..48ae465 --- /dev/null +++ b/machines/jormungand/containers.nix @@ -0,0 +1,127 @@ +{ config, lib, pkgs, ... }: + +let targetConfig = { + # minimal.nix a bit more explicit to speed things up + documentation.doc.enable = false; + documentation.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; + documentation.nixos.enable = false; + environment.noXlibs = true; + i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ]; + + # prevent nixpkgs to get evaluated multiple times + # workaround for https://github.com/NixOS/nixpkgs/issues/65690 + # also allows to use overlay packages within containers! + nixpkgs.pkgs = lib.mkForce pkgs; +}; in +{ + + containers.nginx = { + autoStart = true; + config = { config, pkgs, ... }: targetConfig // { + security.acme.acceptTerms = true; + security.acme.email = "nrfhrvn.ztnnzq-nfp@noclue.notk.org"; + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts."jormungand.codewreck.org" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + }; + extraConfig = '' + auth_basic "mpd"; + auth_basic_user_file /etc/nginx/mpd.htpasswd; + ''; + }; + }; + environment.etc."nginx/mpd.htpasswd".text = '' + mpd:$6$jFVDaikg7ApzyPSe$ALjy6GmXV6XnKBuAbzRywqnUD/1ZNl50hLUOFIZ2dZuHVCLIzKr6WTl8x4KnCjOzDgIoS0udv7XPbDB6uyKXg/ + ''; + }; + }; + + containers.mpd = { + autoStart = true; + bindMounts = { + "/var/lib/mpd/music" = { hostPath = "/home/asmadeus/zik"; }; + }; + config = { config, pkgs, ... }: targetConfig // { + services.mpd = { + enable = true; + extraConfig = '' + replaygain "auto" + volume_normalization "yes" + max_output_buffer_size "32768" + filesystem_charset "UTF-8" + id3v1_encoding "UTF-8" + audio_output { + type "httpd" + name "mpd" + encoder "vorbis" # optional, vorbis or lame + port "8080" + bind_to_address "127.0.0.1" # optional, IPv4 or IPv6 + quality "5.0" # do not define if bitrate is defined + #bitrate "128" # do not define if quality is defined + format "44100:16:2" + max_clients "0" # optional 0=no limit + } + ''; + }; + environment.systemPackages = with pkgs; [ ashuffle ]; + systemd.services.ashuffle = { + description = "Automagically adds songs"; + path = [ pkgs.ashuffle ]; + after = [ "mpd.service" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.ashuffle}/bin/ashuffle --queue-buffer 1 -e album drama -e title instrumental -e title 'off vocal'"; + Restart = "always"; + DynamicUser = true; + }; + wantedBy = [ "default.target" ]; + }; + }; + }; + + containers.tor = { + autoStart = true; + config = { config, pkgs, ... }: targetConfig // { + services.tor = { + enable = true; + hiddenServices."vaderetro".map = [ + { port = 80; toPort = 8083; } + ]; + }; + }; + }; + + containers.vaderetro = { + autoStart = true; + config = { config, pkgs, ... }: targetConfig // { + users.extraUsers.vaderetro = { isNormalUser = true; }; + environment.systemPackages = with pkgs; [ + rustup + gcc + ]; + systemd.services.vaderetro = { + description = "vaderetro server"; + path = [ pkgs.rustup pkgs.gcc pkgs.bash ]; + serviceConfig = { + Type = "simple"; + User = "vaderetro"; + ExecStart = '' +${pkgs.bash}/bin/bash -c 'cd /home/vaderetro/vr; RUST_LOG=vr=info cargo run --release' + ''; + Restart = "always"; + }; + wantedBy = [ "default.target" ]; + }; + }; + }; +} diff --git a/machines/jormungand/hardware-configuration.nix b/machines/jormungand/hardware-configuration.nix new file mode 100644 index 0000000..d169d0b --- /dev/null +++ b/machines/jormungand/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c7964da7-b631-4528-8005-98b265233160"; + fsType = "ext4"; + }; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/b9911970-b6a3-49e1-a6df-1372b9022962"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/abf1930c-4e44-4d0c-baa5-138d4216c882"; } + ]; + + #powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; +} diff --git a/machines/jormungand/network.nix b/machines/jormungand/network.nix new file mode 100644 index 0000000..a5422c5 --- /dev/null +++ b/machines/jormungand/network.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ../../modules/dns.nix +# ../../modules/wireguard.nix + ]; + + networking.hostName = "jormungand.codewreck.org"; # Define your hostname. + + networking = { + useDHCP = false; + interfaces.eno0.ipv4.addresses = [{ + address = "5.196.74.74"; + prefixLength = 24; + }]; + interfaces.eno0.ipv6.addresses = [{ + address = "2001:41d0:e:84a::1"; + prefixLength = 56; + }]; + defaultGateway = "5.196.74.254"; + defaultGateway6 = "2001:41d0:e:8ff:ff:ff:ff:ff"; + firewall = { + # 8409 = rtorrent + allowedTCPPorts = [ 22 80 443 8409 ]; + # 60000-60010 = mosh ; 8408 = rtorrent dht + allowedUDPPortRanges = [ { from = 60000; to = 60010; } ]; + allowedUDPPorts = [ 8408 ]; + }; + }; +} |