summaryrefslogtreecommitdiffstats
path: root/lass/1systems/neoprism
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems/neoprism')
-rw-r--r--lass/1systems/neoprism/config.nix21
-rw-r--r--lass/1systems/neoprism/disk.nix72
-rw-r--r--lass/1systems/neoprism/physical.nix74
3 files changed, 111 insertions, 56 deletions
diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix
index 7b402f8a..79402959 100644
--- a/lass/1systems/neoprism/config.nix
+++ b/lass/1systems/neoprism/config.nix
@@ -4,6 +4,9 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/mail/internet-gateway.nix>
+ <stockholm/lass/2configs/binary-cache/server.nix>
+ <stockholm/lass/2configs/matrix.nix>
<stockholm/lass/2configs/gsm-wiki.nix>
# sync-containers
@@ -26,7 +29,23 @@
krebs.build.host = config.krebs.hosts.neoprism;
networking.firewall.allowedTCPPorts = [ 80 443 ];
- services.nginx.enable = true;
security.acme.acceptTerms = true;
security.acme.defaults.email = "acme@lassul.us";
+ services.nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedTlsSettings = true;
+
+ enableReload = true;
+
+ virtualHosts.default = {
+ default = true;
+ locations."= /etc/os-release".extraConfig = ''
+ default_type text/plain;
+ alias /etc/os-release;
+ '';
+ locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
+ };
+ };
}
diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix
index cf9a8cef..c5bd44c9 100644
--- a/lass/1systems/neoprism/disk.nix
+++ b/lass/1systems/neoprism/disk.nix
@@ -4,40 +4,27 @@
type = "disk";
device = disk;
content = {
- type = "table";
- format = "gpt";
- partitions = [
- {
- name = "boot";
- type = "partition";
- start = "0";
- end = "1M";
- part-type = "primary";
- flags = ["bios_grub"];
- }
- {
- type = "partition";
- name = "ESP";
- start = "1M";
- end = "1GiB";
- fs-type = "fat32";
- bootable = true;
+ type = "gpt";
+ partitions = {
+ boot = {
+ size = "1M";
+ type = "EF02";
+ };
+ ESP = {
+ size = "1G";
content = {
type = "mdraid";
name = "boot";
};
- }
- {
- type = "partition";
- name = "zfs";
- start = "1GiB";
- end = "100%";
+ };
+ zfs = {
+ size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
- }
- ];
+ };
+ };
};
})) // {
hdd1 = {
@@ -69,7 +56,7 @@
rootFsOptions = {
};
datasets.reserved = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
options.refreservation = "1G";
};
};
@@ -77,38 +64,53 @@
type = "zpool";
datasets = {
reserved = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
options.refreservation = "1G";
};
containers = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
mountpoint = "/var/lib/containers";
+ options = {
+ canmount = "noauto";
+ };
};
home = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
mountpoint = "/home";
+ options = {
+ canmount = "noauto";
+ };
};
srv = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
mountpoint = "/srv";
+ options = {
+ canmount = "noauto";
+ };
};
libvirt = {
- zfs_type = "filesystem";
+ type = "zfs_fs";
mountpoint = "/var/lib/libvirt";
+ options = {
+ canmount = "noauto";
+ };
};
# encrypted = {
- # zfs_type = "filesystem";
+ # type = "zfs_fs";
# options = {
+ # canmount = "noauto";
# mountpoint = "none";
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "prompt";
# };
# };
-
# "encrypted/download" = {
- # zfs_type = "filesystem";
+ # type = "zfs_fs";
# mountpoint = "/var/download";
+ # options = {
+ # canmount = "noauto";
+ # };
# };
};
};
diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix
index 4ffb749f..f2092d9a 100644
--- a/lass/1systems/neoprism/physical.nix
+++ b/lass/1systems/neoprism/physical.nix
@@ -8,6 +8,8 @@
];
disko.devices = import ./disk.nix;
+ networking.hostId = "9c0a74ac";
+
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
@@ -17,26 +19,58 @@
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# networking config
- boot.kernelParams = [ "net.ifnames=0" ];
- networking.bridges."ext-br".interfaces = [ "eth0" ];
- networking = {
- hostId = "2283aaae";
- defaultGateway = "95.217.192.1";
- defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
- # Use google's public DNS server
- nameservers = [ "8.8.8.8" ];
- interfaces.ext-br.ipv4.addresses = [
- {
- address = "95.217.192.59";
- prefixLength = 26;
- }
- ];
- interfaces.ext-br.ipv6.addresses = [
- {
- address = "2a01:4f9:4a:4f1a::1";
- prefixLength = 64;
- }
- ];
+ networking.useNetworkd = true;
+ systemd.network = {
+ enable = true;
+ config = {
+ networkConfig.SpeedMeter = true;
+ };
+ # netdevs.ext-br.netdevConfig = {
+ # Kind = "bridge";
+ # Name = "ext-br";
+ # MACAddress = "a8:a1:59:0f:2d:69";
+ # };
+ # networks.ext-br = {
+ # name = "ext-br";
+ # address = [
+ # "95.217.192.59/26"
+ # "2a01:4f9:4a:4f1a::1/64"
+ # ];
+ # gateway = [
+ # "95.217.192.1"
+ # "fe80::1"
+ # ];
+ # };
+ networks.eth0 = {
+ #bridge = [ "ext-br" ];
+ matchConfig.Name = "eth0";
+ address = [
+ "95.217.192.59/26"
+ "2a01:4f9:4a:4f1a::1/64"
+ ];
+ gateway = [
+ "95.217.192.1"
+ "fe80::1"
+ ];
+ };
};
+ networking.useDHCP = false;
+ boot.initrd.network = {
+ enable = true;
+ ssh = {
+ enable = true;
+ authorizedKeys = [ config.krebs.users.lass.pubkey ];
+ port = 2222;
+ hostKeys = [
+ (toString <secrets/ssh.id_ed25519>)
+ (toString <secrets/ssh.id_rsa>)
+ ];
+ };
+ };
+ boot.kernelParams = [
+ "net.ifnames=0"
+ "ip=dhcp"
+ "boot.trace"
+ ];
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 01:23:29 +0000