diff options
-rw-r--r-- | krebs/3modules/makefu/default.nix | 23 | ||||
-rw-r--r-- | makefu/1systems/drop.nix | 40 |
2 files changed, 63 insertions, 0 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index dffb6b0a1..e45d907d3 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,6 +4,28 @@ with config.krebs.lib; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { + drop = rec { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.177.9"; + ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; + aliases = [ + "drop.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl + 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI + GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW + 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C + Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT + F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pnp = { cores = 1; nets = { @@ -338,6 +360,7 @@ with config.krebs.lib; ip6.addr = "42:f9f0::10"; aliases = [ "omo.retiolum" + "tracker.makefu.r" "omo.r" ]; tinc.pubkey = '' diff --git a/makefu/1systems/drop.nix b/makefu/1systems/drop.nix new file mode 100644 index 000000000..4a94c3f61 --- /dev/null +++ b/makefu/1systems/drop.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: +let + external-ip = "45.55.145.62"; + default-gw = "45.55.128.1"; + prefixLength = 18; +in { + imports = [ + ../. + ../2configs/hw/CAC.nix + ../2configs/save-diskspace.nix + ../2configs/torrent.nix + ]; + krebs = { + enable = true; + tinc.retiolum.enable = true; + build.host = config.krebs.hosts.drop; + }; + + boot.loader.grub.device = "/dev/vda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 655 ]; + }; + interfaces.enp0s3.ip4 = [{ + address = external-ip; + inherit prefixLength; + }]; + defaultGateway = default-gw; + nameservers = [ "8.8.8.8" ]; + }; +} |