mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-12-22 10:15:51 +01:00
regret not doing this more granularly but oh well
This commit is contained in:
parent
8bb51cb919
commit
2f166efc51
7 changed files with 128 additions and 18 deletions
|
@ -343,11 +343,11 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1683478192,
|
||||
"narHash": "sha256-7f7RR71w0jRABDgBwjq3vE1yY3nrVJyXk8hDzu5kl1E=",
|
||||
"lastModified": 1683627095,
|
||||
"narHash": "sha256-8u9SejRpL2TrMuHBdhYh4FKc1OGPDLyWTpIbNTtoHsA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c568239bcc990050b7aedadb7387832440ad8fb1",
|
||||
"rev": "a08e061a4ee8329747d54ddf1566d34c55c895eb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -35,7 +35,8 @@
|
|||
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
|
||||
deployment = {
|
||||
targetHost = "katzen.cafe";
|
||||
# buildOnTarget = true;
|
||||
#targetHost = "2a01:4f8:c17:c51f::";
|
||||
buildOnTarget = true;
|
||||
};
|
||||
imports = [
|
||||
./modules/base-stuff.nix
|
||||
|
@ -48,6 +49,7 @@
|
|||
./modules/forgejo.nix
|
||||
./modules/mumble.nix
|
||||
./modules/modded-mc.nix
|
||||
#./modules/prosody.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
|
|
@ -1,17 +1,59 @@
|
|||
{ pkgs, ... }:
|
||||
{ pkgs, modulesPath, lib, ... }:
|
||||
{
|
||||
networking.hostName = "katzen-cafe";
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 22 80 443 ];
|
||||
#modules.hetzner.wan = {
|
||||
#enable = true;
|
||||
#macAddress = "96:00:02:1f:45:20"; # changeme
|
||||
#ipAddresses = [
|
||||
#"91.107.221.11/32"
|
||||
#"2a01:4f8:c17:c51f::1/64"
|
||||
#];
|
||||
#};
|
||||
#networking.useDHCP = lib.mkDefault true;
|
||||
networking = {
|
||||
nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||
hostName = "katzen-cafe";
|
||||
networkmanager.enable = true;
|
||||
firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||
|
||||
interfaces."enp1s0" = {
|
||||
ipv6.addresses = [{
|
||||
address = "2a01:4f8:c17:c51f::";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
ipv4.addresses = [{
|
||||
address = "91.107.221.11";
|
||||
prefixLength = 32;
|
||||
}];
|
||||
};
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "enp1s0";
|
||||
};
|
||||
defaultGateway = {
|
||||
address = "172.31.1.1";
|
||||
interface = "enp1s0";
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
boot.kernelParams = [ "console=tty" ];
|
||||
boot.initrd.kernelModules = [ "virtio_gpu" ];
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernelParams = [ "console=tty" ];
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
initrd = {
|
||||
availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" "sr_mod" ];
|
||||
kernelModules = [ "virtio_gpu" ];
|
||||
};
|
||||
};
|
||||
|
||||
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
|
||||
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
|
||||
|
||||
#users.users.april = {
|
||||
#isNormalUser = true;
|
||||
|
|
38
modules/hetzner/wan.nix
Normal file
38
modules/hetzner/wan.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ lib, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.hetzner.wan;
|
||||
in
|
||||
{
|
||||
options.modules.hetzner.wan = {
|
||||
enable = mkEnableOption "Enable Hetzner Cloud WAN interface configuration";
|
||||
|
||||
macAddress = mkOption {
|
||||
type = types.str;
|
||||
description = "MAC Address of the WAN interface";
|
||||
};
|
||||
|
||||
ipAddresses = mkOption {
|
||||
type = types.listOf types.str;
|
||||
description = "List of IP Addresses on the WAN interface";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.network.networks."20-wan" = {
|
||||
matchConfig = {
|
||||
MACAddress = cfg.macAddress;
|
||||
};
|
||||
address = cfg.ipAddresses;
|
||||
routes = [
|
||||
{ routeConfig.Gateway = "fe80::1"; }
|
||||
{ routeConfig = { Destination = "172.31.1.1"; }; }
|
||||
{ routeConfig = { Gateway = "172.31.1.1"; GatewayOnLink = true; }; }
|
||||
{ routeConfig = { Destination = "172.16.0.0/12"; Type = "unreachable"; }; }
|
||||
{ routeConfig = { Destination = "192.168.0.0/16"; Type = "unreachable"; }; }
|
||||
{ routeConfig = { Destination = "10.0.0.0/8"; Type = "unreachable"; }; }
|
||||
{ routeConfig = { Destination = "fc00::/7"; Type = "unreachable"; }; }
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -20,14 +20,14 @@
|
|||
|
||||
database = {
|
||||
type = "postgresql";
|
||||
createLocally = true;
|
||||
createLocally = false;
|
||||
|
||||
username = "keycloak";
|
||||
passwordFile = "/run/keys/keycloakDbPw";
|
||||
passwordFile = "/var/lib/secrets/keycloakDbPw";
|
||||
};
|
||||
};
|
||||
deployment.keys."keycloakDbPw" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
|
||||
destDir = "/run/keys/";
|
||||
destDir = "/var/lib/secrets";
|
||||
};
|
||||
}
|
||||
|
|
24
modules/prosody.nix
Normal file
24
modules/prosody.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.prosody = {
|
||||
enable = true;
|
||||
admins = [ "root@prosody.katzen.cafe" ];
|
||||
virtualHosts."prosody.katzen.cafe" = {
|
||||
domain = "prosody.katzen.cafe";
|
||||
enabled = true;
|
||||
};
|
||||
ssl = {
|
||||
key = "/var/lib/acme/prosody.katzen.cafe/key.pem";
|
||||
cert = "/var/lib/acme/prosody.katzen.cafe/fullchain.pem";
|
||||
};
|
||||
uploadHttp = {
|
||||
domain = "uploads.prosody.katzen.cafe";
|
||||
};
|
||||
muc = [ {
|
||||
domain = "conference.prosody.katzen.cafe";
|
||||
} ];
|
||||
};
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 5280 5281 ];
|
||||
};
|
||||
}
|
|
@ -37,7 +37,11 @@
|
|||
};
|
||||
"prosody.katzen.cafe" = {
|
||||
group = "prosody";
|
||||
keytrype = "rsa4096";
|
||||
keyType = "rsa4096";
|
||||
extraDomainNames = [
|
||||
"uploads.prosody.katzen.cafe"
|
||||
"conference.prosody.katzen.cafe"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue