mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-11-05 15:36:23 +01:00
regret not doing this more granularly but oh well
This commit is contained in:
parent
8bb51cb919
commit
2f166efc51
|
@ -343,11 +343,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1683478192,
|
"lastModified": 1683627095,
|
||||||
"narHash": "sha256-7f7RR71w0jRABDgBwjq3vE1yY3nrVJyXk8hDzu5kl1E=",
|
"narHash": "sha256-8u9SejRpL2TrMuHBdhYh4FKc1OGPDLyWTpIbNTtoHsA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "c568239bcc990050b7aedadb7387832440ad8fb1",
|
"rev": "a08e061a4ee8329747d54ddf1566d34c55c895eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -35,7 +35,8 @@
|
||||||
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
|
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "katzen.cafe";
|
targetHost = "katzen.cafe";
|
||||||
# buildOnTarget = true;
|
#targetHost = "2a01:4f8:c17:c51f::";
|
||||||
|
buildOnTarget = true;
|
||||||
};
|
};
|
||||||
imports = [
|
imports = [
|
||||||
./modules/base-stuff.nix
|
./modules/base-stuff.nix
|
||||||
|
@ -48,6 +49,7 @@
|
||||||
./modules/forgejo.nix
|
./modules/forgejo.nix
|
||||||
./modules/mumble.nix
|
./modules/mumble.nix
|
||||||
./modules/modded-mc.nix
|
./modules/modded-mc.nix
|
||||||
|
#./modules/prosody.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
|
@ -1,17 +1,59 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, modulesPath, lib, ... }:
|
||||||
{
|
{
|
||||||
networking.hostName = "katzen-cafe";
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
#modules.hetzner.wan = {
|
||||||
networking.firewall = {
|
#enable = true;
|
||||||
allowedTCPPorts = [ 22 80 443 ];
|
#macAddress = "96:00:02:1f:45:20"; # changeme
|
||||||
|
#ipAddresses = [
|
||||||
|
#"91.107.221.11/32"
|
||||||
|
#"2a01:4f8:c17:c51f::1/64"
|
||||||
|
#];
|
||||||
|
#};
|
||||||
|
#networking.useDHCP = lib.mkDefault true;
|
||||||
|
networking = {
|
||||||
|
nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||||
|
hostName = "katzen-cafe";
|
||||||
|
networkmanager.enable = true;
|
||||||
|
firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||||
|
|
||||||
|
interfaces."enp1s0" = {
|
||||||
|
ipv6.addresses = [{
|
||||||
|
address = "2a01:4f8:c17:c51f::";
|
||||||
|
prefixLength = 64;
|
||||||
|
}];
|
||||||
|
ipv4.addresses = [{
|
||||||
|
address = "91.107.221.11";
|
||||||
|
prefixLength = 32;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
defaultGateway6 = {
|
||||||
|
address = "fe80::1";
|
||||||
|
interface = "enp1s0";
|
||||||
|
};
|
||||||
|
defaultGateway = {
|
||||||
|
address = "172.31.1.1";
|
||||||
|
interface = "enp1s0";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot = {
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
kernelParams = [ "console=tty" ];
|
||||||
boot.kernelParams = [ "console=tty" ];
|
loader = {
|
||||||
boot.initrd.kernelModules = [ "virtio_gpu" ];
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" "sr_mod" ];
|
||||||
|
kernelModules = [ "virtio_gpu" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
|
||||||
|
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
|
||||||
|
|
||||||
#users.users.april = {
|
#users.users.april = {
|
||||||
#isNormalUser = true;
|
#isNormalUser = true;
|
||||||
|
|
38
modules/hetzner/wan.nix
Normal file
38
modules/hetzner/wan.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
{ lib, config, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.modules.hetzner.wan;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.modules.hetzner.wan = {
|
||||||
|
enable = mkEnableOption "Enable Hetzner Cloud WAN interface configuration";
|
||||||
|
|
||||||
|
macAddress = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "MAC Address of the WAN interface";
|
||||||
|
};
|
||||||
|
|
||||||
|
ipAddresses = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
description = "List of IP Addresses on the WAN interface";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.network.networks."20-wan" = {
|
||||||
|
matchConfig = {
|
||||||
|
MACAddress = cfg.macAddress;
|
||||||
|
};
|
||||||
|
address = cfg.ipAddresses;
|
||||||
|
routes = [
|
||||||
|
{ routeConfig.Gateway = "fe80::1"; }
|
||||||
|
{ routeConfig = { Destination = "172.31.1.1"; }; }
|
||||||
|
{ routeConfig = { Gateway = "172.31.1.1"; GatewayOnLink = true; }; }
|
||||||
|
{ routeConfig = { Destination = "172.16.0.0/12"; Type = "unreachable"; }; }
|
||||||
|
{ routeConfig = { Destination = "192.168.0.0/16"; Type = "unreachable"; }; }
|
||||||
|
{ routeConfig = { Destination = "10.0.0.0/8"; Type = "unreachable"; }; }
|
||||||
|
{ routeConfig = { Destination = "fc00::/7"; Type = "unreachable"; }; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -20,14 +20,14 @@
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
type = "postgresql";
|
type = "postgresql";
|
||||||
createLocally = true;
|
createLocally = false;
|
||||||
|
|
||||||
username = "keycloak";
|
username = "keycloak";
|
||||||
passwordFile = "/run/keys/keycloakDbPw";
|
passwordFile = "/var/lib/secrets/keycloakDbPw";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
deployment.keys."keycloakDbPw" = {
|
deployment.keys."keycloakDbPw" = {
|
||||||
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
|
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
|
||||||
destDir = "/run/keys/";
|
destDir = "/var/lib/secrets";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
24
modules/prosody.nix
Normal file
24
modules/prosody.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.prosody = {
|
||||||
|
enable = true;
|
||||||
|
admins = [ "root@prosody.katzen.cafe" ];
|
||||||
|
virtualHosts."prosody.katzen.cafe" = {
|
||||||
|
domain = "prosody.katzen.cafe";
|
||||||
|
enabled = true;
|
||||||
|
};
|
||||||
|
ssl = {
|
||||||
|
key = "/var/lib/acme/prosody.katzen.cafe/key.pem";
|
||||||
|
cert = "/var/lib/acme/prosody.katzen.cafe/fullchain.pem";
|
||||||
|
};
|
||||||
|
uploadHttp = {
|
||||||
|
domain = "uploads.prosody.katzen.cafe";
|
||||||
|
};
|
||||||
|
muc = [ {
|
||||||
|
domain = "conference.prosody.katzen.cafe";
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [ 5280 5281 ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -37,7 +37,11 @@
|
||||||
};
|
};
|
||||||
"prosody.katzen.cafe" = {
|
"prosody.katzen.cafe" = {
|
||||||
group = "prosody";
|
group = "prosody";
|
||||||
keytrype = "rsa4096";
|
keyType = "rsa4096";
|
||||||
|
extraDomainNames = [
|
||||||
|
"uploads.prosody.katzen.cafe"
|
||||||
|
"conference.prosody.katzen.cafe"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue