regret not doing this more granularly but oh well

This commit is contained in:
Jade 2023-05-21 12:52:04 +02:00
parent 8bb51cb919
commit 2f166efc51
7 changed files with 128 additions and 18 deletions

View file

@ -343,11 +343,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1683478192, "lastModified": 1683627095,
"narHash": "sha256-7f7RR71w0jRABDgBwjq3vE1yY3nrVJyXk8hDzu5kl1E=", "narHash": "sha256-8u9SejRpL2TrMuHBdhYh4FKc1OGPDLyWTpIbNTtoHsA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c568239bcc990050b7aedadb7387832440ad8fb1", "rev": "a08e061a4ee8329747d54ddf1566d34c55c895eb",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -35,7 +35,8 @@
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: { katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
deployment = { deployment = {
targetHost = "katzen.cafe"; targetHost = "katzen.cafe";
# buildOnTarget = true; #targetHost = "2a01:4f8:c17:c51f::";
buildOnTarget = true;
}; };
imports = [ imports = [
./modules/base-stuff.nix ./modules/base-stuff.nix
@ -48,6 +49,7 @@
./modules/forgejo.nix ./modules/forgejo.nix
./modules/mumble.nix ./modules/mumble.nix
./modules/modded-mc.nix ./modules/modded-mc.nix
#./modules/prosody.nix
]; ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";

View file

@ -1,17 +1,59 @@
{ pkgs, ... }: { pkgs, modulesPath, lib, ... }:
{ {
networking.hostName = "katzen-cafe"; imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
networking.networkmanager.enable = true; #modules.hetzner.wan = {
networking.firewall = { #enable = true;
allowedTCPPorts = [ 22 80 443 ]; #macAddress = "96:00:02:1f:45:20"; # changeme
#ipAddresses = [
#"91.107.221.11/32"
#"2a01:4f8:c17:c51f::1/64"
#];
#};
#networking.useDHCP = lib.mkDefault true;
networking = {
nameservers = [ "9.9.9.9" "149.112.112.112" ];
hostName = "katzen-cafe";
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 22 80 443 ];
interfaces."enp1s0" = {
ipv6.addresses = [{
address = "2a01:4f8:c17:c51f::";
prefixLength = 64;
}];
ipv4.addresses = [{
address = "91.107.221.11";
prefixLength = 32;
}];
};
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
defaultGateway = {
address = "172.31.1.1";
interface = "enp1s0";
};
}; };
boot.loader.systemd-boot.enable = true; boot = {
boot.loader.efi.canTouchEfiVariables = true; kernelPackages = pkgs.linuxPackages_latest;
boot.kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "console=tty" ];
boot.kernelParams = [ "console=tty" ]; loader = {
boot.initrd.kernelModules = [ "virtio_gpu" ]; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" "sr_mod" ];
kernelModules = [ "virtio_gpu" ];
};
};
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
#users.users.april = { #users.users.april = {
#isNormalUser = true; #isNormalUser = true;

38
modules/hetzner/wan.nix Normal file
View file

@ -0,0 +1,38 @@
{ lib, config, ... }:
with lib;
let
cfg = config.modules.hetzner.wan;
in
{
options.modules.hetzner.wan = {
enable = mkEnableOption "Enable Hetzner Cloud WAN interface configuration";
macAddress = mkOption {
type = types.str;
description = "MAC Address of the WAN interface";
};
ipAddresses = mkOption {
type = types.listOf types.str;
description = "List of IP Addresses on the WAN interface";
};
};
config = mkIf cfg.enable {
systemd.network.networks."20-wan" = {
matchConfig = {
MACAddress = cfg.macAddress;
};
address = cfg.ipAddresses;
routes = [
{ routeConfig.Gateway = "fe80::1"; }
{ routeConfig = { Destination = "172.31.1.1"; }; }
{ routeConfig = { Gateway = "172.31.1.1"; GatewayOnLink = true; }; }
{ routeConfig = { Destination = "172.16.0.0/12"; Type = "unreachable"; }; }
{ routeConfig = { Destination = "192.168.0.0/16"; Type = "unreachable"; }; }
{ routeConfig = { Destination = "10.0.0.0/8"; Type = "unreachable"; }; }
{ routeConfig = { Destination = "fc00::/7"; Type = "unreachable"; }; }
];
};
};
}

View file

@ -20,14 +20,14 @@
database = { database = {
type = "postgresql"; type = "postgresql";
createLocally = true; createLocally = false;
username = "keycloak"; username = "keycloak";
passwordFile = "/run/keys/keycloakDbPw"; passwordFile = "/var/lib/secrets/keycloakDbPw";
}; };
}; };
deployment.keys."keycloakDbPw" = { deployment.keys."keycloakDbPw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ]; keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
destDir = "/run/keys/"; destDir = "/var/lib/secrets";
}; };
} }

24
modules/prosody.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
services.prosody = {
enable = true;
admins = [ "root@prosody.katzen.cafe" ];
virtualHosts."prosody.katzen.cafe" = {
domain = "prosody.katzen.cafe";
enabled = true;
};
ssl = {
key = "/var/lib/acme/prosody.katzen.cafe/key.pem";
cert = "/var/lib/acme/prosody.katzen.cafe/fullchain.pem";
};
uploadHttp = {
domain = "uploads.prosody.katzen.cafe";
};
muc = [ {
domain = "conference.prosody.katzen.cafe";
} ];
};
networking.firewall = {
allowedTCPPorts = [ 5280 5281 ];
};
}

View file

@ -37,7 +37,11 @@
}; };
"prosody.katzen.cafe" = { "prosody.katzen.cafe" = {
group = "prosody"; group = "prosody";
keytrype = "rsa4096"; keyType = "rsa4096";
extraDomainNames = [
"uploads.prosody.katzen.cafe"
"conference.prosody.katzen.cafe"
];
}; };
}; };
}; };