regret not doing this more granularly but oh well

This commit is contained in:
Jade 2023-05-21 12:52:04 +02:00
parent 8bb51cb919
commit 2f166efc51
7 changed files with 128 additions and 18 deletions

View file

@ -343,11 +343,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1683478192,
"narHash": "sha256-7f7RR71w0jRABDgBwjq3vE1yY3nrVJyXk8hDzu5kl1E=",
"lastModified": 1683627095,
"narHash": "sha256-8u9SejRpL2TrMuHBdhYh4FKc1OGPDLyWTpIbNTtoHsA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c568239bcc990050b7aedadb7387832440ad8fb1",
"rev": "a08e061a4ee8329747d54ddf1566d34c55c895eb",
"type": "github"
},
"original": {

View file

@ -35,7 +35,8 @@
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
deployment = {
targetHost = "katzen.cafe";
# buildOnTarget = true;
#targetHost = "2a01:4f8:c17:c51f::";
buildOnTarget = true;
};
imports = [
./modules/base-stuff.nix
@ -48,6 +49,7 @@
./modules/forgejo.nix
./modules/mumble.nix
./modules/modded-mc.nix
#./modules/prosody.nix
];
system.stateVersion = "22.11";

View file

@ -1,17 +1,59 @@
{ pkgs, ... }:
{ pkgs, modulesPath, lib, ... }:
{
networking.hostName = "katzen-cafe";
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
networking.networkmanager.enable = true;
networking.firewall = {
allowedTCPPorts = [ 22 80 443 ];
#modules.hetzner.wan = {
#enable = true;
#macAddress = "96:00:02:1f:45:20"; # changeme
#ipAddresses = [
#"91.107.221.11/32"
#"2a01:4f8:c17:c51f::1/64"
#];
#};
#networking.useDHCP = lib.mkDefault true;
networking = {
nameservers = [ "9.9.9.9" "149.112.112.112" ];
hostName = "katzen-cafe";
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 22 80 443 ];
interfaces."enp1s0" = {
ipv6.addresses = [{
address = "2a01:4f8:c17:c51f::";
prefixLength = 64;
}];
ipv4.addresses = [{
address = "91.107.221.11";
prefixLength = 32;
}];
};
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
defaultGateway = {
address = "172.31.1.1";
interface = "enp1s0";
};
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = [ "console=tty" ];
boot.initrd.kernelModules = [ "virtio_gpu" ];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [ "console=tty" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" "sr_mod" ];
kernelModules = [ "virtio_gpu" ];
};
};
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
#users.users.april = {
#isNormalUser = true;

38
modules/hetzner/wan.nix Normal file
View file

@ -0,0 +1,38 @@
{ lib, config, ... }:
with lib;
let
cfg = config.modules.hetzner.wan;
in
{
options.modules.hetzner.wan = {
enable = mkEnableOption "Enable Hetzner Cloud WAN interface configuration";
macAddress = mkOption {
type = types.str;
description = "MAC Address of the WAN interface";
};
ipAddresses = mkOption {
type = types.listOf types.str;
description = "List of IP Addresses on the WAN interface";
};
};
config = mkIf cfg.enable {
systemd.network.networks."20-wan" = {
matchConfig = {
MACAddress = cfg.macAddress;
};
address = cfg.ipAddresses;
routes = [
{ routeConfig.Gateway = "fe80::1"; }
{ routeConfig = { Destination = "172.31.1.1"; }; }
{ routeConfig = { Gateway = "172.31.1.1"; GatewayOnLink = true; }; }
{ routeConfig = { Destination = "172.16.0.0/12"; Type = "unreachable"; }; }
{ routeConfig = { Destination = "192.168.0.0/16"; Type = "unreachable"; }; }
{ routeConfig = { Destination = "10.0.0.0/8"; Type = "unreachable"; }; }
{ routeConfig = { Destination = "fc00::/7"; Type = "unreachable"; }; }
];
};
};
}

View file

@ -20,14 +20,14 @@
database = {
type = "postgresql";
createLocally = true;
createLocally = false;
username = "keycloak";
passwordFile = "/run/keys/keycloakDbPw";
passwordFile = "/var/lib/secrets/keycloakDbPw";
};
};
deployment.keys."keycloakDbPw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
destDir = "/run/keys/";
destDir = "/var/lib/secrets";
};
}

24
modules/prosody.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
services.prosody = {
enable = true;
admins = [ "root@prosody.katzen.cafe" ];
virtualHosts."prosody.katzen.cafe" = {
domain = "prosody.katzen.cafe";
enabled = true;
};
ssl = {
key = "/var/lib/acme/prosody.katzen.cafe/key.pem";
cert = "/var/lib/acme/prosody.katzen.cafe/fullchain.pem";
};
uploadHttp = {
domain = "uploads.prosody.katzen.cafe";
};
muc = [ {
domain = "conference.prosody.katzen.cafe";
} ];
};
networking.firewall = {
allowedTCPPorts = [ 5280 5281 ];
};
}

View file

@ -37,7 +37,11 @@
};
"prosody.katzen.cafe" = {
group = "prosody";
keytrype = "rsa4096";
keyType = "rsa4096";
extraDomainNames = [
"uploads.prosody.katzen.cafe"
"conference.prosody.katzen.cafe"
];
};
};
};