-
Notifications
You must be signed in to change notification settings - Fork 5
/
network.nix
116 lines (95 loc) · 3.61 KB
/
network.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
let
mkMachine = attrs: {
imports = [ ./common-machines.nix ]
++ attrs.imports or [];
} // removeAttrs attrs [ "imports" ];
in {
network.description = "Headcounter Services";
network.enableRollback = true;
resources.sshKeyPairs."hydra-build" = {};
ultron = { pkgs, lib, config, ... }: mkMachine {
imports = [ ./machines/ultron ];
headcounter.mainIPv4 = "5.9.105.142";
headcounter.mainIPv6 = "2a01:4f8:162:4187::";
deployment.encryptedLinksTo = [ "dugee" "gussh" ];
deployment.hetzner.partitions = ''
clearpart --all --initlabel --drives=sda,sdb
part swap1 --recommended --label=swap1 --fstype=swap --ondisk=sda
part swap2 --recommended --label=swap2 --fstype=swap --ondisk=sdb
part btrfs.1 --grow --ondisk=sda
part btrfs.2 --grow --ondisk=sdb
btrfs / --data=1 --metadata=1 --label=root btrfs.1 btrfs.2
'';
services.openssh.extraConfig = lib.mkAfter ''
ListenAddress ${config.deployment.hetzner.mainIPv4}
ListenAddress [2a01:4f8:162:4187::]
'';
};
taalo = { pkgs, lib, nodes, config, ... }: let
inherit (config.networking.p2pTunnels.ssh) ultron;
in mkMachine {
imports = [ ./hydra.nix ];
headcounter.mainIPv4 = "188.40.96.202";
headcounter.mainIPv6 = "2a01:4f8:221:17c6::";
fileSystems."/".options = [
"autodefrag" "space_cache" "compress=lzo" "noatime"
];
boot.kernelPackages = pkgs.linuxPackages_latest;
deployment.hetzner.partitions = ''
clearpart --all --initlabel --drives=sda,sdb
part swap1 --size=10000 --label=swap1 --fstype=swap --ondisk=sda
part swap2 --size=10000 --label=swap2 --fstype=swap --ondisk=sdb
part btrfs.1 --grow --ondisk=sda
part btrfs.2 --grow --ondisk=sdb
btrfs / --data=1 --metadata=1 --label=root btrfs.1 btrfs.2
'';
deployment.encryptedLinksTo = [ "ultron" ];
services.hydra-dev = {
listenHost = lib.mkForce ultron.localIPv4;
dbi = "dbi:Pg:dbname=hydra;user=hydra;host=${ultron.remoteIPv4}";
};
headcounter.conditions.hydra-init.custom.command = ''
${pkgs.postgresql}/bin/psql -h ${ultron.remoteIPv4} hydra hydra -c ""
'';
};
benteflork = mkMachine {
imports = [ ./hydra-slave.nix ];
headcounter.mainIPv4 = "144.76.202.147";
headcounter.mainIPv6 = "2a01:4f8:200:8392::";
};
dugee = { nodes, config, lib, ... }: mkMachine {
imports = [ ./dns-server.nix ];
headcounter.services.acme.dnsHandler = let
myself = config.networking.hostName;
tunnel = nodes.ultron.config.networking.p2pTunnels.ssh.${myself};
in {
enable = true;
fqdn = "ns1.headcounter.org";
listen = lib.singleton {
host = tunnel.remoteIPv4;
device = "tun${toString tunnel.remoteTunnel}";
};
};
headcounter.mainIPv4 = "78.46.182.124";
headcounter.mainIPv6 = "2a01:4f8:d13:3009::2";
networking.localCommands = lib.mkAfter ''
ip -6 addr add 2a01:4f8:d13:3009::2 dev ${config.headcounter.mainDevice}
'';
};
gussh = { config, lib, ... }: mkMachine {
imports = [ ./dns-server.nix ];
headcounter.mainIPv4 = "78.47.142.38";
headcounter.mainIPv6 = "2a01:4f8:d13:5308::2";
networking.localCommands = lib.mkAfter ''
ip -6 addr add 2a01:4f8:d13:5308::2 dev ${config.headcounter.mainDevice}
'';
};
unzervalt = { nodes, lib, ... }: mkMachine {
deployment.targetEnv = "container";
deployment.container.host = nodes.ultron.config;
imports = [ ./common.nix ]
++ lib.optional (lib.pathExists ./private/default.nix) ./private;
headcounter.services.webspace.enable = true;
users.mutableUsers = false;
};
}