min
/
infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prepare for refactors

This commit is contained in:
minish 2024-10-17 18:32:14 -04:00
parent c54c259653
commit 5579b49e8e
Signed by: min
SSH Key Fingerprint: SHA256:NFjjdbkd6u7aoMlcrDCVvz6o2UBtlAuPm8IQ2vhZ3Fg
11 changed files with 38 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/hosts/default.nix
View File

@ -20,8 +20,9 @@
inherit inputs; inherit inputs;
}; };
} }
]
++ (import ../modules); ../modules
];
}) })
systems; systems;

2
nixos/hosts/eidola/nebula.nix
View File

@ -2,7 +2,7 @@
netName = "m-infra"; netName = "m-infra";
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix#L12 # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix#L12
userGroup = "nebula-${netName}"; userGroup = "nebula-${netName}";
lhs = {"10.13.0.1" = ["min.rip:4242"];}; lhs = {"10.13.0.1" = ["min.rip:4242"];}; # TODO: hardcoding
lhsInt = builtins.attrNames lhs; lhsInt = builtins.attrNames lhs;
in { in {
sops.secrets."nebula-key" = { sops.secrets."nebula-key" = {

14
nixos/hosts/silver/configuration.nix
View File

@ -3,7 +3,7 @@
pkgs, pkgs,
... ...
}: let }: let
net = { net = { # TODO: hardcoding (this module *may* be a good place to store values like this, though)
address = "107.152.41.67"; address = "107.152.41.67";
prefixLength = 24; prefixLength = 24;
subnet = "255.255.255.0"; subnet = "255.255.255.0";
@ -95,12 +95,18 @@ in {
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"]; hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
}; };
# Periodic nix gc # Periodically optimise & collect garbage
nix.gc = { nix = {
gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "daily";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
optimise = {
automatic = true;
dates = ["daily"];
};
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

2
nixos/hosts/silver/default.nix
View File

@ -6,7 +6,7 @@
}; };
deployment = { deployment = {
host = "min.rip"; host = "10.13.0.1";
user = "root"; user = "root";
port = 12208; port = 12208;

2
nixos/hosts/silver/disk-config.nix
View File

@ -3,7 +3,7 @@
disk = { disk = {
main = { main = {
type = "disk"; type = "disk";
device = "/dev/vda"; device = "/dev/vda"; # TODO: hardcoding (not sure if fixable)
content = { content = {
type = "gpt"; type = "gpt";

2
nixos/hosts/silver/secrets.nix
View File

@ -1,5 +1,5 @@
{...}: { {...}: {
sops = { sops = { # TODO: hardcoding
defaultSopsFile = ../../../secrets/silver.yaml; defaultSopsFile = ../../../secrets/silver.yaml;
age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];

17
nixos/hosts/silver/services/gitea.nix
View File

@ -1,8 +1,11 @@
{config, ...}: let {config, ...}: let
sshExposeIp = "0.0.0.0"; # TODO: change this to the public-facing IP for prod sshExposeIp = "0.0.0.0"; # TODO: change this to the public-facing IP for prod (and ideally hardcode it somewhere else)
sshIntPort = 14022; sshIntPort = 14022;
httpIntPort = 14020; httpIntPort = 14020;
dom = "git.min.rip"; dom = "git.min.rip"; # TODO: hardcoding
pBase = "/srv/gitea";
pGitea = "${pBase}/gitea";
pRunner = "${pBase}/runner";
in { in {
services.nginx = { services.nginx = {
virtualHosts.${dom} = { virtualHosts.${dom} = {
@ -28,9 +31,9 @@ in {
# Auto-create directories we need # Auto-create directories we need
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /srv/gitea 0750 1000 1000 - -" "d ${pBase} 0750 1000 1000 - -"
"d /srv/gitea/gitea 0750 1000 1000 - -" "d ${pGitea} 0750 1000 1000 - -"
"d /srv/gitea/runner 0750 1000 1000 - -" "d ${pRunner} 0750 1000 1000 - -"
]; ];
virtualisation.oci-containers.containers.gitea = { virtualisation.oci-containers.containers.gitea = {
@ -43,7 +46,7 @@ in {
GITEA_APP_INI = "/data/gitea/conf/app.ini"; GITEA_APP_INI = "/data/gitea/conf/app.ini";
}; };
volumes = [ volumes = [
"/srv/gitea/gitea:/data" "${pGitea}:/data"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
ports = [ ports = [
@ -62,7 +65,7 @@ in {
}; };
environmentFiles = [config.sops.secrets."svc-gitea-runner-env".path]; environmentFiles = [config.sops.secrets."svc-gitea-runner-env".path];
volumes = [ volumes = [
"/srv/gitea/runner:/data" "${pRunner}:/data"
]; ];
extraOptions = ["--privileged"]; extraOptions = ["--privileged"];
}; };

2
nixos/hosts/silver/services/min-rip.nix
View File

@ -1,5 +1,5 @@
{inputs, ...}: let {inputs, ...}: let
dom = "min.rip"; dom = "min.rip"; # TODO: hardcoding
in { in {
services.nginx.virtualHosts.${dom} = { services.nginx.virtualHosts.${dom} = {
root = "${inputs.min-rip}"; root = "${inputs.min-rip}";

2
nixos/hosts/silver/services/nebula.nix
View File

@ -1,5 +1,5 @@
{config, ...}: let {config, ...}: let
netName = "m-infra"; netName = "m-infra"; # TODO: hardcoding
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix#L12 # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix#L12
userGroup = "nebula-${netName}"; userGroup = "nebula-${netName}";
in { in {

4
nixos/hosts/silver/services/synapse.nix
View File

@ -1,8 +1,8 @@
{config, ...}: let {config, ...}: let
httpIntPort = 14030; httpIntPort = 14030;
dbIntPort = 14032; dbIntPort = 14032;
domHost = "mtx.min.rip"; domHost = "mtx.min.rip"; # TODO: hardcoding
domDelegate = "min.rip"; domDelegate = "min.rip"; # TODO: hardcoding
dir = "/srv/synapse"; dir = "/srv/synapse";
dirSynapse = "${dir}/synapse"; dirSynapse = "${dir}/synapse";
dirDb = "${dir}/db"; dirDb = "${dir}/db";

6
nixos/modules/default.nix
View File

@ -1,3 +1,5 @@
[ {...}: {
imports = [
./system ./system
] ];
}