moved things around

2024-01-18 16:03:31 +01:00 · 2024-01-18 16:03:31 +01:00 · 0605d4774f
commit 0605d4774f
parent 489518ed02
11 changed files with 76 additions and 29 deletions
--- a/config/common-dus.nix
+++ b/config/common-dus.nix
@ -0,0 +1,20 @@
+{ config, lib, ... }: {
+  services.resolved = {
+    extraConfig = ''
+      DNS = [2a0f:be01::1] 
+    '';
+  };
+
+  systemd.network.networks."98-eth-default" = {
+    matchConfig.Type = "ether";
+    matchConfig.Name = "e*";
+
+    networkConfig = {
+      DHCP = "ipv4";
+      IPv6AcceptRA = false;
+    };
+    routes = [
+      { routeConfig.Gateway = "fe80::1"; }
+    ];
+  };
+}
--- a/config/common-headless.nix
+++ b/config/common-headless.nix
@ -1,4 +1,5 @@
 { config, lib, ... }: with lib; {
+  kyouma.machine-type.headless = true;
  services.openssh.enable = mkDefault true;
  services.vnstat.enable = mkDefault true;
 }
--- a/config/common-lxc.nix
+++ b/config/common-lxc.nix
@ -9,7 +9,7 @@ with lib; {
    manageHostName = true;
  };
  kyouma.machine-type.virtual = true;
-  kyouma.machine-type.headless = true;
  deployment.tags = [ "pve-lxc" ];
  networking.useDHCP = false;
+  networking.useHostResolvConf = false;
 }
--- a/config/common/default.nix
+++ b/config/common/default.nix
@ -2,11 +2,11 @@

 with lib; {
  imports = [
-    ../users
-    ../../modules
+    ./kernel.nix
    ./networking.nix
    ./openssh.nix
-    ./kernel.nix
+    ./users
+    ../../modules
  ];
  environment.systemPackages = with pkgs; [
    kitty.terminfo
@ -52,6 +52,7 @@ with lib; {
  nix.gc.options = "--delete-older-than 7d";
  nix.optimise.automatic = true;
  services.journald.extraConfig = "SystemMaxUse=256M";
+  boot.tmp.cleanOnBoot = = mkDefault true;
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nixpkgs.hostPlatform.system = "x86_64-linux";

--- a/config/common/networking.nix
+++ b/config/common/networking.nix
@ -1,28 +1,15 @@
-{ config, ... }: {
+{ config, lib, ... }: with lib; {
  networking = {
-    domain = "kyouma.net";
-    useHostResolvConf = false;
-    dhcpcd.enable = false;
+    domain = mkDefault "kyouma.net";
+    nftables.enable = mkDefault true;
+    firewall.logRefusedConnections = mkDefault false;
  };
+
  systemd.network.enable = true;
+  networking.dhcpcd.enable = false;

  services.resolved = {
    enable = true;
    dnssec = "true";
-    extraConfig = ''
-      DNS = [2a0f:be01::1] 
-    '';
-  };
-
-  systemd.network.networks."98-eth-default" = {
-    matchConfig.Tyoe = "ether";
-    matchConfig.Name = "e*";
-    networkConfig = {
-      DHCP = "ipv4";
-      IPv6AcceptRA = false;
-    };
-    routes = [
-      { routeConfig.Gateway = "fe80::1"; }
-    ];
  };
 }
--- a/config/common/users/default.nix
+++ b/config/common/users/default.nix
--- a/config/common/users/emily/default.nix
+++ b/config/common/users/emily/default.nix
--- a/config/hosts/crime/configuration.nix
+++ b/config/hosts/crime/configuration.nix
@ -2,9 +2,10 @@
  imports = [
    ./nginx.nix
    ../../common
+    ../../common-dus.nix
    ../../common-lxc.nix
    ../../common-nginx.nix
-    ../../headless.nix
+    ../../common-headless.nix
  ];
  networking = {
    hostName = "crime";
@ -18,6 +19,11 @@
    ];
  };

+  security.acme.certs = {
+    "fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
+    "crime.kyouma.net" = {};
+  };
+
  services.jellyfin.enable = true;
  services.sonarr.enable = true;
  services.radarr.enable = true;
--- a/config/hosts/crime/nginx.nix
+++ b/config/hosts/crime/nginx.nix
@ -115,8 +115,4 @@ in {
      };
    };
  };
-  security.acme.certs = {
-    "fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
-    "crime.kyouma.net" = {};
-  };
 }
--- a/config/hosts/ns-nbg/configuration.nix
+++ b/config/hosts/ns-nbg/configuration.nix
@ -0,0 +1,33 @@
+{ config, lib, ... }: {
+  imports = [
+    ../../common
+    ../../common-headless.nix
+  ];
+  kyouma.machine-type.physical = true;
+  kyouma.machine-type.headless = true;
+
+  systemd.network.networks."98-eth-static" = {
+    matchConfig.Type = "ether";
+    matchConfig.Name = "e*";
+    linkConfig.RequiredForOnline = "routable";
+
+    networkConfig = {
+      DHCP = "no";
+      IPv6AcceptRA = false;
+    };
+    address = [
+      "2a03:4000:27:74::b00b/64"
+      "185.244.193.190/22"
+    ];
+    routes = [
+      { routerConfig.Gateway = "fe80::1"; }
+      { routerConfig.Gateway = "185.244.192.1"; }
+    ];
+  };
+  services.powerdns = {
+    enable = true;
+    secretFile = "/run/keys/powerdns.env";
+    extraConfig = ''
+    '';
+  };
+}
--- a/config/hosts/web-dus/configuration.nix
+++ b/config/hosts/web-dus/configuration.nix
@ -14,11 +14,14 @@ in {
    inputs.kyouma-www.nixosModules.default
    ../../common
    ../../common-lxc.nix
+    ../../common-dus.nix
    ../../common-nginx.nix
-    ../../headless.nix
+    ../../common-headless.nix
  ];
  networking = {
    hostName = "web-dus";
+    # docker
+    nftables.enable = mkForce false;
    firewall.allowedTCPPorts = [ 80 443 bmpPort ];
    firewall.allowedUDPPorts = [ 443 ];
  };