forked from emily/nixfiles
moved things around
This commit is contained in:
parent
489518ed02
commit
0605d4774f
11 changed files with 76 additions and 29 deletions
20
config/common-dus.nix
Normal file
20
config/common-dus.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, ... }: {
|
||||
services.resolved = {
|
||||
extraConfig = ''
|
||||
DNS = [2a0f:be01::1]
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
matchConfig.Type = "ether";
|
||||
matchConfig.Name = "e*";
|
||||
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
IPv6AcceptRA = false;
|
||||
};
|
||||
routes = [
|
||||
{ routeConfig.Gateway = "fe80::1"; }
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,4 +1,5 @@
|
|||
{ config, lib, ... }: with lib; {
|
||||
kyouma.machine-type.headless = true;
|
||||
services.openssh.enable = mkDefault true;
|
||||
services.vnstat.enable = mkDefault true;
|
||||
}
|
|
@ -9,7 +9,7 @@ with lib; {
|
|||
manageHostName = true;
|
||||
};
|
||||
kyouma.machine-type.virtual = true;
|
||||
kyouma.machine-type.headless = true;
|
||||
deployment.tags = [ "pve-lxc" ];
|
||||
networking.useDHCP = false;
|
||||
networking.useHostResolvConf = false;
|
||||
}
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
with lib; {
|
||||
imports = [
|
||||
../users
|
||||
../../modules
|
||||
./kernel.nix
|
||||
./networking.nix
|
||||
./openssh.nix
|
||||
./kernel.nix
|
||||
./users
|
||||
../../modules
|
||||
];
|
||||
environment.systemPackages = with pkgs; [
|
||||
kitty.terminfo
|
||||
|
@ -52,6 +52,7 @@ with lib; {
|
|||
nix.gc.options = "--delete-older-than 7d";
|
||||
nix.optimise.automatic = true;
|
||||
services.journald.extraConfig = "SystemMaxUse=256M";
|
||||
boot.tmp.cleanOnBoot = = mkDefault true;
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
nixpkgs.hostPlatform.system = "x86_64-linux";
|
||||
|
||||
|
|
|
@ -1,28 +1,15 @@
|
|||
{ config, ... }: {
|
||||
{ config, lib, ... }: with lib; {
|
||||
networking = {
|
||||
domain = "kyouma.net";
|
||||
useHostResolvConf = false;
|
||||
dhcpcd.enable = false;
|
||||
domain = mkDefault "kyouma.net";
|
||||
nftables.enable = mkDefault true;
|
||||
firewall.logRefusedConnections = mkDefault false;
|
||||
};
|
||||
|
||||
systemd.network.enable = true;
|
||||
networking.dhcpcd.enable = false;
|
||||
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
dnssec = "true";
|
||||
extraConfig = ''
|
||||
DNS = [2a0f:be01::1]
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
matchConfig.Tyoe = "ether";
|
||||
matchConfig.Name = "e*";
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
IPv6AcceptRA = false;
|
||||
};
|
||||
routes = [
|
||||
{ routeConfig.Gateway = "fe80::1"; }
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,9 +2,10 @@
|
|||
imports = [
|
||||
./nginx.nix
|
||||
../../common
|
||||
../../common-dus.nix
|
||||
../../common-lxc.nix
|
||||
../../common-nginx.nix
|
||||
../../headless.nix
|
||||
../../common-headless.nix
|
||||
];
|
||||
networking = {
|
||||
hostName = "crime";
|
||||
|
@ -18,6 +19,11 @@
|
|||
];
|
||||
};
|
||||
|
||||
security.acme.certs = {
|
||||
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
|
||||
"crime.kyouma.net" = {};
|
||||
};
|
||||
|
||||
services.jellyfin.enable = true;
|
||||
services.sonarr.enable = true;
|
||||
services.radarr.enable = true;
|
||||
|
|
|
@ -115,8 +115,4 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
security.acme.certs = {
|
||||
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
|
||||
"crime.kyouma.net" = {};
|
||||
};
|
||||
}
|
||||
|
|
33
config/hosts/ns-nbg/configuration.nix
Normal file
33
config/hosts/ns-nbg/configuration.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
{ config, lib, ... }: {
|
||||
imports = [
|
||||
../../common
|
||||
../../common-headless.nix
|
||||
];
|
||||
kyouma.machine-type.physical = true;
|
||||
kyouma.machine-type.headless = true;
|
||||
|
||||
systemd.network.networks."98-eth-static" = {
|
||||
matchConfig.Type = "ether";
|
||||
matchConfig.Name = "e*";
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
|
||||
networkConfig = {
|
||||
DHCP = "no";
|
||||
IPv6AcceptRA = false;
|
||||
};
|
||||
address = [
|
||||
"2a03:4000:27:74::b00b/64"
|
||||
"185.244.193.190/22"
|
||||
];
|
||||
routes = [
|
||||
{ routerConfig.Gateway = "fe80::1"; }
|
||||
{ routerConfig.Gateway = "185.244.192.1"; }
|
||||
];
|
||||
};
|
||||
services.powerdns = {
|
||||
enable = true;
|
||||
secretFile = "/run/keys/powerdns.env";
|
||||
extraConfig = ''
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -14,11 +14,14 @@ in {
|
|||
inputs.kyouma-www.nixosModules.default
|
||||
../../common
|
||||
../../common-lxc.nix
|
||||
../../common-dus.nix
|
||||
../../common-nginx.nix
|
||||
../../headless.nix
|
||||
../../common-headless.nix
|
||||
];
|
||||
networking = {
|
||||
hostName = "web-dus";
|
||||
# docker
|
||||
nftables.enable = mkForce false;
|
||||
firewall.allowedTCPPorts = [ 80 443 bmpPort ];
|
||||
firewall.allowedUDPPorts = [ 443 ];
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue