From 0605d4774f98257ef001ea5b2db20cc468238d96 Mon Sep 17 00:00:00 2001 From: emily Date: Thu, 18 Jan 2024 16:03:31 +0100 Subject: [PATCH] moved things around --- config/common-dus.nix | 20 ++++++++++++ config/{headless.nix => common-headless.nix} | 1 + config/common-lxc.nix | 2 +- config/common/default.nix | 7 +++-- config/common/networking.nix | 25 ++++----------- config/{ => common}/users/default.nix | 0 config/{ => common}/users/emily/default.nix | 0 config/hosts/crime/configuration.nix | 8 ++++- config/hosts/crime/nginx.nix | 4 --- config/hosts/ns-nbg/configuration.nix | 33 ++++++++++++++++++++ config/hosts/web-dus/configuration.nix | 5 ++- 11 files changed, 76 insertions(+), 29 deletions(-) create mode 100644 config/common-dus.nix rename config/{headless.nix => common-headless.nix} (75%) rename config/{ => common}/users/default.nix (100%) rename config/{ => common}/users/emily/default.nix (100%) create mode 100644 config/hosts/ns-nbg/configuration.nix diff --git a/config/common-dus.nix b/config/common-dus.nix new file mode 100644 index 0000000..63af825 --- /dev/null +++ b/config/common-dus.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: { + services.resolved = { + extraConfig = '' + DNS = [2a0f:be01::1] + ''; + }; + + systemd.network.networks."98-eth-default" = { + matchConfig.Type = "ether"; + matchConfig.Name = "e*"; + + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = false; + }; + routes = [ + { routeConfig.Gateway = "fe80::1"; } + ]; + }; +} diff --git a/config/headless.nix b/config/common-headless.nix similarity index 75% rename from config/headless.nix rename to config/common-headless.nix index 2dfb592..4d7e61d 100644 --- a/config/headless.nix +++ b/config/common-headless.nix @@ -1,4 +1,5 @@ { config, lib, ... }: with lib; { + kyouma.machine-type.headless = true; services.openssh.enable = mkDefault true; services.vnstat.enable = mkDefault true; } diff --git a/config/common-lxc.nix b/config/common-lxc.nix index 76df404..bb9183f 100644 --- a/config/common-lxc.nix +++ b/config/common-lxc.nix @@ -9,7 +9,7 @@ with lib; { manageHostName = true; }; kyouma.machine-type.virtual = true; - kyouma.machine-type.headless = true; deployment.tags = [ "pve-lxc" ]; networking.useDHCP = false; + networking.useHostResolvConf = false; } diff --git a/config/common/default.nix b/config/common/default.nix index a9f1a45..7c14278 100644 --- a/config/common/default.nix +++ b/config/common/default.nix @@ -2,11 +2,11 @@ with lib; { imports = [ - ../users - ../../modules + ./kernel.nix ./networking.nix ./openssh.nix - ./kernel.nix + ./users + ../../modules ]; environment.systemPackages = with pkgs; [ kitty.terminfo @@ -52,6 +52,7 @@ with lib; { nix.gc.options = "--delete-older-than 7d"; nix.optimise.automatic = true; services.journald.extraConfig = "SystemMaxUse=256M"; + boot.tmp.cleanOnBoot = = mkDefault true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nixpkgs.hostPlatform.system = "x86_64-linux"; diff --git a/config/common/networking.nix b/config/common/networking.nix index 4e49eaa..229a460 100644 --- a/config/common/networking.nix +++ b/config/common/networking.nix @@ -1,28 +1,15 @@ -{ config, ... }: { +{ config, lib, ... }: with lib; { networking = { - domain = "kyouma.net"; - useHostResolvConf = false; - dhcpcd.enable = false; + domain = mkDefault "kyouma.net"; + nftables.enable = mkDefault true; + firewall.logRefusedConnections = mkDefault false; }; + systemd.network.enable = true; + networking.dhcpcd.enable = false; services.resolved = { enable = true; dnssec = "true"; - extraConfig = '' - DNS = [2a0f:be01::1] - ''; - }; - - systemd.network.networks."98-eth-default" = { - matchConfig.Tyoe = "ether"; - matchConfig.Name = "e*"; - networkConfig = { - DHCP = "ipv4"; - IPv6AcceptRA = false; - }; - routes = [ - { routeConfig.Gateway = "fe80::1"; } - ]; }; } diff --git a/config/users/default.nix b/config/common/users/default.nix similarity index 100% rename from config/users/default.nix rename to config/common/users/default.nix diff --git a/config/users/emily/default.nix b/config/common/users/emily/default.nix similarity index 100% rename from config/users/emily/default.nix rename to config/common/users/emily/default.nix diff --git a/config/hosts/crime/configuration.nix b/config/hosts/crime/configuration.nix index 47d813c..ebfb2b2 100644 --- a/config/hosts/crime/configuration.nix +++ b/config/hosts/crime/configuration.nix @@ -2,9 +2,10 @@ imports = [ ./nginx.nix ../../common + ../../common-dus.nix ../../common-lxc.nix ../../common-nginx.nix - ../../headless.nix + ../../common-headless.nix ]; networking = { hostName = "crime"; @@ -18,6 +19,11 @@ ]; }; + security.acme.certs = { + "fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; }; + "crime.kyouma.net" = {}; + }; + services.jellyfin.enable = true; services.sonarr.enable = true; services.radarr.enable = true; diff --git a/config/hosts/crime/nginx.nix b/config/hosts/crime/nginx.nix index 31a2b6b..c3aad1f 100644 --- a/config/hosts/crime/nginx.nix +++ b/config/hosts/crime/nginx.nix @@ -115,8 +115,4 @@ in { }; }; }; - security.acme.certs = { - "fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; }; - "crime.kyouma.net" = {}; - }; } diff --git a/config/hosts/ns-nbg/configuration.nix b/config/hosts/ns-nbg/configuration.nix new file mode 100644 index 0000000..a7fd120 --- /dev/null +++ b/config/hosts/ns-nbg/configuration.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: { + imports = [ + ../../common + ../../common-headless.nix + ]; + kyouma.machine-type.physical = true; + kyouma.machine-type.headless = true; + + systemd.network.networks."98-eth-static" = { + matchConfig.Type = "ether"; + matchConfig.Name = "e*"; + linkConfig.RequiredForOnline = "routable"; + + networkConfig = { + DHCP = "no"; + IPv6AcceptRA = false; + }; + address = [ + "2a03:4000:27:74::b00b/64" + "185.244.193.190/22" + ]; + routes = [ + { routerConfig.Gateway = "fe80::1"; } + { routerConfig.Gateway = "185.244.192.1"; } + ]; + }; + services.powerdns = { + enable = true; + secretFile = "/run/keys/powerdns.env"; + extraConfig = '' + ''; + }; +} diff --git a/config/hosts/web-dus/configuration.nix b/config/hosts/web-dus/configuration.nix index ee1aa3f..c2c26da 100644 --- a/config/hosts/web-dus/configuration.nix +++ b/config/hosts/web-dus/configuration.nix @@ -14,11 +14,14 @@ in { inputs.kyouma-www.nixosModules.default ../../common ../../common-lxc.nix + ../../common-dus.nix ../../common-nginx.nix - ../../headless.nix + ../../common-headless.nix ]; networking = { hostName = "web-dus"; + # docker + nftables.enable = mkForce false; firewall.allowedTCPPorts = [ 80 443 bmpPort ]; firewall.allowedUDPPorts = [ 443 ]; };