diff options
author | Vincent Ambo <mail@tazj.in> | 2022-02-16T23·02+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2022-02-17T18·11+0000 |
commit | 9e9284fc8638b3750074177a8c1122ae59df0b55 (patch) | |
tree | f50e55098244ef47f4ece0ffe143b01d0c356269 /ops | |
parent | dd5ce78dbdf88bcdafc46c7e77fc58b1973ba617 (diff) |
feat(ops/machines): add configuration for sanduny.tvl.su r/3839
This will be an additional web host / fallback git server for whitby incidents. Change-Id: Icd6f7ce574ffd520b5783a50ff317feed7b71fc6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5297 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
Diffstat (limited to 'ops')
-rw-r--r-- | ops/machines/all-systems.nix | 1 | ||||
-rw-r--r-- | ops/machines/sanduny/default.nix | 100 | ||||
-rw-r--r-- | ops/nixos.nix | 3 |
3 files changed, 103 insertions, 1 deletions
diff --git a/ops/machines/all-systems.nix b/ops/machines/all-systems.nix index df1cfa6a488a..2536958c387f 100644 --- a/ops/machines/all-systems.nix +++ b/ops/machines/all-systems.nix @@ -1,6 +1,7 @@ { depot, ... }: (with depot.ops.machines; [ + sanduny whitby ]) ++ diff --git a/ops/machines/sanduny/default.nix b/ops/machines/sanduny/default.nix new file mode 100644 index 000000000000..674691776956 --- /dev/null +++ b/ops/machines/sanduny/default.nix @@ -0,0 +1,100 @@ +# sanduny.tvl.su +# +# This is a VPS hosted with Bitfolk, intended to additionally serve +# some of our public services like cgit, josh and the websites. +# +# In case of whitby going down, sanduny will keep depot available. + +_: # ignore readTree options + +{ config, depot, lib, pkgs, ... }: + +{ + networking = { + hostName = "sanduny"; + domain = "tvl.su"; + useDHCP = false; + + interfaces.eth0 = { + ipv4.addresses = lib.singleton { + address = "85.119.82.231"; + prefixLength = 21; + }; + + ipv6.addresses = lib.singleton { + address = "2001:ba8:1f1:f109::feed:edef:beef"; + prefixLength = 64; + }; + }; + + defaultGateway = "85.119.80.1"; + defaultGateway6.address = "2001:ba8:1f1:f109::1"; + + firewall.allowedTCPPorts = [ 22 80 443 ]; + }; + + users.users.tazjin = { + isNormalUser = true; + extraGroups = [ "git" "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = depot.users.tazjin.keys.all; + }; + + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + emacs-nox + vim + curl + unzip + htop + ]; + + programs.mtr.enable = true; + + services.openssh.enable = true; + services.fail2ban.enable = true; + + # Automatically collect garbage from the Nix store. + services.depot.automatic-gc = { + enable = true; + interval = "1 hour"; + diskThreshold = 2; # GiB + maxFreed = 5; # GiB + preserveGenerations = "90d"; + }; + + time.timeZone = "UTC"; + + # GRUB does not actually need to be installed on disk; Bitfolk have + # their own way of booting systems as long as config is in place. + boot.loader.grub.device = "nodev"; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.initrd.availableKernelModules = [ "xen_blkfront" ]; + + hardware.cpu.intel.updateMicrocode = true; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/aabc3638-43ca-45f3-af89-c451e8448e92"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/75aa99d5-fed7-4c5c-8570-7745f6cff9f5"; + fsType = "ext3"; + }; + + "/nix" = { + device = "/dev/disk/by-uuid/d1721678-c294-482b-b72e-3b15f2c56c63"; + fsType = "ext4"; + }; + }; + + swapDevices = lib.singleton { + device = "/dev/disk/by-uuid/df4ad9da-0a06-4c27-93e5-5d44e4750e55"; + }; + + system.stateVersion = "22.05"; # Did you read the comment? +} diff --git a/ops/nixos.nix b/ops/nixos.nix index 3a113ac4bbe9..291413c5b587 100644 --- a/ops/nixos.nix +++ b/ops/nixos.nix @@ -50,5 +50,6 @@ in rec { # Systems that should be built in CI whitbySystem = (nixosFor depot.ops.machines.whitby).system; - meta.ci.targets = [ "whitbySystem" ]; + sandunySystem = (nixosFor depot.ops.machines.sanduny).system; + meta.ci.targets = [ "sandunySystem" "whitbySystem" ]; } |