diff options
Diffstat (limited to 'ops/machines/sanduny/default.nix')
| -rw-r--r-- | ops/machines/sanduny/default.nix | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/ops/machines/sanduny/default.nix b/ops/machines/sanduny/default.nix index 109e6e693d..af2dfb02a5 100644 --- a/ops/machines/sanduny/default.nix +++ b/ops/machines/sanduny/default.nix @@ -10,14 +10,21 @@ _: # ignore readTree options { config, depot, lib, pkgs, ... }: let - mod = name: depot.path + ("/ops/modules/" + name); + mod = name: depot.path.origSrc + ("/ops/modules/" + name); in { imports = [ + (mod "cgit.nix") + (mod "depot-inbox.nix") + (mod "depot-replica.nix") (mod "journaldriver.nix") (mod "known-hosts.nix") + (mod "tvl-cache.nix") + (mod "tvl-headscale.nix") (mod "tvl-users.nix") + (mod "www/inbox.tvl.su.nix") (mod "www/self-redirect.nix") + (mod "www/volgasprint.org.nix") ]; networking = { @@ -66,6 +73,13 @@ in services.openssh.enable = true; services.fail2ban.enable = true; + # Run tailscale for the TVL net.tvl.fyi network. + # tailscale up --login-server https://net.tvl.fyi --accept-dns=false --advertise-exit-node + services.tailscale = { + enable = true; + useRoutingFeatures = "server"; # for exit-node usage + }; + # Automatically collect garbage from the Nix store. services.depot.automatic-gc = { enable = true; @@ -75,13 +89,24 @@ in preserveGenerations = "90d"; }; + # Allow Gerrit to replicate depot to /var/lib/depot + services.depot.replica.enable = true; + + # Run git serving tools locally ... + services.depot.cgit = { + enable = true; + repo = "/var/lib/depot"; + }; + + # Serve public-inbox ... + services.depot.inbox.enable = true; + time.timeZone = "UTC"; # GRUB does not actually need to be installed on disk; Bitfolk have # their own way of booting systems as long as config is in place. boot.loader.grub.device = "nodev"; boot.loader.grub.enable = true; - boot.loader.grub.version = 2; boot.initrd.availableKernelModules = [ "xen_blkfront" ]; hardware.cpu.intel.updateMicrocode = true; @@ -103,6 +128,8 @@ in }; }; + tvl.cache.enable = true; + swapDevices = lib.singleton { device = "/dev/disk/by-uuid/df4ad9da-0a06-4c27-93e5-5d44e4750e55"; }; |