From 480a71c10f61deca90e3d58fd2a12d3ce40f6424 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 10 Mar 2022 16:19:07 +0200 Subject: feat(tazjin/polyanka): Check in host configuration This host was previously managed manually, now adding it to depot because doing that was a huge hassle. Change-Id: I1e212fce13da735b5329578d9b2dd8f370f25cbc Reviewed-on: https://cl.tvl.fyi/c/depot/+/5357 Tested-by: BuildkiteCI Reviewed-by: tazjin --- users/tazjin/nixos/default.nix | 5 +- users/tazjin/nixos/polyanka/default.nix | 107 ++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+), 3 deletions(-) create mode 100644 users/tazjin/nixos/polyanka/default.nix (limited to 'users/tazjin') diff --git a/users/tazjin/nixos/default.nix b/users/tazjin/nixos/default.nix index a1651a9d296d..e240eada534a 100644 --- a/users/tazjin/nixos/default.nix +++ b/users/tazjin/nixos/default.nix @@ -1,10 +1,9 @@ { depot, lib, ... }: let systemFor = sys: (depot.ops.nixos.nixosFor sys).system; -in { +in depot.nix.readTree.drvTargets { camdenSystem = systemFor depot.users.tazjin.nixos.camden; frogSystem = systemFor depot.users.tazjin.nixos.frog; tverskoySystem = systemFor depot.users.tazjin.nixos.tverskoy; - - meta.ci.targets = [ "camdenSystem" "frogSystem" "tverskoySystem" ]; + polyankaSystem = (depot.ops.nixos.nixosFor depot.users.tazjin.nixos.polyanka).system; } diff --git a/users/tazjin/nixos/polyanka/default.nix b/users/tazjin/nixos/polyanka/default.nix new file mode 100644 index 000000000000..6a49d342af26 --- /dev/null +++ b/users/tazjin/nixos/polyanka/default.nix @@ -0,0 +1,107 @@ +# VPS hosted at GleSYS, running my Quassel and some random network +# stuff. + +_: # ignore readTree options + +{ config, depot, lib, pkgs, ... }: + +let + mod = name: depot.path + ("/ops/modules/" + name); +in +{ + imports = [ + (mod "quassel.nix") + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "sd_mod" "sr_mod" ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/4c51357a-1e34-4b59-b169-63af1fcdce71"; + fsType = "ext4"; + }; + + networking = { + hostName = "polyanka"; + domain = "tazj.in"; + useDHCP = false; + + # Required for VPN usage + networkmanager.enable = true; + + interfaces.ens192 = { + ipv4.addresses = lib.singleton { + address = "159.253.30.129"; + prefixLength = 24; + }; + + ipv6.addresses = lib.singleton { + address = "2a02:750:7:3305::308"; + prefixLength = 64; + }; + }; + + defaultGateway = "159.253.30.1"; + defaultGateway6.address = "2a02:750:7:3305::1"; + + firewall.enable = false; + + nameservers = [ + "79.99.4.100" + "79.99.4.101" + "2a02:751:aaaa::1" + "2a02:751:aaaa::2" + ]; + }; + + time.timeZone = "UTC"; + + security.acme.acceptTerms = true; + security.acme.certs."polyanka.tazj.in" = { + listenHTTP = ":80"; + email = "mail@tazj.in"; + group = "quassel"; + }; + + users.users.tazjin = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAWvA3RpXpMAqruUbB+eVgvvHCzhs5R9khFRza3YSLeFiIqOxVVgyhzW/BnCSD9t/5JrqRdJIGQLnkQU9m4REhUAAAAEc3NoOg== tazjin@tverskoy" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy tazjin@tverskoy" + ]; + }; + + security.sudo.wheelNeedsPassword = false; + + services.depot.quassel = { + enable = true; + acmeHost = "polyanka.tazj.in"; + bindAddresses = [ + "0.0.0.0" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + curl + htop + jq + nmap + bat + emacs-nox + nano + wget + ]; + + programs.mtr.enable = true; + services.openssh.enable = true; + + system.stateVersion = "20.09"; +} -- cgit 1.4.1