X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fprivate%2Fsystem%2Feldiron.nix;h=8b2784d0d315ce87d0b1fbfe546f6689854e55ce;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=e1186f526b6276e9d0f471a2e9bec95a5ac18095;hpb=3f453c7d8f79dcf2fba94287ec286d55eceb99d1;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix deleted file mode 100644 index e1186f5..0000000 --- a/modules/private/system/eldiron.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ privateFiles }: -{ config, pkgs, ... }: -{ - boot.kernelPackages = pkgs.linuxPackages_latest; - myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; - hostEnv.FQDN = "eldiron.immae.eu"; - - networking = { - firewall.enable = true; - # 176.9.151.89 declared in nixops -> infra / tools - interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList - (n: ips: { address = ips.ip4; prefixLength = 32; }) - (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.myEnv.servers.eldiron.ips); - interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList - (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) - config.myEnv.servers.eldiron.ips); - }; - - imports = builtins.attrValues (import ../..); - - boot.kernel.sysctl = { - # https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md - "net.ipv4.tcp_sack" = 0; - }; - myServices.buildbot.enable = true; - myServices.databases.enable = true; - myServices.gitolite.enable = true; - myServices.monitoring.enable = true; - myServices.irc.enable = true; - myServices.pub.enable = true; - myServices.tasks.enable = true; - myServices.mpd.enable = true; - myServices.dns.enable = true; - myServices.certificates.enable = true; - myServices.websites.enable = true; - myServices.mail.enable = true; - myServices.ejabberd.enable = true; - services.pure-ftpd.enable = true; - services.duplyBackup.enable = true; - - deployment = { - targetEnv = "hetzner"; - hetzner = { - robotUser = config.myEnv.hetzner.user; - robotPass = config.myEnv.hetzner.pass; - mainIPv4 = config.myEnv.servers.eldiron.ips.main.ip4; - partitions = '' - clearpart --all --initlabel --drives=sda,sdb - - part swap1 --recommended --label=swap1 --fstype=swap --ondisk=sda - part swap2 --recommended --label=swap2 --fstype=swap --ondisk=sdb - - part raid.1 --grow --ondisk=sda - part raid.2 --grow --ondisk=sdb - - raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2 - ''; - }; - }; - - services.cron = { - enable = true; - mailto = "cron@immae.eu"; - systemCronJobs = [ - '' - # The star after /var/lib/* avoids deleting all folders in case of problem - 0 3,9,15,21 * * * root rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: > /dev/null - '' - ]; - }; - - # This value determines the NixOS release with which your system is - # to be compatible, in order to avoid breaking some software such as - # database servers. You should change this only after NixOS release - # notes say you should. - # https://nixos.org/nixos/manual/release-notes.html - system.stateVersion = "19.03"; # Did you read the comment? -}