X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Feldiron.nix;h=8b2784d0d315ce87d0b1fbfe546f6689854e55ce;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=3fa78a4204dec338da182c7ec30dffb77e91342e;hpb=7e214bf9e1bb58b83317db95dfb70dbeac0a4e28;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
deleted file mode 100644
index 3fa78a4..0000000
--- a/modules/private/system/eldiron.nix
+++ /dev/null
@@ -1,130 +0,0 @@
-{ privateFiles }:
-{ config, pkgs, lib, ... }:
-{
-  boot.supportedFilesystems = [ "zfs" ];
-  boot.kernelParams = ["zfs.zfs_arc_max=6442450944"];
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-  myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
-
-  fileSystems = {
-    "/"     = lib.mkForce { fsType = "zfs"; device = "zpool/root"; };
-    "/boot" = { fsType = "ext4"; device = "/dev/disk/by-uuid/e6bb18fb-ff56-4b5f-ae9f-e60d40dc0622"; };
-    "/etc"  = { fsType = "zfs"; device = "zpool/root/etc"; };
-    "/nix"  = { fsType = "zfs"; device = "zpool/root/nix"; };
-    "/tmp"  = { fsType = "zfs"; device = "zpool/root/tmp"; };
-    "/var"  = { fsType = "zfs"; device = "zpool/root/var"; };
-  };
-  boot.initrd.secrets = {
-    "/boot/pass.key" = "/boot/pass.key";
-  };
-
-  services.zfs = {
-    autoSnapshot = {
-      enable = true;
-    };
-    autoScrub = {
-      enable = true;
-    };
-  };
-  networking = {
-    hostId = "8262ca33"; # generated with head -c4 /dev/urandom | od -A none -t x4
-    firewall.enable = true;
-    # 176.9.151.89 declared in nixops -> infra / tools
-    interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
-      (n: ips: { address = ips.ip4; prefixLength = 32; })
-      (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips);
-    interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
-      (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
-      config.hostEnv.ips);
-  };
-
-  imports = builtins.attrValues (import ../..);
-
-  boot.kernel.sysctl = {
-    # https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
-    "net.ipv4.tcp_sack" = 0;
-  };
-  myServices.buildbot.enable = true;
-  myServices.databases.enable = true;
-  myServices.gitolite.enable = true;
-  myServices.monitoring.enable = true;
-  myServices.irc.enable = true;
-  myServices.pub.enable = true;
-  myServices.tasks.enable = true;
-  myServices.mpd.enable = true;
-  myServices.dns.enable = true;
-  myServices.certificates.enable = true;
-  myServices.websites.enable = true;
-  myServices.mail.enable = true;
-  myServices.ejabberd.enable = true;
-  myServices.vpn.enable = true;
-  services.pure-ftpd.enable = true;
-  services.duplyBackup.enable = true;
-  services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
-
-  secrets.keys = [
-    {
-      dest = "rsync_backup/identity";
-      user = "root";
-      group = "root";
-      permissions = "0400";
-      text = config.myEnv.rsync_backup.ssh_key.private;
-    }
-  ];
-  programs.ssh.knownHosts.dilion = {
-    hostNames = ["dilion.immae.eu"];
-    publicKey = let
-      profile = config.myEnv.rsync_backup.profiles.dilion;
-    in
-      "${profile.host_key_type} ${profile.host_key}";
-  };
-
-  deployment = {
-    targetEnv = "hetzner";
-    hetzner = {
-      robotUser = config.myEnv.hetzner.user;
-      robotPass = config.myEnv.hetzner.pass;
-      mainIPv4 = config.hostEnv.ips.main.ip4;
-      partitions = ''
-        clearpart --all --initlabel --drives=sda,sdb
-
-        part swap1 --recommended --label=swap1 --fstype=swap --ondisk=sda
-        part swap2 --recommended --label=swap2 --fstype=swap --ondisk=sdb
-
-        part raid.1 --grow --ondisk=sda
-        part raid.2 --grow --ondisk=sdb
-
-        raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2
-      '';
-    };
-  };
-
-  services.cron = {
-    enable = true;
-    mailto = "cron@immae.eu";
-    systemCronJobs = [
-      ''
-        # The star after /var/lib/* avoids deleting all folders in case of problem
-        0 3,9,15,21 * * * root rsync -e "ssh -i /var/secrets/rsync_backup/identity" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* backup@dilion.immae.eu: > /dev/null
-        0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "immae.eu.*Recipient address rejected"
-        # Need a way to blacklist properly
-        # 0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "NOQUEUE:"
-        0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtp -g "status=bounced"
-      ''
-    ];
-  };
-
-  fileSystems."/var/lib/pub/immae/devtools" = {
-    device = "/run/current-system/sw/bin/bindfs#/var/lib/ftp/devtools.immae.eu/";
-    fsType = "fuse";
-    options = [ "force-user=pub" "create-for-user=wwwrun" "create-for-group=wwwrun" ];
-  };
-  environment.systemPackages = [ pkgs.bindfs pkgs.pv pkgs.smartmontools ];
-
-  # This value determines the NixOS release with which your system is
-  # to be compatible, in order to avoid breaking some software such as
-  # database servers. You should change this only after NixOS release
-  # notes say you should.
-  # https://nixos.org/nixos/manual/release-notes.html
-  system.stateVersion = "20.03"; # Did you read the comment?
-}