aboutsummaryrefslogtreecommitdiff
path: root/modules/private/system
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/system')
-rw-r--r--modules/private/system/backup-2.nix21
-rw-r--r--modules/private/system/eldiron.nix7
-rw-r--r--modules/private/system/monitoring-1.nix5
3 files changed, 20 insertions, 13 deletions
diff --git a/modules/private/system/backup-2.nix b/modules/private/system/backup-2.nix
index ede5bc2..1d84667 100644
--- a/modules/private/system/backup-2.nix
+++ b/modules/private/system/backup-2.nix
@@ -1,9 +1,8 @@
1{ privateFiles }: 1{ privateFiles }:
2{ config, pkgs, resources, name, ... }: 2{ config, pkgs, resources, ... }:
3{ 3{
4 boot.kernelPackages = pkgs.linuxPackages_latest; 4 boot.kernelPackages = pkgs.linuxPackages_latest;
5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; 5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
6 hostEnv.FQDN = "backup-2.v.immae.eu";
7 6
8 imports = builtins.attrValues (import ../..); 7 imports = builtins.attrValues (import ../..);
9 8
@@ -28,13 +27,22 @@
28 firewall.enable = true; 27 firewall.enable = true;
29 interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList 28 interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
30 (n: ips: { address = ips.ip4; prefixLength = 32; }) 29 (n: ips: { address = ips.ip4; prefixLength = 32; })
31 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.myEnv.servers.backup-2.ips); 30 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips);
32 interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList 31 interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
33 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) 32 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
34 config.myEnv.servers.backup-2.ips); 33 config.hostEnv.ips);
35 defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; 34 defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
36 }; 35 };
37 36
37 myServices.certificates.enable = true;
38 services.nginx = {
39 enable = true;
40 recommendedOptimisation = true;
41 recommendedGzipSettings = true;
42 recommendedProxySettings = true;
43 };
44 networking.firewall.allowedTCPPorts = [ 80 443 ];
45
38 services.cron = { 46 services.cron = {
39 mailto = "cron@immae.eu"; 47 mailto = "cron@immae.eu";
40 enable = true; 48 enable = true;
@@ -49,6 +57,7 @@
49 }; 57 };
50 58
51 myServices.mailRelay.enable = true; 59 myServices.mailRelay.enable = true;
60 myServices.mailBackup.enable = true;
52 myServices.monitoring.enable = true; 61 myServices.monitoring.enable = true;
53 myServices.databasesReplication = { 62 myServices.databasesReplication = {
54 postgresql = { 63 postgresql = {
@@ -57,7 +66,7 @@
57 hosts = { 66 hosts = {
58 eldiron = { 67 eldiron = {
59 slot = "backup_2"; 68 slot = "backup_2";
60 connection = "postgresql://backup-2:${config.myEnv.servers.backup-2.ldap.password}@eldiron.immae.eu"; 69 connection = "postgresql://backup-2:${config.hostEnv.ldap.password}@eldiron.immae.eu";
61 }; 70 };
62 }; 71 };
63 }; 72 };
@@ -71,7 +80,7 @@
71 host = config.myEnv.servers.eldiron.ips.main.ip4; 80 host = config.myEnv.servers.eldiron.ips.main.ip4;
72 port = "3306"; 81 port = "3306";
73 user = "backup-2"; 82 user = "backup-2";
74 password = config.myEnv.servers.backup-2.ldap.password; 83 password = config.hostEnv.ldap.password;
75 dumpUser = "root"; 84 dumpUser = "root";
76 dumpPassword = config.myEnv.databases.mysql.systemUsers.root; 85 dumpPassword = config.myEnv.databases.mysql.systemUsers.root;
77 }; 86 };
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index bbe1345..0490cfc 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -3,17 +3,16 @@
3{ 3{
4 boot.kernelPackages = pkgs.linuxPackages_latest; 4 boot.kernelPackages = pkgs.linuxPackages_latest;
5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; 5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
6 hostEnv.FQDN = "eldiron.immae.eu";
7 6
8 networking = { 7 networking = {
9 firewall.enable = true; 8 firewall.enable = true;
10 # 176.9.151.89 declared in nixops -> infra / tools 9 # 176.9.151.89 declared in nixops -> infra / tools
11 interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList 10 interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
12 (n: ips: { address = ips.ip4; prefixLength = 32; }) 11 (n: ips: { address = ips.ip4; prefixLength = 32; })
13 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.myEnv.servers.eldiron.ips); 12 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips);
14 interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList 13 interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
15 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) 14 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
16 config.myEnv.servers.eldiron.ips); 15 config.hostEnv.ips);
17 }; 16 };
18 17
19 imports = builtins.attrValues (import ../..); 18 imports = builtins.attrValues (import ../..);
@@ -44,7 +43,7 @@
44 hetzner = { 43 hetzner = {
45 robotUser = config.myEnv.hetzner.user; 44 robotUser = config.myEnv.hetzner.user;
46 robotPass = config.myEnv.hetzner.pass; 45 robotPass = config.myEnv.hetzner.pass;
47 mainIPv4 = config.myEnv.servers.eldiron.ips.main.ip4; 46 mainIPv4 = config.hostEnv.ips.main.ip4;
48 partitions = '' 47 partitions = ''
49 clearpart --all --initlabel --drives=sda,sdb 48 clearpart --all --initlabel --drives=sda,sdb
50 49
diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix
index 1460478..20c12df 100644
--- a/modules/private/system/monitoring-1.nix
+++ b/modules/private/system/monitoring-1.nix
@@ -3,7 +3,6 @@
3{ 3{
4 boot.kernelPackages = pkgs.linuxPackages_latest; 4 boot.kernelPackages = pkgs.linuxPackages_latest;
5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; 5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
6 hostEnv.FQDN = "monitoring-1.v.immae.eu";
7 6
8 imports = builtins.attrValues (import ../..); 7 imports = builtins.attrValues (import ../..);
9 8
@@ -24,10 +23,10 @@
24 firewall.enable = true; 23 firewall.enable = true;
25 interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList 24 interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
26 (n: ips: { address = ips.ip4; prefixLength = 32; }) 25 (n: ips: { address = ips.ip4; prefixLength = 32; })
27 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.myEnv.servers.monitoring-1.ips); 26 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.hostEnv.ips);
28 interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList 27 interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
29 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) 28 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
30 config.myEnv.servers.monitoring-1.ips); 29 config.hostEnv.ips);
31 defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; 30 defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
32 }; 31 };
33 myServices.mailRelay.enable = true; 32 myServices.mailRelay.enable = true;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-02 12:47:48 +0000