steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat: introduce treefmt and fmt all

Browse source
This commit is contained in:
steveej 2024-11-15 10:17:56 +01:00
parent 80250b0179
commit 27c6c4f9fa
237 changed files with 5440 additions and 5214 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nix/os/devices/sj-srv1/boot.nix
View file

@ -1,3 +1 @@
{lib, ...}: {
boot.extraModulePackages = [];
}
_: { boot.extraModulePackages = [ ]; }

8
nix/os/devices/sj-srv1/configuration.nix
View file

@ -1,10 +1,6 @@
{ nodeName, config, ... }:
{
nodeName,
config,
pkgs,
...
}: {
disabledModules = [];
disabledModules = [ ];
imports = [
../../profiles/common/configuration.nix
{

10
nix/os/devices/sj-srv1/default.nix
View file

@ -3,17 +3,17 @@
repoFlake,
nodeFlake,
...
}: let
}:
let
system = "x86_64-linux";
in {
in
{
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
inherit system;
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
${nodeName} = {
deployment.targetHost = "${nodeName}.dmz.internal";

2
nix/os/devices/sj-srv1/flake.nix
View file

@ -12,5 +12,5 @@
inputs.nixpkgs_forgejo.url = "github:NixOS/nixpkgs/af4ac075a3e97cb239078e187112afdf380cd47b";
# nixpkgs_forgejo.url = "github:steveej-forks/nixpkgs/9c3519ab3beb11b8d997281f8922330f707df419";
outputs = _: {};
outputs = _: { };
}

6
nix/os/devices/sj-srv1/hw.nix
View file

@ -1,4 +1,5 @@
{...}: let
_:
let
stage1Modules = [
"virtio_balloon"
"virtio_scsi"
@ -38,7 +39,8 @@
"cdc_ether"
"uas"
];
in {
in
{
hardware.opinionatedDisk = {
enable = true;
encrypted = false;

116
nix/os/devices/sj-srv1/system.nix
View file

@ -6,29 +6,29 @@
nodeFlake,
nodeName,
...
}: let
}:
let
hostBridgeAddress = "192.168.101.1";
in {
in
{
imports = [
../../snippets/systemd-resolved.nix
{
# make sure it uses the DNS that comes in via DHCP
networking.nameservers = lib.mkForce [];
networking.nameservers = lib.mkForce [ ];
services.resolved.enable = true;
# provide DNS to the containers
services.resolved.extraConfig = ''
DNSStubListenerExtra=${hostBridgeAddress}
'';
networking.firewall.interfaces.br0.allowedTCPPorts = [53];
networking.firewall.interfaces.br0.allowedUDPPorts = [53];
networking.firewall.interfaces.br0.allowedTCPPorts = [ 53 ];
networking.firewall.interfaces.br0.allowedUDPPorts = [ 53 ];
}
];
programs.wireshark.enable = true;
environment.systemPackages = [
pkgs.dnsutils
];
environment.systemPackages = [ pkgs.dnsutils ];
networking.firewall.enable = true;
networking.nftables.enable = true;
@ -48,13 +48,13 @@ in {
networking.nat = {
enable = true;
internalInterfaces = ["br0"];
internalInterfaces = [ "br0" ];
externalInterface = "dmz0";
};
networking.bridges = {
br0 = {
interfaces = [];
interfaces = [ ];
};
};
networking.interfaces = {
@ -89,9 +89,7 @@ in {
networkConfig.LinkLocalAddressing = "no";
# TODO: i'm not sure if and if so why this is required
macvlan = [
"dmz0"
];
macvlan = [ "dmz0" ];
DHCP = "no";
};
@ -111,45 +109,49 @@ in {
};
# virtualization
virtualisation = {docker.enable = false;};
virtualisation = {
docker.enable = false;
};
nix.gc = {automatic = true;};
nix.gc = {
automatic = true;
};
sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix
services.restic.backups.${nodeName} = let
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
in {
initialize = true;
repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
services.restic.backups.${nodeName} =
let
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
in
{
initialize = true;
repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
paths = [
"/backup"
];
paths = [ "/backup" ];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 2"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 2"
];
timerConfig = {
OnCalendar = lib.mkDefault "daily";
Persistent = true;
timerConfig = {
OnCalendar = lib.mkDefault "daily";
Persistent = true;
};
passwordFile = config.sops.secrets.restic-password.path;
backupPrepareCommand = ''
${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
'';
backupCleanupCommand = ''
${btrfs} su delete /backup/container-volumes
'';
};
passwordFile = config.sops.secrets.restic-password.path;
backupPrepareCommand = ''
${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
'';
backupCleanupCommand = ''
${btrfs} su delete /backup/container-volumes
'';
};
containers = {
mailserver = import ../../containers/mailserver.nix {
specialArgs = {
@ -167,25 +169,23 @@ in {
sievePort = 4190;
};
webserver =
import ../../containers/webserver.nix
{
specialArgs = {
inherit repoFlake nodeFlake;
hostAddress = hostBridgeAddress;
};
autoStart = true;
hostBridge = "br0";
webserver = import ../../containers/webserver.nix {
specialArgs = {
inherit repoFlake nodeFlake;
hostAddress = hostBridgeAddress;
localAddress = "192.168.101.11/24";
httpPort = 80;
httpsPort = 443;
forgejoSshPort = 2222;
};
autoStart = true;
hostBridge = "br0";
hostAddress = hostBridgeAddress;
localAddress = "192.168.101.11/24";
httpPort = 80;
httpsPort = 443;
forgejoSshPort = 2222;
};
syncthing = import ../../containers/syncthing.nix {
specialArgs = {
inherit repoFlake nodeFlake;