From 060a8f28fa1fc648bdf66afb31a5d1efac868837 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 28 Jul 2023 22:24:15 +0200 Subject: makefu: move out to own repo, add vacation-note --- makefu/1systems/gum/config.nix | 261 --------------------------- makefu/1systems/gum/hetzner/default.nix | 116 ------------ makefu/1systems/gum/hetznercloud/default.nix | 50 ----- makefu/1systems/gum/hetznercloud/doit | 13 -- makefu/1systems/gum/hetznercloud/network.nix | 36 ---- makefu/1systems/gum/hetznercloud/sfdisk.part | 6 - makefu/1systems/gum/rescue.txt | 15 -- makefu/1systems/gum/source.nix | 6 - 8 files changed, 503 deletions(-) delete mode 100644 makefu/1systems/gum/config.nix delete mode 100644 makefu/1systems/gum/hetzner/default.nix delete mode 100644 makefu/1systems/gum/hetznercloud/default.nix delete mode 100644 makefu/1systems/gum/hetznercloud/doit delete mode 100644 makefu/1systems/gum/hetznercloud/network.nix delete mode 100644 makefu/1systems/gum/hetznercloud/sfdisk.part delete mode 100644 makefu/1systems/gum/rescue.txt delete mode 100644 makefu/1systems/gum/source.nix (limited to 'makefu/1systems/gum') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix deleted file mode 100644 index f40f113bb..000000000 --- a/makefu/1systems/gum/config.nix +++ /dev/null @@ -1,261 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - external-ip = config.krebs.build.host.nets.internet.ip4.addr; - ext-if = config.makefu.server.primary-itf; - allDisks = [ "/dev/sda" "/dev/sdb" ]; -in { - imports = [ - - ./hetznercloud - { - # wait for mount - systemd.services.rtorrent.wantedBy = lib.mkForce []; - systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce []; - systemd.services.samba-smbd.wantedBy = lib.mkForce []; - } - { - users.users.lass = { - uid = 19002; - isNormalUser = true; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - makefu.pubkey - ]; - }; - } - - - - - - # - - - # - - - - # Security - - - # Tools - - - - # - - - - - # - - # networking - # - # - # - # - - { # bonus retiolum config for connecting more hosts - krebs.tinc.retiolum = { - #extraConfig = lib.mkForce '' - # ListenAddress = ${external-ip} 53 - # ListenAddress = ${external-ip} 655 - # ListenAddress = ${external-ip} 21031 - # StrictSubnets = yes - # LocalDiscovery = no - #''; - connectTo = [ - "prism" "ni" "enklave" "eve" "dishfire" - ]; - }; - networking.firewall = { - allowedTCPPorts = - [ - 53 - 655 - 21031 - ]; - allowedUDPPorts = - [ - 53 - 655 - 21031 - ]; - }; - } - - # ci - # - - - ### systemdUltras ### - - - ###### Shack ##### - # - # - - - - - - - # services - # postgres backend - # - # - { krebs.exim.enable = mkDefault true; } - - - # sharing - # samba sahre - - # - - { nixpkgs.config.allowUnfree = true; } - # - ## - # - # - # - - - ## network - # - # - - { makefu.backup.server.repo = "/var/backup/borg"; } - - - - - - { # recent changes mediawiki bot - networking.firewall.allowedUDPPorts = [ 5005 5006 ]; - } - # Removed until move: no extra mails - # - # Removed until move: avoid letsencrypt ban - ### Web - - # postgres backend - # postgres backend - - - - #postgres backend - ### Moving owncloud data dir to /media/cloud/nextcloud-data - { - users.users.nextcloud.extraGroups = [ "download" ]; - # nextcloud-setup fails as it cannot set permissions for nextcloud - systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1"; - systemd.tmpfiles.rules = [ - "L /var/lib/nextcloud/data - - - - /media/cloud/nextcloud-data" - "L /var/backup - - - - /media/cloud/gum-backup" - ]; - #fileSystems."/var/lib/nextcloud/data" = { - # device = "/media/cloud/nextcloud-data"; - # options = [ "bind" ]; - #}; - #fileSystems."/var/backup" = { - # device = "/media/cloud/gum-backup"; - # options = [ "bind" ]; - #}; - } - - - # - - - - - ## - # - # - - # - # - - # - # - # - # - # - - - # - - - # - - - # - - - - - # - - # - - # sharing - - { krebs.airdcpp.dcpp.shares = { - download.path = config.makefu.dl-dir + "/finished"; - sorted.path = config.makefu.dl-dir + "/sorted"; - }; - } - - - ## Temporary: - # - # - # - - # krebs infrastructure services - # - ]; - - # makefu.dl-dir = "/var/download"; - makefu.dl-dir = "/media/cloud/download/finished"; - - services.openssh.hostKeys = lib.mkForce [ - { bits = 4096; path = (toString ); type = "rsa"; } - { path = (toString ); type = "ed25519"; } ]; - ###### stable - security.acme.certs."cgit.euer.krebsco.de" = { - email = "letsencrypt@syntax-fehler.de"; - webroot = "/var/lib/acme/acme-challenge"; - group = "nginx"; - }; - services.nginx.virtualHosts."cgit" = { - serverAliases = [ "cgit.euer.krebsco.de" ]; - addSSL = true; - sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem"; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/acme-challenge; - ''; - }; - - krebs.build.host = config.krebs.hosts.gum; - - # Network - networking = { - firewall = { - allowedTCPPorts = [ - 80 443 - 28967 # storj - ]; - allowPing = true; - logRefusedConnections = false; - }; - nameservers = [ "8.8.8.8" ]; - }; - users.users.makefu.extraGroups = [ "download" "nginx" ]; - state = [ "/home/makefu/.weechat" ]; -} diff --git a/makefu/1systems/gum/hetzner/default.nix b/makefu/1systems/gum/hetzner/default.nix deleted file mode 100644 index 7d445879a..000000000 --- a/makefu/1systems/gum/hetzner/default.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ config, ... }: -let - external-mac = "50:46:5d:9f:63:6b"; - main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; - sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; - external-gw = "144.76.26.225"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static - external-ip = "144.76.26.247"; - external-ip6 = "2a01:4f8:191:12f6::2"; - external-gw6 = "fe80::1"; - external-netmask = 27; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in { - imports = [ - - { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; } - - ]; - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - interfaces."${ext-if}" = { - ipv4.addresses = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = { address = external-gw6; interface = ext-if; }; - defaultGateway = external-gw; - }; - boot.kernelParams = [ ]; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ main-disk ]; - boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ]; - boot.initrd.availableKernelModules = [ - "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" - "xhci_pci" "ehci_pci" "ahci" "sd_mod" - ]; - boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ]; - hardware.enableRedistributableFirmware = true; - fileSystems."/" = { - device = "/dev/nixos/root"; - fsType = "ext4"; - }; - fileSystems."/var/lib" = { - device = "/dev/nixos/lib"; - fsType = "ext4"; - }; - fileSystems."/var/log" = { - device = "/dev/nixos/log"; - fsType = "ext4"; - }; - fileSystems."/var/download" = { - device = "/dev/nixos/download"; - fsType = "ext4"; - }; - fileSystems."/var/www/binaergewitter" = { - device = "/dev/nixos/binaergewitter"; - fsType = "ext4"; - options = [ "nofail" ]; - }; - fileSystems."/var/lib/nextcloud/data" = { - device = "/dev/nixos/nextcloud"; - fsType = "ext4"; - options = [ "nofail" ]; - }; - fileSystems."/var/lib/borgbackup" = { - device = "/dev/nixos/backup"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/sda2"; - fsType = "vfat"; - }; - # parted -s -a optimal "$disk" \ - # mklabel gpt \ - # mkpart no-fs 0 1024KiB \ - # set 1 bios_grub on \ - # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ - # mkpart primary 1025MiB 100% - # parted -s -a optimal "/dev/sdb" \ - # mklabel gpt \ - # mkpart primary 1M 100% - - #mkfs.vfat /dev/sda2 - #pvcreate /dev/sda3 - #pvcreate /dev/sdb1 - #vgcreate nixos /dev/sda3 /dev/sdb1 - #lvcreate -L 120G -m 1 -n root nixos - #lvcreate -L 50G -m 1 -n lib nixos - #lvcreate -L 100G -n download nixos - #lvcreate -L 100G -n backup nixos - #mkfs.ext4 /dev/mapper/nixos-root - #mkfs.ext4 /dev/mapper/nixos-lib - #mkfs.ext4 /dev/mapper/nixos-download - #mkfs.ext4 /dev/mapper/nixos-borgbackup - #mount /dev/mapper/nixos-root /mnt - #mkdir /mnt/boot - #mount /dev/sda2 /mnt/boot - #mkdir -p /mnt/var/src - #touch /mnt/var/src/.populate - -} diff --git a/makefu/1systems/gum/hetznercloud/default.nix b/makefu/1systems/gum/hetznercloud/default.nix deleted file mode 100644 index cfcd894af..000000000 --- a/makefu/1systems/gum/hetznercloud/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - - imports = - [ ./network.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - # Disk - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "rpool/nix"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - boot.loader.grub.device = "/dev/sda"; - - networking.hostId = "3150697b"; # required for zfs use - boot.tmpOnTmpfs = true; - boot.supportedFilesystems = [ "zfs" ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.copyKernels = true; - boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues - boot.kernelParams = [ - "boot.shell_on_fail" - "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues - ]; -} diff --git a/makefu/1systems/gum/hetznercloud/doit b/makefu/1systems/gum/hetznercloud/doit deleted file mode 100644 index 45798587a..000000000 --- a/makefu/1systems/gum/hetznercloud/doit +++ /dev/null @@ -1,13 +0,0 @@ -ROOT_DEVICE=/dev/sda2 -NIXOS_BOOT=/dev/sda1 - -zpool create -o ashift=12 -o altroot=/mnt rpool $ROOT_DEVICE -zfs create -o mountpoint=legacy rpool/root -zfs create -o mountpoint=legacy rpool/home -zfs create -o mountpoint=legacy rpool/nix -mount -t zfs rpool/root /mnt -mkdir /mnt/{home,nix,boot} -mount -t zfs rpool/home /mnt/home -mount -t zfs rpool/nix /mnt/nix -mount $NIXOS_BOOT /mnt/boot/ - diff --git a/makefu/1systems/gum/hetznercloud/network.nix b/makefu/1systems/gum/hetznercloud/network.nix deleted file mode 100644 index 5159cf570..000000000 --- a/makefu/1systems/gum/hetznercloud/network.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -let - external-mac = "96:00:01:24:33:f4"; - external-gw = "172.31.1.1"; - external-ip = "142.132.189.140"; - external-ip6 = "2a01:4f8:1c17:5cdf::2"; - external-gw6 = "fe80::1"; - external-netmask = 32; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly -in -{ - makefu.server.primary-itf = ext-if; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - networking = { - enableIPv6 = true; - nat.enableIPv6 = true; - interfaces."${ext-if}" = { - useDHCP = true; - ipv6.addresses = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - #ipv4.addresses = [{ - # address = external-ip; - # prefixLength = external-netmask; - #}]; - defaultGateway6 = { address = external-gw6; interface = ext-if; }; - #defaultGateway = external-gw; - nameservers = [ "1.1.1.1" ]; - }; -} diff --git a/makefu/1systems/gum/hetznercloud/sfdisk.part b/makefu/1systems/gum/hetznercloud/sfdisk.part deleted file mode 100644 index fb375b15a..000000000 --- a/makefu/1systems/gum/hetznercloud/sfdisk.part +++ /dev/null @@ -1,6 +0,0 @@ -label: gpt -device: /dev/sda -unit: sectors -1 : size=524288 type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 -4 : size=4096 type=21686148-6449-6E6F-744E-656564454649 -2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt deleted file mode 100644 index 0a3ed96ee..000000000 --- a/makefu/1systems/gum/rescue.txt +++ /dev/null @@ -1,15 +0,0 @@ -ssh gum.i -o StrictHostKeyChecking=no - -mount /dev/mapper/nixos-root /mnt -mount /dev/sda2 /mnt/boot - -chroot-prepare /mnt -chroot /mnt /bin/sh - - -journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) -# ... activating ... - -export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin -/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate -/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin/nixos-rebuild diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix deleted file mode 100644 index 43586ede4..000000000 --- a/makefu/1systems/gum/source.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - name="gum"; - torrent = true; - clever_kexec = true; - home-manager = true; -} -- cgit v1.2.3