Compare commits
No commits in common. "985b8e1123794323940fdb3ac06671a96c47709f" and "0e480bb6b6f436a21a93826bc5f86a3bbcfe4601" have entirely different histories.
985b8e1123
...
0e480bb6b6
10 changed files with 3 additions and 156 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,2 @@
|
||||||
secrets.nix
|
secrets.nix
|
||||||
**/*.secret
|
|
||||||
/hosts/nio
|
/hosts/nio
|
|
@ -6,7 +6,6 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.cleanTmpDir = true;
|
boot.cleanTmpDir = true;
|
||||||
networking.firewall.enable = true;
|
|
||||||
networking.firewall.allowPing = true;
|
networking.firewall.allowPing = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
|
|
||||||
clerie.monitoring = {
|
clerie.monitoring = {
|
||||||
enable = true;
|
enable = true;
|
||||||
id = "35";
|
id = "201";
|
||||||
privKeyFile = "/run/keys/wg-dyon_priv";
|
privKeyFile = "/run/keys/wg-dyon_priv";
|
||||||
pubkey = "4faakn5yfzukxRwo79iTawag4jzAFkErXHLeEvtoLCc=";
|
pubkey = "4faakn5yfzukxRwo79iTawag4jzAFkErXHLeEvtoLCc=";
|
||||||
};
|
};
|
||||||
|
|
|
@ -55,7 +55,7 @@ in {
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [
|
targets = [
|
||||||
"[::1]:9090"
|
"monitoring-1.mon.entr0py.de:9090"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
|
||||||
../../common/common.nix
|
|
||||||
../../common/kvm.nix
|
|
||||||
./drone.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
networking.hostName = "nebula";
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
networking.useDHCP = false;
|
|
||||||
networking.interfaces.ens18.useDHCP = true;
|
|
||||||
networking.interfaces.ens18.ipv6.addresses = [{
|
|
||||||
address = "2a01:4f8:c010:61dc:200::500:2";
|
|
||||||
prefixLength = 72;
|
|
||||||
}];
|
|
||||||
|
|
||||||
networking.defaultGateway6 = {
|
|
||||||
address = "2a01:4f8:c010:61dc:200::1";
|
|
||||||
interface = "ens18";
|
|
||||||
};
|
|
||||||
|
|
||||||
clerie.monitoring = {
|
|
||||||
enable = true;
|
|
||||||
id = "203";
|
|
||||||
privKeyFile = "/run/keys/wg-nebula_priv";
|
|
||||||
pubkey = "tfBtyAOJ5OtkTulQVI5+cY+vGd9x2l09NaL0Va7B520=";
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
{
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
virtualHosts."drone.entr0py.de" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/".proxyPass = "http://localhost:2380/";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.postgresql = {
|
|
||||||
enable = false;
|
|
||||||
package = pkgs.postgresql_12;
|
|
||||||
ensureDatabases = [ "drone" ];
|
|
||||||
authentication = lib.mkForce ''
|
|
||||||
# Generated file; do not edit!
|
|
||||||
# TYPE DATABASE USER ADDRESS METHOD
|
|
||||||
local all all trust
|
|
||||||
host all drone trust
|
|
||||||
'';
|
|
||||||
ensureUsers = [
|
|
||||||
{
|
|
||||||
name = "drone";
|
|
||||||
ensurePermissions."DATABASE drone" = "ALL PRIVILEGES";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
users.users.drone = {
|
|
||||||
isNormalUser = false;
|
|
||||||
};
|
|
||||||
virtualisation.oci-containers.backend = "podman";
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
drone-server = {
|
|
||||||
autoStart = true;
|
|
||||||
image = "drone/drone:latest";
|
|
||||||
environment = {
|
|
||||||
/*DRONE_DATABASE_DRIVER="postgres";
|
|
||||||
DRONE_DATABASE_DATASOURCE="postgresql:///drone?host=/run/postgresql";*/
|
|
||||||
DRONE_DATABASE_SECRET= toString ./drone_database.secret;
|
|
||||||
DRONE_GITEA_SERVER="https://git.entr0py.de";
|
|
||||||
DRONE_GITEA_CLIENT_ID="07f3c25c-4f9d-4642-afcf-c419976cfaac";
|
|
||||||
DRONE_GITEA_CLIENT_SECRET= toString ./gitea_client.secret;
|
|
||||||
DRONE_RPC_SECRET= toString ./drone_rpc.secret;
|
|
||||||
DRONE_SERVER_HOST="drone.entr0py.de";
|
|
||||||
DRONE_SERVER_PROTO="https";
|
|
||||||
DRONE_USER_CREATE="username:garionion,admin:true";
|
|
||||||
};
|
|
||||||
ports = [
|
|
||||||
"2380:80"
|
|
||||||
];
|
|
||||||
volumes = [
|
|
||||||
"/var/lib/drone:/data"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
drone-runner-docker = {
|
|
||||||
autoStart = true;
|
|
||||||
dependsOn = [ "drone-server" ];
|
|
||||||
image = "drone/drone-runner-docker:1";
|
|
||||||
environment = {
|
|
||||||
DRONE_RPC_SECRET= toString ./drone_rpc.secret;
|
|
||||||
DRONE_RPC_PROTO="https";
|
|
||||||
DRONE_RPC_HOST="drone.entr0py.de";
|
|
||||||
DRONE_RUNNER_CAPACITY="4";
|
|
||||||
DRONE_RUNNER_NAME="nebula";
|
|
||||||
};
|
|
||||||
ports = [
|
|
||||||
"3000:3000"
|
|
||||||
];
|
|
||||||
volumes = [
|
|
||||||
"/var/run/podman/podman.sock:/var/run/docker.sock"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,30 +0,0 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/442e0ed1-a194-4b7b-8c54-b247a1a4bf6f";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/0B65-B37A";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
|
||||||
[ { device = "/dev/disk/by-uuid/179f9069-56dd-4b80-88bb-947d5ae28402"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
}
|
|
|
@ -25,6 +25,7 @@
|
||||||
peers = [{
|
peers = [{
|
||||||
publicKey = "bgWFMIasw+IHfr/1drJWEHBcsCZ3fqoB4djiZ9BDUCM=";
|
publicKey = "bgWFMIasw+IHfr/1drJWEHBcsCZ3fqoB4djiZ9BDUCM=";
|
||||||
allowedIPs = [ "2a03:4000:20:18e::/64" "fd33:ab07:f877:23:300::1/72" ];
|
allowedIPs = [ "2a03:4000:20:18e::/64" "fd33:ab07:f877:23:300::1/72" ];
|
||||||
|
endpoint = "usg.net.entr0py.de:52820";
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,5 +6,4 @@
|
||||||
tailpipe = import ../../hosts/tailpipe/configuration.nix;
|
tailpipe = import ../../hosts/tailpipe/configuration.nix;
|
||||||
dyon = import ../../hosts/dyon/configuration.nix;
|
dyon = import ../../hosts/dyon/configuration.nix;
|
||||||
kaon = import ../../hosts/kaon/configuration.nix;
|
kaon = import ../../hosts/kaon/configuration.nix;
|
||||||
nebula = import ../../hosts/nebula/configuration.nix;
|
|
||||||
}
|
}
|
|
@ -20,7 +20,4 @@
|
||||||
kaon = { config, pkgs, ... }:{
|
kaon = { config, pkgs, ... }:{
|
||||||
deployment.targetHost = "kaon.net.entr0py.de";
|
deployment.targetHost = "kaon.net.entr0py.de";
|
||||||
};
|
};
|
||||||
nebula = { config, pkgs, ... }:{
|
|
||||||
deployment.targetHost = "nebula.net.entr0py.de";
|
|
||||||
};
|
|
||||||
}
|
}
|
Loading…
Add table
Reference in a new issue