2021-02-08 22:26:22 +00:00
|
|
|
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
{ depot, lib, pkgs, rebuilder, config, ... }:
|
|
|
|
let
|
|
|
|
inherit (depot.ops) secrets;
|
|
|
|
in {
|
|
|
|
imports = [
|
2021-03-29 22:24:57 +00:00
|
|
|
../lib/blade-router.nix
|
2021-02-08 22:26:22 +00:00
|
|
|
../lib/blade.nix
|
2021-03-22 02:43:17 +00:00
|
|
|
../lib/fup.nix
|
2021-02-08 22:26:22 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101cabb1ebdbdc0fd7b18edd207d43717c39c4a59d1b138b363e315841eca15743400000000000000000000443273100087260091558107b6a8e06e-0:0";
|
|
|
|
|
|
|
|
# Networking!
|
|
|
|
networking = {
|
|
|
|
hostName = "blade-tuvok";
|
|
|
|
hostId = "525229f7";
|
2021-03-19 21:27:42 +00:00
|
|
|
firewall.allowedTCPPorts = [ 80 443 ];
|
2021-02-08 22:26:22 +00:00
|
|
|
};
|
2021-02-08 22:33:42 +00:00
|
|
|
my.ip.tailscale = "100.119.123.33";
|
2021-03-12 14:47:08 +00:00
|
|
|
my.blade.bay = 6;
|
|
|
|
my.blade.macAddress = {
|
|
|
|
internal = "e4:11:5b:ac:e3:fe";
|
|
|
|
storage = "e4:11:5b:ac:e4:02";
|
|
|
|
internet = "e4:11:5b:ac:e4:00";
|
|
|
|
};
|
2021-02-09 01:17:54 +00:00
|
|
|
|
|
|
|
services.ceph = {
|
|
|
|
mon.enable = true;
|
2021-02-09 22:29:11 +00:00
|
|
|
osd = {
|
|
|
|
enable = true;
|
|
|
|
daemons = [ "3" ];
|
|
|
|
};
|
2021-02-09 01:17:54 +00:00
|
|
|
};
|
2021-03-19 19:45:03 +00:00
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
virtualHosts."objdump.zxcvbnm.ninja" = {
|
|
|
|
useACMEHost = "objdump.zxcvbnm.ninja";
|
|
|
|
default = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://localhost:7480";
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_redirect off;
|
|
|
|
client_max_body_size 0;
|
|
|
|
proxy_buffering off;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
email = "letsencrypt@lukegb.com";
|
|
|
|
certs."objdump.zxcvbnm.ninja" = {
|
|
|
|
group = config.services.nginx.group;
|
|
|
|
dnsProvider = "cloudflare";
|
|
|
|
credentialsFile = secrets.cloudflareCredentials;
|
|
|
|
extraDomainNames = [
|
|
|
|
"*.objdump.zxcvbnm.ninja"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
2021-03-22 02:50:27 +00:00
|
|
|
my.fup.listen = [
|
2021-03-22 13:46:28 +00:00
|
|
|
"0.0.0.0" "[::]"
|
2021-03-22 02:50:27 +00:00
|
|
|
];
|
2021-03-20 01:08:33 +00:00
|
|
|
|
2021-03-29 22:24:57 +00:00
|
|
|
my.blade-router = {
|
|
|
|
addresses.linknet = {
|
|
|
|
v4 = { local = "195.74.55.21"; remote = "195.74.55.20"; };
|
|
|
|
v6 = {
|
|
|
|
local = "2a03:ee40:8080:9:1::2";
|
|
|
|
remote = "2a03:ee40:8080:9:1::1";
|
|
|
|
};
|
2021-03-20 01:08:33 +00:00
|
|
|
};
|
2021-03-29 22:24:57 +00:00
|
|
|
|
|
|
|
addresses.br-public = {
|
|
|
|
v4.addr = "92.118.28.254";
|
|
|
|
v6.addr = "2a09:a441::ffff";
|
2021-03-29 21:36:03 +00:00
|
|
|
};
|
2021-03-29 22:04:26 +00:00
|
|
|
|
2021-08-17 01:30:33 +00:00
|
|
|
linx.enable = true;
|
|
|
|
|
2021-03-29 22:24:57 +00:00
|
|
|
vrrp.priority = 100;
|
2021-03-29 22:04:26 +00:00
|
|
|
};
|
2021-02-08 22:26:22 +00:00
|
|
|
}
|