From 506f1611474be2fc76469284b8dd5efe01f0fa9c Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 3 May 2020 15:42:03 +0100 Subject: [PATCH] ixvm-fra01: add --- ops/nixos/ixvm-fra01/README.md | 14 ++++ ops/nixos/ixvm-fra01/default.nix | 136 +++++++++++++++++++++++++++++++ 2 files changed, 150 insertions(+) create mode 100644 ops/nixos/ixvm-fra01/README.md create mode 100644 ops/nixos/ixvm-fra01/default.nix diff --git a/ops/nixos/ixvm-fra01/README.md b/ops/nixos/ixvm-fra01/README.md new file mode 100644 index 0000000000..b01cb0e849 --- /dev/null +++ b/ops/nixos/ixvm-fra01/README.md @@ -0,0 +1,14 @@ +# ixvm-fra01.as205479.net + +VM running NixOS on ix-vm.cloud. + +* 2 allocated cores, 2.5GHz. Intel-platform. +* ~4GB of RAM. +* 50GiB disk space. + +NICs on: + +* `ens-inet` Internet (141.98.136.124) +* `ens-nlix` NL-ix (193.239.118.225) +* `ens-kleyrex` KleyRex (193.189.83.41) +* `ens-locix` LocIX (185.1.166.219) diff --git a/ops/nixos/ixvm-fra01/default.nix b/ops/nixos/ixvm-fra01/default.nix new file mode 100644 index 0000000000..1f74e4404d --- /dev/null +++ b/ops/nixos/ixvm-fra01/default.nix @@ -0,0 +1,136 @@ +{ depot, lib, pkgs, rebuilder, ... }: +config: +let + inherit (depot.ops) secrets; +in lib.fix (self: { + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + "sd_mod" + "sr_mod" + ]; + boot.kernelModules = [ "tcp_bbr" ]; + boot.kernel.sysctl = { + "net.ipv6.conf.default.accept_ra" = 0; + "net.ipv6.conf.all.accept_ra" = 0; + "net.ipv6.conf.default.autoconf" = 0; + "net.ipv6.conf.all.autoconf" = 0; + }; + + filesystems = { + "/" = { + device = "/dev/disk/by-uuid/fafafa2b-ec19-40ae-bd04-cc286beb2946"; + fsType = "ext4"; + }; + }; + swapDevices = [ + { device = "/dev/disk/by-uuid/9920239c-492f-4f79-8a06-8f412d047605"; } + ]; + + nix.maxJobs = lib.mkDefault 2; + hardware.enableRedistributableFirmware = true; + + nixpkgs.config = { allowUnfree = true; }; + + nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; + + # Use GRUB2. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + # Networking! + networking = { + hostName = "ixvm-fra01"; # Define your hostname. + domain = "as205479.net"; + nameservers = ["8.8.8.8" "8.8.4.4"]; + useDHCP = false; + defaultGateway = { + address = "141.98.136.97"; interface = "ens-inet"; + }; + defaultGateway6 = { + address = "2a09:11c0:f1:bc0b::1"; interface = "ens-inet"; + }; + interfaces = { + ens-inet = { + ipv4.addresses = [ + { address = "141.98.136.124"; prefixLength = 27; } + ]; + ipv6.addresses = [ + { address = "2a09:11c0:f1:bc0b::2"; prefixLength = 64; } + ]; + }; + ens-kleyrex = { + ipv4.addresses = [ + { address = "193.189.83.41"; prefixLength = 23; } + ]; + ipv6.addresses = [ + { address = "2001:7f8:33::a120:5479:1"; prefixLength = 48; } + ]; + }; + ens-locix = { + ipv4.addresses = [ + { address = "185.1.166.219"; prefixLength = 23; } + ]; + ipv6.addresses = [ + { address = "2001:7f8:f2:e1::a20:5479:1"; prefixLength = 48; } + ]; + }; + ens-nlix = { + ipv4.addresses = [ + { address = "193.239.118.225"; prefixLength = 22; } + ]; + ipv6.addresses = [ + { address = "2001:7f8:13::a520:5479:1"; prefixLength = 64; } + ]; + }; + }; + }; + services.udev.extraRules = '' + ATTR{address}=="00:50:56:a3:b0:5e", NAME="ens-inet" + ATTR{address}=="00:50:56:a3:27:bd", NAME="ens-kleyrex" + ATTR{address}=="00:50:56:a3:95:72", NAME="ens-locix" + ATTR{address}=="00:50:56:a3:6e:0f", NAME="ens-nlix" + ''; + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "us"; + + # Set your time zone. + time.timeZone = "Etc/UTC"; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim + mercurial + rxvt_unicode.terminfo + ]; + + programs.mtr.enable = true; + services.openssh.enable = true; + + networking.firewall = { + # allowedTCPPorts = []; + # allowedUDPPorts = []; + allowPing = true; + }; + + # Define a user account. + users.mutableUsers = false; + users.users = { + root.hashedPassword = secrets.passwordHashes.root; + lukegb = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" "networkmanager" ]; + hashedPassword = secrets.passwordHashes.root; + }; + }; + + boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; + boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel"; + + system.stateVersion = "20.03"; +})