# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, lib, pkgs, rebuilder, config, ... }: let inherit (depot.ops) secrets; in { imports = [ ../lib/blade.nix ../lib/fup.nix ]; boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101cabb1ebdbdc0fd7b18edd207d43717c39c4a59d1b138b363e315841eca15743400000000000000000000443273100087260091558107b6a8e06e-0:0"; # Networking! networking = { hostName = "blade-tuvok"; hostId = "525229f7"; interfaces.en-internet.ipv4.addresses = [{ address = "195.74.55.21"; prefixLength = 31; }]; interfaces.en-internet.ipv6.addresses = [{ address = "2a03:ee40:8080:9:1::2"; prefixLength = 126; }]; defaultGateway = "195.74.55.20"; defaultGateway6 = "2a03:ee40:8080:9:1::1"; firewall.allowedTCPPorts = [ 80 443 ]; firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT"; }; my.ip.tailscale = "100.119.123.33"; my.blade.bay = 6; my.blade.macAddress = { internal = "e4:11:5b:ac:e3:fe"; storage = "e4:11:5b:ac:e4:02"; internet = "e4:11:5b:ac:e4:00"; }; services.ceph = { mon.enable = true; osd = { enable = true; daemons = [ "3" ]; }; }; services.nginx = { enable = true; recommendedTlsSettings = true; recommendedGzipSettings = true; virtualHosts."objdump.zxcvbnm.ninja" = { useACMEHost = "objdump.zxcvbnm.ninja"; default = true; forceSSL = true; locations."/" = { proxyPass = "http://localhost:7480"; extraConfig = '' proxy_redirect off; client_max_body_size 0; proxy_buffering off; ''; }; }; }; security.acme = { acceptTerms = true; email = "letsencrypt@lukegb.com"; certs."objdump.zxcvbnm.ninja" = { group = config.services.nginx.group; dnsProvider = "cloudflare"; credentialsFile = secrets.cloudflareCredentials; extraDomainNames = [ "*.objdump.zxcvbnm.ninja" ]; }; }; my.fup.listen = [ "0.0.0.0" "[::]" ]; services.keepalived = { enable = true; vrrpInstances.mgmtGateway = { interface = "br-mgmt"; state = "MASTER"; priority = 50; virtualIps = [{ addr = "10.100.0.1/23"; }]; virtualRouterId = 1; }; }; }