cadey
/
nixos-configs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chrysalis 

Signed-off-by: Xe <me@christine.website>
This commit is contained in:
Cadey Ratio 2022-01-31 20:20:26 -05:00
parent a52d8f7d8c
commit b644e5b410
7 changed files with 356 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
flake.nix
View File

@ -9,10 +9,12 @@
utils.url = "github:numtide/flake-utils";
# my apps
xe-printerfacts.url = "git+https://tulpa.dev/cadey/printerfacts.git?ref=main";
xe-printerfacts.url =
"git+https://tulpa.dev/cadey/printerfacts.git?ref=main";
};
outputs = { self, nixpkgs, deploy-rs, home-manager, agenix, xe-printerfacts, ... }:
outputs =
{ self, nixpkgs, deploy-rs, home-manager, agenix, xe-printerfacts, ... }:
let
pkgs = nixpkgs.legacyPackages."x86_64-linux";
mkSystem = extraModules:
@ -30,6 +32,7 @@
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
})
./common
] ++ extraModules;
};
in {
@ -41,6 +44,7 @@
};
nixosConfigurations = {
chrysalis = mkSystem [ ./hosts/chrysalis ];
logos = mkSystem [ ./hosts/logos ./hardware/alrest ];
# vms
@ -48,6 +52,18 @@
hugo = mkSystem [ ./hosts/vm/hugo ./hardware/libvirt-generic ];
};
deploy.nodes.chrysalis = {
hostname = "192.168.2.29";
sshUser = "root";
fastConnection = true;
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.chrysalis;
};
};
deploy.nodes.logos = {
hostname = "192.168.2.35";
sshUser = "root";

48
hosts/chrysalis/default.nix Normal file
View File

@ -0,0 +1,48 @@
{ lib, config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./prometheus.nix
./solanum.nix
./znc.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "chrysalis"; # Define your hostname.
networking.useDHCP = false;
networking.interfaces.enp11s0.useDHCP = true;
networking.interfaces.enp12s0.useDHCP = true;
environment.systemPackages = with pkgs; [ wget vim ];
services.openssh.enable = true;
networking.firewall.enable = false;
system.stateVersion = "20.09";
nixpkgs.config.allowUnfree = true;
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
cadey.cpu = {
enable = true;
vendor = "intel";
};
services.tailscale.enable = true;
services.avahi = {
enable = true;
publish = {
enable = true;
addresses = true;
};
};
services.redis.enable = true;
}

32
hosts/chrysalis/hardware-configuration.nix Normal file
View File

@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/52060f3c-0ebc-4acf-b13b-0792f855aa29";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/6EF2-C96B";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c0c73073-0fd4-4621-b2b9-b40c51793801"; }
];
nix.maxJobs = lib.mkDefault 12;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

96
hosts/chrysalis/prometheus.nix Normal file
View File

@ -0,0 +1,96 @@
{ config, ... }:
{
services.grafana = {
enable = true;
domain = "chrysalis.shark-harmonic.ts.net";
port = 2342;
addr = "0.0.0.0";
};
services.nginx.virtualHosts."chrysalis.shark-harmonic.ts.net" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
proxyWebsockets = true;
};
};
services.prometheus = {
enable = true;
globalConfig.scrape_interval = "15s";
scrapeConfigs = [
# services
{
job_name = "mi";
static_configs = [{ targets = [ "lufta:38184" ]; }];
}
{
job_name = "site";
metrics_path = "/xesite";
static_configs = [{ targets = [ "lufta:43705" ]; }];
}
{
job_name = "ircmon";
metrics_path = "/ircmon";
static_configs = [{ targets = [ "lufta:43705" ]; }];
}
{
job_name = "corerad";
static_configs = [{ targets = [ "keanu:38177" ]; }];
}
{
job_name = "coredns";
static_configs = [{ targets = [ "chrysalis:47824" ]; }];
}
{
job_name = "nginx";
static_configs = [{
targets = [ "lufta:9113" "lufta:9117" ];
labels.host = "lufta";
}];
}
{
job_name = "rhea";
static_configs = [{ targets = [ "lufta:23818" ]; }];
}
# computers
{
job_name = "chrysalis";
static_configs = [{ targets = [ "chrysalis:9100" "chrysalis:9586" ]; }];
}
{
job_name = "shachi";
static_configs = [{ targets = [ "shachi:9100" "shachi:9586" ]; }];
}
{
job_name = "lufta";
static_configs = [{ targets = [ "lufta:9100" "lufta:9586" ]; }];
}
{
job_name = "kos-mos";
static_configs = [{ targets = [ "kos-mos:9100" "kos-mos:9586" ]; }];
}
{
job_name = "logos";
static_configs = [{ targets = [ "logos:9100" "logos:9586" ]; }];
}
{
job_name = "ontos";
static_configs = [{ targets = [ "ontos:9100" "ontos:9586" ]; }];
}
{
job_name = "pneuma";
static_configs = [{ targets = [ "pneuma:9100" "pneuma:9586" ]; }];
}
];
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
wireguard.enable = true;
};
};
}

135
hosts/chrysalis/solanum.nix Normal file
View File

@ -0,0 +1,135 @@
{ config, pkgs, lib, ... }:
{
services.solanum = {
enable = true;
motd = ''
MMMMMMMMMMMMMMMMMMNmmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmmmd.:mmMM
MMMMMMMMMMMMMMMMMNmmmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmmydmmmmmNMM
MMMMMMMMMMMMMMMMNm/:mNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmms /mmmmmMMM
MMMMMMMMMMMMMMMNmm:-dmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmmmmdsdmmmmNMMM
MMMMMMMMMMMMMMMmmmmmmmNMMMMMMMMMMMNmmdhhddhhmNNMMMMMMMMMMMMMMMMNmy:hmmmmmmmmMMMM
MMMMMMMMMMMMMMNm++mmmmNMMMMMMmdyo/::.........-:/sdNMMMMMMMMMMNmmms`smmmmmmmNMMMM
MMMMMMMMMMMMMMmd.-dmmmmMMmhs/-....................-+dNMMMMMMNmmmmmmmmmmmmmmMMMMM
MMMMMMMMMMMMMNmmmmmmmmho:-...........................:sNMMNmmmmmmmmmmmmmmmNMNmdd
MMMMMMMMMMMMNmd+ydhs/-.................................-sNmmmmmmmmmmmmmmmdhyssss
MMMMMMMMMMMNNh+`........................................:dmmmmmmmmmmmmmmmyssssss
MMMMNNdhy+:-...........................................+dmmmmmmmmmmmmmmmdsssssss
MMMN+-...............................................-smmmmmmmmmmmmmmmmmysyyhdmN
MMMMNho:::-.--::-.......................----------..:hmmmmmmmmmmmmmmmmmmmNMMMMMM
MMMMMMMMNNNmmdo:......................--------------:ymmmmmmmmmmmmmmmmmmmMMMMMMM
MMMMMMMMMMds+........................-----------------+dmmmmmmmmmmmmmmmmmMMMMMMM
MMMMMMMMMh+........................--------------------:smmmmmmmmmmmmmmNMMMMMMMM
MMMMMMMNy/........................-------------::--------/hmmmmmmmmmmmNMMMMMMNmd
MMMMMMMd/........................--------------so----------odmmmmmmmmMMNmdhhysss
MMMMMMm/........................--------------+mh-----------:ymmmmdhhyysssssssss
MMMMMMo.......................---------------:dmmo------------+dmdysssssssssssss
yhdmNh:......................---------------:dmmmm+------------:sssssssssssyhhdm
sssssy.......................--------------:hmmmmmmos++:---------/sssyyhdmNMMMMM
ssssso......................--------------:hmmmNNNMNdddysso:------:yNNMMMMMMMMMM
ysssss.....................--------------/dmNyy/mMMd``d/------------sNMMMMMMMMMM
MNmdhy-...................--------------ommmh`o/NM/. smh+-----------:yNMMMMMMMMM
MMMMMN+...................------------/hmmss: `-//-.smmmmd+----------:hMMMMMMMMM
MMMMMMd:..................----------:smmmmhy+oosyysdmmy+:. `.--------/dMMMMMMMM
MMMMMMMh-................---------:smmmmmmmmmmmmmmmh/` `/s:-------sMMMMMMMM
MMMMMMMms:...............-------/ymmmmmmmmmmmmmmmd/ :dMMNy/-----+mMMMMMMM
MMMMMMmyss/..............------ommmmmmmmmmmmmmmmd. :yMMMMMMNs:---+mMMMMMMM
MMMMNdssssso-............----..odmmmmmmmmmmmmmmh:.` .sNMMMMMMMMMd/--sMMMMMMMM
MMMmysssssssh/................` -odmmmmmmmmmh+. `omMMMMMMMMMMMMh/+mMMMMMMMM
MNdyssssssymMNy-.............. `/sssso+:. `+mMMMMMMMMMMMMMMMdNMMMMMMMMM
NhssssssshNMMMMNo:............/.` `+dMMMMMMMMMMMMMMMMMMMMMMMMMMMM
ysssssssdMMMMMMMMm+-..........+ddy/.` -omMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
ssssssymMMMMMMMMMMMh/.........-oNMMNmy+--` `-+dNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
ssssydNMMMMMMMMMMMMMNy:........-hMMMMMMMNmdmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
sssymMMMMMMMMMMMMMMMMMm+....-..:hMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
symNMMMMMMMMMMMMMMMMMMMNo.../-/dMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
dNMMMMMMMMMMMMMMMMMMMMMMh:.:hyNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
'';
config = ''
loadmodule "extensions/chm_adminonly";
loadmodule "extensions/chm_nonotice";
loadmodule "extensions/chm_operonly";
loadmodule "extensions/chm_sslonly";
#loadmodule "extensions/chm_operpeace";
#loadmodule "extensions/createauthonly";
loadmodule "extensions/extb_account";
loadmodule "extensions/extb_canjoin";
loadmodule "extensions/extb_channel";
loadmodule "extensions/extb_combi";
loadmodule "extensions/extb_extgecos";
loadmodule "extensions/extb_hostmask";
loadmodule "extensions/extb_oper";
loadmodule "extensions/extb_realname";
loadmodule "extensions/extb_server";
loadmodule "extensions/extb_ssl";
loadmodule "extensions/extb_usermode";
#loadmodule "extensions/helpops";
#loadmodule "extensions/hurt";
loadmodule "extensions/ip_cloaking_4.0";
#loadmodule "extensions/ip_cloaking";
#loadmodule "extensions/m_extendchans";
#loadmodule "extensions/m_findforwards";
#loadmodule "extensions/m_identify";
#loadmodule "extensions/m_locops";
#loadmodule "extensions/no_oper_invis";
loadmodule "extensions/sno_farconnect";
loadmodule "extensions/sno_globalnickchange";
loadmodule "extensions/sno_globaloper";
#loadmodule "extensions/sno_whois";
loadmodule "extensions/override";
loadmodule "extensions/no_kill_services";
serverinfo {
name = "chrysalis.akua";
sid = "420";
description = "Queen Chrysalis";
network_name = "akua";
vhost = "10.77.2.2";
vhost6 = "fda2:d982:1da2:ed22:9064:6df9:4855:611d";
};
listen {
host = "0.0.0.0";
port = 6667;
};
auth {
user = "*@*";
class = "users";
flags = exceed_limit;
};
channel {
default_split_user_count = 0;
};
privset "server_bot" {
/* extends: a privset to inherit in this privset */
extends = "local_op";
privs = oper:kline, oper:remoteban, snomask:nick_changes;
};
privset "global_op" {
extends = "local_op";
privs = oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
oper:remoteban;
};
privset "admin" {
extends = "global_op";
privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant;
};
operator "Mara" {
user = "*@*";
password = "L/b5FCMZ1DUc2";
snomask = "+Zbfkrsuy";
flags = encrypted;
privset = "admin";
};
'';
openFilesLimit = 65536;
};
}

26
hosts/chrysalis/znc.nix Normal file
View File

@ -0,0 +1,26 @@
{config, pkgs, lib, ...}:
{
services.znc = {
enable = true;
openFirewall = true;
useLegacyConfig = false;
config = {
LoadModule = [ "webadmin" ];
User.Mara = {
Admin = true;
Nick = "Mara";
RealName = "Mara the Sh0rk";
QuitMsg = "sh0rknap";
LoadModule = [ "chansaver" "controlpanel" ];
Pass.password = { # hunter2
Method = "sha256";
Hash =
"b5dacf3284a5be6c96fd53b98b0e837fbb384e0692c79ac1d89022e40b873b2d";
Salt = "?FdFUg:*tZ9niq9m5?xd";
};
};
};
};
}

2
hosts/logos/default.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
imports = [ ../../common ./minecraft.nix ];
imports = [ ./minecraft.nix ];
users.motd = builtins.readFile ./motd;