diff --git a/flake.nix b/flake.nix index 1c24d9b..86098a1 100644 --- a/flake.nix +++ b/flake.nix @@ -9,10 +9,12 @@ utils.url = "github:numtide/flake-utils"; # my apps - xe-printerfacts.url = "git+https://tulpa.dev/cadey/printerfacts.git?ref=main"; + xe-printerfacts.url = + "git+https://tulpa.dev/cadey/printerfacts.git?ref=main"; }; - outputs = { self, nixpkgs, deploy-rs, home-manager, agenix, xe-printerfacts, ... }: + outputs = + { self, nixpkgs, deploy-rs, home-manager, agenix, xe-printerfacts, ... }: let pkgs = nixpkgs.legacyPackages."x86_64-linux"; mkSystem = extraModules: @@ -30,6 +32,7 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; }) + ./common ] ++ extraModules; }; in { @@ -41,6 +44,7 @@ }; nixosConfigurations = { + chrysalis = mkSystem [ ./hosts/chrysalis ]; logos = mkSystem [ ./hosts/logos ./hardware/alrest ]; # vms @@ -48,6 +52,18 @@ hugo = mkSystem [ ./hosts/vm/hugo ./hardware/libvirt-generic ]; }; + deploy.nodes.chrysalis = { + hostname = "192.168.2.29"; + sshUser = "root"; + fastConnection = true; + + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.chrysalis; + }; + }; + deploy.nodes.logos = { hostname = "192.168.2.35"; sshUser = "root"; diff --git a/hosts/chrysalis/default.nix b/hosts/chrysalis/default.nix new file mode 100644 index 0000000..2da6770 --- /dev/null +++ b/hosts/chrysalis/default.nix @@ -0,0 +1,48 @@ +{ lib, config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./prometheus.nix + ./solanum.nix + ./znc.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "chrysalis"; # Define your hostname. + networking.useDHCP = false; + networking.interfaces.enp11s0.useDHCP = true; + networking.interfaces.enp12s0.useDHCP = true; + + environment.systemPackages = with pkgs; [ wget vim ]; + + services.openssh.enable = true; + + networking.firewall.enable = false; + + system.stateVersion = "20.09"; + nixpkgs.config.allowUnfree = true; + + virtualisation.docker.enable = true; + virtualisation.libvirtd.enable = true; + + cadey.cpu = { + enable = true; + vendor = "intel"; + }; + + services.tailscale.enable = true; + + services.avahi = { + enable = true; + publish = { + enable = true; + addresses = true; + }; + }; + + services.redis.enable = true; +} + diff --git a/hosts/chrysalis/hardware-configuration.nix b/hosts/chrysalis/hardware-configuration.nix new file mode 100644 index 0000000..f11da25 --- /dev/null +++ b/hosts/chrysalis/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/52060f3c-0ebc-4acf-b13b-0792f855aa29"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6EF2-C96B"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/c0c73073-0fd4-4621-b2b9-b40c51793801"; } + ]; + + nix.maxJobs = lib.mkDefault 12; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/hosts/chrysalis/prometheus.nix b/hosts/chrysalis/prometheus.nix new file mode 100644 index 0000000..adfa162 --- /dev/null +++ b/hosts/chrysalis/prometheus.nix @@ -0,0 +1,96 @@ +{ config, ... }: + +{ + services.grafana = { + enable = true; + domain = "chrysalis.shark-harmonic.ts.net"; + port = 2342; + addr = "0.0.0.0"; + }; + + services.nginx.virtualHosts."chrysalis.shark-harmonic.ts.net" = { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}"; + proxyWebsockets = true; + }; + }; + + services.prometheus = { + enable = true; + globalConfig.scrape_interval = "15s"; + scrapeConfigs = [ + # services + { + job_name = "mi"; + static_configs = [{ targets = [ "lufta:38184" ]; }]; + } + { + job_name = "site"; + metrics_path = "/xesite"; + static_configs = [{ targets = [ "lufta:43705" ]; }]; + } + { + job_name = "ircmon"; + metrics_path = "/ircmon"; + static_configs = [{ targets = [ "lufta:43705" ]; }]; + } + { + job_name = "corerad"; + static_configs = [{ targets = [ "keanu:38177" ]; }]; + } + { + job_name = "coredns"; + static_configs = [{ targets = [ "chrysalis:47824" ]; }]; + } + { + job_name = "nginx"; + static_configs = [{ + targets = [ "lufta:9113" "lufta:9117" ]; + labels.host = "lufta"; + }]; + } + { + job_name = "rhea"; + static_configs = [{ targets = [ "lufta:23818" ]; }]; + } + + # computers + { + job_name = "chrysalis"; + static_configs = [{ targets = [ "chrysalis:9100" "chrysalis:9586" ]; }]; + } + { + job_name = "shachi"; + static_configs = [{ targets = [ "shachi:9100" "shachi:9586" ]; }]; + } + { + job_name = "lufta"; + static_configs = [{ targets = [ "lufta:9100" "lufta:9586" ]; }]; + } + { + job_name = "kos-mos"; + static_configs = [{ targets = [ "kos-mos:9100" "kos-mos:9586" ]; }]; + } + { + job_name = "logos"; + static_configs = [{ targets = [ "logos:9100" "logos:9586" ]; }]; + } + { + job_name = "ontos"; + static_configs = [{ targets = [ "ontos:9100" "ontos:9586" ]; }]; + } + { + job_name = "pneuma"; + static_configs = [{ targets = [ "pneuma:9100" "pneuma:9586" ]; }]; + } + ]; + + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + }; + wireguard.enable = true; + }; + }; +} diff --git a/hosts/chrysalis/solanum.nix b/hosts/chrysalis/solanum.nix new file mode 100644 index 0000000..2b8fbf2 --- /dev/null +++ b/hosts/chrysalis/solanum.nix @@ -0,0 +1,135 @@ +{ config, pkgs, lib, ... }: + +{ + services.solanum = { + enable = true; + motd = '' + MMMMMMMMMMMMMMMMMMNmmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmmmd.:mmMM + MMMMMMMMMMMMMMMMMNmmmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmmydmmmmmNMM + MMMMMMMMMMMMMMMMNm/:mNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmms /mmmmmMMM + MMMMMMMMMMMMMMMNmm:-dmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMNmmmmdsdmmmmNMMM + MMMMMMMMMMMMMMMmmmmmmmNMMMMMMMMMMMNmmdhhddhhmNNMMMMMMMMMMMMMMMMNmy:hmmmmmmmmMMMM + MMMMMMMMMMMMMMNm++mmmmNMMMMMMmdyo/::.........-:/sdNMMMMMMMMMMNmmms`smmmmmmmNMMMM + MMMMMMMMMMMMMMmd.-dmmmmMMmhs/-....................-+dNMMMMMMNmmmmmmmmmmmmmmMMMMM + MMMMMMMMMMMMMNmmmmmmmmho:-...........................:sNMMNmmmmmmmmmmmmmmmNMNmdd + MMMMMMMMMMMMNmd+ydhs/-.................................-sNmmmmmmmmmmmmmmmdhyssss + MMMMMMMMMMMNNh+`........................................:dmmmmmmmmmmmmmmmyssssss + MMMMNNdhy+:-...........................................+dmmmmmmmmmmmmmmmdsssssss + MMMN+-...............................................-smmmmmmmmmmmmmmmmmysyyhdmN + MMMMNho:::-.--::-.......................----------..:hmmmmmmmmmmmmmmmmmmmNMMMMMM + MMMMMMMMNNNmmdo:......................--------------:ymmmmmmmmmmmmmmmmmmmMMMMMMM + MMMMMMMMMMds+........................-----------------+dmmmmmmmmmmmmmmmmmMMMMMMM + MMMMMMMMMh+........................--------------------:smmmmmmmmmmmmmmNMMMMMMMM + MMMMMMMNy/........................-------------::--------/hmmmmmmmmmmmNMMMMMMNmd + MMMMMMMd/........................--------------so----------odmmmmmmmmMMNmdhhysss + MMMMMMm/........................--------------+mh-----------:ymmmmdhhyysssssssss + MMMMMMo.......................---------------:dmmo------------+dmdysssssssssssss + yhdmNh:......................---------------:dmmmm+------------:sssssssssssyhhdm + sssssy.......................--------------:hmmmmmmos++:---------/sssyyhdmNMMMMM + ssssso......................--------------:hmmmNNNMNdddysso:------:yNNMMMMMMMMMM + ysssss.....................--------------/dmNyy/mMMd``d/------------sNMMMMMMMMMM + MNmdhy-...................--------------ommmh`o/NM/. smh+-----------:yNMMMMMMMMM + MMMMMN+...................------------/hmmss: `-//-.smmmmd+----------:hMMMMMMMMM + MMMMMMd:..................----------:smmmmhy+oosyysdmmy+:. `.--------/dMMMMMMMM + MMMMMMMh-................---------:smmmmmmmmmmmmmmmh/` `/s:-------sMMMMMMMM + MMMMMMMms:...............-------/ymmmmmmmmmmmmmmmd/ :dMMNy/-----+mMMMMMMM + MMMMMMmyss/..............------ommmmmmmmmmmmmmmmd. :yMMMMMMNs:---+mMMMMMMM + MMMMNdssssso-............----..odmmmmmmmmmmmmmmh:.` .sNMMMMMMMMMd/--sMMMMMMMM + MMMmysssssssh/................` -odmmmmmmmmmh+. `omMMMMMMMMMMMMh/+mMMMMMMMM + MNdyssssssymMNy-.............. `/sssso+:. `+mMMMMMMMMMMMMMMMdNMMMMMMMMM + NhssssssshNMMMMNo:............/.` `+dMMMMMMMMMMMMMMMMMMMMMMMMMMMM + ysssssssdMMMMMMMMm+-..........+ddy/.` -omMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM + ssssssymMMMMMMMMMMMh/.........-oNMMNmy+--` `-+dNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM + ssssydNMMMMMMMMMMMMMNy:........-hMMMMMMMNmdmMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM + sssymMMMMMMMMMMMMMMMMMm+....-..:hMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM + symNMMMMMMMMMMMMMMMMMMMNo.../-/dMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM + dNMMMMMMMMMMMMMMMMMMMMMMh:.:hyNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM + ''; + config = '' + loadmodule "extensions/chm_adminonly"; + loadmodule "extensions/chm_nonotice"; + loadmodule "extensions/chm_operonly"; + loadmodule "extensions/chm_sslonly"; + #loadmodule "extensions/chm_operpeace"; + #loadmodule "extensions/createauthonly"; + loadmodule "extensions/extb_account"; + loadmodule "extensions/extb_canjoin"; + loadmodule "extensions/extb_channel"; + loadmodule "extensions/extb_combi"; + loadmodule "extensions/extb_extgecos"; + loadmodule "extensions/extb_hostmask"; + loadmodule "extensions/extb_oper"; + loadmodule "extensions/extb_realname"; + loadmodule "extensions/extb_server"; + loadmodule "extensions/extb_ssl"; + loadmodule "extensions/extb_usermode"; + #loadmodule "extensions/helpops"; + #loadmodule "extensions/hurt"; + loadmodule "extensions/ip_cloaking_4.0"; + #loadmodule "extensions/ip_cloaking"; + #loadmodule "extensions/m_extendchans"; + #loadmodule "extensions/m_findforwards"; + #loadmodule "extensions/m_identify"; + #loadmodule "extensions/m_locops"; + #loadmodule "extensions/no_oper_invis"; + loadmodule "extensions/sno_farconnect"; + loadmodule "extensions/sno_globalnickchange"; + loadmodule "extensions/sno_globaloper"; + #loadmodule "extensions/sno_whois"; + loadmodule "extensions/override"; + loadmodule "extensions/no_kill_services"; + + serverinfo { + name = "chrysalis.akua"; + sid = "420"; + description = "Queen Chrysalis"; + network_name = "akua"; + + vhost = "10.77.2.2"; + vhost6 = "fda2:d982:1da2:ed22:9064:6df9:4855:611d"; + }; + + listen { + host = "0.0.0.0"; + port = 6667; + }; + + auth { + user = "*@*"; + class = "users"; + flags = exceed_limit; + }; + + channel { + default_split_user_count = 0; + }; + + privset "server_bot" { + /* extends: a privset to inherit in this privset */ + extends = "local_op"; + privs = oper:kline, oper:remoteban, snomask:nick_changes; + }; + + privset "global_op" { + extends = "local_op"; + privs = oper:routing, oper:kline, oper:unkline, oper:xline, + oper:resv, oper:cmodes, oper:mass_notice, oper:wallops, + oper:remoteban; + }; + + privset "admin" { + extends = "global_op"; + privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant; + }; + + operator "Mara" { + user = "*@*"; + password = "L/b5FCMZ1DUc2"; + snomask = "+Zbfkrsuy"; + flags = encrypted; + privset = "admin"; + }; + ''; + openFilesLimit = 65536; + }; +} diff --git a/hosts/chrysalis/znc.nix b/hosts/chrysalis/znc.nix new file mode 100644 index 0000000..14e5052 --- /dev/null +++ b/hosts/chrysalis/znc.nix @@ -0,0 +1,26 @@ +{config, pkgs, lib, ...}: + +{ + services.znc = { + enable = true; + openFirewall = true; + useLegacyConfig = false; + + config = { + LoadModule = [ "webadmin" ]; + User.Mara = { + Admin = true; + Nick = "Mara"; + RealName = "Mara the Sh0rk"; + QuitMsg = "sh0rknap"; + LoadModule = [ "chansaver" "controlpanel" ]; + Pass.password = { # hunter2 + Method = "sha256"; + Hash = + "b5dacf3284a5be6c96fd53b98b0e837fbb384e0692c79ac1d89022e40b873b2d"; + Salt = "?FdFUg:*tZ9niq9m5?xd"; + }; + }; + }; + }; +} diff --git a/hosts/logos/default.nix b/hosts/logos/default.nix index e532b80..b20a158 100755 --- a/hosts/logos/default.nix +++ b/hosts/logos/default.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - imports = [ ../../common ./minecraft.nix ]; + imports = [ ./minecraft.nix ]; users.motd = builtins.readFile ./motd;