qo.is/infrastructure
3
0
Fork 0
Code Issues 12 Pull requests 1 Projects 1 Activity Actions

Remove fulberg host

Browse source
This commit is contained in:
Fabian Hauser 2024-12-06 14:04:04 +02:00
parent f6e63c0fdf
commit df83c62e0c
18 changed files with 6 additions and 192 deletions
Download patch file Download diff file Expand all files Collapse all files

22
nixos-configurations/calanda/networking.nix
View file

@ -66,14 +66,6 @@ in
# DMZ Portforwarding
networking.nat.forwardPorts =
let
fulbergPort = (
proto: port: {
destination = "10.1.2.2:${toString port}";
proto = proto;
sourcePort = port;
loopbackIPs = [ "85.195.200.253" ];
}
);
cyprianspitzPort = (
proto: port: {
destination = "10.1.1.11:${toString port}";
@ -84,26 +76,12 @@ in
);
in
[
{
destination = "10.1.2.2:22";
proto = "tcp";
sourcePort = 8022;
}
{
destination = "10.1.2.2:2222";
proto = "tcp";
sourcePort = 8222;
}
{
destination = "10.1.1.11:2222";
proto = "tcp";
sourcePort = 8223;
}
]
++ map (fulbergPort "udp") [
51820
51821
]
++ map (cyprianspitzPort "tcp") [
80
443

1
nixos-configurations/fulberg/README.md
View file

@ -1 +0,0 @@
# fulberg

1
nixos-configurations/fulberg/applications/default.nix
View file

@ -1 +0,0 @@
{ ... }: { }

35
nixos-configurations/fulberg/backup.nix
View file

@ -1,35 +0,0 @@
{ config, pkgs, ... }:
{
qois.backup-server = {
enable = true;
backupStorageRoot = "/mnt/nas/backup";
};
services.borgbackup.repos =
let
backupRoot = "/mnt/nas/backup";
hostBackupRoot = "${backupRoot}/hosts";
dataBackupRoot = "${backupRoot}/data";
in
{
"lindberg-nextcloud" = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIpzfp9VqclbPJ42ZrkRpvjMSTeyq0qce03zCRXqIHMw backup@lindberg-nextcloud"
];
path = "${hostBackupRoot}/lindberg-nextcloud";
};
"lindberg-data" = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTmyoVONC12MgOodvzdPpZzLSVwpkC6zkf+Rg0W36gy backup-data@lindberg"
];
path = "${dataBackupRoot}/lindberg";
};
"lindberg-build-system" = {
authorizedKeys = [
"ssh-ed25519 AAAATODOTODOTODONTE5AAAAIGTmyoVONC12MgOodvzdPpZzLSVwpkC6zkf+Rg0W36gy backup-system@lindberg-build"
];
path = "${dataBackupRoot}/lindberg-build-system";
};
};
}

22
nixos-configurations/fulberg/default.nix
View file

@ -1,22 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
../../defaults/base
../../defaults/hardware/apu.nix
../../defaults/meta
./applications
./backup.nix
./filesystems.nix
./networking.nix
./secrets.nix
];
# This value determines the NixOS release from which the default
# settings for stateful data, like fi:le locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

31
nixos-configurations/fulberg/filesystems.nix
View file

@ -1,31 +0,0 @@
{ config, pkgs, ... }:
{
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/360a6bc9-fc4e-4803-bd53-69320ac32ac5";
fsType = "btrfs";
options = [
"defaults"
"subvol=nixos"
"noatime"
];
};
"/mnt/nas" = {
device = "10.1.1.39:/qois";
fsType = "nfs";
options = [
"defaults"
"noatime"
"soft"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/73f91e99-d856-4504-b6b2-d60f855d6d95"; } ];
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
}

48
nixos-configurations/fulberg/networking.nix
View file

@ -1,48 +0,0 @@
{ config, pkgs, ... }:
let
meta = config.qois.meta;
plessur-dmz-net = meta.network.physical.plessur-dmz;
getCalandaIp4 = net: net.hosts.calanda.v4.ip;
in
{
networking.hostName = meta.hosts.fulberg.hostName;
imports = [ ../../defaults/backplane-net ];
# WWAN is currently not available due to a broken SIM-card.
#services.qois.wwan = {
# enable = true;
# apn = "gprs.swisscom.ch";
# networkInterface = "wwp0s19u1u3i12";
#};
networking.interfaces.enp1s0 = {
useDHCP = false;
ipv4.addresses = [
{
inherit (plessur-dmz-net.v4) prefixLength;
address = plessur-dmz-net.hosts.fulberg.v4.ip;
}
];
};
networking.defaultGateway = plessur-dmz-net.v4.gateway;
networking.nameservers = plessur-dmz-net.v4.nameservers;
# Configure this node to be used as an vpn exit node
qois.backup-client.includePaths = [ "/var/lib/tailscale" ];
services.tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "server";
authKeyFile = config.sops.secrets."tailscale/key".path;
extraUpFlags = [
"--login-server=https://vpn.qo.is"
"--advertise-exit-node"
(
with meta.network.virtual.backplane.v4; "--advertise-routes=${id}/${builtins.toString prefixLength}"
)
"--advertise-tags=tag:srv"
];
};
}

8
nixos-configurations/fulberg/secrets.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
sops.secrets = {
"tailscale/key" = {
restartUnits = [ "tailscale.service" ];
};
};
}

1
nixos-configurations/lindberg-build/backup.nix
View file

@ -3,7 +3,6 @@
let
vnet = config.qois.meta.network.virtual.backplane.hosts;
systemTargets = [
"fulberg"
"tierberg"
];
systemJobs = builtins.listToAttrs (

2
nixos-configurations/lindberg-nextcloud/secrets.nix
View file

@ -2,7 +2,7 @@
let
backupConfiguration = {
restartUnits = [
"borgbackup-job-system-fulberg.service"
"borgbackup-job-system-cyprianspitz.service"
"borgbackup-job-system-tierberg.service"
];
};

2
nixos-configurations/lindberg/secrets.nix
View file

@ -2,7 +2,7 @@
let
backupConfiguration = {
restartUnits = [
"borgbackup-job-data-fulberg.service"
"borgbackup-job-data-cyprianspitz.service"
"borgbackup-job-data-tierberg.service"
];
};

2
nixos-configurations/stompert/default.nix
View file

@ -59,5 +59,5 @@
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "22.11"; # Did you read the comment?
system.stateVersion = "24.11"; # Did you read the comment?
}