qo.is/infrastructure
3
0
Fork 0
Code Issues 12 Pull requests Projects 1 Activity Actions

Commit files for public release
All checks were successful
CI / build (push) Successful in 13m53s
Details

Browse source
This commit is contained in:
Fabian Hauser 2024-10-02 16:52:04 +03:00
commit fef2377502
174 changed files with 7423 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos-configurations/calanda/README.md Normal file
View file

@ -0,0 +1 @@
# calanda

21
nixos-configurations/calanda/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
imports = [
./networking.nix
./filesystems.nix
../../defaults/hardware/apu.nix
../../defaults/base
../../defaults/meta
];
# This value determines the NixOS release from which the default
# settings for stateful data, like fi:le locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

20
nixos-configurations/calanda/filesystems.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, pkgs, ... }:
{
fileSystems."/" = {
device = "/dev/disk/by-uuid/16efc5db-0697-4f39-b64b-fc18ac318625";
fsType = "btrfs";
options = [
"defaults"
"subvol=nixos"
"noatime"
];
};
swapDevices = [ { device = "/dev/disk/by-uuid/b5104a7c-4a4a-4048-a9f8-44ddb0082632"; } ];
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
}

118
nixos-configurations/calanda/networking.nix Normal file
View file

@ -0,0 +1,118 @@
{ config, pkgs, ... }:
let
meta = config.qois.meta;
plessur-dmz-net = meta.network.physical.plessur-dmz;
plessur-lan-net = meta.network.physical.plessur-lan;
getCalandaIp4 = net: net.hosts.calanda.v4.ip;
in
{
imports = [ ../../defaults/backplane-net ];
networking.hostName = meta.hosts.calanda.hostName;
networking.domain = "ilanz.fh2.ch";
networking.enableIPv6 = false; # TODO
networking.useDHCP = false;
networking.interfaces.enp4s0.useDHCP = true;
networking.firewall.allowedTCPPorts = [
80
443
];
networking.interfaces.enp3s0 = {
ipv4.addresses = [
{
inherit (plessur-dmz-net.v4) prefixLength;
address = getCalandaIp4 plessur-dmz-net;
}
];
};
# TODO: Metaize ips
services.qois.router = {
enable = true;
wanInterface = "enp4s0";
wirelessInterfaces = [ "wlp5s0" ];
lanInterfaces = [ "enp2s0" ];
internalRouterIP = getCalandaIp4 plessur-lan-net;
dhcp = {
enable = true;
localDomain = "ilanz.fh2.ch"; # TODO: Legacy hostname
dhcpRange = "10.1.1.2,10.1.1.249";
};
recursiveDns = {
enable = true;
networkIdIp = plessur-lan-net.v4.id;
};
wireless = {
enable = true;
wleInterface24Ghz = "wlp5s0";
ssid = "hauser";
};
};
# DMZ
services.unbound.settings.server = {
interface = [ plessur-dmz-net.hosts.calanda.v4.ip ];
access-control = [
''"${plessur-dmz-net.v4.id}/${toString plessur-dmz-net.v4.prefixLength}" allow''
];
};
networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 53 ];
networking.nat.internalInterfaces = [ "enp3s0" ];
# DMZ Portforwarding
networking.nat.forwardPorts =
let
fulbergPort = (
proto: port: {
destination = "10.1.2.2:${toString port}";
proto = proto;
sourcePort = port;
loopbackIPs = [ "85.195.200.253" ];
}
);
cyprianspitzPort = (
proto: port: {
destination = "10.1.1.11:${toString port}";
proto = proto;
sourcePort = port;
loopbackIPs = [ "85.195.200.253" ];
}
);
in
[
{
destination = "10.1.2.2:22";
proto = "tcp";
sourcePort = 8022;
}
{
destination = "10.1.2.2:2222";
proto = "tcp";
sourcePort = 8222;
}
{
destination = "10.1.1.11:2222";
proto = "tcp";
sourcePort = 8223;
}
]
++ map (fulbergPort "udp") [
51820
51821
]
++ map (cyprianspitzPort "tcp") [
80
443
]
++ map (cyprianspitzPort "udp") [
51824
1666
41641
3478
3479
];
}