qo.is/infrastructure
4
0
Fork 0
Code Issues 13 Pull requests 1 Projects 1 Activity Actions

Commit files for public release
All checks were successful
CI / build (push) Successful in 13m53s
Details

Browse source
This commit is contained in:
Fabian Hauser 2024-10-02 16:52:04 +03:00
commit fef2377502
174 changed files with 7423 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
nixos-configurations/tierberg/README.md Normal file
View file

@ -0,0 +1,9 @@
Access via `tierberg.coredump-ext.net.qo.is` `:51022` (SSH) and `:51023` (SSH-LUKS)
## Operations
Reboot requires passphrase (see pass `host/tierberg/hdd_luks)
```bash
ssh -p 51023 root@tierberg.coredump-ext.net.qo.is
```

35
nixos-configurations/tierberg/backup.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, ... }:
{
qois.backup-server = {
enable = true;
backupStorageRoot = "/mnt/nas-backup-qois";
};
services.borgbackup.repos =
let
backupRoot = "/mnt/nas-backup-qois";
hostBackupRoot = "${backupRoot}/hosts";
dataBackupRoot = "${backupRoot}/data";
in
{
"lindberg-nextcloud" = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIpzfp9VqclbPJ42ZrkRpvjMSTeyq0qce03zCRXqIHMw backup@lindberg-nextcloud"
];
path = "${hostBackupRoot}/lindberg-nextcloud";
};
"lindberg-data" = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTmyoVONC12MgOodvzdPpZzLSVwpkC6zkf+Rg0W36gy backup-data@lindberg"
];
path = "${dataBackupRoot}/lindberg-data";
};
"lindberg-build-system" = {
authorizedKeys = [
"ssh-ed25519 AAAATODOTODOTODOTODOAAAAIGTmyoVONC12MgOodvzdPpZzLSVwpkC6zkf+Rg0W36gy backup-system@lindberg-build"
];
path = "${dataBackupRoot}/lindberg-build-system";
};
};
}

24
nixos-configurations/tierberg/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, pkgs, ... }:
{
imports = [
./networking.nix
./filesystems.nix
./backup.nix
../../defaults/hardware/apu1.nix
# wle600: Not used currently
../../defaults/base
../../defaults/meta
];
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "23.05"; # Did you read the comment?
}

52
nixos-configurations/tierberg/filesystems.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, pkgs, ... }:
{
boot.initrd.luks.devices = {
"system".device = "/dev/disk/by-uuid/ac7f7ef2-280d-4b9f-8150-a6f11ecec1df";
"swap".device = "/dev/disk/by-uuid/6ce21585-6813-46d0-9a98-ebcfa507bdb0";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/c775e380-b15f-499b-94f2-8caa27e6e0ff";
fsType = "btrfs";
options = [
"defaults"
"subvol=nixos"
"noatime"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/0b22a6bc-0721-49d6-9e66-1f8d9258f47b";
fsType = "ext4";
};
"/mnt/nas-backup-qois" = {
device = "192.168.254.1:/raid0/data/_NAS_NFS_Exports_/backup-qois";
fsType = "nfs";
options = [
"defaults"
"noatime"
"soft"
"vers=3"
];
};
"/mnt/nas-backup-coredump" = {
device = "192.168.254.1:/raid0/data/_NAS_NFS_Exports_/backup-qois";
fsType = "nfs";
options = [
"defaults"
"noatime"
"soft"
"vers=3"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/e91f9aba-1e59-4d41-a772-f11d4314dc19"; } ];
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
}

29
nixos-configurations/tierberg/networking.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
let
meta = config.qois.meta;
lattenbach-nas-net = meta.network.physical.lattenbach-nas;
in
{
networking.hostName = meta.hosts.tierberg.hostName;
imports = [ ../../defaults/backplane-net ];
networking.enableIPv6 = false; # TODO
networking.useDHCP = false;
networking.interfaces.enp1s0.useDHCP = true;
networking.interfaces.enp2s0.ipv4.addresses = [
{
inherit (lattenbach-nas-net.v4) prefixLength;
address = lattenbach-nas-net.hosts.tierberg.v4.ip;
}
];
networking.interfaces.enp3s0.useDHCP = true;
services.qois.luks-ssh = {
enable = true;
interface = "eth0";
sshPort = 2222;
};
}