From 322237a2b3f6b584474b08f782a023f6365d5681 Mon Sep 17 00:00:00 2001 From: Don Harper Date: Mon, 7 Oct 2024 07:58:20 -0500 Subject: [PATCH] host | add w1 --- hosts/w1/colmena.nix | 15 +++ hosts/w1/default.nix | 19 ++++ hosts/w1/hardware-configuration.nix | 9 ++ hosts/w1/network.nix | 33 ++++++ hosts/w1/podman.nix | 163 ++++++++++++++++++++++++++++ 5 files changed, 239 insertions(+) create mode 100644 hosts/w1/colmena.nix create mode 100644 hosts/w1/default.nix create mode 100644 hosts/w1/hardware-configuration.nix create mode 100644 hosts/w1/network.nix create mode 100644 hosts/w1/podman.nix diff --git a/hosts/w1/colmena.nix b/hosts/w1/colmena.nix new file mode 100644 index 0000000..dd06f08 --- /dev/null +++ b/hosts/w1/colmena.nix @@ -0,0 +1,15 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + ./default.nix + ]; + deployment = { + tags = ["server" "intel" "vps" "web"]; + }; +} diff --git a/hosts/w1/default.nix b/hosts/w1/default.nix new file mode 100644 index 0000000..4b3bcb8 --- /dev/null +++ b/hosts/w1/default.nix @@ -0,0 +1,19 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + inputs.stylix.nixosModules.stylix + inputs.catppuccin.nixosModules.catppuccin + ./hardware-configuration.nix + ./network.nix + ../server + ../themes.nix + # ../server/searxng.nix + ]; + networking.hostName = "w1"; +} diff --git a/hosts/w1/hardware-configuration.nix b/hosts/w1/hardware-configuration.nix new file mode 100644 index 0000000..b1aacee --- /dev/null +++ b/hosts/w1/hardware-configuration.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + +} diff --git a/hosts/w1/network.nix b/hosts/w1/network.nix new file mode 100644 index 0000000..bde88f0 --- /dev/null +++ b/hosts/w1/network.nix @@ -0,0 +1,33 @@ +{ lib, ... }: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ "8.8.8.8" + ]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { address="5.161.104.185"; prefixLength=32; } + ]; + ipv6.addresses = [ + { address="2a01:4ff:f0:c3e0::1"; prefixLength=64; } +{ address="fe80::9400:3ff:fec1:e04f"; prefixLength=64; } + ]; + ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ]; + ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ]; + }; + + }; + }; + services.udev.extraRules = '' + ATTR{address}=="96:00:03:c1:e0:4f", NAME="eth0" + + ''; +} diff --git a/hosts/w1/podman.nix b/hosts/w1/podman.nix new file mode 100644 index 0000000..e223d64 --- /dev/null +++ b/hosts/w1/podman.nix @@ -0,0 +1,163 @@ +# Auto-generated using compose2nix v0.1.6. +{ + pkgs, + lib, + ... +}: { + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + # Containers + virtualisation.oci-containers.containers."bandwidth" = { + image = "ghcr.io/alexjustesen/speedtest-tracker:latest"; + environment = { + DB_CONNECTION = "mysql"; + DB_DATABASE = "speedtest_tracker"; + DB_HOST = "bandwidth-db"; + DB_PASSWORD = "password"; + DB_PORT = "3306"; + DB_USERNAME = "speedy"; + PGID = "1000"; + PUID = "1000"; + TZ = "America/Chicago"; + }; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/home/don/docker/speedtest/config:/config:rw" + "/home/don/docker/speedtest/web:/etc/ssl/web:rw" + ]; + dependsOn = [ + "bandwidth-db" + "bandwidth-ts" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:bandwidth-ts" + ]; + }; + systemd.services."podman-bandwidth" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-tstest-root.target" + ]; + unitConfig.UpheldBy = [ + "podman-bandwidth-db.service" + "podman-bandwidth-ts.service" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + virtualisation.oci-containers.containers."bandwidth-db" = { + image = "mariadb:10"; + environment = { + MARIADB_DATABASE = "speedtest_tracker"; + MARIADB_PASSWORD = "password"; + MARIADB_RANDOM_ROOT_PASSWORD = "true"; + MARIADB_USER = "speedy"; + PGID = "1000"; + PUID = "1000"; + }; + volumes = [ + "/home/don/docker/speedtest-db:/var/lib/mysql:rw" + ]; + dependsOn = [ + "bandwidth-ts" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:bandwidth-ts" + ]; + }; + systemd.services."podman-bandwidth-db" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-tstest-root.target" + ]; + unitConfig.UpheldBy = [ + "podman-bandwidth-ts.service" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + virtualisation.oci-containers.containers."bandwidth-ts" = { + image = "tailscale/tailscale"; + environment = { + PGID = "1000"; + PUID = "1000"; + TS_ACCEPT_DNS = "true"; + TS_AUTHKEY = "tskey-auth-kt22J52CNTRL-iT7CCqfci73sWvVy6Dyi83DWzwLnNyknF"; + TS_HOSTNAME = "fred-bw"; + TS_STATE_DIR = "/var/lib/tailscale"; + }; + volumes = [ + "/dev/net/tun:/dev/net/tun:rw" + "/home/don/docker/tailscale/var_lib:/var/lib:rw" + ]; + cmd = ["tailscaled"]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=net_admin" + "--cap-add=sys_module" + "--network-alias=bandwidth-ts" + "--network=tstest-default" + "--privileged" + ]; + }; + systemd.services."podman-bandwidth-ts" = { + serviceConfig = { + Restart = lib.mkOverride 500 "no"; + }; + after = [ + "podman-network-tstest-default.service" + ]; + requires = [ + "podman-network-tstest-default.service" + ]; + partOf = [ + "podman-compose-tstest-root.target" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + + # Networks + systemd.services."podman-network-tstest-default" = { + path = [pkgs.podman]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "${pkgs.podman}/bin/podman network rm -f tstest-default"; + }; + script = '' + podman network inspect tstest-default || podman network create tstest-default --opt isolate=true + ''; + partOf = ["podman-compose-tstest-root.target"]; + wantedBy = ["podman-compose-tstest-root.target"]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."podman-compose-tstest-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = ["multi-user.target"]; + }; +}