From 86d2bc58cf2f42e34db1adefa4f211d1605cee04 Mon Sep 17 00:00:00 2001 From: Don Harper Date: Thu, 10 Oct 2024 07:41:44 -0500 Subject: [PATCH] task | add new host w2 --- flake.nix | 7 ++ hosts/w2/colmena.nix | 16 +++ hosts/w2/default.nix | 32 ++++++ hosts/w2/disko.nix | 39 +++++++ hosts/w2/hardware-configuration.nix | 37 +++++++ hosts/w2/network.nix | 33 ++++++ hosts/w2/podman.nix | 163 ++++++++++++++++++++++++++++ 7 files changed, 327 insertions(+) create mode 100644 hosts/w2/colmena.nix create mode 100644 hosts/w2/default.nix create mode 100644 hosts/w2/disko.nix create mode 100644 hosts/w2/hardware-configuration.nix create mode 100644 hosts/w2/network.nix create mode 100644 hosts/w2/podman.nix diff --git a/flake.nix b/flake.nix index d6998cd..f39653f 100644 --- a/flake.nix +++ b/flake.nix @@ -56,6 +56,7 @@ loki = import ./hosts/loki/colmena.nix; smaug = import ./hosts/smaug/colmena.nix; w1 = import ./hosts/w1/colmena.nix; + w2 = import ./hosts/w2/colmena.nix; # t2 = import ./hosts/t2/colmena.nix; # pi1 = import ./hosts/pi1/colmena.nix; }; @@ -165,6 +166,12 @@ inherit inputs outputs; }; }; + w2 = lib.nixosSystem { + modules = [./hosts/w2]; + specialArgs = { + inherit inputs outputs; + }; + }; }; }; } diff --git a/hosts/w2/colmena.nix b/hosts/w2/colmena.nix new file mode 100644 index 0000000..2cd05a8 --- /dev/null +++ b/hosts/w2/colmena.nix @@ -0,0 +1,16 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + ./default.nix + ]; + deployment = { + tags = ["server" "intel" "vps" "web"]; + targetHost = "178.156.139.49"; + }; +} diff --git a/hosts/w2/default.nix b/hosts/w2/default.nix new file mode 100644 index 0000000..9a5f950 --- /dev/null +++ b/hosts/w2/default.nix @@ -0,0 +1,32 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + inputs.stylix.nixosModules.stylix + inputs.catppuccin.nixosModules.catppuccin + ./hardware-configuration.nix + ./network.nix + ../server + ../themes.nix + # ../server/searxng.nix + ]; + networking.hostName = "w1"; + boot = { + initrd = { + availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + kernelModules = [ "nvme" ]; + }; + loader = { + grub = { + enable = true; + device = "/dev/sda"; + efiSupport = false; + }; + }; + }; +} diff --git a/hosts/w2/disko.nix b/hosts/w2/disko.nix new file mode 100644 index 0000000..9e9fc1a --- /dev/null +++ b/hosts/w2/disko.nix @@ -0,0 +1,39 @@ +{ + disko.devices = { + disk = { + vdb = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "ESP"; + start = "1M"; + end = "500M"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "root"; + start = "500M"; + end = "100%"; + part-type = "primary"; + bootable = true; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + } + ]; + }; + }; + }; + }; +} diff --git a/hosts/w2/hardware-configuration.nix b/hosts/w2/hardware-configuration.nix new file mode 100644 index 0000000..70a38b0 --- /dev/null +++ b/hosts/w2/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/sda1"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/sda15"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/w2/network.nix b/hosts/w2/network.nix new file mode 100644 index 0000000..514752b --- /dev/null +++ b/hosts/w2/network.nix @@ -0,0 +1,33 @@ +{ lib, ... }: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ "1.1.1.1" + ]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { address="178.156.139.49"; prefixLength=32; } + ]; + ipv6.addresses = [ + { address="2a01:4ff:f0:9df8::1"; prefixLength=64; } + { address="fe80::9400:3ff:fec3:dc26"; prefixLength=64; } + ]; + ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ]; + ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ]; + }; + + }; + }; + services.udev.extraRules = '' + ATTR{address}=="96:00:03:c3:dc:26", NAME="eth0" + + ''; +} diff --git a/hosts/w2/podman.nix b/hosts/w2/podman.nix new file mode 100644 index 0000000..e223d64 --- /dev/null +++ b/hosts/w2/podman.nix @@ -0,0 +1,163 @@ +# Auto-generated using compose2nix v0.1.6. +{ + pkgs, + lib, + ... +}: { + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + # Containers + virtualisation.oci-containers.containers."bandwidth" = { + image = "ghcr.io/alexjustesen/speedtest-tracker:latest"; + environment = { + DB_CONNECTION = "mysql"; + DB_DATABASE = "speedtest_tracker"; + DB_HOST = "bandwidth-db"; + DB_PASSWORD = "password"; + DB_PORT = "3306"; + DB_USERNAME = "speedy"; + PGID = "1000"; + PUID = "1000"; + TZ = "America/Chicago"; + }; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/home/don/docker/speedtest/config:/config:rw" + "/home/don/docker/speedtest/web:/etc/ssl/web:rw" + ]; + dependsOn = [ + "bandwidth-db" + "bandwidth-ts" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:bandwidth-ts" + ]; + }; + systemd.services."podman-bandwidth" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-tstest-root.target" + ]; + unitConfig.UpheldBy = [ + "podman-bandwidth-db.service" + "podman-bandwidth-ts.service" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + virtualisation.oci-containers.containers."bandwidth-db" = { + image = "mariadb:10"; + environment = { + MARIADB_DATABASE = "speedtest_tracker"; + MARIADB_PASSWORD = "password"; + MARIADB_RANDOM_ROOT_PASSWORD = "true"; + MARIADB_USER = "speedy"; + PGID = "1000"; + PUID = "1000"; + }; + volumes = [ + "/home/don/docker/speedtest-db:/var/lib/mysql:rw" + ]; + dependsOn = [ + "bandwidth-ts" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:bandwidth-ts" + ]; + }; + systemd.services."podman-bandwidth-db" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-tstest-root.target" + ]; + unitConfig.UpheldBy = [ + "podman-bandwidth-ts.service" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + virtualisation.oci-containers.containers."bandwidth-ts" = { + image = "tailscale/tailscale"; + environment = { + PGID = "1000"; + PUID = "1000"; + TS_ACCEPT_DNS = "true"; + TS_AUTHKEY = "tskey-auth-kt22J52CNTRL-iT7CCqfci73sWvVy6Dyi83DWzwLnNyknF"; + TS_HOSTNAME = "fred-bw"; + TS_STATE_DIR = "/var/lib/tailscale"; + }; + volumes = [ + "/dev/net/tun:/dev/net/tun:rw" + "/home/don/docker/tailscale/var_lib:/var/lib:rw" + ]; + cmd = ["tailscaled"]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=net_admin" + "--cap-add=sys_module" + "--network-alias=bandwidth-ts" + "--network=tstest-default" + "--privileged" + ]; + }; + systemd.services."podman-bandwidth-ts" = { + serviceConfig = { + Restart = lib.mkOverride 500 "no"; + }; + after = [ + "podman-network-tstest-default.service" + ]; + requires = [ + "podman-network-tstest-default.service" + ]; + partOf = [ + "podman-compose-tstest-root.target" + ]; + wantedBy = [ + "podman-compose-tstest-root.target" + ]; + }; + + # Networks + systemd.services."podman-network-tstest-default" = { + path = [pkgs.podman]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "${pkgs.podman}/bin/podman network rm -f tstest-default"; + }; + script = '' + podman network inspect tstest-default || podman network create tstest-default --opt isolate=true + ''; + partOf = ["podman-compose-tstest-root.target"]; + wantedBy = ["podman-compose-tstest-root.target"]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."podman-compose-tstest-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = ["multi-user.target"]; + }; +}