gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: meiling

Browse source
This commit is contained in:
arcnmx 2025-09-03 23:18:59 -07:00
parent dd30009b7e
commit 47ca22ff47
30 changed files with 431 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

0
systems/ct/default.nix → systems/ct-meiling/default.nix
View file

35
systems/ct-meiling/nixos.nix Normal file
View file

@ -0,0 +1,35 @@
{meta, lib, ...}: {
imports = with meta; [
nixos.ct.meiling
];
# allow proxmox to provide us with our hostname
environment.etc.hostname.enable = false;
services.avahi.hostName = "";
system = {
stateVersion = "25.05";
nixos.tags = lib.mkForce [ "template" ];
};
environment.etc."systemd/network/eth9.network.d/int.conf".text = ''
[Match]
Name=eth9
Type=ether
[Link]
RequiredForOnline=false
[Network]
IPv6AcceptRA=true
IPv6SendRA=false
DHCP=no
[IPv6Prefix]
AddressAutoconfiguration=false
Prefix=fd0c::/64
Assign=true
[IPv6AcceptRA]
DHCPv6Client=false
'';
}

15
systems/ct-reisen/default.nix Normal file
View file

@ -0,0 +1,15 @@
_: {
arch = "x86_64";
type = "NixOS";
modules = [
./nixos.nix
];
access.online.enable = false;
network.networks = {
local = {
fqdn = null;
address4 = null;
address6 = null;
};
};
}

9
systems/ct/nixos.nix → systems/ct-reisen/nixos.nix
View file

@ -1,13 +1,16 @@
{meta, ...}: {
{meta, lib, ...}: {
imports = with meta; [
nixos.reisen-ct
nixos.ct.reisen
];
# allow proxmox to provide us with our hostname
environment.etc.hostname.enable = false;
services.avahi.hostName = "";
system.stateVersion = "23.11";
system = {
stateVersion = "23.11";
nixos.tags = lib.mkForce [ "template" ];
};
environment.etc."systemd/network/eth9.network.d/int.conf".text = ''
[Match]
Name=eth9

49
systems/meiling/default.nix Normal file
View file

@ -0,0 +1,49 @@
{lib, config, ...}: {
type = "Linux";
proxmox.node = {
enable = true;
};
access = {
online.available = true;
global.enable = true;
};
extern.files = {
"/etc/sysctl.d/50-net.conf" = {
source = ./sysctl.50-net.conf;
};
};
network.networks = {
global = {
address4 = "49.12.128.117";
address6 = null;
};
local = {
inherit (config.network.networks.global) address4;
address6 = null;
};
int = {
address4 = "10.9.1.4";
address6 = "fd0c::4";
};
tail = {
address4 = "100.67.99.30";
address6 = "fd7a:115c:a1e0::dc34:631e";
};
};
exports = {
services = {
tailscale.enable = true;
sshd = {
enable = true;
ports = {
public.enable = false;
standard.listen = "wan";
};
};
proxmox = {
enable = true;
id = "proxmox-meiling";
};
};
};
}

10
systems/meiling/extern.json Normal file
View file

@ -0,0 +1,10 @@
{
"files": {
"/etc/sysctl.d/50-net.conf": {
"group": "root",
"mode": "0644",
"owner": "root",
"source": "systems/meiling/sysctl.50-net.conf"
}
}
}

7
systems/meiling/root.authorized_keys Normal file
View file

@ -0,0 +1,7 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8Z6briIboxIdedPGObEWB6QEQkvxKvnMW/UVU9t/ac mew-pgp
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== yubikey5
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== cardno:12 078 454
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII74JrgGsDQ6r7tD7+k3ykxXV7DpeeFRscPMxrBsDPhz kat@goliath
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkeBFF4xxZgeURLzNHcvUFxImmkQ3pxXtpj3mtSyHXB kat@koishi
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIC3RkyoQ74bb4NGv1H1bZAz5ROO0Zr6FT8TYpowgGUp kat@chen

14
systems/meiling/setup.sh Normal file
View file

@ -0,0 +1,14 @@
mkshared-nix() {
mkshared nix 0 0 0755
if [[ ! -d /rpool/shared/nix/store ]]; then
zfs create -o compression=zstd rpool/shared/nix/store
fi
if [[ ! -d /rpool/shared/nix/var ]]; then
mkdir /rpool/shared/nix/var
fi
chown 100000:30000 /rpool/shared/nix/store
chmod 1775 /rpool/shared/nix/store
chown 100000:100000 /rpool/shared/nix/var
}
#mkshared-nix

4
systems/meiling/sysctl.50-net.conf Normal file
View file

@ -0,0 +1,4 @@
net.ipv4.ping_group_range=0 2147483647
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
net.core.rmem_max=2500000
net.core.wmem_max=2500000

1
systems/meiling/systems.json Normal file
View file

@ -0,0 +1 @@
{}

30
systems/meiling/users.json Normal file
View file

@ -0,0 +1,30 @@
[
{
"authorizedKeys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== yubikey5",
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== cardno:12 078 454",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII74JrgGsDQ6r7tD7+k3ykxXV7DpeeFRscPMxrBsDPhz kat@goliath",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkeBFF4xxZgeURLzNHcvUFxImmkQ3pxXtpj3mtSyHXB kat@koishi",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIC3RkyoQ74bb4NGv1H1bZAz5ROO0Zr6FT8TYpowgGUp kat@chen"
],
"name": "kat",
"uid": 8000
},
{
"authorizedKeys": [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8Z6briIboxIdedPGObEWB6QEQkvxKvnMW/UVU9t/ac mew-pgp"
],
"name": "arc",
"uid": 8001
},
{
"authorizedKeys": [],
"name": "kaosubaloo",
"uid": 8002
},
{
"authorizedKeys": [],
"name": "connieallure",
"uid": 8003
}
]

10
systems/reisen/default.nix
View file

@ -34,14 +34,22 @@ _: {
address4 = "10.9.1.2";
address6 = "fd0c::2";
};
tail = {
address4 = "100.101.208.19";
address6 = "fd7a:115c:a1e0::3034:d013";
};
};
exports = {
services = {
tailscale.enable = true;
sshd = {
enable = true;
ports.public.enable = false;
};
proxmox.enable = true;
proxmox = {
enable = true;
id = "proxmox-reisen";
};
};
};
}