From c761c3f6c608ccfb212432733c792489597308fd Mon Sep 17 00:00:00 2001 From: kat witch Date: Sun, 4 Apr 2021 22:18:40 +0100 Subject: [PATCH] hosts/athame: Continuing from pre-existing server --- hosts/athame/meta.nix | 138 ++++++++++++++++++--------------- hosts/athame/nixos/default.nix | 31 ++++---- 2 files changed, 90 insertions(+), 79 deletions(-) diff --git a/hosts/athame/meta.nix b/hosts/athame/meta.nix index 2855858d..c09ab52d 100644 --- a/hosts/athame/meta.nix +++ b/hosts/athame/meta.nix @@ -11,36 +11,45 @@ with config.resources; { }; resources.athame = { - provider = "hcloud"; - type = "server"; - inputs = { - name = "athame"; - image = "ubuntu-20.04"; - server_type = "cpx21"; - location = "nbg1"; - backups = false; - ssh_keys = [ (hcloud_ssh_key.refAttr "id") ]; + provider = "null"; + type = "resource"; + connection = { + port = 62954; + host = "athame.kittywit.ch"; }; - connection = { host = config.lib.tf.terraformSelf "ipv4_address"; }; - provisioners = [ - { - file = { - destination = "/tmp/sshportfix.nix"; - content = "{ config, ...}: { services.openssh.ports = [ 62954 ]; }"; - }; - } - { - remote-exec.command = - "curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=/tmp/sshportfix.nix NO_REBOOT=true PROVIDER=hetznercloud NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log"; - } - { - remote-exec.command = "reboot"; - onFailure = "continue"; - } - ]; }; - resources.athame_rdns = { + #resources.athame = { + #provider = "hcloud"; + # type = "server"; + # inputs = { + # name = "athame"; + # image = "ubuntu-20.04"; + # server_type = "cpx21"; + # location = "nbg1"; + # backups = false; + # ssh_keys = [ (hcloud_ssh_key.refAttr "id") ]; + # }; + # connection = { host = config.lib.tf.terraformSelf "ipv4_address"; }; + # provisioners = [ + # { + # file = { + # destination = "/tmp/sshportfix.nix"; + # content = "{ config, ...}: { services.openssh.ports = [ 62954 ]; }"; + # }; + # } + # { + # remote-exec.command = + # "curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=/tmp/sshportfix.nix NO_REBOOT=true PROVIDER=hetznercloud NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log"; + # } + # { + # remote-exec.command = "reboot"; + # onFailure = "continue"; + # } + # ]; + #}; + +/* resources.athame_rdns = { provider = "hcloud"; type = "rdns"; inputs = { @@ -48,48 +57,55 @@ with config.resources; { dns_ptr = "athame.kittywit.ch"; ip_address = athame.refAttr "ipv4_address"; }; - }; + }; */ - dns.records.kittywitch_athame = { - tld = "kittywit.ch."; - domain = "athame"; - a.address = athame.refAttr "ipv4_address"; - }; + #dns.records.kittywitch_athame = { + # tld = "kittywit.ch."; + # domain = "athame"; + # a.address = athame.refAttr "ipv4_address"; + #}; - dns.records.kittywitch_root = { - tld = "kittywit.ch."; - domain = "@"; - a.address = athame.refAttr "ipv4_address"; - }; + #dns.records.kittywitch_root = { + # tld = "kittywit.ch."; + # domain = "@"; + # a.address = athame.refAttr "ipv4_address"; + #}; - dns.records.kittywitch_athame_v6 = { - tld = "kittywit.ch."; - domain = "athame"; - aaaa.address = athame.refAttr "ipv6_address"; - }; + #dns.records.kittywitch_athame_v6 = { + # tld = "kittywit.ch."; + # domain = "athame"; + # aaaa.address = athame.refAttr "ipv6_address"; + #}; - dns.records.kittywitch_root_v6 = { - tld = "kittywit.ch."; - domain = "@"; - aaaa.address = athame.refAttr "ipv6_address"; - }; + #dns.records.kittywitch_root_v6 = { + # tld = "kittywit.ch."; + # domain = "@"; + # aaaa.address = athame.refAttr "ipv6_address"; + #}; + + #dns.records.kittywitch_www = { + # tld = "kittywit.ch."; + # domain = "www"; + # cname.target = "athame.kittywit.ch."; + #}; deploy.systems.athame = { nixosConfig = hosts.athame.config; - connection = { - host = athame.refAttr "ipv4_address"; - port = 62954; - }; + connection = athame.connection.set; +# connection = { +# host = athame.refAttr "ipv4_address"; +# port = 62954; +# }; triggers.copy.athame = athame.refAttr "id"; triggers.secrets.athame = athame.refAttr "id"; - triggers.switch = lib.mapAttrs (name: record: - { - A = config.lib.tf.terraformExpr - ''join(",", ${record.out.resource.namedRef}.addresses)''; - AAAA = config.lib.tf.terraformExpr - ''join(",", ${record.out.resource.namedRef}.addresses)''; - CNAME = record.out.resource.refAttr "cname"; - SRV = record.out.resource.refAttr "id"; - }.${record.out.type}) config.dns.records; + #triggers.switch = lib.mapAttrs (name: record: + # { + # A = config.lib.tf.terraformExpr + # ''join(",", ${record.out.resource.namedRef}.addresses)''; + # AAAA = config.lib.tf.terraformExpr + # ''join(",", ${record.out.resource.namedRef}.addresses)''; + # CNAME = record.out.resource.refAttr "cname"; + # SRV = record.out.resource.refAttr "id"; + # }.${record.out.type}) config.dns.records; }; } diff --git a/hosts/athame/nixos/default.nix b/hosts/athame/nixos/default.nix index 7212131e..2f9bcd09 100644 --- a/hosts/athame/nixos/default.nix +++ b/hosts/athame/nixos/default.nix @@ -6,20 +6,20 @@ # profiles profiles.kat # host-specific services - #./postgres.nix - #./virtualhosts.nix - #./fail2ban.nix + ./postgres.nix + ./virtualhosts.nix + ./fail2ban.nix # services - #../../../services/nginx.nix - #../../../services/mail.nix - #../../../services/asterisk.nix - #../../../services/gitea - #../../../services/syncplay.nix - #../../../services/bitwarden.nix - #../../../services/taskserver.nix - #../../../services/murmur.nix - #../../../services/znc.nix - #../../../services/matrix.nix + ../../../services/nginx.nix + ../../../services/mail.nix + ../../../services/asterisk.nix + ../../../services/gitea + ../../../services/syncplay.nix + ../../../services/bitwarden.nix + ../../../services/taskserver.nix + ../../../services/murmur.nix + ../../../services/znc.nix + ../../../services/matrix.nix ]; boot.loader.grub.enable = true; @@ -35,11 +35,6 @@ interfaces.enp1s0.useDHCP = true; }; - deploy.tf.dns.records.kittywitch_www = { - tld = "kittywit.ch."; - domain = "www"; - cname.target = "athame.kittywit.ch."; - }; networking.firewall.allowedTCPPorts = [ 22 80 443 5160 5060 8999 64738 1935 53589 5001 ];