gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

hosts/athame: Continuing from pre-existing server

Browse source
This commit is contained in:
kat witch 2021-04-04 22:18:40 +01:00
parent e0d680844f
commit c761c3f6c6
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
2 changed files with 90 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

138
hosts/athame/meta.nix
View file

@ -11,36 +11,45 @@ with config.resources; {
};
resources.athame = {
provider = "hcloud";
type = "server";
inputs = {
name = "athame";
image = "ubuntu-20.04";
server_type = "cpx21";
location = "nbg1";
backups = false;
ssh_keys = [ (hcloud_ssh_key.refAttr "id") ];
provider = "null";
type = "resource";
connection = {
port = 62954;
host = "athame.kittywit.ch";
};
connection = { host = config.lib.tf.terraformSelf "ipv4_address"; };
provisioners = [
{
file = {
destination = "/tmp/sshportfix.nix";
content = "{ config, ...}: { services.openssh.ports = [ 62954 ]; }";
};
}
{
remote-exec.command =
"curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=/tmp/sshportfix.nix NO_REBOOT=true PROVIDER=hetznercloud NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log";
}
{
remote-exec.command = "reboot";
onFailure = "continue";
}
];
};
resources.athame_rdns = {
#resources.athame = {
#provider = "hcloud";
# type = "server";
# inputs = {
# name = "athame";
# image = "ubuntu-20.04";
# server_type = "cpx21";
# location = "nbg1";
# backups = false;
# ssh_keys = [ (hcloud_ssh_key.refAttr "id") ];
# };
# connection = { host = config.lib.tf.terraformSelf "ipv4_address"; };
# provisioners = [
# {
# file = {
# destination = "/tmp/sshportfix.nix";
# content = "{ config, ...}: { services.openssh.ports = [ 62954 ]; }";
# };
# }
# {
# remote-exec.command =
# "curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=/tmp/sshportfix.nix NO_REBOOT=true PROVIDER=hetznercloud NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log";
# }
# {
# remote-exec.command = "reboot";
# onFailure = "continue";
# }
# ];
#};
/* resources.athame_rdns = {
provider = "hcloud";
type = "rdns";
inputs = {
@ -48,48 +57,55 @@ with config.resources; {
dns_ptr = "athame.kittywit.ch";
ip_address = athame.refAttr "ipv4_address";
};
};
}; */
dns.records.kittywitch_athame = {
tld = "kittywit.ch.";
domain = "athame";
a.address = athame.refAttr "ipv4_address";
};
#dns.records.kittywitch_athame = {
# tld = "kittywit.ch.";
# domain = "athame";
# a.address = athame.refAttr "ipv4_address";
#};
dns.records.kittywitch_root = {
tld = "kittywit.ch.";
domain = "@";
a.address = athame.refAttr "ipv4_address";
};
#dns.records.kittywitch_root = {
# tld = "kittywit.ch.";
# domain = "@";
# a.address = athame.refAttr "ipv4_address";
#};
dns.records.kittywitch_athame_v6 = {
tld = "kittywit.ch.";
domain = "athame";
aaaa.address = athame.refAttr "ipv6_address";
};
#dns.records.kittywitch_athame_v6 = {
# tld = "kittywit.ch.";
# domain = "athame";
# aaaa.address = athame.refAttr "ipv6_address";
#};
dns.records.kittywitch_root_v6 = {
tld = "kittywit.ch.";
domain = "@";
aaaa.address = athame.refAttr "ipv6_address";
};
#dns.records.kittywitch_root_v6 = {
# tld = "kittywit.ch.";
# domain = "@";
# aaaa.address = athame.refAttr "ipv6_address";
#};
#dns.records.kittywitch_www = {
# tld = "kittywit.ch.";
# domain = "www";
# cname.target = "athame.kittywit.ch.";
#};
deploy.systems.athame = {
nixosConfig = hosts.athame.config;
connection = {
host = athame.refAttr "ipv4_address";
port = 62954;
};
connection = athame.connection.set;
# connection = {
# host = athame.refAttr "ipv4_address";
# port = 62954;
# };
triggers.copy.athame = athame.refAttr "id";
triggers.secrets.athame = athame.refAttr "id";
triggers.switch = lib.mapAttrs (name: record:
{
A = config.lib.tf.terraformExpr
''join(",", ${record.out.resource.namedRef}.addresses)'';
AAAA = config.lib.tf.terraformExpr
''join(",", ${record.out.resource.namedRef}.addresses)'';
CNAME = record.out.resource.refAttr "cname";
SRV = record.out.resource.refAttr "id";
}.${record.out.type}) config.dns.records;
#triggers.switch = lib.mapAttrs (name: record:
# {
# A = config.lib.tf.terraformExpr
# ''join(",", ${record.out.resource.namedRef}.addresses)'';
# AAAA = config.lib.tf.terraformExpr
# ''join(",", ${record.out.resource.namedRef}.addresses)'';
# CNAME = record.out.resource.refAttr "cname";
# SRV = record.out.resource.refAttr "id";
# }.${record.out.type}) config.dns.records;
};
}

31
hosts/athame/nixos/default.nix
View file

@ -6,20 +6,20 @@
# profiles
profiles.kat
# host-specific services
#./postgres.nix
#./virtualhosts.nix
#./fail2ban.nix
./postgres.nix
./virtualhosts.nix
./fail2ban.nix
# services
#../../../services/nginx.nix
#../../../services/mail.nix
#../../../services/asterisk.nix
#../../../services/gitea
#../../../services/syncplay.nix
#../../../services/bitwarden.nix
#../../../services/taskserver.nix
#../../../services/murmur.nix
#../../../services/znc.nix
#../../../services/matrix.nix
../../../services/nginx.nix
../../../services/mail.nix
../../../services/asterisk.nix
../../../services/gitea
../../../services/syncplay.nix
../../../services/bitwarden.nix
../../../services/taskserver.nix
../../../services/murmur.nix
../../../services/znc.nix
../../../services/matrix.nix
];
boot.loader.grub.enable = true;
@ -35,11 +35,6 @@
interfaces.enp1s0.useDHCP = true;
};
deploy.tf.dns.records.kittywitch_www = {
tld = "kittywit.ch.";
domain = "www";
cname.target = "athame.kittywit.ch.";
};
networking.firewall.allowedTCPPorts =
[ 22 80 443 5160 5060 8999 64738 1935 53589 5001 ];