kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Burnout crawlout

Browse source
This commit is contained in:
Kat Inskip 2023-07-16 11:39:44 -07:00
parent fa19a286c5
commit e193ee5a9f
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
7 changed files with 10 additions and 275 deletions
Download patch file Download diff file Expand all files Collapse all files

39
nixos/roles/k8s-cluster/kubernetes.nix
View file

@ -1,39 +0,0 @@
{
pkgs,
lib,
...
}: let
inherit (lib.modules) mkForce;
kubeMasterIP = "100.105.14.66";
kubeMasterHostname = "ran.gensokyo.zone";
kubeMasterAPIServerPort = 6443;
in {
# packages for administration tasks
environment.systemPackages = with pkgs; [
kompose
kubectl
kubernetes
];
networking = {
firewall.enable = mkForce false;
extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
};
systemd.services.etcd.preStart = ''${pkgs.writeShellScript "etcd-wait" ''
while [ ! -f /var/lib/kubernetes/secrets/etcd.pem ]; do sleep 1; done
''}'';
services.kubernetes = {
roles = ["master" "node"];
addons.dns.enable = true; # CoreDNS
masterAddress = kubeMasterHostname;
apiserverAddress = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
apiserver = {
securePort = kubeMasterAPIServerPort;
advertiseAddress = kubeMasterIP;
extraOpts = "--service-node-port-range=1-65535";
allowPrivileged = true;
};
};
}

18
nixos/roles/rosetta.nix
View file

@ -1,18 +0,0 @@
_: {
boot = {
initrd.availableKernelModules = ["virtiofs"];
binfmt.registrations."rosetta" = {
interpreter = "/run/rosetta/rosetta";
fixBinary = true;
wrapInterpreterInShell = false;
matchCredentials = true;
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
};
nix.settings = {
extra-platforms = ["x86_64-linux"];
extra-sandbox-paths = ["/run/rosetta" "/run/binfmt"];
};
}

89
systems/ran.nix
View file

@ -1,89 +0,0 @@
_: let
hostConfig = {
lib,
config,
modulesPath,
tree,
...
}: {
imports = with tree.nixos.roles; [
server
k8s-cluster
(modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/" = {
device = "/dev/disk/by-uuid/cf27e80b-f418-472e-8846-36073a76a628";
fsType = "ext4";
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
networking = {
hostName = "ran";
domain = "gensokyo.zone";
nameservers = [
"8.8.8.8"
];
defaultGateway = "172.31.1.1";
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
dhcpcd.enable = false;
usePredictableInterfaceNames = lib.mkForce false;
interfaces = {
eth0 = {
ipv4.addresses = [
{
address = "5.78.46.139";
prefixLength = 32;
}
];
ipv6.addresses = [
{
address = "2a01:4ff:1f0:c700::1";
prefixLength = 64;
}
{
address = "fe80::9400:2ff:fe25:4acb";
prefixLength = 64;
}
];
ipv4.routes = [
{
address = "172.31.1.1";
prefixLength = 32;
}
];
ipv6.routes = [
{
address = "fe80::1";
prefixLength = 128;
}
];
};
};
};
boot = {
loader.grub = {
enable = true;
device = "/dev/sda";
version = 2;
};
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
kernelModules = [];
};
kernelModules = [];
extraModulePackages = [];
};
services.udev.extraRules = ''
ATTR{address}=="96:00:02:25:4a:cb", NAME="eth0"
'';
system.stateVersion = "21.11";
};
in {
arch = "x86_64";
type = "NixOS";
modules = [
hostConfig
];
}

3
systems/renko.nix
View file

@ -7,7 +7,6 @@ _: let
inherit (lib.modules) mkDefault; inherit (lib.modules) mkDefault;
in { in {
imports = with tree.nixos.roles; [ imports = with tree.nixos.roles; [
rosetta
bootable bootable
]; ];
@ -16,6 +15,8 @@ _: let
initrd.availableKernelModules = ["virtio_pci" "xhci_pci" "usb_storage" "usbhid"]; initrd.availableKernelModules = ["virtio_pci" "xhci_pci" "usb_storage" "usbhid"];
}; };
virtualization.rosetta.enable = true;
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/d91cbfb6-5a09-45d8-b226-fc97c6b09f61"; device = "/dev/disk/by-uuid/d91cbfb6-5a09-45d8-b226-fc97c6b09f61";

9
systems/sumireko.nix
View file

@ -14,7 +14,7 @@ _: let
enable = true; enable = true;
extraConfig = '' extraConfig = ''
Host renko Host renko
HostName 192.168.64.3 HostName 192.168.64.5
Port 62954 Port 62954
User root User root
''; '';
@ -92,7 +92,14 @@ _: let
"obsidian" "obsidian"
"contexts" "contexts"
"rectangle" "rectangle"
"signal"
"telegram"
"discord"
"deluge"
"keybase" "keybase"
"anki"
"firefox"
"google-chrome"
]; ];
taps = [ taps = [
"pulumi/tap" "pulumi/tap"

17
tf/ran-cf.tf
View file

@ -1,17 +0,0 @@
resource "cloudflare_record" "ran_v4" {
name = "ran"
proxied = false
ttl = 3600
type = "A"
value = hcloud_server.ran.ipv4_address
zone_id = local.zone_ids.gensokyo
}
resource "cloudflare_record" "ran_v6" {
name = "ran"
proxied = false
ttl = 3600
type = "AAAA"
value = hcloud_server.ran.ipv6_address
zone_id = local.zone_ids.gensokyo
}

110
tf/ran-hcloud.tf
View file

@ -1,110 +0,0 @@
resource "hcloud_primary_ip" "ran_ipv4" {
auto_delete = false
name = "ran-v4"
datacenter = "hil-dc1"
type = "ipv4"
assignee_type = "server"
}
resource "hcloud_primary_ip" "ran_ipv6" {
auto_delete = false
name = "ran-v6"
datacenter = "hil-dc1"
type = "ipv6"
assignee_type = "server"
}
resource "hcloud_server" "ran" {
name = "ran"
server_type = "cpx21"
keep_disk = true
allow_deprecated_images = false
image = "ubuntu-22.04"
datacenter = "hil-dc1"
public_net {
ipv4_enabled = true
ipv4 = hcloud_primary_ip.ran_ipv4.id
ipv6_enabled = true
ipv6 = hcloud_primary_ip.ran_ipv6.id
}
firewall_ids = [
hcloud_firewall.ran.id
]
lifecycle {
ignore_changes = [
user_data,
public_net
]
}
}
resource "hcloud_rdns" "ran-v4" {
server_id = hcloud_server.ran.id
ip_address = hcloud_server.ran.ipv4_address
dns_ptr = "ran.gensokyo.zone"
}
resource "hcloud_rdns" "ran-v6" {
server_id = hcloud_server.ran.id
ip_address = hcloud_server.ran.ipv6_address
dns_ptr = "ran.gensokyo.zone"
}
resource "hcloud_firewall" "ran" {
name = "ran-firewall"
rule {
direction = "in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "6443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "udp"
port = "60000-61000"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}