summary refs log tree commit diff stats
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/by-name/server1/configuration.nix11
-rw-r--r--hosts/by-name/server1/networking.nix2
-rw-r--r--hosts/by-name/server2/configuration.nix16
-rw-r--r--hosts/by-name/server2/networking.nix34
-rw-r--r--hosts/default.nix42
-rw-r--r--hosts/host-names.toml2
6 files changed, 71 insertions, 36 deletions
diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix
index ab7c02a..6bb1067 100644
--- a/hosts/by-name/server1/configuration.nix
+++ b/hosts/by-name/server1/configuration.nix
@@ -25,7 +25,16 @@
     postgresql.enable = true;
     redlib.enable = true;
     users.enable = true;
-    persist.enable = true;
+    persist = {
+      enable = true;
+      directories = [
+        "/var/log"
+
+        # TODO(@bpeetz): Instead of persisting that, encode each uid/gid directly in the
+        # config. <2024-12-24>
+        "/var/lib/nixos"
+      ];
+    };
   };
 
   boot.tmp.cleanOnBoot = true;
diff --git a/hosts/by-name/server1/networking.nix b/hosts/by-name/server1/networking.nix
index 4e1d64a..dd9b9af 100644
--- a/hosts/by-name/server1/networking.nix
+++ b/hosts/by-name/server1/networking.nix
@@ -47,6 +47,6 @@
 
   # cat /sys/class/net/eth0/address
   services.udev.extraRules = ''
-    ATTR{address}=="66:78:8e:15:33:2e", NAME="eth0"
+    ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0"
   '';
 }
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
index 571a235..07b78c3 100644
--- a/hosts/by-name/server2/configuration.nix
+++ b/hosts/by-name/server2/configuration.nix
@@ -8,7 +8,7 @@
     back = {
       enable = true;
       repositories = {
-        "${config.services.gitolite.dataDir}/vhack.eu/nixos-server.git" = {
+        "${config.services.gitolite.dataDir}/repositories/vhack.eu/nixos-server.git" = {
           domain = "issues.foss-syndicate.org";
           port = 9220;
         };
@@ -20,9 +20,19 @@
       domain = "git.foss-syndicate.org";
       gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532";
     };
-    nginx.enable = true;
+    nginx = {
+      enable = true;
+      redirects = {
+        "source.foss-syndicate.org" = "https://git.foss-syndicate.org/vhack.eu/nixos-server";
+      };
+    };
     openssh.enable = true;
-    persist.enable = true;
+    persist = {
+      enable = true;
+      directories = [
+        "/var/log"
+      ];
+    };
     rust-motd.enable = true;
     users.enable = true;
   };
diff --git a/hosts/by-name/server2/networking.nix b/hosts/by-name/server2/networking.nix
index e6a96c2..6b7b0ee 100644
--- a/hosts/by-name/server2/networking.nix
+++ b/hosts/by-name/server2/networking.nix
@@ -1,42 +1,40 @@
-{lib, ...}: let
-  ipv4 = "185.16.61.132";
-  ipv6 = "2a03:4000:a:106::1";
-in {
+{lib, ...}: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
   networking = {
     nameservers = [
-      "8.8.8.8"
+      "46.38.225.230"
+      "46.38.252.230"
+      "2a03:4000:0:1::e1e6"
     ];
-
-    defaultGateway = {
-      address = "89.58.56.1";
-      interface = "eth0";
-    };
+    defaultGateway = "185.16.60.1";
     defaultGateway6 = {
       address = "fe80::1";
       interface = "eth0";
     };
-
     dhcpcd.enable = false;
-
     usePredictableInterfaceNames = lib.mkForce false;
-
     interfaces = {
       eth0 = {
         ipv4.addresses = [
           {
-            address = ipv4;
-            prefixLength = 22;
+            address = "185.16.61.132";
+            prefixLength = 23;
           }
         ];
         ipv6.addresses = [
           {
-            address = ipv6;
+            address = "2a03:4000:a:106:6478:8eff:fe15:332e";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::6478:8eff:fe15:332e";
             prefixLength = 64;
           }
         ];
         ipv4.routes = [
           {
-            address = ipv4;
+            address = "185.16.60.1";
             prefixLength = 32;
           }
         ];
@@ -50,6 +48,6 @@ in {
     };
   };
   services.udev.extraRules = ''
-    ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0"
+    ATTR{address}=="66:78:8e:15:33:2e", NAME="eth0"
   '';
 }
diff --git a/hosts/default.nix b/hosts/default.nix
index f7df5d3..f53ee35 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -4,22 +4,38 @@
   nixpkgs,
   specialArgs,
   extraModules,
+  deployPackage,
 }: let
+  hostnames = builtins.fromTOML (builtins.readFile ./host-names.toml);
+
   hosts = nixLib.mkByName {
     useShards = false;
     baseDirectory = ./by-name;
     fileName = "configuration.nix";
-    finalizeFunction = name: value:
-      nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        inherit specialArgs;
-        modules =
-          extraModules
-          ++ [
-            ../modules
-            value
-          ];
-      };
+    finalizeFunction = name: value: value;
   };
-in
-  hosts
+
+  mkNixosConfiguration = _: value:
+    nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      inherit specialArgs;
+      modules =
+        extraModules
+        ++ [
+          ../modules
+          value
+        ];
+    };
+  nixosConfigurations = builtins.mapAttrs mkNixosConfiguration hosts;
+
+  mkDeploy = name: _: {
+    hostname = hostnames."${name}";
+    profiles.system = {
+      user = "root";
+      path = deployPackage.lib.activate.nixos nixosConfigurations."${name}";
+    };
+  };
+  deploy = {nodes = builtins.mapAttrs mkDeploy hosts;};
+in {
+  inherit nixosConfigurations deploy;
+}
diff --git a/hosts/host-names.toml b/hosts/host-names.toml
new file mode 100644
index 0000000..fd5b960
--- /dev/null
+++ b/hosts/host-names.toml
@@ -0,0 +1,2 @@
+server1 = "server1.vhack.eu"
+server2 = "server2.vhack.eu"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-27 03:39:26 +0000