forked from rarias/jungle
Rodrigo Arias Mallo
1c0e002079
It routes traffic from fox, apex and the compute nodes so that we can reach the git servers and tent.
85 lines
2.1 KiB
Nix
85 lines
2.1 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = [
|
|
../common/xeon.nix
|
|
../module/emulation.nix
|
|
../module/debuginfod.nix
|
|
../module/ssh-hut-extern.nix
|
|
./monitoring.nix
|
|
./nginx.nix
|
|
./nix-serve.nix
|
|
./gitlab-runner.nix
|
|
./gitea.nix
|
|
../hut/public-inbox.nix
|
|
../hut/msmtp.nix
|
|
../module/p.nix
|
|
../module/vpn-dac.nix
|
|
];
|
|
|
|
# Select the this using the ID to avoid mismatches
|
|
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d537675";
|
|
|
|
networking = {
|
|
hostName = "tent";
|
|
interfaces.eno1.ipv4.addresses = [
|
|
{
|
|
address = "10.0.44.4";
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
|
|
# Only BSC DNSs seem to be reachable from the office VLAN
|
|
nameservers = [ "84.88.52.35" "84.88.52.36" ];
|
|
search = [ "bsc.es" "ac.upc.edu" ];
|
|
defaultGateway = "10.0.44.1";
|
|
hosts = {
|
|
"84.88.53.236" = [ "apex" ];
|
|
"10.0.44.1" = [ "raccoon" ];
|
|
};
|
|
};
|
|
|
|
services.p.enable = true;
|
|
|
|
services.prometheus.exporters.node = {
|
|
enable = true;
|
|
enabledCollectors = [ "systemd" ];
|
|
port = 9002;
|
|
listenAddress = "127.0.0.1";
|
|
};
|
|
|
|
boot.swraid = {
|
|
enable = true;
|
|
mdadmConf = ''
|
|
DEVICE partitions
|
|
ARRAY /dev/md0 metadata=1.2 UUID=496db1e2:056a92aa:a544543f:40db379d
|
|
MAILADDR root
|
|
'';
|
|
};
|
|
|
|
fileSystems."/vault" = {
|
|
device = "/dev/disk/by-label/vault";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
# Make a /vault/$USER directory for each user.
|
|
systemd.services.create-vault-dirs = let
|
|
# Take only normal users in tent
|
|
users = lib.filterAttrs (_: v: v.isNormalUser) config.users.users;
|
|
commands = lib.concatLists (lib.mapAttrsToList
|
|
(_: user: [
|
|
"install -d -o ${user.name} -g ${user.group} -m 0711 /vault/home/${user.name}"
|
|
]) users);
|
|
script = pkgs.writeShellScript "create-vault-dirs.sh" (lib.concatLines commands);
|
|
in {
|
|
enable = true;
|
|
wants = [ "local-fs.target" ];
|
|
after = [ "local-fs.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig.ExecStart = script;
|
|
};
|
|
|
|
# disable automatic garbage collector
|
|
nix.gc.automatic = lib.mkForce false;
|
|
}
|