new server
parent
1f47e3ba30
commit
a3bd62994f
4
conf
4
conf
|
@ -14,6 +14,10 @@ remote)
|
|||
export NIX_PATH="nixpkgs=$HOME/builds/nixpkgs/:ssh-id-file=`pwd`/deploy_key":secrets=`pwd`/secrets.nix
|
||||
eval ${@:2}
|
||||
;;
|
||||
remote-new)
|
||||
export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-16.03/nixexprs.tar.xz:ssh-id-file=`pwd`/deploy_key":secrets=`pwd`/secrets.nix
|
||||
eval ${@:2}
|
||||
;;
|
||||
local-deploy)
|
||||
sudo $0 local nixos-rebuild switch
|
||||
;;
|
||||
|
|
|
@ -8,4 +8,8 @@ with (import <secrets>).hostnames; {
|
|||
imports = [./frumar/configuration.nix];
|
||||
deployment.targetHost = frumar;
|
||||
};
|
||||
pennyworth = {
|
||||
imports = [./pennyworth/configuration.nix];
|
||||
deployment.targetHost = pennyworth;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (lib) mkEnableOption mkOption types mkIf;
|
||||
cfg = config."nixos-in-place";
|
||||
in
|
||||
{
|
||||
imports = [ ];
|
||||
options."nixos-in-place" = {
|
||||
enable = mkEnableOption "enable nixos-in-place FS";
|
||||
rootfs = mkOption {
|
||||
type = types.string;
|
||||
description = "device name for root fs";
|
||||
};
|
||||
swapfs = mkOption {
|
||||
type = types.string;
|
||||
description = "device name for root fs";
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
boot = {
|
||||
kernelModules = [ ];
|
||||
extraModulePackages = [ ];
|
||||
kernelParams = ["root=${cfg.rootfs}" "boot.shell_on_fail"];
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
storePath = "/nixos/nix/store";
|
||||
};
|
||||
initrd = {
|
||||
supportedFilesystems = [ "ext4" ];
|
||||
postDeviceCommands = ''
|
||||
mkdir -p /mnt-root/old-root ;
|
||||
mount -t ext4 ${cfg.rootfs} /mnt-root/old-root ;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/old-root/nixos";
|
||||
fsType = "none";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
"/old-root" = {
|
||||
device = cfg.rootfs;
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
swapDevices = [ { device = cfg.swapfs; } ];
|
||||
};
|
||||
}
|
|
@ -27,7 +27,7 @@ in
|
|||
services.openssh.enable = true;
|
||||
|
||||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "15.09";
|
||||
system.stateVersion = "16.03";
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,46 +1,29 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
ipconf = (import <secrets>).ipconf.${config.networking.hostName};
|
||||
in
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/be7625e5-2e2c-41f2-8d5f-331f90980b9e"; }
|
||||
];
|
||||
|
||||
imports = [ ../nixos-in-place.nix ];
|
||||
"nixos-in-place" = {
|
||||
enable = true;
|
||||
rootfs = "/dev/mapper/CAC_VG-CAC_LV";
|
||||
swapfs = "/dev/disk/by-uuid/be7625e5-2e2c-41f2-8d5f-331f90980b9e";
|
||||
};
|
||||
boot = {
|
||||
kernelModules = [ ];
|
||||
extraModulePackages = [ ];
|
||||
kernelParams = ["boot.shell_on_fail"];
|
||||
loader.grub.device = "/dev/sda";
|
||||
loader.grub.storePath = "/nixos/nix/store";
|
||||
initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "floppy" ];
|
||||
initrd.supportedFilesystems = [ "ext4" ];
|
||||
initrd.postDeviceCommands = ''
|
||||
mkdir -p /mnt-root/old-root ;
|
||||
mount -t ext4 /dev/mapper/CAC_VG-CAC_LV /mnt-root/old-root ;
|
||||
'';
|
||||
loader.grub.device = "/dev/sda";
|
||||
initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "floppy" ];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/old-root/nixos";
|
||||
fsType = "none";
|
||||
"options" = "bind";
|
||||
};
|
||||
"/old-root" = {
|
||||
device = "/dev/mapper/CAC_VG-CAC_LV";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
networking = {
|
||||
interfaces.enp2s0 = {
|
||||
useDHCP = false;
|
||||
ipAddress = "104.233.92.136";
|
||||
prefixLength = 24;
|
||||
useDHCP = false;
|
||||
inherit (ipconf) ip4 ip6;
|
||||
};
|
||||
defaultGateway = "104.233.92.1";
|
||||
nameservers = ["8.8.8.8"];
|
||||
inherit (ipconf) nameservers;
|
||||
defaultGateway = ipconf.gateway4;
|
||||
#defaultGateway6 = ipconf.gateway6;
|
||||
};
|
||||
|
||||
nix.maxJobs = 1;
|
||||
|
||||
}
|
||||
|
|
|
@ -15,6 +15,6 @@
|
|||
in builtins.toString sshIdFile} $TEMP_ID
|
||||
chown `whoami` $TEMP_ID
|
||||
chmod 400 $TEMP_ID
|
||||
exec -a ssh ${openssh}/bin/ssh -i $TEMP_ID -o StrictHostKeyChecking=no "$@"
|
||||
exec -a ssh ${openssh}/bin/ssh -F /dev/null -i $TEMP_ID -o StrictHostKeyChecking=no "$@"
|
||||
'';
|
||||
})
|
||||
|
|
|
@ -2,10 +2,10 @@
|
|||
{ nixpkgs ? import <nixpkgs> {} }: with nixpkgs;
|
||||
stdenv.mkDerivation rec {
|
||||
name = "gogs-${version}";
|
||||
version = "0.8.10";
|
||||
version = "0.9.0";
|
||||
src = fetchzip {
|
||||
url = "https://dl.gogs.io/gogs_v${version}_linux_amd64.tar.gz";
|
||||
sha256 = "0c0abr0jinyvwhw84901ga80x6q13a0q8yrs6k5i8jawhpwvfl67";
|
||||
sha256 = "1qyy0hi8hvz2k4p9251mx8xv9z08jwijfzl0rn0drm6sq34a7wg9";
|
||||
};
|
||||
buildPhase = ''
|
||||
patchelf \
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
secrets = import <secrets>;
|
||||
yoricc = import ../packages/yori-cc.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../roles/common.nix
|
||||
];
|
||||
|
||||
networking.hostName = secrets.hostnames.pennyworth;
|
||||
|
||||
services.openssh.enable = true;
|
||||
networking.enableIPv6 = lib.mkOverride 30 true;
|
||||
|
||||
system.stateVersion = "16.03";
|
||||
|
||||
# root password is useful from console, ssh has password logins disabled
|
||||
users.extraUsers.root.hashedPassword = secrets.pennyworth_hashedPassword;
|
||||
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
httpConfig = ''
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log logs/access.log main;
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
#keepalive_timeout 0;
|
||||
keepalive_timeout 65;
|
||||
|
||||
|
||||
gzip on;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
|
||||
location / {
|
||||
root ${pkgs.nginx}/usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
location = /50x.html {
|
||||
root ${pkgs.nginx}/usr/share/nginx/html;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name yori.cc;
|
||||
server_tokens off;
|
||||
location / {
|
||||
root ${yoricc}/web;
|
||||
}
|
||||
}
|
||||
|
||||
'';
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [80];
|
||||
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
ipconf = (import <secrets>).ipconf.${config.networking.hostName};
|
||||
in
|
||||
{
|
||||
imports = [ ../nixos-in-place.nix ];
|
||||
"nixos-in-place" = {
|
||||
enable = true;
|
||||
rootfs = "/dev/disk/by-uuid/7165e542-0995-474c-a228-9592339e0604";
|
||||
swapfs = "/dev/disk/by-uuid/baaf824a-bee0-4037-a237-3a69f1db7985";
|
||||
};
|
||||
# fs layout:
|
||||
# before: /nixos/nix/* /boot/grub/menu.lst
|
||||
# after: /nix/* /old-root/boot/grub/menu.lst
|
||||
boot = {
|
||||
# use grub 1, don't install
|
||||
loader.grub = {
|
||||
version = 1;
|
||||
extraPerEntryConfig = "root (hd0,0)"; # do we need this?
|
||||
mirroredBoots = [{
|
||||
path = "/old-root/boot";
|
||||
devices = ["nodev"];
|
||||
}];
|
||||
};
|
||||
initrd.availableKernelModules = [ "xen_blkfront" ];
|
||||
};
|
||||
networking = {
|
||||
usePredictableInterfaceNames = false; # only eth0
|
||||
interfaces.eth0 = {
|
||||
useDHCP = false;
|
||||
inherit (ipconf) ip4 ip6;
|
||||
};
|
||||
inherit (ipconf) nameservers;
|
||||
# ideally, it should add a route for this automatically
|
||||
#defaultGateway = ipconf.gateway4;
|
||||
#defaultGateway6 = ipconf.gateway6;
|
||||
};
|
||||
systemd.services."network-setup".postStart = with ipconf; ''
|
||||
ip route add ${gateway4} dev eth0 || true
|
||||
ip route add default via ${gateway4} || true
|
||||
ip -6 route add ${gateway6} dev eth0 || true
|
||||
ip -6 route add default via ${gateway6} || true
|
||||
'';
|
||||
nix.maxJobs = lib.mkDefault 2;
|
||||
}
|
|
@ -21,8 +21,11 @@
|
|||
https://hydra.nixos.org
|
||||
];
|
||||
|
||||
nix.trustedBinaryCaches = config.nix.binaryCaches;
|
||||
nix.binaryCachePublicKeys = ["hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ];
|
||||
nix.trustedBinaryCaches = config.nix.binaryCaches ++ [http://hydra.cryp.to];
|
||||
nix.binaryCachePublicKeys = [
|
||||
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
|
||||
"hydra.cryp.to-1:8g6Hxvnp/O//5Q1bjjMTd5RO8ztTsG8DKPOAg9ANr2g="
|
||||
];
|
||||
|
||||
nix.extraOptions = ''
|
||||
allow-unsafe-native-code-during-evaluation = true
|
||||
|
|
|
@ -1,22 +1,29 @@
|
|||
-----BEGIN PGP MESSAGE-----
|
||||
Version: GnuPG v2
|
||||
|
||||
hQIMA++MoCsgK05SARAAgsaInIKBcBNB04oarPxeswE+Y+DFWmb3JDPChesJCDy+
|
||||
OkVMFp+ZOkNgoVBFdJ/jrCngNNK/MJ4Nx0G87HIy4OEoSyEDWAgZCg6+eZHlUVkY
|
||||
XjUVpWMA5ppzEieiqAF3VczZ9sk8kLseagTbIR/AA+DF4cXNjT46zcURtVUsxkTo
|
||||
rBoCRlGgzVi5L3dzz81CFR1ZdIbQ1SpDib9isLGd38dPvTXFD8IJLmcef8SR2FkN
|
||||
eKoaA2HIC3CF3BfGBlKj+pcXsytHXgs5B2JUzGo0RYdLokQBh4/JhFT8obT5/udz
|
||||
IbiqdcREyp6rUw+VMmcFSu1OIdpQ+OzfiiKcMkNIO1VO1GXNQkfUfo5FbVMIxKu1
|
||||
DQ4l00DBr6vWS3S3djPzMMmznAUIXAsBrby7cta5Utel+lcTjSa4tbEVHMQKx+Qy
|
||||
mjzS/GnpRBPnAsxapUDLdTmUPxALpI76mZVRm9xZyYYcliphUdO6Sx9Er8BEEnuz
|
||||
DdTgOO3bDz/wx3+oth9YNn+FqYKMItUJ/FZIcdPklrNd1/zKbS5hLt6+tmjQAJGH
|
||||
rMWumhEc9NQIKbWdl8TovV9jF+NYS7mmxzi/TP4C+eNlYuZYNf8tAS+edr+Z0wSy
|
||||
crHANbmnfLwAWzpJhqWAFtPJ8fLFoNUEz2Z+Sc3MgCCN6zXl2qMyDDd/Ns6+FInS
|
||||
wFsBcOTNfaHqkiaMQSJQVx0H8yhLos25ECwLu7+ux7uRRGc5m+cMyq6nRBT7HPEa
|
||||
7bfYE2xGMirIsHsxFkx+0U3ytUSRoPQYBIQuM3al71ao1b7WCyZFr58FF59wVUqp
|
||||
9Dz7bNUpXuSzyahJAX6+RHFliLgKwsKHox93eBgcTI1FvJc5sqfHfzfqhdjylTgA
|
||||
yWIpeZTjMhwXf4j0JrbUZt1b/9U2vzwbJQpYKkVn21zntTea+9+LMNziWHW1q2Lx
|
||||
gJJPD5P9eTHuAjzdzQwEReijDicx3E1+AaPAvEqbGSP58p24c/K+Mlf3BQu1QgZz
|
||||
mwDKQO9XZf1WCTvybsMktrFQzpOYhNIVDy1R7HSVB4wRu3LslrKmRpByjZ9y
|
||||
=rpa6
|
||||
hQIMA++MoCsgK05SAQ/+LvophpN/moY95XS96yuFU6UYe1zssnx0BXVlaG97U/PN
|
||||
bKwhhuCWizCvF3jG2hhSQdcwd8ezi9Wf9YXPITN+jrBxyona7/Z271Pw6Wes0skf
|
||||
wx5RX5m0QKH6ml35J160BIREiEm1U0CYSlGLX61hKHU2btvVxI0KnpzFZ9RGPe1J
|
||||
oSY4hsjZGvXja6ZmouJX2gDDIIyibgkAvLk5ooJ6zr6qP4e8u2n5rDXDBOjvxjig
|
||||
JXdCzBzCICFaU3UbAfD9KHjC9aWQD1fwKMg0HQo49SRuGqokIhpKgDbkiZev2Rnz
|
||||
5nncwpTqM5oCmUjgJLHmCFvBOVFxyxxDmLDNU3BY6SU+xFNar63tQwSrmcW3Qlt0
|
||||
2tFE+OOC04o7efcT+Ca2VKVzQKeGbCwKdwktYVkpXYphGUo8HnqR+b3lQUXkK1Om
|
||||
2kbYQtH8ztMIDUcb94sVcWANvhJhHAeeXVxCvDsaSWF5N1rrW6i/R4DxaBcgfkcn
|
||||
+ioTVSOmlfOXWcBtucOS1KS2vl4WugslYXKi8RLgNYOj0h02jVsCdgPJqas7/TJc
|
||||
+DkGbGLIsnwCt15yyw4d2NZz26ouX2vtfTR5wt9wChIuxL1j8MiBlw4QMPxmDDs5
|
||||
PQSLLyBySiibZVYWYaDv2Icp6AZ7kgD3XNf6z57BOAoyy7RdwuYEyq5cwZOIs1/S
|
||||
6QHC5J0WQ6H0sL6k/mQYLOAGbsa7EW3Tv1wWXyPTZyWonVZOgU3mYnWLp2qKPSae
|
||||
1sMWRvfd9hh41T8BVaDR9uXjFNeHo6Xk/mk2eWYyaNdlSulh2JpFjKJ3+2/DlLtR
|
||||
gBxFIHaXXBPONlFMzq5GQ2xD6zS+tFJOc+MHjGNg3qIC0B4UnePOeT/OrhecufQG
|
||||
BwobrUqO1JfUF30TX8ncGeb69GUI6TUiVENB1yQ5SU9+hW5zE6QM/ZiiUMMbHkAJ
|
||||
2NTAnKmZQBZlWhb3GLeVq+bUIrn+QUNqJQN5bT1resOL3b7nVxrrQp9ryH2gu0Fb
|
||||
rUIHL+RVYPb7IXsxLGskmHQffIEQ3AIag3LR8VuSzOd5EpIE+h90jSB0B85ENVYo
|
||||
PkojI8buXckXVV7ro3t2BHcT7r2o6ZmhnW7IkF7P6QpV7oycRw3WdZ7C0mwmNbJq
|
||||
ZWqG3N8aMv9URyBcIXI0qXcEHImx2v+6oLsZ/XUP3RGnbU1B7Twh/LHcZ3QfCA/u
|
||||
7TdBxnBgLnRXBt48W+iSoLRw9SxIdLlpXpez/vQIjFHGM/a6XLRJgctMcK5rQdGS
|
||||
yd3CXR0hVpDaZH33LFop67Phj5vvdop3ONHOmfV6NMqHbkH/p7rhHcdWBOVtNvry
|
||||
j9vekI7qlEVBwuXgx9HHMPNNlkve94qbZSjpiGn+PHQmaF4/jCTZ41PmBaSp8mGC
|
||||
eTMA9NQbUsBNew9UcryWl6rFrNMIcwu7De9REh0ovjoo6g3mxJhZuhWPwtmnEHpt
|
||||
zzoF4hSeoisJwg+JwGq4lQbjVJBgjdcFqke6BAEvam1Jqale5CKJ1GKb
|
||||
=fAua
|
||||
-----END PGP MESSAGE-----
|
||||
|
|
Loading…
Reference in New Issue