refactor(hosts): Use a `by-name` structure and construct all host depended values

This allows us to outsource the host-handling from the `flake.nix` file.
author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2024-12-25 18:25:51 +0100
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2024-12-25 18:25:51 +0100
commit: d9ab6c7ea59d29af3ae8c29c7367fe0e8808f5db (patch)
tree: 4076dca44feeb7fccf90af3f9c9cc6e73b845c6f /hosts/by-name
parent: fix(treewide): Add constant uids and gids to each user and group (diff)
download: nixos-server-d9ab6c7ea59d29af3ae8c29c7367fe0e8808f5db.zip
6 files changed, 221 insertions, 0 deletions
diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix
new file mode 100644
index 0000000..6bb1067
--- /dev/null
+++ b/hosts/by-name/server1/configuration.nix
@@ -0,0 +1,46 @@
+{config, ...}: {
+  imports = [
+    ./networking.nix # network configuration that just works
+    ./hardware.nix
+
+    ../../../system
+  ];
+
+  vhack = {
+    back = {
+      enable = true;
+      repositories = {
+        "${config.services.gitolite.dataDir}/vhack.eu/nixos-config.git" = {
+          domain = "issues.vhack.eu";
+          port = 9220;
+        };
+      };
+    };
+    etesync.enable = true;
+    git-server.enable = true;
+    nginx.enable = true;
+    nix-sync.enable = true;
+    openssh.enable = true;
+    peertube.enable = true;
+    postgresql.enable = true;
+    redlib.enable = true;
+    users.enable = true;
+    persist = {
+      enable = true;
+      directories = [
+        "/var/log"
+
+        # TODO(@bpeetz): Instead of persisting that, encode each uid/gid directly in the
+        # config. <2024-12-24>
+        "/var/lib/nixos"
+      ];
+    };
+  };
+
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking.hostName = "server1";
+  networking.domain = "vhack.eu";
+
+  system.stateVersion = "22.11";
+}
diff --git a/hosts/by-name/server1/hardware.nix b/hosts/by-name/server1/hardware.nix
new file mode 100644
index 0000000..9abc64c
--- /dev/null
+++ b/hosts/by-name/server1/hardware.nix
@@ -0,0 +1,14 @@
+{modulesPath, ...}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    (modulesPath + "/profiles/headless.nix")
+  ];
+
+  vhack.disko = {
+    enable = true;
+    # FIXME: Find a better way to specify the disk
+    disk = "/dev/vda";
+  };
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.kernelModules = [];
+}
diff --git a/hosts/by-name/server1/networking.nix b/hosts/by-name/server1/networking.nix
new file mode 100644
index 0000000..dd9b9af
--- /dev/null
+++ b/hosts/by-name/server1/networking.nix
@@ -0,0 +1,52 @@
+{lib, ...}: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    nameservers = [
+      "8.8.8.8"
+    ];
+    defaultGateway = {
+      address = "89.58.56.1";
+      interface = "eth0";
+    };
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "eth0";
+    };
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce false;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "89.58.58.33";
+            prefixLength = 22;
+          }
+        ];
+        ipv6.addresses = [
+          {
+            address = "2a03:4000:6a:3f3::1";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [
+          {
+            address = "89.58.56.1";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.routes = [
+          {
+            address = "fe80::1";
+            prefixLength = 128;
+          }
+        ];
+      };
+    };
+  };
+
+  # cat /sys/class/net/eth0/address
+  services.udev.extraRules = ''
+    ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0"
+  '';
+}
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
new file mode 100644
index 0000000..f385b55
--- /dev/null
+++ b/hosts/by-name/server2/configuration.nix
@@ -0,0 +1,41 @@
+{config, ...}: {
+  imports = [
+    ./networking.nix # network configuration that just works
+    ./hardware.nix
+  ];
+
+  vhack = {
+    back = {
+      enable = true;
+      repositories = {
+        "${config.services.gitolite.dataDir}/vhack.eu/nixos-server.git" = {
+          domain = "issues.foss-syndicate.org";
+          port = 9220;
+        };
+      };
+    };
+    fail2ban.enable = true;
+    git-server = {
+      enable = true;
+      domain = "git.foss-syndicate.org";
+      gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532";
+    };
+    nginx.enable = true;
+    openssh.enable = true;
+    persist = {
+      enable = true;
+      directories = [
+        "/var/log"
+      ];
+    };
+    rust-motd.enable = true;
+    users.enable = true;
+  };
+
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking.hostName = "server2";
+  networking.domain = "vhack.eu";
+
+  system.stateVersion = "24.11";
+}
diff --git a/hosts/by-name/server2/hardware.nix b/hosts/by-name/server2/hardware.nix
new file mode 100644
index 0000000..a6e4e40
--- /dev/null
+++ b/hosts/by-name/server2/hardware.nix
@@ -0,0 +1,15 @@
+{modulesPath, ...}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    (modulesPath + "/profiles/headless.nix")
+  ];
+
+  vhack.disko = {
+    enable = true;
+    # FIXME: Find a better way to specify the disk
+    disk = "/dev/vda";
+  };
+
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+  nixpkgs.hostPlatform = "x86_64-linux";
+}
diff --git a/hosts/by-name/server2/networking.nix b/hosts/by-name/server2/networking.nix
new file mode 100644
index 0000000..6b7b0ee
--- /dev/null
+++ b/hosts/by-name/server2/networking.nix
@@ -0,0 +1,53 @@
+{lib, ...}: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    nameservers = [
+      "46.38.225.230"
+      "46.38.252.230"
+      "2a03:4000:0:1::e1e6"
+    ];
+    defaultGateway = "185.16.60.1";
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "eth0";
+    };
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce false;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "185.16.61.132";
+            prefixLength = 23;
+          }
+        ];
+        ipv6.addresses = [
+          {
+            address = "2a03:4000:a:106:6478:8eff:fe15:332e";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::6478:8eff:fe15:332e";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [
+          {
+            address = "185.16.60.1";
+            prefixLength = 32;
+          }
+        ];
+        ipv6.routes = [
+          {
+            address = "fe80::1";
+            prefixLength = 128;
+          }
+        ];
+      };
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="66:78:8e:15:33:2e", NAME="eth0"
+  '';
+}
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2024-12-25 18:25:51 +0100
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2024-12-25 18:25:51 +0100
commit	d9ab6c7ea59d29af3ae8c29c7367fe0e8808f5db (patch)
tree	4076dca44feeb7fccf90af3f9c9cc6e73b845c6f /hosts/by-name
parent	fix(treewide): Add constant uids and gids to each user and group (diff)
download	nixos-server-d9ab6c7ea59d29af3ae8c29c7367fe0e8808f5db.zip