maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/ops/machines/sanduny/default.nix
Vincent Ambo d446143413 feat(ops/modules): set up public-inbox at inbox.tvl.su 
Initial setup which does not yet include fetching mails at all, this
is for now only going to display a manually populated view of the
existing mailing list while the rest of this stuff is set up.

Change-Id: Ie1235bd257c9056fe37d0740dfca771ebdd880eb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7628
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
2022-12-27 19:46:11 +00:00

130 lines
3 KiB
Nix
Raw Blame History

# sanduny.tvl.su
#
# This is a VPS hosted with Bitfolk, intended to additionally serve
# some of our public services like cgit, josh and the websites.
#
# In case of whitby going down, sanduny will keep depot available.
_: # ignore readTree options
{ config, depot, lib, pkgs, ... }:
let
mod = name: depot.path.origSrc + ("/ops/modules/" + name);
in
{
imports = [
(mod "cgit.nix")
(mod "depot-inbox.nix")
(mod "depot-replica.nix")
(mod "journaldriver.nix")
(mod "known-hosts.nix")
(mod "tvl-cache.nix")
(mod "tvl-users.nix")
(mod "www/inbox.tvl.su.nix")
(mod "www/self-redirect.nix")
];
networking = {
hostName = "sanduny";
domain = "tvl.su";
useDHCP = false;
interfaces.eth0 = {
ipv4.addresses = lib.singleton {
address = "85.119.82.231";
prefixLength = 21;
};
ipv6.addresses = lib.singleton {
address = "2001:ba8:1f1:f109::feed:edef:beef";
prefixLength = 64;
};
};
defaultGateway = "85.119.80.1";
defaultGateway6.address = "2001:ba8:1f1:f109::1";
firewall.allowedTCPPorts = [ 22 80 443 ];
# https://bitfolk.com/customer_information.html#toc_2_DNS
nameservers = [
"85.119.80.232"
"85.119.80.233"
"2001:ba8:1f1:f205::53"
"2001:ba8:1f1:f206::53"
];
};
security.sudo.wheelNeedsPassword = false;
environment.systemPackages = with pkgs; [
emacs-nox
vim
curl
unzip
htop
];
programs.mtr.enable = true;
services.openssh.enable = true;
services.fail2ban.enable = true;
# Automatically collect garbage from the Nix store.
services.depot.automatic-gc = {
enable = true;
interval = "1 hour";
diskThreshold = 2; # GiB
maxFreed = 5; # GiB
preserveGenerations = "90d";
};
# Allow Gerrit to replicate depot to /var/lib/depot
services.depot.replica.enable = true;
# Run git serving tools locally ...
services.depot.cgit = {
enable = true;
repo = "/var/lib/depot";
};
# Serve public-inbox ...
services.depot.inbox.enable = true;
time.timeZone = "UTC";
# GRUB does not actually need to be installed on disk; Bitfolk have
# their own way of booting systems as long as config is in place.
boot.loader.grub.device = "nodev";
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.initrd.availableKernelModules = [ "xen_blkfront" ];
hardware.cpu.intel.updateMicrocode = true;
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/aabc3638-43ca-45f3-af89-c451e8448e92";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/75aa99d5-fed7-4c5c-8570-7745f6cff9f5";
fsType = "ext3";
};
"/nix" = {
device = "/dev/disk/by-uuid/d1721678-c294-482b-b72e-3b15f2c56c63";
fsType = "ext4";
};
};
tvl.cache.enable = true;
swapDevices = lib.singleton {
device = "/dev/disk/by-uuid/df4ad9da-0a06-4c27-93e5-5d44e4750e55";
};
system.stateVersion = "22.05"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink