sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

import hetzner configuration from srvos

Browse source
This commit is contained in:
Jörg Thalheim 2023-01-01 17:04:38 +01:00
parent be63c3a072
commit 04190ab820
7 changed files with 18 additions and 79 deletions

6
build01/configuration.nix
View file

@ -12,9 +12,7 @@
{ {
imports = [ imports = [
../roles/common.nix ../roles/common.nix
../roles/hetzner/amd.nix ../roles/zfs-raid.nix
../roles/hetzner/network.nix
../roles/raid.nix
../roles/builder ../roles/builder
../roles/remote-builder/aarch64-nixos-community.nix ../roles/remote-builder/aarch64-nixos-community.nix
]; ];
@ -30,7 +28,7 @@
# Emulate armv7 until we have proper builders # Emulate armv7 until we have proper builders
boot.binfmt.emulatedSystems = [ "armv7l-linux" ]; boot.binfmt.emulatedSystems = [ "armv7l-linux" ];
networking.nix-community.ipv6.address = "2a01:4f8:13b:2ceb::1"; systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f8:13b:2ceb::1/64";
system.stateVersion = "20.03"; system.stateVersion = "20.03";
} }

7
build02/configuration.nix
View file

@ -3,9 +3,7 @@
{ {
imports = [ imports = [
../roles/common.nix ../roles/common.nix
../roles/hetzner/amd.nix ../roles/zfs-raid.nix
../roles/hetzner/network.nix
../roles/raid.nix
../roles/remote-builder/aarch64-build04.nix ../roles/remote-builder/aarch64-build04.nix
]; ];
@ -19,10 +17,9 @@
networking.hostName = "build02"; networking.hostName = "build02";
networking.hostId = "af9ccc71"; networking.hostId = "af9ccc71";
networking.useDHCP = false;
networking.nameservers = [ "1.1.1.1" "1.0.0.1" ]; networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
networking.nix-community.ipv6.address = "2a01:4f9:4a:2b02::1"; systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:4a:2b02::1/64";
system.stateVersion = "20.09"; system.stateVersion = "20.09";
} }

6
build03/configuration.nix
View file

@ -11,10 +11,8 @@
# $ nixos-enter # $ nixos-enter
imports = [ imports = [
../roles/common.nix ../roles/common.nix
../roles/hetzner/amd.nix
../roles/hetzner/network.nix
../roles/hercules-ci ../roles/hercules-ci
../roles/raid.nix ../roles/zfs-raid.nix
../roles/remote-builder/aarch64-build04.nix ../roles/remote-builder/aarch64-build04.nix
../services/hound ../services/hound
@ -27,7 +25,7 @@
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2; boot.loader.grub.version = 2;
networking.nix-community.ipv6.address = "2a01:4f9:3a:3b16::1"; systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:3a:3b16::1/64";
networking.hostName = "build03"; networking.hostName = "build03";
networking.hostId = "8daf74c0"; networking.hostId = "8daf74c0";

6
flake.lock generated
View file

@ -255,11 +255,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1672348966, "lastModified": 1672603492,
"narHash": "sha256-72Ejzcyx47eMrzGYW9deVbirB8JpPRU0UpoBpFW03PA=", "narHash": "sha256-2ihfON0EhEeL8yO8IbnD38QUAC+NmpLKQw2y6Y4+47E=",
"owner": "numtide", "owner": "numtide",
"repo": "srvos", "repo": "srvos",
"rev": "0b3a8aa5d6d54684161bc1752933fc1dc2445aef", "rev": "791e64c72c6c1b878654ff36bc95d64ae6b4b41e",
"type": "github" "type": "github"
}, },
"original": { "original": {

9
flake.nix
View file

@ -64,7 +64,7 @@
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.srvos.nixosModules.server inputs.srvos.nixosModules.server
inputs.srvos.nixosModules.telegraf inputs.srvos.nixosModules.mixins-telegraf
{ networking.firewall.allowedTCPPorts = [ 9273 ]; } { networking.firewall.allowedTCPPorts = [ 9273 ]; }
]; ];
in in
@ -75,6 +75,7 @@
common common
++ [ ++ [
./build01/configuration.nix ./build01/configuration.nix
inputs.srvos.nixosModules.hardware-hetzner-online-amd
]; ];
}; };
@ -92,7 +93,8 @@
; ;
}) })
./build02/configuration.nix ./build02/configuration.nix
inputs.srvos.nixosModules.nginx inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
]; ];
}; };
@ -105,7 +107,8 @@
inherit (inputs) nur-update; inherit (inputs) nur-update;
}) })
./build03/configuration.nix ./build03/configuration.nix
inputs.srvos.nixosModules.nginx inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
]; ];
}; };

43
roles/hetzner/network.nix
View file

@ -1,43 +0,0 @@
{ config, lib, ... }:
with lib;
let
cfg = config.networking.nix-community;
in
{
options = {
networking.nix-community.ipv6.address = mkOption {
type = types.str;
};
networking.nix-community.ipv6.cidr = mkOption {
type = types.str;
default = "64";
};
networking.nix-community.ipv6.gateway = mkOption {
type = types.str;
default = "fe80::1";
};
};
config = {
networking.usePredictableInterfaceNames = false;
networking.dhcpcd.enable = false;
# Don't take down the network for too long, this will use `systemctl
# restart` rather than stopping it with `systemctl stop` followed by a
# delayed `systemctl start`
systemd.services.systemd-networkd.stopIfChanged = true;
systemd.network = {
enable = true;
networks."ethernet".extraConfig = ''
[Match]
Type = ether
[Network]
DHCP = ipv4
Address = ${cfg.ipv6.address}/${cfg.ipv6.cidr}
Gateway = ${cfg.ipv6.gateway}
'';
};
};
}

20
roles/hetzner/amd.nix → roles/zfs-raid.nix
View file

@ -1,21 +1,7 @@
{ modulesPath, ... }:
{ {
imports = [ # for mdraid 1.1
"${modulesPath}/installer/scan/not-detected.nix" boot.loader.grub.extraConfig = "insmod mdraid1x";
]; services.telegraf.extraConfig.inputs.mdstat = { };
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
# SATA ssd (only build01)
"sd_mod"
# NVME
"nvme"
];
boot.kernelModules = [
"kvm-amd"
];
fileSystems."/" = { fileSystems."/" = {
device = "zroot/root/nixos"; device = "zroot/root/nixos";