diff --git a/nixos/machines/ghatanothoa/configuration.nix b/nixos/machines/ghatanothoa/configuration.nix new file mode 100644 index 0000000..4e60e1b --- /dev/null +++ b/nixos/machines/ghatanothoa/configuration.nix @@ -0,0 +1,19 @@ +flake-inputs: +{config, pkgs, lib, ... }: { + +imports = [ + ./hardware-configuration.nix + ../../modules/jitsi.nix + ../../roles + ./network.nix +]; + + services.mathebau-jitsi = { + enable = true; + hostName = "meet.mathebau.de"; + }; + +# System configuration here + networking.hostName = "ghatanothoa"; + system.stateVersion = "23.11"; +} diff --git a/nixos/machines/ghatanothoa/hardware-configuration.nix b/nixos/machines/ghatanothoa/hardware-configuration.nix new file mode 100644 index 0000000..ad588c9 --- /dev/null +++ b/nixos/machines/ghatanothoa/hardware-configuration.nix @@ -0,0 +1,31 @@ +{config, lib, pkgs, modulesPath, ...}: { + imports = [ ]; + + fileSystems."/" = { + device = "gha-root"; + fsType = "tmpfs"; + options = [ "size=1G" "mode=755" ]; + }; + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136"; + fsType = "btrfs"; + options = [ "subvol=persist" ]; + neededForBoot = true; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/19da7f3a-69da-4fa8-bb68-b355d7697ba7"; + fsType = "ext4"; + }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a"; }]; + + nix.settings.max-jobs = lib.mkDefault 4; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/machines/ghatanothoa/network.nix b/nixos/machines/ghatanothoa/network.nix new file mode 100644 index 0000000..7e26f79 --- /dev/null +++ b/nixos/machines/ghatanothoa/network.nix @@ -0,0 +1,15 @@ +# We sohuld put that config somewhere in roles and give it a parameter or something, +# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways +# depend on the same thing +{ + imports = [ ]; + networking = { + interfaces.enX0.ipv4.addresses = [ { + address = "192.168.0.25"; + prefixLength = 16; + } ]; + defaultGateway = "192.168.0.152"; + nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"]; + }; +} + diff --git a/nixos/modules/jitsi.nix b/nixos/modules/jitsi.nix new file mode 100644 index 0000000..ca2a8a7 --- /dev/null +++ b/nixos/modules/jitsi.nix @@ -0,0 +1,55 @@ +{pkgs, config, lib, modulesPath, ...}: +let + inherit (lib) + mkIf + mkEnableOption + mkOption + head; + inherit (lib.types) str; + cfg = config.services.mathebau-jitsi; +in +{ + imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")]; + + options.services.mathebau-jitsi = { + enable = mkEnableOption "mathebau jitsi service"; + hostName = mkOption { + type = str; + }; + localAddress = mkOption { + type = str; + default = (head config.networking.interfaces.enX0.ipv4.addresses).address; + }; + }; + + config = mkIf cfg.enable { + services.jitsi-meet = { + enable = true; + hostName = cfg.hostName; + config = { + defaultLang = "de"; + }; + }; + services.jitsi-videobridge = { + openFirewall = true; + nat = { + publicAddress = "130.83.2.184"; + localAddress = cfg.localAddress; + }; + }; + environment.persistence.${config.impermanence.name} = { + directories = [ + "/var/lib/jitsi-meet" + "/var/lib/prosody" + ]; + }; + #We are behind a reverse proxy that handles TLS + services.nginx.virtualHosts."${cfg.hostName}" = { + enableACME = false; + forceSSL = false; + }; + + #The network ports for HTTP(S) are not opened automatically + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +}