forked from Fachschaft/nixConfig
Compare commits
4 commits
b275efa6df
...
559c5a47ad
Author | SHA1 | Date | |
---|---|---|---|
|
559c5a47ad | ||
|
bb93d3aed5 | ||
|
4318950142 | ||
|
e8929ff159 |
5 changed files with 127 additions and 0 deletions
19
nixos/machines/ghatanothoa/configuration.nix
Normal file
19
nixos/machines/ghatanothoa/configuration.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
flake-inputs:
|
||||||
|
{config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../../modules/jitsi.nix
|
||||||
|
../../roles
|
||||||
|
./network.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.mathebau-jitsi = {
|
||||||
|
enable = true;
|
||||||
|
hostName = "meet.mathebau.de";
|
||||||
|
};
|
||||||
|
|
||||||
|
# System configuration here
|
||||||
|
networking.hostName = "ghatanothoa";
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
}
|
31
nixos/machines/ghatanothoa/hardware-configuration.nix
Normal file
31
nixos/machines/ghatanothoa/hardware-configuration.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{config, lib, pkgs, modulesPath, ...}: {
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "gha-root";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = [ "size=1G" "mode=755" ];
|
||||||
|
};
|
||||||
|
fileSystems."/persist" = {
|
||||||
|
device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=persist" ];
|
||||||
|
neededForBoot = true;
|
||||||
|
};
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/19da7f3a-69da-4fa8-bb68-b355d7697ba7";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
fileSystems."/nix" = {
|
||||||
|
device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=nix" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a"; }];
|
||||||
|
|
||||||
|
nix.settings.max-jobs = lib.mkDefault 4;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
15
nixos/machines/ghatanothoa/network.nix
Normal file
15
nixos/machines/ghatanothoa/network.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# We sohuld put that config somewhere in roles and give it a parameter or something,
|
||||||
|
# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways
|
||||||
|
# depend on the same thing
|
||||||
|
{
|
||||||
|
imports = [ ];
|
||||||
|
networking = {
|
||||||
|
interfaces.enX0.ipv4.addresses = [ {
|
||||||
|
address = "192.168.0.25";
|
||||||
|
prefixLength = 16;
|
||||||
|
} ];
|
||||||
|
defaultGateway = "192.168.0.152";
|
||||||
|
nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
55
nixos/modules/jitsi.nix
Normal file
55
nixos/modules/jitsi.nix
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
{pkgs, config, lib, modulesPath, ...}:
|
||||||
|
let
|
||||||
|
inherit (lib)
|
||||||
|
mkIf
|
||||||
|
mkEnableOption
|
||||||
|
mkOption
|
||||||
|
head;
|
||||||
|
inherit (lib.types) str;
|
||||||
|
cfg = config.services.mathebau-jitsi;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
|
||||||
|
|
||||||
|
options.services.mathebau-jitsi = {
|
||||||
|
enable = mkEnableOption "mathebau jitsi service";
|
||||||
|
hostName = mkOption {
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
localAddress = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.jitsi-meet = {
|
||||||
|
enable = true;
|
||||||
|
hostName = cfg.hostName;
|
||||||
|
config = {
|
||||||
|
defaultLang = "de";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.jitsi-videobridge = {
|
||||||
|
openFirewall = true;
|
||||||
|
nat = {
|
||||||
|
publicAddress = "130.83.2.184";
|
||||||
|
localAddress = cfg.localAddress;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environment.persistence.${config.impermanence.name} = {
|
||||||
|
directories = [
|
||||||
|
"/var/lib/jitsi-meet"
|
||||||
|
"/var/lib/prosody"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
#We are behind a reverse proxy that handles TLS
|
||||||
|
services.nginx.virtualHosts."${cfg.hostName}" = {
|
||||||
|
enableACME = false;
|
||||||
|
forceSSL = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
#The network ports for HTTP(S) are not opened automatically
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -55,5 +55,12 @@ services = {
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
prometheus.exporters.node = {
|
||||||
|
enable = true;
|
||||||
|
port = 9100;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
# Prometheus Monitoring
|
||||||
|
networking.firewall.allowedTCPPorts = [ 9100 ];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue