diff --git a/nixos/machines/ghatanothoa/configuration.nix b/nixos/machines/ghatanothoa/configuration.nix deleted file mode 100644 index 4e60e1b..0000000 --- a/nixos/machines/ghatanothoa/configuration.nix +++ /dev/null @@ -1,19 +0,0 @@ -flake-inputs: -{config, pkgs, lib, ... }: { - -imports = [ - ./hardware-configuration.nix - ../../modules/jitsi.nix - ../../roles - ./network.nix -]; - - services.mathebau-jitsi = { - enable = true; - hostName = "meet.mathebau.de"; - }; - -# System configuration here - networking.hostName = "ghatanothoa"; - system.stateVersion = "23.11"; -} diff --git a/nixos/machines/ghatanothoa/hardware-configuration.nix b/nixos/machines/ghatanothoa/hardware-configuration.nix deleted file mode 100644 index ad588c9..0000000 --- a/nixos/machines/ghatanothoa/hardware-configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -{config, lib, pkgs, modulesPath, ...}: { - imports = [ ]; - - fileSystems."/" = { - device = "gha-root"; - fsType = "tmpfs"; - options = [ "size=1G" "mode=755" ]; - }; - fileSystems."/persist" = { - device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136"; - fsType = "btrfs"; - options = [ "subvol=persist" ]; - neededForBoot = true; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/19da7f3a-69da-4fa8-bb68-b355d7697ba7"; - fsType = "ext4"; - }; - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a"; }]; - - nix.settings.max-jobs = lib.mkDefault 4; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/nixos/machines/ghatanothoa/network.nix b/nixos/machines/ghatanothoa/network.nix deleted file mode 100644 index 7e26f79..0000000 --- a/nixos/machines/ghatanothoa/network.nix +++ /dev/null @@ -1,15 +0,0 @@ -# We sohuld put that config somewhere in roles and give it a parameter or something, -# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways -# depend on the same thing -{ - imports = [ ]; - networking = { - interfaces.enX0.ipv4.addresses = [ { - address = "192.168.0.25"; - prefixLength = 16; - } ]; - defaultGateway = "192.168.0.152"; - nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"]; - }; -} - diff --git a/nixos/modules/jitsi.nix b/nixos/modules/jitsi.nix deleted file mode 100644 index ca2a8a7..0000000 --- a/nixos/modules/jitsi.nix +++ /dev/null @@ -1,55 +0,0 @@ -{pkgs, config, lib, modulesPath, ...}: -let - inherit (lib) - mkIf - mkEnableOption - mkOption - head; - inherit (lib.types) str; - cfg = config.services.mathebau-jitsi; -in -{ - imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")]; - - options.services.mathebau-jitsi = { - enable = mkEnableOption "mathebau jitsi service"; - hostName = mkOption { - type = str; - }; - localAddress = mkOption { - type = str; - default = (head config.networking.interfaces.enX0.ipv4.addresses).address; - }; - }; - - config = mkIf cfg.enable { - services.jitsi-meet = { - enable = true; - hostName = cfg.hostName; - config = { - defaultLang = "de"; - }; - }; - services.jitsi-videobridge = { - openFirewall = true; - nat = { - publicAddress = "130.83.2.184"; - localAddress = cfg.localAddress; - }; - }; - environment.persistence.${config.impermanence.name} = { - directories = [ - "/var/lib/jitsi-meet" - "/var/lib/prosody" - ]; - }; - #We are behind a reverse proxy that handles TLS - services.nginx.virtualHosts."${cfg.hostName}" = { - enableACME = false; - forceSSL = false; - }; - - #The network ports for HTTP(S) are not opened automatically - networking.firewall.allowedTCPPorts = [ 80 443 ]; - }; -} diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index d92b970..1968de3 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -3,7 +3,6 @@ imports = [ ./admins.nix ./nix_keys.nix - ./prometheusNodeExporter.nix (modulesPath + "/virtualisation/xen-domU.nix") ../modules/impermanence.nix ]; @@ -56,7 +55,5 @@ services = { PasswordAuthentication = false; }; }; -#Prevent clock drift due to interaction problem with xen hardware clock - timesyncd.enable = lib.mkForce true; }; } diff --git a/nixos/roles/nix_keys.nix b/nixos/roles/nix_keys.nix index 14f0b56..85c7835 100644 --- a/nixos/roles/nix_keys.nix +++ b/nixos/roles/nix_keys.nix @@ -2,6 +2,5 @@ imports = [ ]; nix.settings.trusted-public-keys = [ "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc=" - "gonne.mathebau.de-1:FsXFyFiBFE/JxC9MCkt/WuiXjx5dkRI9RXj0FxOQrV0=" ]; } diff --git a/nixos/roles/prometheusNodeExporter.nix b/nixos/roles/prometheusNodeExporter.nix deleted file mode 100644 index 9587b2f..0000000 --- a/nixos/roles/prometheusNodeExporter.nix +++ /dev/null @@ -1,40 +0,0 @@ -{config, ...}: -{ - imports = [ ]; - services.prometheus.exporters.node = { - enable = true; - port = 9100; - # Aligned with https://git.rwth-aachen.de/fsdmath/server/prometheus/-/blob/main/node_exporter/etc/default/prometheus-node-exporter - # It was compiled along the following steps: - # 1. Does the current Debian release supports the collector? - # 2. Is the collector depracated in the latest release? - # 3. Could you probably use the collected metrics for monitoring or are they useless because they make no sense in our context - # (e.g. power adapter inside a VM, use fibre port connection)? - disabledCollectors = [ - "arp" - "bcache" - "btrfs" - "dmi" - "fibrechannel" - "infiniband" - "nvme" - "powersupplyclass" - "rapl" - "selinux" - "tapestats" - "thermal_zone" - "udp_queues" - "xfs" - "zfs" - ]; - enabledCollectors = [ - "buddyinfo" - "ksmd" - "logind" - "mountstats" - "processes" - ]; - }; - networking.firewall.allowedTCPPorts = [ 9100 ]; - environment.persistence.${config.impermanence.name}.directories = [ "/var/lib/${config.services.prometheus.stateDir}" ]; -}