Fix clock drift

nixos/machines/ghatanothoa/configuration.nix

@@ -0,0 +1,19 @@
+flake-inputs:
+{config, pkgs, lib, ... }: {
+
+imports = [
+  ./hardware-configuration.nix
+  ../../modules/jitsi.nix
+  ../../roles
+  ./network.nix
+];
+
+  services.mathebau-jitsi = {
+    enable = true;
+    hostName = "meet.mathebau.de";
+  };
+
+# System configuration here
+  networking.hostName = "ghatanothoa";
+  system.stateVersion = "23.11";
+}

nixos/machines/ghatanothoa/hardware-configuration.nix

@@ -0,0 +1,31 @@
+{config, lib, pkgs, modulesPath, ...}: {
+  imports = [ ];
+
+  fileSystems."/" = {
+    device = "gha-root";
+    fsType = "tmpfs";
+    options = [ "size=1G" "mode=755" ];
+  };
+  fileSystems."/persist" = {
+    device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136";
+    fsType = "btrfs";
+    options = [ "subvol=persist" ];
+    neededForBoot = true;
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/19da7f3a-69da-4fa8-bb68-b355d7697ba7";
+    fsType = "ext4";
+  };
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136";
+    fsType = "btrfs";
+    options = [ "subvol=nix" ];
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a"; }];
+
+  nix.settings.max-jobs = lib.mkDefault 4;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

nixos/machines/ghatanothoa/network.nix

@@ -0,0 +1,15 @@
+# We sohuld put that config somewhere in roles and give it a parameter or something,
+# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways
+# depend on the same thing 
+{
+  imports = [ ];
+  networking = {
+    interfaces.enX0.ipv4.addresses = [ {
+      address = "192.168.0.25";
+      prefixLength = 16;
+    } ];
+    defaultGateway = "192.168.0.152";
+    nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"];
+  };
+}
+

nixos/modules/jitsi.nix

@@ -0,0 +1,55 @@
+{pkgs, config, lib, modulesPath, ...}:
+let 
+  inherit (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    head;
+  inherit (lib.types) str;
+  cfg = config.services.mathebau-jitsi;
+in
+{
+  imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
+  
+  options.services.mathebau-jitsi = {
+    enable = mkEnableOption "mathebau jitsi service";
+    hostName = mkOption {
+      type = str;
+    };
+    localAddress = mkOption {
+      type = str;
+      default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.jitsi-meet = {
+      enable = true;
+      hostName = cfg.hostName;
+      config = {
+        defaultLang = "de";
+      };
+    };
+    services.jitsi-videobridge = {
+      openFirewall = true;
+      nat = {
+        publicAddress = "130.83.2.184";
+        localAddress = cfg.localAddress;
+      };
+    };
+    environment.persistence.${config.impermanence.name} = {
+      directories = [
+        "/var/lib/jitsi-meet"
+        "/var/lib/prosody"
+      ];
+    };
+  #We are behind a reverse proxy that handles TLS
+    services.nginx.virtualHosts."${cfg.hostName}" = {
+      enableACME = false;
+      forceSSL = false;
+    };
+
+  #The network ports for HTTP(S) are not opened automatically
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+  };
+}

nixos/roles/default.nix

@@ -3,6 +3,7 @@
 imports = [
   ./admins.nix
   ./nix_keys.nix
+  ./prometheusNodeExporter.nix
   (modulesPath + "/virtualisation/xen-domU.nix")
   ../modules/impermanence.nix
   ];
@@ -55,5 +56,7 @@ services = {
       PasswordAuthentication = false;
     };
   };
+#Prevent clock drift due to interaction problem with xen hardware clock 
+  timesyncd.enable = lib.mkForce true;
 };
 }

nixos/roles/nix_keys.nix

@@ -2,5 +2,6 @@
   imports = [ ];
   nix.settings.trusted-public-keys = [
     "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc="
+    "gonne.mathebau.de-1:FsXFyFiBFE/JxC9MCkt/WuiXjx5dkRI9RXj0FxOQrV0="
   ];
 }

nixos/roles/prometheusNodeExporter.nix

@@ -0,0 +1,40 @@
+{config, ...}:
+{
+  imports = [ ];
+  services.prometheus.exporters.node = {
+    enable = true;
+    port = 9100;
+  # Aligned with https://git.rwth-aachen.de/fsdmath/server/prometheus/-/blob/main/node_exporter/etc/default/prometheus-node-exporter
+  # It was compiled along the following steps:
+  # 1. Does the current Debian release supports the collector?
+  # 2. Is the collector depracated in the latest release?
+  # 3. Could you probably use the collected metrics for monitoring or are they useless because they make no sense in our context
+  #    (e.g. power adapter inside a VM, use fibre port connection)?
+    disabledCollectors = [
+      "arp"
+      "bcache"
+      "btrfs"
+      "dmi"
+      "fibrechannel"
+      "infiniband"
+      "nvme"
+      "powersupplyclass"
+      "rapl"
+      "selinux"
+      "tapestats"
+      "thermal_zone"
+      "udp_queues"
+      "xfs"
+      "zfs"
+    ];
+    enabledCollectors = [
+      "buddyinfo"
+      "ksmd"
+      "logind"
+      "mountstats"
+      "processes"
+    ];
+  };
+  networking.firewall.allowedTCPPorts = [ 9100 ];
+  environment.persistence.${config.impermanence.name}.directories = [ "/var/lib/${config.services.prometheus.stateDir}" ];
+}