forked from Fachschaft/nixConfig
Compare commits
No commits in common. "de397fa695c086d80731a4d2397a8b7b22b0de6a" and "8194722e2d7d08a4968fb535c117527c21ef8519" have entirely different histories.
de397fa695
...
8194722e2d
7 changed files with 0 additions and 163 deletions
0
nixos/machines/.gitkeep
Normal file
0
nixos/machines/.gitkeep
Normal file
|
@ -1,19 +0,0 @@
|
||||||
flake-inputs:
|
|
||||||
{config, pkgs, lib, ... }: {
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
../../modules/jitsi.nix
|
|
||||||
../../roles
|
|
||||||
./network.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
services.mathebau-jitsi = {
|
|
||||||
enable = true;
|
|
||||||
hostName = "meet.mathebau.de";
|
|
||||||
};
|
|
||||||
|
|
||||||
# System configuration here
|
|
||||||
networking.hostName = "ghatanothoa";
|
|
||||||
system.stateVersion = "23.11";
|
|
||||||
}
|
|
|
@ -1,31 +0,0 @@
|
||||||
{config, lib, pkgs, modulesPath, ...}: {
|
|
||||||
imports = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "gha-root";
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = [ "size=1G" "mode=755" ];
|
|
||||||
};
|
|
||||||
fileSystems."/persist" = {
|
|
||||||
device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=persist" ];
|
|
||||||
neededForBoot = true;
|
|
||||||
};
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/19da7f3a-69da-4fa8-bb68-b355d7697ba7";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
fileSystems."/nix" = {
|
|
||||||
device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=nix" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
|
||||||
[{ device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a"; }];
|
|
||||||
|
|
||||||
nix.settings.max-jobs = lib.mkDefault 4;
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
# We sohuld put that config somewhere in roles and give it a parameter or something,
|
|
||||||
# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways
|
|
||||||
# depend on the same thing
|
|
||||||
{
|
|
||||||
imports = [ ];
|
|
||||||
networking = {
|
|
||||||
interfaces.enX0.ipv4.addresses = [ {
|
|
||||||
address = "192.168.0.25";
|
|
||||||
prefixLength = 16;
|
|
||||||
} ];
|
|
||||||
defaultGateway = "192.168.0.152";
|
|
||||||
nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,55 +0,0 @@
|
||||||
{pkgs, config, lib, modulesPath, ...}:
|
|
||||||
let
|
|
||||||
inherit (lib)
|
|
||||||
mkIf
|
|
||||||
mkEnableOption
|
|
||||||
mkOption
|
|
||||||
head;
|
|
||||||
inherit (lib.types) str;
|
|
||||||
cfg = config.services.mathebau-jitsi;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
|
|
||||||
|
|
||||||
options.services.mathebau-jitsi = {
|
|
||||||
enable = mkEnableOption "mathebau jitsi service";
|
|
||||||
hostName = mkOption {
|
|
||||||
type = str;
|
|
||||||
};
|
|
||||||
localAddress = mkOption {
|
|
||||||
type = str;
|
|
||||||
default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.jitsi-meet = {
|
|
||||||
enable = true;
|
|
||||||
hostName = cfg.hostName;
|
|
||||||
config = {
|
|
||||||
defaultLang = "de";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.jitsi-videobridge = {
|
|
||||||
openFirewall = true;
|
|
||||||
nat = {
|
|
||||||
publicAddress = "130.83.2.184";
|
|
||||||
localAddress = cfg.localAddress;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
environment.persistence.${config.impermanence.name} = {
|
|
||||||
directories = [
|
|
||||||
"/var/lib/jitsi-meet"
|
|
||||||
"/var/lib/prosody"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
#We are behind a reverse proxy that handles TLS
|
|
||||||
services.nginx.virtualHosts."${cfg.hostName}" = {
|
|
||||||
enableACME = false;
|
|
||||||
forceSSL = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
#The network ports for HTTP(S) are not opened automatically
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -3,7 +3,6 @@
|
||||||
imports = [
|
imports = [
|
||||||
./admins.nix
|
./admins.nix
|
||||||
./nix_keys.nix
|
./nix_keys.nix
|
||||||
./prometheusNodeExporter.nix
|
|
||||||
(modulesPath + "/virtualisation/xen-domU.nix")
|
(modulesPath + "/virtualisation/xen-domU.nix")
|
||||||
../modules/impermanence.nix
|
../modules/impermanence.nix
|
||||||
];
|
];
|
||||||
|
@ -56,7 +55,5 @@ services = {
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
#Prevent clock drift due to interaction problem with xen hardware clock
|
|
||||||
timesyncd.enable = lib.mkForce true;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,40 +0,0 @@
|
||||||
{config, ...}:
|
|
||||||
{
|
|
||||||
imports = [ ];
|
|
||||||
services.prometheus.exporters.node = {
|
|
||||||
enable = true;
|
|
||||||
port = 9100;
|
|
||||||
# Aligned with https://git.rwth-aachen.de/fsdmath/server/prometheus/-/blob/main/node_exporter/etc/default/prometheus-node-exporter
|
|
||||||
# It was compiled along the following steps:
|
|
||||||
# 1. Does the current Debian release supports the collector?
|
|
||||||
# 2. Is the collector depracated in the latest release?
|
|
||||||
# 3. Could you probably use the collected metrics for monitoring or are they useless because they make no sense in our context
|
|
||||||
# (e.g. power adapter inside a VM, use fibre port connection)?
|
|
||||||
disabledCollectors = [
|
|
||||||
"arp"
|
|
||||||
"bcache"
|
|
||||||
"btrfs"
|
|
||||||
"dmi"
|
|
||||||
"fibrechannel"
|
|
||||||
"infiniband"
|
|
||||||
"nvme"
|
|
||||||
"powersupplyclass"
|
|
||||||
"rapl"
|
|
||||||
"selinux"
|
|
||||||
"tapestats"
|
|
||||||
"thermal_zone"
|
|
||||||
"udp_queues"
|
|
||||||
"xfs"
|
|
||||||
"zfs"
|
|
||||||
];
|
|
||||||
enabledCollectors = [
|
|
||||||
"buddyinfo"
|
|
||||||
"ksmd"
|
|
||||||
"logind"
|
|
||||||
"mountstats"
|
|
||||||
"processes"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
networking.firewall.allowedTCPPorts = [ 9100 ];
|
|
||||||
environment.persistence.${config.impermanence.name}.directories = [ "/var/lib/${config.services.prometheus.stateDir}" ];
|
|
||||||
}
|
|
Loading…
Reference in a new issue