NixOS-Config/hosts/g18-next/configuration.nix

{ inputs, config, lib, pkgs, ... }:

let
  unstable = import inputs.nixpkgs-unstable {
    system = config.nixpkgs.system;
  };
in
{
  imports =
    [
      ./hardware-configuration.nix
      ../modules/nasp.nix
    ];
  nasp = {
    enable = true;
    gSeries = {
      enable = true;
      serial = 18;
    };
    registry.enable = false;
    nginx.enableCodeServer = false;
    nvidia.enable = false;
  };
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
  # networking
  networking.hostName = lib.mkForce "g18-next";
  networking.hostId = "11f1fad0";
  systemd.network.networks."10-veth0" = {
    matchConfig.Name = "enp1s0";
    networkConfig = {
      DHCP = "no";
      IPv6AcceptRA = true;
    };
    address = [ "192.168.122.118/24" ];
    routes = [
      {
        routeConfig = {
          Gateway = "192.168.122.1";
          GatewayOnLink = true;
          Metric = 90;
        };
      }
    ];
  };
  services.resolved.enable = true;
  networking.firewall.extraCommands = ''
    iptables -A INPUT -s 192.168.122.1 -j ACCEPT
  '';
  # service: gitea
  services.gitea = {
    enable = true;
    package = unstable.gitea;
    stateDir = "/data0/lib/gitea";
    database.type = "sqlite3";
    settings = {
      server = {
        SSH_DOMAIN = "nasp.fit";
        DOMAIN = "git.nasp.fit";
        HTTP_PORT = 3000;
        ROOT_URL = "https://git.nasp.fit/";
        DISABLE_SSH = false;
        SSH_PORT = 22;
        OFFLINE_MODE = false;
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
      };
      "repository.pull-request" = {
        DEFAULT_MERGE_STYLE = "squash";
      };
      "repository.signing" = {
        DEFAULT_TRUST_MODEL = "committer";
      };
      proxy = {
        PROXY_ENABLED = true;
        PROXY_URL = "http://192.168.255.1:20171";
        PROXY_HOSTS = "github.com";
      };
    };
  };
  systemd.sockets.gitea.listenStreams = [ "22" ];
  systemd.services.gitea.requires = [ "gitea.socket" "data0.mount" ];
  systemd.services.gitea.after = [ "data0.mount" ];
  # service: influxdb
  services.influxdb2.enable = true;
  systemd.services.influxdb2.requires = [ "var-lib-influxdb2.mount" ];
  systemd.services.influxdb2.after = [ "var-lib-influxdb2.mount" ];
  fileSystems."/var/lib/influxdb2" = {
    depends = [ "/data0" ];
    device = "/data0/lib/influxdb";
    options = [ "bind" ];
  };
  # service: dnsmasq stub dns server
  services.dnsmasq = {
    enable = true;
    settings = {
      interface = [ "enp1s0" "lo" ];
      bind-interfaces = true;
      domain-needed = true;
      bogus-priv = true;
      no-resolv = true;
      no-poll = true;
      domain = "nasp";
      server = [
        "101.6.6.6"
        "1.1.1.1"
        "2001:da8::666"
        "/tsinghua.edu.cn/166.111.8.29"
        "/tsinghua.edu.cn/166.111.8.28"
      ];
    };
  };
  # service: grafana
  sops.secrets."grafana/oauth_client_id" = {
    owner = "grafana";
  };
  sops.secrets."grafana/oauth_client_secret" = {
    owner = "grafana";
  };
  services.grafana = {
    enable = true;
    dataDir = "/data0/lib/grafana";
    settings = {
      server = {
        http_addr = "192.168.122.118";
        http_port = 3002;
        domain = "grafana.nasp.fit";
        root_url = "https://grafana.nasp.fit/";
      };
      auth = {
        disable_login_form = true;
        oauth_allow_insecure_email_lookup = true;
      };
      "auth.generic_oauth" = {
        enabled = true;
        name = "NASP Gitea";
        allow_sign_up = true;
        auto_login = true;
        scopes = "read:user,read:organization";
        empty_scopes = false;
        auth_url = "https://git.nasp.fit/login/oauth/authorize";
        token_url = "https://git.nasp.fit/login/oauth/access_token";
        api_url = "https://git.nasp.fit/api/v1/user";
        use_pkce = false;
        client_id = "$__file{/run/secrets/grafana/oauth_client_id}";
        client_secret = "$__file{/run/secrets/grafana/oauth_client_secret}";
      };
    };
  };
  system.stateVersion = "24.05";
}
feat(g18-next): migrate gitea 2024-06-19 01:09:37 +08:00			`{ inputs, config, lib, pkgs, ... }:`
feat: prepare for g18-next 2024-06-18 00:08:56 +08:00
feat(g18-next): migrate gitea 2024-06-19 01:09:37 +08:00			`let`
			`unstable = import inputs.nixpkgs-unstable {`
			`system = config.nixpkgs.system;`
			`};`
			`in`
feat: prepare for g18-next 2024-06-18 00:08:56 +08:00			`{`
			`imports =`
			`[`
			`./hardware-configuration.nix`
			`../modules/nasp.nix`
			`];`
			`nasp = {`
			`enable = true;`
			`gSeries = {`
			`enable = true;`
			`serial = 18;`
			`};`
			`registry.enable = false;`
			`nginx.enableCodeServer = false;`
			`nvidia.enable = false;`
			`};`
fix: g18-next ok 2024-06-18 00:29:22 +08:00			`boot.loader.systemd-boot.enable = lib.mkForce false;`
			`boot.loader.efi.canTouchEfiVariables = lib.mkForce false;`
			`boot.loader.grub.enable = true;`
			`boot.loader.grub.device = "/dev/vda";`
feat(g18-next): migrate gitea 2024-06-19 01:09:37 +08:00			`# networking`
feat: prepare for g18-next 2024-06-18 00:08:56 +08:00			`networking.hostName = lib.mkForce "g18-next";`
			`networking.hostId = "11f1fad0";`
			`systemd.network.networks."10-veth0" = {`
			`matchConfig.Name = "enp1s0";`
			`networkConfig = {`
fix: g18-next ok 2024-06-18 00:29:22 +08:00			`DHCP = "no";`
feat: prepare for g18-next 2024-06-18 00:08:56 +08:00			`IPv6AcceptRA = true;`
			`};`
			`address = [ "192.168.122.118/24" ];`
			`routes = [`
			`{`
			`routeConfig = {`
			`Gateway = "192.168.122.1";`
			`GatewayOnLink = true;`
			`Metric = 90;`
			`};`
			`}`
			`];`
			`};`
feat(g18-next): migrate influxdb and dnsmasq 2024-06-19 19:00:14 +08:00			`services.resolved.enable = true;`
feat(g18-next): migrate gitea 2024-06-19 01:09:37 +08:00			`networking.firewall.extraCommands = ''`
			`iptables -A INPUT -s 192.168.122.1 -j ACCEPT`
			`'';`
			`# service: gitea`
			`services.gitea = {`
			`enable = true;`
			`package = unstable.gitea;`
			`stateDir = "/data0/lib/gitea";`
			`database.type = "sqlite3";`
			`settings = {`
			`server = {`
			`SSH_DOMAIN = "nasp.fit";`
			`DOMAIN = "git.nasp.fit";`
			`HTTP_PORT = 3000;`
			`ROOT_URL = "https://git.nasp.fit/";`
			`DISABLE_SSH = false;`
			`SSH_PORT = 22;`
			`OFFLINE_MODE = false;`
			`START_SSH_SERVER = true;`
			`BUILTIN_SSH_SERVER_USER = "git";`
			`};`
			`"repository.pull-request" = {`
			`DEFAULT_MERGE_STYLE = "squash";`
			`};`
			`"repository.signing" = {`
			`DEFAULT_TRUST_MODEL = "committer";`
			`};`
			`proxy = {`
			`PROXY_ENABLED = true;`
			`PROXY_URL = "http://192.168.255.1:20171";`
			`PROXY_HOSTS = "github.com";`
			`};`
			`};`
			`};`
			`systemd.sockets.gitea.listenStreams = [ "22" ];`
feat(g18-next): migrate influxdb and dnsmasq 2024-06-19 19:00:14 +08:00			`systemd.services.gitea.requires = [ "gitea.socket" "data0.mount" ];`
			`systemd.services.gitea.after = [ "data0.mount" ];`
			`# service: influxdb`
			`services.influxdb2.enable = true;`
			`systemd.services.influxdb2.requires = [ "var-lib-influxdb2.mount" ];`
			`systemd.services.influxdb2.after = [ "var-lib-influxdb2.mount" ];`
			`fileSystems."/var/lib/influxdb2" = {`
			`depends = [ "/data0" ];`
			`device = "/data0/lib/influxdb";`
			`options = [ "bind" ];`
			`};`
			`# service: dnsmasq stub dns server`
			`services.dnsmasq = {`
			`enable = true;`
			`settings = {`
			`interface = [ "enp1s0" "lo" ];`
			`bind-interfaces = true;`
			`domain-needed = true;`
			`bogus-priv = true;`
			`no-resolv = true;`
			`no-poll = true;`
			`domain = "nasp";`
			`server = [`
			`"101.6.6.6"`
			`"1.1.1.1"`
			`"2001:da8::666"`
			`"/tsinghua.edu.cn/166.111.8.29"`
			`"/tsinghua.edu.cn/166.111.8.28"`
			`];`
			`};`
			`};`
feat(g18-next): migrate grafana 2024-06-21 14:43:39 +08:00			`# service: grafana`
			`sops.secrets."grafana/oauth_client_id" = {`
			`owner = "grafana";`
			`};`
			`sops.secrets."grafana/oauth_client_secret" = {`
			`owner = "grafana";`
			`};`
			`services.grafana = {`
			`enable = true;`
			`dataDir = "/data0/lib/grafana";`
			`settings = {`
			`server = {`
			`http_addr = "192.168.122.118";`
			`http_port = 3002;`
			`domain = "grafana.nasp.fit";`
			`root_url = "https://grafana.nasp.fit/";`
			`};`
			`auth = {`
			`disable_login_form = true;`
			`oauth_allow_insecure_email_lookup = true;`
			`};`
			`"auth.generic_oauth" = {`
			`enabled = true;`
			`name = "NASP Gitea";`
			`allow_sign_up = true;`
			`auto_login = true;`
			`scopes = "read:user,read:organization";`
			`empty_scopes = false;`
			`auth_url = "https://git.nasp.fit/login/oauth/authorize";`
			`token_url = "https://git.nasp.fit/login/oauth/access_token";`
			`api_url = "https://git.nasp.fit/api/v1/user";`
			`use_pkce = false;`
			`client_id = "$__file{/run/secrets/grafana/oauth_client_id}";`
			`client_secret = "$__file{/run/secrets/grafana/oauth_client_secret}";`
			`};`
			`};`
			`};`
feat: prepare for g18-next 2024-06-18 00:08:56 +08:00			`system.stateVersion = "24.05";`
			`}`