diff --git a/flake.nix b/flake.nix index 5857882..76b27cb 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,7 @@ nixos-x86_64-hosts = [ "g1" "c1" + "c2" ]; nasp = (import ./modules/nasp { lib = nixpkgs.lib; diff --git a/hosts/c2/configuration.nix b/hosts/c2/configuration.nix new file mode 100644 index 0000000..10d081e --- /dev/null +++ b/hosts/c2/configuration.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + imports =[ + ./hardware-configuration.nix + ]; + nasp = { + enable = true; + cSeries = { + enable = true; + serial = 2; + ethLanName = "ens16f0"; + }; + }; + system.stateVersion = "25.05"; +} diff --git a/hosts/c2/hardware-configuration.nix b/hosts/c2/hardware-configuration.nix new file mode 100644 index 0000000..3ce27f9 --- /dev/null +++ b/hosts/c2/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "smartpqi" "nvme" "usbhid" "uas" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + networking.hostId = "8529b8ea"; + + fileSystems."/" = { + device = "root/system"; + fsType = "zfs"; + }; + + fileSystems."/home2" = { + device = "data/home2"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/01A3-4293"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/32b1a7d9-e65a-4212-b278-e0602c9392eb"; } + { device = "/dev/disk/by-uuid/3d2e1ae9-3110-43eb-b553-cf91eb7d711d"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/nasp/main.nix b/modules/nasp/main.nix index 86706f5..2b00fe2 100644 --- a/modules/nasp/main.nix +++ b/modules/nasp/main.nix @@ -129,8 +129,12 @@ in networking.networkmanager.enable = false; networking.useDHCP = false; systemd.network.enable = true; - networking.firewall.allowedTCPPorts = [ 12022 ]; networking.nftables.enable = true; + networking.firewall.allowedTCPPorts = [ 12022 ]; + networking.firewall.extraInputRules = '' + ip saddr 192.168.16.0/21 accept + ip6 saddr fd01:da8:bf::/48 accept + ''; networking.extraHosts = '' 192.168.16.1 ssh.nasp.fit git.nasp.fit jump.nasp.fit 192.168.16.115 g15.nasp g15 lm1 @@ -264,12 +268,9 @@ in serverName = "proxy.nasp.fit"; locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" = { proxyWebsockets = true; + proxyPass = "http://unix:/home2/run/$1.sock"; extraConfig = '' rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break; - proxy_pass "http://unix:/home2/run/$1.sock"; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; proxy_set_header Accept-Encoding gzip; ''; }; @@ -462,10 +463,6 @@ in (lib.mkIf (cCfg.enable) { networking.hostName = "c" + (builtins.toString cCfg.serial); networking.nameservers = [ "192.168.20.1" ]; - networking.firewall.extraInputRules = '' - ip saddr 192.168.20.0/24 accept - ip6 saddr fd01:da8:bf:14::/64 accept - ''; nasp.docker.enable = lib.mkDefault true; nasp.registry.enable = lib.mkDefault true; nasp.nginx.enable = lib.mkDefault true;