diff --git a/db1.nix b/db1.nix deleted file mode 100644 index 7129a02..0000000 --- a/db1.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ modulesPath, pkgs, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - - # Set NIX_PATH to be the same as the Terraform module - # nix.nixPath = [ "nixpkgs=${pkgs}" ]; - - environment.systemPackages = with pkgs; [ - htop - ]; - boot.cleanTmpDir = true; - networking.hostName = "db1"; - networking.domain = "banditlair.com"; - networking.firewall.allowPing = true; - networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 5432 ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keyFiles = [ - ./ssh_keys/phfroidmont-desktop.pub - ]; - - services.postgresql = { - enable = true; - package = pkgs.postgresql_12; - initialScript = "/var/keys/postgres-init.sql"; - enableTCPIP = true; - authentication = '' - host all all 10.0.1.0/24 md5 - ''; - }; - users.users.postgres.extraGroups = [ "keys" ]; -} diff --git a/flake.nix b/flake.nix index 25a7cbb..85e08db 100644 --- a/flake.nix +++ b/flake.nix @@ -5,23 +5,49 @@ let pkgs = nixpkgs.legacyPackages.x86_64-linux; - inputs = with pkgs; [ - terraform_0_14 - sops - ]; + common = { + modules = [ + ./hardware/hcloud.nix + ./modules/openssh.nix + ]; + }; in { devShell.x86_64-linux = pkgs.mkShell { - buildInputs = inputs; + buildInputs = with pkgs; [ + terraform_0_14 + sops + ]; }; - nixosConfigurations.db1 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ { imports = [ ./db1.nix ]; } ]; + nixosConfigurations = { + db1 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = common.modules ++[ + ./modules/postgresql.nix + ({ + environment.systemPackages = with pkgs; [ + htop + ]; + networking.hostName = "db1"; + networking.domain = "banditlair.com"; + networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 5432 ]; + }) + ]; + }; + backend1 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = common.modules ++[ + ./modules/murmur.nix + ./modules/synapse.nix + ({ + networking.hostName = "backend1"; + networking.domain = "banditlair.com"; + networking.firewall.allowedTCPPorts = [ 80 443 64738 ]; + networking.firewall.allowedUDPPorts = [ 64738 ]; + }) + ]; + }; }; - nixosConfigurations.backend1 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ { imports = [ ./backend1.nix ]; } ]; - }; }; } diff --git a/hardware/hcloud.nix b/hardware/hcloud.nix new file mode 100644 index 0000000..1a8b0a2 --- /dev/null +++ b/hardware/hcloud.nix @@ -0,0 +1,10 @@ +{ modulesPath, config, pkgs, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.loader.grub.device = "/dev/sda"; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + + boot.cleanTmpDir = true; + networking.firewall.allowPing = true; +} diff --git a/modules/murmur.nix b/modules/murmur.nix new file mode 100644 index 0000000..a324443 --- /dev/null +++ b/modules/murmur.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + bandwidth = 128000; + password = "$MURMURD_PASSWORD"; + environmentFile = "/var/keys/murmur.env"; + }; + + users.users.murmur.extraGroups = [ "keys" ]; +} diff --git a/modules/openssh.nix b/modules/openssh.nix new file mode 100644 index 0000000..f051e94 --- /dev/null +++ b/modules/openssh.nix @@ -0,0 +1,7 @@ +{ pkgs, lib, config, ... }: +{ + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../ssh_keys/phfroidmont-desktop.pub + ]; +} diff --git a/modules/postgresql.nix b/modules/postgresql.nix new file mode 100644 index 0000000..b35c36d --- /dev/null +++ b/modules/postgresql.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresql = { + enable = true; + package = pkgs.postgresql_12; + initialScript = "/var/keys/postgres-init.sql"; + enableTCPIP = true; + authentication = '' + host all all 10.0.1.0/24 md5 + ''; + }; + users.users.postgres.extraGroups = [ "keys" ]; +} \ No newline at end of file diff --git a/backend1.nix b/modules/synapse.nix similarity index 77% rename from backend1.nix rename to modules/synapse.nix index df94dde..95f56ad 100644 --- a/backend1.nix +++ b/modules/synapse.nix @@ -1,31 +1,10 @@ -{ modulesPath, pkgs, lib, config, ... }: +{ pkgs, lib, config, ... }: let fqdn = let join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; in join "matrix" config.networking.domain; in { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - - # Set NIX_PATH to be the same as the Terraform module - # nix.nixPath = [ "nixpkgs=${pkgs}" ]; - - boot.cleanTmpDir = true; - - networking.hostName = "backend1"; - networking.domain = "banditlair.com"; - networking.firewall.allowPing = true; - networking.firewall.allowedTCPPorts = [ 80 443 64738 ]; - networking.firewall.allowedUDPPorts = [ 64738 ]; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keyFiles = [ - ./ssh_keys/phfroidmont-desktop.pub - ]; - security.acme.email = "letsencrypt.account@banditlair.com"; security.acme.acceptTerms = true; @@ -113,13 +92,4 @@ in { extraConfigFiles = [ "/var/keys/synapse-extra-config.yaml" ]; }; users.users.matrix-synapse.extraGroups = [ "keys" ]; - - services.murmur = { - enable = true; - bandwidth = 128000; - password = "$MURMURD_PASSWORD"; - environmentFile = "/var/keys/murmur.env"; - }; - - users.users.murmur.extraGroups = [ "keys" ]; }