diff options
author | tv <tv@shackspace.de> | 2015-10-22 20:14:01 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-10-22 20:14:01 +0200 |
commit | 128e5feae9829ec1c60d16f3d44382435ff1ef86 (patch) | |
tree | f98601e8408a8f949022d86610828afef6836e0f /makefu/1systems/wry.nix | |
parent | 9ba8fc142cb14aa3768cb99bf9170f7875beafd1 (diff) | |
parent | f092e6acb4500569eccee7aed65b521adb3b07b6 (diff) |
Merge remote-tracking branch 'pnp/master'
Diffstat (limited to 'makefu/1systems/wry.nix')
-rw-r--r-- | makefu/1systems/wry.nix | 85 |
1 files changed, 55 insertions, 30 deletions
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 819a208ac..6627d87b5 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -1,47 +1,72 @@ { config, lib, pkgs, ... }: +with lib; let - ip = (lib.head config.krebs.build.host.nets.internet.addrs4); + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; in { imports = [ - ../../tv/2configs/CAC-CentOS-7-64bit.nix - ../2configs/base.nix - ../2configs/base-sources.nix - ../2configs/tinc-basic-retiolum.nix + # TODO: copy this config or move to krebs + ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/unstable-sources.nix + ../2configs/tinc-basic-retiolum.nix + + ../2configs/bepasty-dual.nix + + ../2configs/iodined.nix + + # Reaktor + ../2configs/Reaktor/simpleExtend.nix ]; - networking.firewall.allowPing = true; - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "104.233.87.1"; - networking.nameservers = [ - "8.8.8.8" - ]; + krebs.build = { + user = config.krebs.users.makefu; + target = "root@wry"; + host = config.krebs.hosts.wry; + }; - # based on ../../tv/2configs/CAC-Developer-2.nix - sound.enable = false; + + + krebs.Reaktor.enable = true; + + # bepasty to listen only on the correct interfaces + krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ]; + krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ]; # prepare graphs - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.nginx.enable = true; - makefu.tinc_graphs.enable = true; - makefu.tinc_graphs.krebsNginx = { + krebs.retiolum-bootstrap.enable = true; + + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.tinc_graphs = { enable = true; - # TODO: remove hard-coded hostname - hostnames_complete = [ "graphs.wry" ]; - hostnames_anonymous = [ "graphs.krebsco.de" ]; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + listen = [ "${internal-ip}:80" ]; + server-names = [ "graphs.wry" ]; + }; + anonymous = { + listen = [ "${external-ip}:80" ] ; + server-names = [ "graphs.krebsco.de" ]; + }; + }; }; - networking.firewall.allowedTCPPorts = [80]; - - krebs.build = { - user = config.krebs.users.makefu; - target = "root@${ip}"; - host = config.krebs.hosts.wry; + networking = { + firewall.allowPing = true; + firewall.allowedTCPPorts = [ 53 80 443 ]; + interfaces.enp2s1.ip4 = [{ + address = external-ip; + prefixLength = 24; + }]; + defaultGateway = "104.233.87.1"; + nameservers = [ "8.8.8.8" ]; }; + + # based on ../../tv/2configs/CAC-Developer-2.nix + sound.enable = false; } |