summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/shoney.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/1systems/shoney.nix')
-rw-r--r--makefu/1systems/shoney.nix54
1 files changed, 54 insertions, 0 deletions
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
new file mode 100644
index 000000000..1fe8871d2
--- /dev/null
+++ b/makefu/1systems/shoney.nix
@@ -0,0 +1,54 @@
+{ config, pkgs, ... }:
+let
+ tinc-siem-ip = "10.8.10.1";
+
+ ip = "64.137.234.215";
+ alt-ip = "64.137.234.210";
+ extra-ip = "64.137.234.114"; #currently unused
+ gw = "64.137.234.1";
+in {
+ imports = [
+ ../.
+ ../2configs/save-diskspace.nix
+ ../2configs/hw/CAC.nix
+ ../2configs/fs/CAC-CentOS-7-64bit.nix
+ ];
+
+
+
+ services.tinc.networks.siem.name = "sjump";
+
+ krebs = {
+ enable = true;
+ retiolum.enable = true;
+ build.host = config.krebs.hosts.shoney;
+ nginx.enable = true;
+ tinc_graphs = {
+ enable = true;
+ network = "siem";
+ hostsPath = "/etc/tinc/siem/hosts";
+ nginx = {
+ enable = true;
+ # TODO: remove hard-coded hostname
+ complete = {
+ listen = [ "${tinc-siem-ip}:80" ];
+ server-names = [ "graphs.siem" ];
+ };
+ };
+ };
+ };
+ networking = {
+ interfaces.enp2s1.ip4 = [
+ { address = ip; prefixLength = 24; }
+ { address = alt-ip; prefixLength = 24; }
+ ];
+
+ defaultGateway = gw;
+ nameservers = [ "8.8.8.8" ];
+ firewall = {
+ trustedInterfaces = [ "tinc.siem" ];
+ allowedUDPPorts = [ 655 1655 ];
+ allowedTCPPorts = [ 655 1655 ];
+ };
+ };
+}