summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/wry.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/1systems/wry.nix')
-rw-r--r--makefu/1systems/wry.nix73
1 files changed, 43 insertions, 30 deletions
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index a7ed93c43..63b1f47f7 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -1,59 +1,72 @@
{ config, lib, pkgs, ... }:
+with lib;
let
- ip = (lib.head config.krebs.build.host.nets.internet.addrs4);
+ external-ip = head config.krebs.build.host.nets.internet.addrs4;
+ internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
in {
imports = [
# TODO: copy this config or move to krebs
../../tv/2configs/CAC-CentOS-7-64bit.nix
../2configs/base.nix
- ../2configs/base-sources.nix
+ ../2configs/unstable-sources.nix
../2configs/tinc-basic-retiolum.nix
+ ../2configs/bepasty-dual.nix
+
../2configs/iodined.nix
# Reaktor
../2configs/Reaktor/simpleExtend.nix
];
- krebs.Reaktor.enable = true;
+ krebs.build = {
+ user = config.krebs.users.makefu;
+ target = "root@wry";
+ host = config.krebs.hosts.wry;
+ };
- networking.firewall.allowPing = true;
- networking.interfaces.enp2s1.ip4 = [
- {
- address = ip;
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = "104.233.87.1";
- networking.nameservers = [
- "8.8.8.8"
- ];
- # based on ../../tv/2configs/CAC-Developer-2.nix
- sound.enable = false;
- # prepare graphs
- nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+ krebs.Reaktor.enable = true;
+
+ # bepasty to listen only on the correct interfaces
+ krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ];
+ krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ];
+ # prepare graphs
krebs.nginx.enable = true;
krebs.retiolum-bootstrap.enable = true;
- makefu.tinc_graphs.enable = true;
- makefu.tinc_graphs.krebsNginx = {
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+ makefu.tinc_graphs = {
enable = true;
- # TODO: remove hard-coded hostname
- hostnames_complete = [ "graphs.wry" ];
- hostnames_anonymous = [ "graphs.krebsco.de" ];
+ nginx = {
+ enable = true;
+ # TODO: remove hard-coded hostname
+ complete = {
+ listen = [ "${internal-ip}:80" ];
+ server-names = [ "graphs.wry" ];
+ };
+ anonymous = {
+ listen = [ "${external-ip}:80" ] ;
+ server-names = [ "graphs.krebsco.de" ];
+ };
+ };
};
-
- networking.firewall.allowedTCPPorts = [ 53 80 443 ];
-
- krebs.build = {
- user = config.krebs.users.makefu;
- target = "root@${ip}";
- host = config.krebs.hosts.wry;
+ networking = {
+ firewall.allowPing = true;
+ firewall.allowedTCPPorts = [ 53 80 443 ];
+ interfaces.enp2s1.ip4 = [{
+ address = external-ip;
+ prefixLength = 24;
+ }];
+ defaultGateway = "104.233.87.1";
+ nameservers = [ "8.8.8.8" ];
};
+
+ # based on ../../tv/2configs/CAC-Developer-2.nix
+ sound.enable = false;
}