1 files changed, 141 insertions, 0 deletions
diff --git a/host/Rory-ovh/configuration.nix b/host/Rory-ovh/configuration.nix
new file mode 100755
index 0000000..cd3ac32
--- /dev/null
+++ b/host/Rory-ovh/configuration.nix
@@ -0,0 +1,141 @@
+{
+ pkgs,
+ lib,
+ nixpkgs-Draupnir,
+ nixpkgs-DraupnirPkg,
+ nixpkgs-master,
+ matrix-synapse-unwrapped-patched,
+ ...
+}:
+
+{
+ imports = [
+ ../../modules/base-server.nix
+ ../../modules/users/levi.nix
+ ../../modules/users/db2k.nix
+ ../../modules/users/ks.nix
+ ../../modules/users/Alice.nix
+
+ ./services/prometheus.nix
+
+ ./services/nginx/nginx.nix
+ ./services/cgit.nix
+ ./services/postgres.nix
+ ./services/matrix/synapse/synapse-main.nix
+ ./services/matrix/draupnir.nix
+ ./services/email/root.nix
+ #./services/wireguard/wireguard.nix
+ ./services/safensound.nix
+ ];
+
+ users.groups.ocp = { };
+ boot.loader.grub.devices = lib.mkForce [ "nodev" ];
+ networking = {
+ hostName = "Rory-ovh";
+ nat = {
+ enable = true;
+ internalInterfaces = [
+ "ve-+"
+ "vb-+"
+ ];
+ externalInterface = "enp98s0f0";
+ enableIPv6 = false;
+ };
+ enableIPv6 = lib.mkForce false;
+ nameservers = lib.mkForce [ "1.1.1.1" ];
+ firewall.enable = lib.mkForce true;
+ resolvconf.enable = false;
+ defaultGateway = lib.mkForce null;
+ defaultGateway6 = lib.mkForce null;
+ };
+
+ systemd.network = {
+ enable = true;
+ networks.enp98s0f0 = {
+ name = "enp98s0f0";
+ DHCP = "no";
+ #gateway = [ "51.210.113.254" ];
+ routes = [
+ {
+ Gateway = "51.210.113.254";
+ GatewayOnLink = true;
+ }
+ ];
+ address = [ "51.210.113.110/32" ];
+ };
+ };
+
+ monitoring = {
+ monitorAll = true;
+ localPrometheus = true;
+ exposePrometheus = true;
+ localGrafana = true;
+ exposeGrafana = true;
+ nginxHost = "monitoring.rory.gay";
+ nginxSsl = true;
+ };
+
+ nixpkgs.config.permittedInsecurePackages = [
+ "olm-3.2.16"
+ "dotnet-runtime-wrapped-7.0.20"
+ "dotnet-runtime-7.0.20"
+ "dotnet-sdk-7.0.20"
+ ];
+ services.irqbalance.enable = true;
+
+ environment.memoryAllocator.provider = "jemalloc";
+
+ containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-Draupnir
+ nixpkgs-DraupnirPkg
+ ;
+ };
+
+ containers."draupnir-fedora" = import ./services/containers/draupnir-fedora/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-Draupnir
+ nixpkgs-DraupnirPkg
+ ;
+ };
+
+ containers."draupnir-ansible" = import ./services/containers/draupnir-ansible/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-Draupnir
+ nixpkgs-DraupnirPkg
+ ;
+ };
+
+ containers."syntest1" = import ./services/containers/syntest1/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-master
+ matrix-synapse-unwrapped-patched
+ ;
+ };
+
+ containers."syntest2" = import ./services/containers/syntest2/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-master
+ ;
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+
+ environment.systemPackages = with pkgs; [ waypipe ];
+
+ nix.nrBuildUsers = 128;
+ services.owncast = {
+ enable = true;
+ port = 1934;
+ };
+}
|
