newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0ffe7bbec44458729c2ad07e6cf4b349b3d372ce
infra/inventories/default.nix
T
kurogeek 0ffe7bbec4 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:inventories/default.nix
2026-06-19 09:19:35 +07:00

418 lines
12 KiB
Nix
Raw Blame History

{
imports = [
./personal-computer.nix
./emmie.nix
];
clan = {
inventory = {
tags = {
glom = [
"vega"
"ramus"
"canopus"
];
poy = [
"deneb"
"bosona"
];
w = [ "sirius" ];
b4l = [
"rigel"
"neptune"
"rana"
"petra"
"alasia"
];
phonebox = [
"neptune"
"rigel"
"almach"
"alpheratz"
"mirach"
"adhil"
"buna"
];
global-network = [
"rana"
"sirius"
"hadar"
"procyon"
"alasia"
"rigel"
"vega"
];
};
instances = {
sshd = {
roles.server.tags."all" = { };
roles.server.settings = {
authorizedKeys = {
"berwn" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB/raxJR8gASmquP63weHelbi+da2WBJR1DgzHPNz/f";
"davhau" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk";
"vi" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmgyEGuY/r7SDlJgrzYmQqpcWS5W+fCzRi3OS59ne4W openpgp:0xFF687387";
"kurogeek" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek";
"matthewcroughan" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOJDRQfb1+7VK5tOe8W40iryfBWYRO6Uf1r2viDjmsJtAAAABHNzaDo=";
"matthewcroughan-1" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDgsWq+G/tcr6eUQYT7+sJeBtRmOMabgFiIgIV44XNc6AAAABHNzaDo=";
"matthewcroughan-2" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJMi3TAuwDtIeO4MsORlBZ31HzaV5bji1fFBPcC9/tWuAAAABHNzaDo=";
};
};
};
root-password = {
module = {
name = "users";
input = "clan-core";
};
roles.default.tags."all" = { };
roles.default.settings = {
user = "root";
};
};
tor = {
module = {
name = "tor";
input = "clan-core";
};
roles.server.tags."nixos" = { };
};
w-network = {
module = {
name = "zerotier";
input = "clan-core";
};
roles.controller.machines."sirius" = {
settings.allowedIps = [
#kurogeek
"fdfe:7bf:a795:4524:4c99:932b:d36d:b8cc"
];
};
roles.peer.tags.w = { };
};
glom-network = {
module = {
name = "zerotier";
input = "clan-core";
};
roles.controller.machines."vega" = {
settings.allowedIds = [
"dbe44c0287" # Alex-gateway
"b0e0b84fd3" # Alex
"2bd36db8cc" # kurogeek-thinkpad
];
};
roles.peer.tags.glom = { };
};
b4l-network = {
module = {
name = "zerotier";
input = "clan-core";
};
roles.controller.machines."rigel" = {
settings.allowedIds = [
"dbe44c0287" # Alex-gateway
"b0e0b84fd3" # Alex
"2bd36db8cc" # kurogeek-thinkpad
];
};
roles.peer.tags.b4l = { };
};
poy-network = {
module = {
name = "zerotier";
input = "clan-core";
};
roles.controller.machines."deneb" = {
settings.allowedIps = [
#kurogeek
"fdfe:7bf:a795:4524:4c99:932b:d36d:b8cc"
];
};
roles.peer.tags."poy" = { };
};
yggdrasil-global-network = {
module = {
name = "yggdrasil";
input = "clan-core";
};
roles.default.tags."global-network" = { };
roles.default.settings.extraPeers = [
"tls://ygg.jjolly.dev:3443"
"tls://[2602:fc24:18:7a42::1]:993"
"tcp://leo.node.3dt.net:9002"
"tcp://ygg-kcmo.incognet.io:8883"
];
};
newedge-headscale = {
module = {
name = "headscale";
input = "self";
};
roles.server.machines."alasia".settings = {
public_url = "tailvpn.public.newedge.house";
base_domain = "tailnet.newedge.house";
advertise_routes = [ "10.0.10.0/24" ];
nameservers = [
"10.0.10.82"
"1.1.1.1"
"8.8.8.8"
];
};
};
yggdrasil-phone-network = {
module = {
name = "yggdrasil";
input = "clan-core";
};
roles.default.tags."phonebox" = { };
roles.default.settings.extraPeers = [
"tls://ygg.jjolly.dev:3443"
"tls://[2602:fc24:18:7a42::1]:993"
"tcp://leo.node.3dt.net:9002"
"tcp://ygg-kcmo.incognet.io:8883"
];
};
phonebox = {
module = {
name = "phonebox";
input = "self";
};
roles.default.tags."phonebox" = { };
roles.default.machines."adhil".settings = {
ata-ethernet-iface = "end0";
};
};
pulse-stream = {
module = {
name = "pulse-stream";
input = "self";
};
roles.default.machines.neptune = {
settings.client-ip-ranges = [
"10.0.0.0/24"
];
};
};
jukebox = {
module = {
name = "jukebox";
input = "self";
};
roles.default.machines.neptune = {
settings = {
binds = [ "wlp1s0" ];
disks.m3 = {
uuid = "105D-319E";
mountOptions = [ "utf8" ];
};
};
};
};
git-daemon = {
module = {
name = "git-daemon";
input = "self";
};
roles.default.machines.neptune = {
settings.repositories =
let
defaults = rec {
write-access = [
"10.0.0.0/24"
"200:d7b1:c5d5:ea7:27ad:6837:40f6:404d/128"
];
read-access = write-access;
};
PUBLIC = {
read-access = [
"10.0.0.0/24"
"0200::/7"
];
};
in
builtins.mapAttrs (_: override: defaults // override) {
"9e" = PUBLIC;
archive-dl = { };
barrytown = { };
cleanroom = PUBLIC;
community-memory = { };
eris = { };
ftdi-sd-spi = { };
go-go-gadget = { };
hacking-the-kindle = { };
islands = PUBLIC;
kt = { };
legba = { };
llb = PUBLIC;
llc = PUBLIC;
lora = { };
mute = { };
navi = { };
notmuch-memoryhole = PUBLIC;
pms5003 = { };
thinc = PUBLIC;
toad = { };
yggdrasil-erlang = { };
};
};
};
samba = {
module = {
name = "samba";
input = "self";
};
roles.server.machines."sirius".settings = {
globalUsers = {
w.writePerm = true;
};
sharedFolders = {
WHITEHOUSE = {
allowedGuest = true;
};
};
dataDir = "/mnt/hdd/samba";
};
};
wordpress = {
module = {
name = "wordpress";
input = "self";
};
roles.server.machines."tangra".settings = {
tenants = [
"poyfestival.com"
];
phpfpmOptions = ''
upload_max_filesize=64M
post_max_size=128M
'';
wpExtraConfig = ''
define('WP_MEMORY_LIMIT', '256M');
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);
define('WP_DEBUG_LOG', false);
'';
};
};
prometheus-monitoring = {
module = {
name = "prometheus";
input = "self";
};
roles.server.machines."rigel".settings = { };
roles.server.extraModules = [
(
{ config, ... }:
{
services.matrix-alertmanager = {
enable = true;
homeserverUrl = "https://matrix-client.matrix.org";
matrixUser = "@kuroiris:matrix.org";
matrixRooms = [
{
receivers = [
"matrix"
];
roomId = "!rqIrWqPvsXqMgYpcNZ:matrix.org";
}
];
};
services.prometheus = {
rules = [
(builtins.toJSON {
groups = [
{
name = "default";
rules = [
{
alert = "test";
expr = ''up{instance!~"(nerr-.*|theatnerr-.*)",job!~"lab-.*|snmp-.*"} == 1'';
for = "1m";
annotations.summary = "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.";
}
];
}
];
})
];
alertmanager = {
enable = true;
configuration = {
global = {
resolve_timeout = "5m";
};
route = {
receiver = "matrix";
routes = [
{ receiver = "matrix"; }
];
};
receivers = [
{
name = "uptime-kuma";
webhook_configs = [
{
url = "https://uptime.b4l.co.th/api/push/$${KUMA_TOKEN}?status=up&msg=OK&ping=";
send_resolved = true;
}
];
}
{
name = "matrix";
webhook_configs = [
{
url_file = config.clan.core.vars.generator.prometheus.files.matrix-alertmanager-urlfile.path;
send_resolved = true;
}
];
}
];
};
};
alertmanagers = [
{
scheme = "http";
path_prefix = "/";
static_configs = [ { targets = [ "localhost:9093" ]; } ];
}
];
};
}
)
];
roles.nodes.machines = {
vega.settings = {
exporters.smartctl = { };
};
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink