From 18b03924ad6264e6a3a86d8c8a014f4e10a700fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Mon, 18 Nov 2024 12:09:30 +0100 Subject: [PATCH] Format and clean dead code in `infra/` (#12) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-on: https://git.fediversity.eu/Fediversity/Fediversity/pulls/12 Co-authored-by: Nicolas “Niols” Jeannerod Co-committed-by: Nicolas “Niols” Jeannerod --- flake.nix | 1 + infra/flake-part.nix | 2 +- infra/vm02179/configuration.nix | 48 ++++++++++++------------ infra/vm02179/gitea-runner.nix | 12 ++++-- infra/vm02179/hardware-configuration.nix | 36 +++++++++++------- infra/vm02186/gitea-runner.nix | 12 +++++- infra/vm02186/hardware-configuration.nix | 36 +++++++++++------- infra/vm02186/procolix-configuration.nix | 25 ++++++------ 8 files changed, 100 insertions(+), 72 deletions(-) diff --git a/flake.nix b/flake.nix index 279345a..7fca607 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,7 @@ inherit (builtins) concatStringsSep; optin = [ "deployment" + "infra" "services" ]; files = "^((" + concatStringsSep "|" optin + ")/.*\\.nix|[^/]*\\.nix)$"; diff --git a/infra/flake-part.nix b/infra/flake-part.nix index 8b628e4..5a08844 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, ... }: { nixops4Deployments.actions-runners = diff --git a/infra/vm02179/configuration.nix b/infra/vm02179/configuration.nix index f3a6b9c..e514c52 100644 --- a/infra/vm02179/configuration.nix +++ b/infra/vm02179/configuration.nix @@ -1,16 +1,15 @@ - # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +{ pkgs, ... }: { # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking = { + networking = { hostName = "vm02179"; domain = "procolix.com"; interfaces = { @@ -41,15 +40,18 @@ address = "2a00:51c0:12:1201::1"; interface = "eth0"; }; - nameservers = [ "95.215.185.6" "95.215.185.7" ]; + nameservers = [ + "95.215.185.6" + "95.215.185.7" + ]; firewall.enable = false; nftables = { enable = true; ruleset = '' #!/usr/sbin/nft -f - + flush ruleset - + ########### define usefull variables here ##################### define wan = eth0 define ssh_allow = { @@ -66,21 +68,21 @@ define nrpe_allow = { 95.215.185.34/32, # nagios2 ipv4 } - + ########### here starts the automated bit ##################### table inet filter { chain input { type filter hook input priority 0; policy drop; - + # established/related connections ct state established,related accept ct state invalid drop - + # Limit ping requests. ip protocol icmp icmp type echo-request limit rate over 10/second burst 50 packets drop ip6 nexthdr icmpv6 icmpv6 type echo-request limit rate over 10/second burst 50 packets drop - + # loopback interface iifname lo accept @@ -88,16 +90,16 @@ ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, source-quench, time-exceeded } accept # Without the nd-* ones ipv6 will not work. ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert, packet-too-big, parameter-problem, time-exceeded } accept - + # open tcp ports: sshd (22) tcp dport {ssh} accept - + # open tcp ports: snmp (161) ip saddr $snmp_allow udp dport {snmp} accept - + # open tcp ports: nrpe (5666) ip saddr $nrpe_allow tcp dport {nrpe} accept - + # open tcp ports: http (80,443) tcp dport {http,https} accept } @@ -108,7 +110,7 @@ type filter hook output priority 0; } } - + table ip nat { chain postrouting { } @@ -119,7 +121,6 @@ }; }; - # Set your time zone. time.timeZone = "Europe/Amsterdam"; @@ -140,11 +141,10 @@ extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. hashedPassword = "$y$j9T$UH8Dh/poTCCZ3PXk43au6/$iYen8VUEVvv7SIPqteNtTPKktLxny3TbqvjUwhvi.6B"; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAotfCIjLoDlHOe+++kVS1xiBPaS8mC5FypgrxDrDVst6SHxMTca2+IScMajzUZajenvNAoZOwIsyAPacT8OHeyFvV5Y7G874Qa+cZVqJxLht9gdXxr1GNabU3RfhhCh272dUeIKIqfgsRsM2HzdnZCMDavS1Yo+f+RhhHhnJIua+NdVFo21vPrpsz+Cd0M1NhojARLajrTHvEXW0KskUnkbfgxT0vL9jeRZxdgMS+a9ZoR5dbzOxQHWfbP8N04Xc+7CweMlvKwlWuAE/xDb5XLNHorfGWFvZuVhptJN8jPaaVS25wsmsF5IbaAuSZfzCtBdFQhIloUhy0L6ZisubHjQ== procolix@sshnode1" - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuT3C0f3nyQ7SwUvXcFmEYEgwL+crY6iK0Bhoi9yfn4soz3fhfMKyKSwc/0RIlRnrz3xnkyJiV0vFeU7AC1ixbGCS3T9uc0G1x0Yedd9n2yR8ZJmkdyfjZ5KE4YvqZ3f6UZn5Mtj+7tGmyp+ee+clLSHzsqeyDiX0FIgFmqiiAVJD6qeKPFAHeWz9b2MOXIBIw+fSLOpx0rosCgesOmPc8lgFvo+dMKpSlPkCuGLBPj2ObT4sLjc98NC5z8sNJMu3o5bMbiCDR9JWgx9nKj+NlALwk3Y/nzHSL/DNcnP5vz2zbX2CBKjx6ju0IXh6YKlJJVyMsH9QjwYkgDQVmy8amQ== procolix@sshnode2" - ]; - packages = with pkgs; [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAotfCIjLoDlHOe+++kVS1xiBPaS8mC5FypgrxDrDVst6SHxMTca2+IScMajzUZajenvNAoZOwIsyAPacT8OHeyFvV5Y7G874Qa+cZVqJxLht9gdXxr1GNabU3RfhhCh272dUeIKIqfgsRsM2HzdnZCMDavS1Yo+f+RhhHhnJIua+NdVFo21vPrpsz+Cd0M1NhojARLajrTHvEXW0KskUnkbfgxT0vL9jeRZxdgMS+a9ZoR5dbzOxQHWfbP8N04Xc+7CweMlvKwlWuAE/xDb5XLNHorfGWFvZuVhptJN8jPaaVS25wsmsF5IbaAuSZfzCtBdFQhIloUhy0L6ZisubHjQ== procolix@sshnode1" + "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuT3C0f3nyQ7SwUvXcFmEYEgwL+crY6iK0Bhoi9yfn4soz3fhfMKyKSwc/0RIlRnrz3xnkyJiV0vFeU7AC1ixbGCS3T9uc0G1x0Yedd9n2yR8ZJmkdyfjZ5KE4YvqZ3f6UZn5Mtj+7tGmyp+ee+clLSHzsqeyDiX0FIgFmqiiAVJD6qeKPFAHeWz9b2MOXIBIw+fSLOpx0rosCgesOmPc8lgFvo+dMKpSlPkCuGLBPj2ObT4sLjc98NC5z8sNJMu3o5bMbiCDR9JWgx9nKj+NlALwk3Y/nzHSL/DNcnP5vz2zbX2CBKjx6ju0IXh6YKlJJVyMsH9QjwYkgDQVmy8amQ== procolix@sshnode2" ]; + packages = with pkgs; [ ]; }; users.users.niols = { @@ -152,11 +152,10 @@ extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. hashedPassword = "$y$j9T$zZZ/XQ68cGr6GTIQqSnsh/$I9UEl9JLxq8kWZbVOp.WqUxfcNmrSVMBGSwGalIJ/Z/"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkQXv/VRZLfV0wNN9PHedmKWyAIfpPUCdaznHZNIDkS niols@orianne/fediversity" - ]; - packages = with pkgs; [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkQXv/VRZLfV0wNN9PHedmKWyAIfpPUCdaznHZNIDkS niols@orianne/fediversity" ]; + packages = with pkgs; [ ]; }; nix = { @@ -197,4 +196,3 @@ system.stateVersion = "24.05"; # Did you read the comment? } - diff --git a/infra/vm02179/gitea-runner.nix b/infra/vm02179/gitea-runner.nix index b0c2d54..b471bd4 100644 --- a/infra/vm02179/gitea-runner.nix +++ b/infra/vm02179/gitea-runner.nix @@ -1,6 +1,7 @@ -{ pkgs, config, ... }: { +{ pkgs, ... }: +{ - virtualisation.docker.enable = true; + virtualisation.docker.enable = true; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; @@ -14,7 +15,12 @@ "docker:docker://node:16-bullseye" "native:host" ]; - hostPackages = with pkgs; [ bash git nix nodejs ]; + hostPackages = with pkgs; [ + bash + git + nix + nodejs + ]; settings = { log.level = "info"; runner = { diff --git a/infra/vm02179/hardware-configuration.nix b/infra/vm02179/hardware-configuration.nix index 94f68e1..87f1d3d 100644 --- a/infra/vm02179/hardware-configuration.nix +++ b/infra/vm02179/hardware-configuration.nix @@ -1,28 +1,36 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ lib, modulesPath, ... }: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/D9F4-9BF0"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D9F4-9BF0"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; swapDevices = [ ]; diff --git a/infra/vm02186/gitea-runner.nix b/infra/vm02186/gitea-runner.nix index ddfb335..58434b7 100644 --- a/infra/vm02186/gitea-runner.nix +++ b/infra/vm02186/gitea-runner.nix @@ -25,8 +25,16 @@ ## This runner supports Docker (with a default Ubuntu image) and native ## modes. In native mode, it contains a few default packages. - labels = ["docker:docker://node:16-bullseye" "native:host"]; - hostPackages = with pkgs; [ bash git nix nodejs ]; + labels = [ + "docker:docker://node:16-bullseye" + "native:host" + ]; + hostPackages = with pkgs; [ + bash + git + nix + nodejs + ]; }; }; diff --git a/infra/vm02186/hardware-configuration.nix b/infra/vm02186/hardware-configuration.nix index 08ef493..dcbe942 100644 --- a/infra/vm02186/hardware-configuration.nix +++ b/infra/vm02186/hardware-configuration.nix @@ -1,28 +1,36 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ lib, modulesPath, ... }: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/B4D5-3AF9"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/B4D5-3AF9"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; swapDevices = [ ]; diff --git a/infra/vm02186/procolix-configuration.nix b/infra/vm02186/procolix-configuration.nix index a1be544..44412f7 100644 --- a/infra/vm02186/procolix-configuration.nix +++ b/infra/vm02186/procolix-configuration.nix @@ -36,7 +36,10 @@ address = "2a00:51c0:12:1201::1"; interface = "eth0"; }; - nameservers = [ "95.215.185.6" "95.215.185.7" ]; + nameservers = [ + "95.215.185.6" + "95.215.185.7" + ]; firewall.enable = false; nftables = { enable = true; @@ -114,7 +117,6 @@ }; }; - # Set your time zone. time.timeZone = "Europe/Amsterdam"; @@ -135,32 +137,29 @@ extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. hashedPassword = "$y$j9T$UH8Dh/poTCCZ3PXk43au6/$iYen8VUEVvv7SIPqteNtTPKktLxny3TbqvjUwhvi.6B"; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAotfCIjLoDlHOe+++kVS1xiBPaS8mC5FypgrxDrDVst6SHxMTca2+IScMajzUZajenvNAoZOwIsyAPacT8OHeyFvV5Y7G874Qa+cZVqJxLht9gdXxr1GNabU3RfhhCh272dUeIKIqfgsRsM2HzdnZCMDavS1Yo+f+RhhHhnJIua+NdVFo21vPrpsz+Cd0M1NhojARLajrTHvEXW0KskUnkbfgxT0vL9jeRZxdgMS+a9ZoR5dbzOxQHWfbP8N04Xc+7CweMlvKwlWuAE/xDb5XLNHorfGWFvZuVhptJN8jPaaVS25wsmsF5IbaAuSZfzCtBdFQhIloUhy0L6ZisubHjQ== procolix@sshnode1" - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuT3C0f3nyQ7SwUvXcFmEYEgwL+crY6iK0Bhoi9yfn4soz3fhfMKyKSwc/0RIlRnrz3xnkyJiV0vFeU7AC1ixbGCS3T9uc0G1x0Yedd9n2yR8ZJmkdyfjZ5KE4YvqZ3f6UZn5Mtj+7tGmyp+ee+clLSHzsqeyDiX0FIgFmqiiAVJD6qeKPFAHeWz9b2MOXIBIw+fSLOpx0rosCgesOmPc8lgFvo+dMKpSlPkCuGLBPj2ObT4sLjc98NC5z8sNJMu3o5bMbiCDR9JWgx9nKj+NlALwk3Y/nzHSL/DNcnP5vz2zbX2CBKjx6ju0IXh6YKlJJVyMsH9QjwYkgDQVmy8amQ== procolix@sshnode2" - ]; - packages = with pkgs; [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAotfCIjLoDlHOe+++kVS1xiBPaS8mC5FypgrxDrDVst6SHxMTca2+IScMajzUZajenvNAoZOwIsyAPacT8OHeyFvV5Y7G874Qa+cZVqJxLht9gdXxr1GNabU3RfhhCh272dUeIKIqfgsRsM2HzdnZCMDavS1Yo+f+RhhHhnJIua+NdVFo21vPrpsz+Cd0M1NhojARLajrTHvEXW0KskUnkbfgxT0vL9jeRZxdgMS+a9ZoR5dbzOxQHWfbP8N04Xc+7CweMlvKwlWuAE/xDb5XLNHorfGWFvZuVhptJN8jPaaVS25wsmsF5IbaAuSZfzCtBdFQhIloUhy0L6ZisubHjQ== procolix@sshnode1" + "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuT3C0f3nyQ7SwUvXcFmEYEgwL+crY6iK0Bhoi9yfn4soz3fhfMKyKSwc/0RIlRnrz3xnkyJiV0vFeU7AC1ixbGCS3T9uc0G1x0Yedd9n2yR8ZJmkdyfjZ5KE4YvqZ3f6UZn5Mtj+7tGmyp+ee+clLSHzsqeyDiX0FIgFmqiiAVJD6qeKPFAHeWz9b2MOXIBIw+fSLOpx0rosCgesOmPc8lgFvo+dMKpSlPkCuGLBPj2ObT4sLjc98NC5z8sNJMu3o5bMbiCDR9JWgx9nKj+NlALwk3Y/nzHSL/DNcnP5vz2zbX2CBKjx6ju0IXh6YKlJJVyMsH9QjwYkgDQVmy8amQ== procolix@sshnode2" ]; + packages = with pkgs; [ ]; }; users.users.niols = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkQXv/VRZLfV0wNN9PHedmKWyAIfpPUCdaznHZNIDkS niols@orianne/fediversity" - ]; - packages = with pkgs; [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkQXv/VRZLfV0wNN9PHedmKWyAIfpPUCdaznHZNIDkS niols@orianne/fediversity" ]; + packages = with pkgs; [ ]; }; users.users.valentin = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJzgwAYAoMexc1fBJxU08YmsiU9T4Ua8QFeE4/kZNZ5" - ]; - packages = with pkgs; [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJzgwAYAoMexc1fBJxU08YmsiU9T4Ua8QFeE4/kZNZ5" ]; + packages = with pkgs; [ ]; }; # List packages installed in system profile. To search, run: