Compare commits
5 Commits
f2bc058e20
...
06615390aa
Author | SHA1 | Date |
---|---|---|
josiah | 06615390aa | 9 months ago |
josiah | 21a30eabd1 | 9 months ago |
josiah | e253cf9898 | 9 months ago |
josiah | 9d7ba14fdb | 9 months ago |
josiah | 65fc8af6d8 | 9 months ago |
@ -1,59 +0,0 @@
|
|||||||
---
|
|
||||||
- name: cloud wg config
|
|
||||||
hosts: vpn
|
|
||||||
gather_facts: no
|
|
||||||
tasks:
|
|
||||||
- debug: msg="Deploying wg to cloud server"
|
|
||||||
roles:
|
|
||||||
- { name: wg_vpn, tags: ['wg_vpn'] }
|
|
||||||
|
|
||||||
- name: deploy the awful stack
|
|
||||||
gather_facts: no
|
|
||||||
hosts: dockerhosts
|
|
||||||
tasks:
|
|
||||||
- debug: msg="Deploying awful stack to cloud server"
|
|
||||||
roles:
|
|
||||||
- { name: awfulAll, tags: ['awfulAll'] }
|
|
||||||
|
|
||||||
|
|
||||||
- name: Configure home-net base packages
|
|
||||||
hosts: hatchery.home.jowj.net
|
|
||||||
gather_facts: no
|
|
||||||
roles:
|
|
||||||
- { name: home-net, tags: ['base'] }
|
|
||||||
|
|
||||||
|
|
||||||
- name: Deploy mediaserver
|
|
||||||
hosts: mediaserver
|
|
||||||
gather_facts: no
|
|
||||||
roles:
|
|
||||||
- { name: mediaserver, tags: ['mediaserver'] }
|
|
||||||
|
|
||||||
|
|
||||||
- name: Deploy gitea
|
|
||||||
hosts: dockerhosts
|
|
||||||
gather_facts: no
|
|
||||||
roles:
|
|
||||||
- { name: gitea, tags: ['gitea'] }
|
|
||||||
|
|
||||||
- name: Deploy nextcloud
|
|
||||||
hosts: dockerhosts
|
|
||||||
gather_facts: no
|
|
||||||
roles:
|
|
||||||
- { name: nextcloud, tags: ['nextcloud'] }
|
|
||||||
|
|
||||||
- name: deploy the dev stack
|
|
||||||
gather_facts: no
|
|
||||||
hosts: dockerhosts
|
|
||||||
tasks:
|
|
||||||
- debug: msg="Deploying awful stack to cloud server"
|
|
||||||
roles:
|
|
||||||
- { name: test, tags: ['test'] }
|
|
||||||
|
|
||||||
- name: deploy syslog server
|
|
||||||
gather_facts: no
|
|
||||||
hosts: syslog
|
|
||||||
tasks:
|
|
||||||
- debug: msg="Deploy syslog server to larva."
|
|
||||||
roles:
|
|
||||||
- { name: syslog, tags: ['syslog'] }
|
|
@ -0,0 +1,60 @@
|
|||||||
|
---
|
||||||
|
# Configure the baseline I want on every debian box
|
||||||
|
|
||||||
|
|
||||||
|
# Configure apt
|
||||||
|
- name: Install aptitude using apt
|
||||||
|
apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
|
||||||
|
|
||||||
|
# Add custom packages to apt.
|
||||||
|
- name: Add tailscale GPG apt Key
|
||||||
|
apt_key:
|
||||||
|
url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add tailscsale Repository
|
||||||
|
apt_repository:
|
||||||
|
repo: deb https://pkgs.tailscale.com/stable/debian bullseye main
|
||||||
|
state: present
|
||||||
|
|
||||||
|
# Add our packages
|
||||||
|
- name: Install required system packages
|
||||||
|
apt: name={{ sys_packages }} state=latest
|
||||||
|
|
||||||
|
# Configure sudo
|
||||||
|
- name: Make sure we have a 'sudo' group
|
||||||
|
group:
|
||||||
|
name: sudo
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Allow sudo group to have passwordless sudo
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: '^%sudo'
|
||||||
|
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
||||||
|
validate: '/usr/sbin/visudo -cf %s'
|
||||||
|
|
||||||
|
# loop here??
|
||||||
|
- name: Create a new regular user with sudo privileges
|
||||||
|
user:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
groups: sudo
|
||||||
|
append: true
|
||||||
|
create_home: true
|
||||||
|
shell: /bin/bash
|
||||||
|
loop: "{{ create_users }}"
|
||||||
|
|
||||||
|
# loop here
|
||||||
|
- name: Set authorized key for remote user
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
key: "{{ copy_local_key }}"
|
||||||
|
loop: "{{ create_users }}"
|
||||||
|
|
||||||
|
- name: Restart sshd
|
||||||
|
service:
|
||||||
|
name: sshd.service
|
||||||
|
state: restarted
|
@ -0,0 +1,3 @@
|
|||||||
|
create_users: ['josiah', 'alice']
|
||||||
|
copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"
|
||||||
|
sys_packages: [ 'sudo', 'tailscale' ]
|
@ -0,0 +1,13 @@
|
|||||||
|
* nix configurations
|
||||||
|
This folder tracks any nix configuration required. In the past I've experimented with using things like ~deploy-rs~ and ~morph~ for managing nix hosts, but unfortunately nix state of the art is just trash from a UX perspective. I don't recommend any of these things. Instead, I'm moving to naked configuration of a single ~configuration.nix~ file for the immediate future.
|
||||||
|
|
||||||
|
** How this works
|
||||||
|
|
||||||
|
There is a single folder per host currently in use. Each folder contains about 2 files, ~configuration.nix~ and ~hardware-configuration.nix~. Any changes made to a hosts configuration should go in the appropriate configuration file, saved, and committed. To use the latest version of a file, invoke ~rebuild switch~ with additional arguments, like:
|
||||||
|
|
||||||
|
~nixos-rebuild -I nixos-config=path/to/your/configuration.nix~
|
||||||
|
|
||||||
|
In our case, to rebuild the local ~hoyden~ configuration, we would run something like:
|
||||||
|
|
||||||
|
~nixos-rebuild -I nixos-config=~/Documents/projects/adc/nix-configs/hosts/hoyden/configuration.nix switch~
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
# common/default.nix
|
|
||||||
|
|
||||||
# inputs to this NixOS module. We don't use any here
|
|
||||||
# so we can ignore them all.
|
|
||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
# User account definitions
|
|
||||||
./users
|
|
||||||
];
|
|
||||||
|
|
||||||
# clean /tmp on boot.
|
|
||||||
boot.cleanTmpDir = true;
|
|
||||||
# Allow any admin to build packages, not just root.
|
|
||||||
## if you don't set this then your sshUser MUST BE ROOT, or you'll get untrusted sig errors.
|
|
||||||
nix.settings.trusted-users = [ "@wheel" ];
|
|
||||||
|
|
||||||
# Automatically optimize the Nix store to save space
|
|
||||||
# by hard-linking identical files together. These savings
|
|
||||||
# add up.
|
|
||||||
#nix.settings.autoOptimiseStore = true;
|
|
||||||
|
|
||||||
# Limit the systemd journal to 100 MB of disk or the
|
|
||||||
# last 7 days of logs, whichever happens first.
|
|
||||||
services.journald.extraConfig = ''
|
|
||||||
SystemMaxUse=100M
|
|
||||||
MaxFileSec=7day
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Use systemd-resolved for DNS lookups, but disable
|
|
||||||
# its dnssec support because it is kinda broken in
|
|
||||||
# surprising ways.
|
|
||||||
|
|
||||||
# Who is surprised that dnssec is broken? no one.
|
|
||||||
# services.resolved = {
|
|
||||||
# enable = true;
|
|
||||||
# dnssec = "false";
|
|
||||||
# };
|
|
||||||
}
|
|
@ -1,21 +0,0 @@
|
|||||||
# common/users/default.nix
|
|
||||||
|
|
||||||
# Inputs to this NixOS module, in this case we are
|
|
||||||
# using `pkgs` so I can configure my favorite shell fish
|
|
||||||
# and `config` so we can make my SSH key also work with
|
|
||||||
# the root user.
|
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
# The block that specifies my user account.
|
|
||||||
users.users.josiah = {
|
|
||||||
isNormalUser = true;
|
|
||||||
shell = pkgs.bash;
|
|
||||||
|
|
||||||
# My SSH keys.
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
# Replace this with your SSH key!
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,95 +0,0 @@
|
|||||||
{
|
|
||||||
"nodes": {
|
|
||||||
"deploy-rs": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-compat": "flake-compat",
|
|
||||||
"nixpkgs": "nixpkgs",
|
|
||||||
"utils": "utils"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1674127017,
|
|
||||||
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
|
|
||||||
"owner": "serokell",
|
|
||||||
"repo": "deploy-rs",
|
|
||||||
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "serokell",
|
|
||||||
"repo": "deploy-rs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1668681692,
|
|
||||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1671417167,
|
|
||||||
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixpkgs-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1672580127,
|
|
||||||
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "0874168639713f547c05947c76124f78441ea46c",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-22.05",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
|
||||||
"inputs": {
|
|
||||||
"deploy-rs": "deploy-rs",
|
|
||||||
"nixpkgs": "nixpkgs_2"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"utils": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1667395993,
|
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": "root",
|
|
||||||
"version": 7
|
|
||||||
}
|
|
@ -1,117 +0,0 @@
|
|||||||
{
|
|
||||||
description = "Test deployment for my server cluster";
|
|
||||||
|
|
||||||
inputs = {
|
|
||||||
nixpkgs.url =
|
|
||||||
"github:nixos/nixpkgs/nixos-22.05"; # change this to your desired NixOS version
|
|
||||||
# For accessing `deploy-rs`'s utility Nix functions
|
|
||||||
deploy-rs.url = "github:serokell/deploy-rs";
|
|
||||||
};
|
|
||||||
|
|
||||||
outputs = { self, nixpkgs, deploy-rs }: {
|
|
||||||
nixosConfigurations.seraph = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
modules = [
|
|
||||||
../hosts/seraph/configuration.nix
|
|
||||||
../common/default.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
nixosConfigurations.demiurge = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
modules = [
|
|
||||||
../hosts/demiurge/configuration.nix
|
|
||||||
../common/default.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
nixosConfigurations.exgod = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
modules = [
|
|
||||||
../hosts/exgod/configuration.nix
|
|
||||||
../common/default.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
nixosConfigurations.hoyden = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
modules = [
|
|
||||||
../hosts/hoyden/configuration.nix
|
|
||||||
../common/default.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
deploy.nodes.hoyden = {
|
|
||||||
hostname = "hoyden";
|
|
||||||
user = "root";
|
|
||||||
sshUser = "josiah";
|
|
||||||
# magicRollback = false;
|
|
||||||
remoteBuild = false;
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
||||||
self.nixosConfigurations.hoyden;
|
|
||||||
|
|
||||||
# This forces ssh to connect over IPv4.
|
|
||||||
sshOpts = [ "-4" ];
|
|
||||||
|
|
||||||
profiles.system = {
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
||||||
self.nixosConfigurations.hoyden;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
deploy.nodes.seraph = {
|
|
||||||
hostname = "seraph";
|
|
||||||
user = "root";
|
|
||||||
sshUser = "alice";
|
|
||||||
# magicRollback = false;
|
|
||||||
remoteBuild = false;
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
||||||
self.nixosConfigurations.seraph;
|
|
||||||
|
|
||||||
# This forces ssh to connect over IPv4.
|
|
||||||
sshOpts = [ "-4" ];
|
|
||||||
|
|
||||||
profiles.system = {
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
||||||
self.nixosConfigurations.seraph;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
deploy.nodes.demiurge = {
|
|
||||||
hostname = "demiurge";
|
|
||||||
user = "root";
|
|
||||||
sshUser = "alice";
|
|
||||||
# magicRollback = false;
|
|
||||||
remoteBuild = false;
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
||||||
self.nixosConfigurations.demiurge;
|
|
||||||
|
|
||||||
# This forces ssh to connect over IPv4.
|
|
||||||
sshOpts = [ "-4" ];
|
|
||||||
|
|
||||||
profiles.system = {
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
||||||
self.nixosConfigurations.demiurge;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
deploy.nodes.exgod = {
|
|
||||||
hostname = "exgod";
|
|
||||||
user = "root";
|
|
||||||
sshUser = "alice";
|
|
||||||
# magicRollback = false;
|
|
||||||
remoteBuild = false;
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
||||||
self.nixosConfigurations.exgod;
|
|
||||||
|
|
||||||
# This forces ssh to connect over IPv4.
|
|
||||||
sshOpts = [ "-4" ];
|
|
||||||
|
|
||||||
profiles.system = {
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
||||||
self.nixosConfigurations.exgod;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# This is highly advised, and will prevent many possible mistakes
|
|
||||||
checks =
|
|
||||||
builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy)
|
|
||||||
deploy-rs.lib;
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,25 +0,0 @@
|
|||||||
{
|
|
||||||
description = "Hoyden's Flake";
|
|
||||||
|
|
||||||
inputs = {
|
|
||||||
nixpkgs.url =
|
|
||||||
"github:nixos/nixpkgs/nixos-22.05"; # change this to your desired NixOS version
|
|
||||||
# For accessing `deploy-rs`'s utility Nix functions
|
|
||||||
deploy-rs.url = "github:serokell/deploy-rs";
|
|
||||||
unstableTarball = fetchTarball
|
|
||||||
"https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
|
|
||||||
};
|
|
||||||
|
|
||||||
outputs = { self, nixpkgs, unstableTarball }@attrs: {
|
|
||||||
nixosConfigurations.hoyden = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
specialArgs = attrs;
|
|
||||||
modules = [ ./configuration.nix ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1 +0,0 @@
|
|||||||
/nix/store/lwyi13rbiw9afcjps9fyiarjfkjkqq12-morph
|
|
@ -1 +0,0 @@
|
|||||||
hoyden:mzRpcmjuqPqre3Si990zXvAeD9xwqRJMezGsxdXV2vTayggi7ycd8bhQlPQGg3u2YhjbaztvTo1bogdeAlI/bg==
|
|
@ -1 +0,0 @@
|
|||||||
hoyden:2soIIu8nHfG4UJT0BoN7tmIY22s7b06NW6IHXgJSP24=
|
|
@ -1,40 +0,0 @@
|
|||||||
# ops/home/network.nix
|
|
||||||
|
|
||||||
{
|
|
||||||
# Configuration for the network in general.
|
|
||||||
network = { description = "home.jowj.net cluster definition"; };
|
|
||||||
|
|
||||||
# This specifies the configuration for
|
|
||||||
# `seraph` as a NixOS module.
|
|
||||||
|
|
||||||
# "seraph" = { config, pkgs, lib, ... }: {
|
|
||||||
# deployment.targetUser = "alice";
|
|
||||||
# deployment.targetHost = "seraph";
|
|
||||||
|
|
||||||
# # Import seraph configuration.nix
|
|
||||||
# imports = [
|
|
||||||
# ../../hosts/seraph/configuration.nix
|
|
||||||
# ../../common ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
"exgod" = { config, pkgs, lib, ... }: {
|
|
||||||
deployment.targetUser = "alice";
|
|
||||||
deployment.targetHost = "exgod";
|
|
||||||
|
|
||||||
# Import exgod configuration.nix
|
|
||||||
imports = [
|
|
||||||
../../hosts/exgod/configuration.nix
|
|
||||||
../../common ];
|
|
||||||
};
|
|
||||||
|
|
||||||
"hoyden" = { config, pkgs, lib, ... }: {
|
|
||||||
deployment.targetUser = "alice";
|
|
||||||
deployment.targetHost = "hoyden";
|
|
||||||
|
|
||||||
# Import seraph configuration.nix
|
|
||||||
imports = [
|
|
||||||
../../hosts/hoyden/configuration.nix
|
|
||||||
../../common ];
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
@ -1,22 +0,0 @@
|
|||||||
#!/usr/bin/env nix-shell
|
|
||||||
|
|
||||||
# Specify the packages we are using in this
|
|
||||||
# script as well as the fact that we are running it
|
|
||||||
# in bash.
|
|
||||||
#! nix-shell -p morph -i bash
|
|
||||||
|
|
||||||
# Explode on any error.
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Build the system configurations for every
|
|
||||||
# machine in this network and register them as
|
|
||||||
# garbage collector roots so `nix-collect-garbage`
|
|
||||||
# doesn't sweep them away.
|
|
||||||
morph build --keep-result ~/Documents/projects/adc/nixos-configs/ops/home/network.nix
|
|
||||||
|
|
||||||
# Push the config to the hosts.
|
|
||||||
morph push ~/Documents/projects/adc/nixos-configs/ops/home/network.nix
|
|
||||||
|
|
||||||
# Activate the NixOS configuration on the
|
|
||||||
# network.
|
|
||||||
morph deploy ~/Documents/projects/adc/nixos-configs/ops/home/network.nix test
|
|
@ -1,40 +0,0 @@
|
|||||||
let
|
|
||||||
pkgs = import (import ../nixpkgs.nix) {};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
network = {
|
|
||||||
inherit pkgs;
|
|
||||||
description = "simple hosts";
|
|
||||||
ordering = {
|
|
||||||
tags = [ "db" "web" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"web01" = { config, pkgs, ... }: {
|
|
||||||
deployment.tags = [ "web" ];
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
services.nginx.enable = true;
|
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
"/" = { label = "nixos"; fsType = "ext4"; };
|
|
||||||
"/boot" = { label = "boot"; fsType = "vfat"; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"db01" = { config, pkgs, ... }: {
|
|
||||||
deployment.tags = [ "db" ];
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
services.postgresql.enable = true;
|
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
"/" = { label = "nixos"; fsType = "ext4"; };
|
|
||||||
"/boot" = { label = "boot"; fsType = "vfat"; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in new issue