simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

okarin: Remove

Browse source 
It was too slow to do anything useful with, so I cancelled it. Unless
something dramatically changes, I won’t rent servers from Contabo
anymore.
This commit is contained in:
Simon Bruder 2022-06-01 15:39:02 +02:00
parent 4f20034777
commit 98cd9fee9c
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
12 changed files with 1 additions and 183 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
machines/default.nix
View file

@ -34,11 +34,6 @@ in
hardware.common-pc-ssd hardware.common-pc-ssd
]; ];
}; };
okarin = {
system = "x86_64-linux";
targetHost = "okarin.sbruder.de";
};
renge = { renge = {
system = "x86_64-linux"; system = "x86_64-linux";
extraModules = [ extraModules = [

15
machines/okarin/README.md
View file

@ -1,15 +0,0 @@
# okarin
## Hardware
[Contabo](https://contabo.com) Cloud VPS S (4 vCPU, 8 GB RAM, 400 GB SSD).
At least my machine has an AMD EPYC 7282 as host CPU.
## Purpose
It only handles services that need lots of storage but do not require reliability or performance.
It is scheduled for cancellation on 2022-06-02 due to bad performance.
## Name
Rintaro Okabe is a character from *Steins;Gate*

39
machines/okarin/configuration.nix
View file

@ -1,39 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
../../modules
./services/torrent.nix
];
sbruder = {
nginx.hardening.enable = true;
restic.system = {
enable = true;
extraExcludes = [
"/var/lib/qbittorrent/download"
];
};
wireguard.home.enable = true;
};
networking.hostName = "okarin";
system.stateVersion = "21.11";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

51
machines/okarin/hardware-configuration.nix
View file

@ -1,51 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
kernelModules = [ ];
extraModulePackages = [ ];
kernelParams = [ "ip=dhcp" ];
initrd = {
availableKernelModules = [ "aesni_intel" "ata_piix" "sd_mod" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
kernelModules = [ ];
network.enable = true; # remote unlocking
luks.devices."root".device = "/dev/disk/by-uuid/df2ff903-e531-4a4f-9d05-e35d54255d39";
};
loader.grub.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/11a3adfc-f2a4-456e-9d51-e42f6cddf4f4";
fsType = "btrfs";
options = [ "compress=zstd" "discard" "noatime" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/3fe3bc0e-c947-4770-b070-510db8a0f973";
fsType = "ext2";
};
};
networking = {
useDHCP = false;
usePredictableInterfaceNames = false;
interfaces.eth0 = {
useDHCP = true;
ipv6.addresses = lib.singleton {
address = "2a02:c206:3008:9564::1";
prefixLength = 64;
};
};
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
};
# no smart on qemu disk
services.smartd.enable = false;
}

51
machines/okarin/secrets.yaml
View file

@ -1,51 +0,0 @@
wg-home-private-key: ENC[AES256_GCM,data:UMNY28f8D4VN86s8RqhBbfCgBzLWOmAu1Id7RyIfp1Ta/BvgtfOz70Y3hvs=,iv:ph2O/wBwwThHnNQ5sHIc9ZOC6EXHM3fv4z3esTpJuj0=,tag:pROjuUte4+OZxPlhppceWA==,type:str]
wg-qbittorrent-private-key: ENC[AES256_GCM,data:PIoaHruI5+jnhXx7qaB16Xc7XV9xow2lhQy2/ILVhjwt5G2CN3CpfYQKep4=,iv:ZIoKe0FEwaJD850EUcnqQqC5Jg9FtqNin+1wdN6iQq8=,tag:0YveFfJlhgU0Z3kxrSMSQw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-03-23T16:58:24Z"
mac: ENC[AES256_GCM,data:AU13cxWvqcuUFQI7HGO9TyUZZAIwxd2aGkKxmxjf8ehSozdPxBTE2ZgefuTc3dd71RutIM4MAAnAdVZumsMYFaHAjKm+0JAsP3JLXddavIxkhQOtRg8R65zEGIClrWvz6i8TiZx6Tg/UL0ZcjmmQbH21O+F1b2B4tKFikzngRvw=,iv:STYhrRmfZ//vvagRhsT3+9OuhV634zpFgs2/cD1EYJg=,tag:js/FQct+jcOm8Swvx0B5KA==,type:str]
pgp:
- created_at: "2022-03-03T09:13:41Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAwDgSONkM+d4AQ/+OisrA/o+dIRe6J31UNeeGsByw17y261n53UlYTA3MOVY
TAToQr+tLZ2pqAWW250yppgyel8QBCwhRE9acYpEOhZUrO3G7FamLCnvROBzD9b2
LmblSc7/+qAAZXSB7zXvwZwUQbbKGimtcZrhJiz77szK/9vgSRK/2bTVhS7O17eV
og7Kzznq+RUtBvtGzEm7YTFSJZiRspn1JYfrVWYHs/QyWOxJT2VnroDWLfmVkJce
mbEVRVFJCcGWSHlpkeo43E6pToxgJ7P2ZNDrzGPCVfT4zjpa9Wy0Hru8KntzCN6m
mrR3fZrPskMU4nHBMdbaZUvwDBvMbfzppuRjfaMQHIcD+ANerPheYBFsx+lFan1z
DbdtqWxrKXarJpcCiQFSLp5bH1JQG/U7TXHABRwMrfm22BsHsY87vpCTwdZj3K2p
KfzUA5E3k6d77DDA0hFg8e75UFVEWTC+quNAZQ28znCQZPYKHvnWHdHrk3p0MlGX
qShIsjVxU8c7YRLDqvTYjA5P5W6ETP6rIxeghw+2gEA6HAOPaAEhJAf//KV7xCXI
8tnjY1UDJIcvodDsBOEmoAzXyCgA1FxVM2S9Z8k6S+9llCFe/SGrm44h8Hj5am+L
BOG7e/nCekV4sc27ipsUogIbnYSLCIAEnAxUCg3UDfwL4y4dVOMKGrrVJiUqb8HS
XgHMAij3no5FDg5j2rRrs8uHsF8dSgk3oli+UxHkZqkVdQTouXM7N+c2MKYO4ofA
nzkX14R+I/chdqVANlBCmhFeAL1ILo3hEAtf9rf952Qkn908ZzRG7mqwiWJT2b4=
=AZmD
-----END PGP MESSAGE-----
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
- created_at: "2022-03-03T09:13:41Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQGMA44aajUHzmvYAQv9ETr2vCqQE9ot+CMwOTQNqqvNydknH1k/4at1Y/QM8cGL
yy8eqEIAw9h+hxma+RctajoOMxHiXMH4avbYdT7zXJM1SxG6RgSHibwvaRNXIIZe
vwa0mG/m1Dw0lSRb5rifpgNMXLT3R51m15ZLsCrwQpvRi33UmlDtEvbdsWJ8VBFO
HTBcdKWcGTfzUpA4NPpKZyZYWAzU3mAZtnYPktUTO5C5Z4zU9iiIsWbm586zqFif
0Ih+3oHD8czWo6EX8Ame8r2jN97XMj48LMnhMdmnxmlUV2aZnDvlWO/OVnhY2ulP
9YjOwmNvivdFM6MLrKmFvOhtmYgn6i5QwlPGY34s8c3UkyKs6E+yDqbLqYV6PKsl
/J/Ci4UxsPKj/kP1jdD5Q/CNlYmovujRlFa89SQq9n2tgmui01GL9axqF63A4o1V
Sm04jvwKap+ICH36zCSZFDSMmFVblCMoJslZWTaw1lL0OXwEFS8+/a6AK99whcTS
NLWil2hBpZ+N0HmIblEY0lABgCzNiDPBT1mPAhLMQbcpndKudgmVOk/w63Cd+QsB
uRqxuybbsT2Ak2V+6lMC97xmsW4CHm1Z1RrLbrzEp8wTRmM1/3ypZ5POVspeiX1V
Og==
=8/Ek
-----END PGP MESSAGE-----
fp: 43B4E35299E0D3D0F85143108E1A6A3507CE6BD8
unencrypted_suffix: _unencrypted
version: 3.7.1

BIN
machines/okarin/secrets/wireguard-qbittorrent.nix
View file

Binary file not shown.

6
machines/okarin/services/torrent.nix
View file

@ -1,6 +0,0 @@
{
sbruder.qbittorrent = {
enable = true;
fqdn = "torrent.okarin.sbruder.de";
};
}

2
machines/renge/services/prometheus.nix
View file

@ -63,7 +63,6 @@ in
static_configs = mkStaticTargets [ static_configs = mkStaticTargets [
"fuuko.vpn.sbruder.de:9100" "fuuko.vpn.sbruder.de:9100"
"mayushii.vpn.sbruder.de:9100" "mayushii.vpn.sbruder.de:9100"
"okarin.vpn.sbruder.de:9100"
"renge.vpn.sbruder.de:9100" "renge.vpn.sbruder.de:9100"
"sayuri.vpn.sbruder.de:9100" "sayuri.vpn.sbruder.de:9100"
"vueko.vpn.sbruder.de:9100" "vueko.vpn.sbruder.de:9100"
@ -73,7 +72,6 @@ in
job_name = "qbittorrent"; job_name = "qbittorrent";
static_configs = mkStaticTargets [ static_configs = mkStaticTargets [
"fuuko.vpn.sbruder.de:9561" "fuuko.vpn.sbruder.de:9561"
"okarin.vpn.sbruder.de:9561"
]; ];
relabel_configs = lib.singleton { relabel_configs = lib.singleton {
target_label = "instance"; target_label = "instance";

2
machines/renge/services/sbruder.xyz/index.md
View file

@ -25,7 +25,7 @@ Also note the following service-specific things:
* **Invidious**: There are no backups, so you are responsible for using the data export feature to back up important data. * **Invidious**: There are no backups, so you are responsible for using the data export feature to back up important data.
The VPS providing the services is running NixOS. The VPS providing the services is running NixOS.
The configuration is available [here](https://git.sbruder.de/simon/nixos-config/src/branch/master/machines/okarin). The configuration is available [here](https://git.sbruder.de/simon/nixos-config/src/branch/master/machines/renge).
If you have any questions, please [contact me](https://sbruder.de). If you have any questions, please [contact me](https://sbruder.de).

1
modules/media-proxy.nix
View file

@ -4,7 +4,6 @@ let
services = { services = {
"media" = config.sops.secrets.media-proxy-auth.path; "media" = config.sops.secrets.media-proxy-auth.path;
"torrent" = config.sops.secrets.torrent-proxy-auth.path; "torrent" = config.sops.secrets.torrent-proxy-auth.path;
"torrent.okarin" = config.sops.secrets.torrent-proxy-auth.path;
}; };
in in
{ {

8
modules/ssh.nix
View file

@ -35,14 +35,6 @@
hostNames = [ "mayushii" "mayushii.home.sbruder.de" "maushii.vpn.sbruder.de" ]; hostNames = [ "mayushii" "mayushii.home.sbruder.de" "maushii.vpn.sbruder.de" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKa53rGEQtBYyjGspeS8x2OZFPjLpFgm2C7+lttEKm60"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKa53rGEQtBYyjGspeS8x2OZFPjLpFgm2C7+lttEKm60";
}; };
okarin = {
hostNames = [ "okarin" "okarin.sbruder.de" "okarin.vpn.sbruder.de" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDV8Y+dxMV4UOUER5bVJyubVICBAlR43vx2TVYnz/Fhx";
};
okarin-initrd = {
hostNames = [ "[okarin.sbruder.de]:2222" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWwV9O/otffsXpikFPta0Y6SNXLAzGibsUhO3tYbeYm";
};
renge = { renge = {
hostNames = [ "renge" "renge.sbruder.de" "renge.vpn.sbruder.de" ]; hostNames = [ "renge" "renge.sbruder.de" "renge.vpn.sbruder.de" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObwSrDWwZOkHBzxn9+ftigWN0uUnWrtVaQpPUsYdIB9"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObwSrDWwZOkHBzxn9+ftigWN0uUnWrtVaQpPUsYdIB9";

4
modules/wireguard/home.nix
View file

@ -18,10 +18,6 @@ let
address = "10.80.0.9"; address = "10.80.0.9";
publicKey = "nnLdgywXmDg8HWH6I0G28Z2zb4OmmyFDpnvvEBzKJTg="; publicKey = "nnLdgywXmDg8HWH6I0G28Z2zb4OmmyFDpnvvEBzKJTg=";
}; };
okarin = {
address = "10.80.0.10";
publicKey = "wspALdgkj8Sw+ehNSwHziYE5ZTVyF6rRBKvDHl7moj8=";
};
renge = { renge = {
address = "10.80.0.11"; address = "10.80.0.11";
publicKey = "RlLs/uiWb9qaBU2iDgRag7Q+FFaR7oHI3yOPLZPKgmA="; publicKey = "RlLs/uiWb9qaBU2iDgRag7Q+FFaR7oHI3yOPLZPKgmA=";