move nixos-vps to another machine

2024-07-17 12:56:22 +03:00 · 2024-07-17 12:56:22 +03:00 · 5f281c4c89
commit 5f281c4c89
parent eefe6c54b7
7 changed files with 30 additions and 22 deletions
--- a/flake.nix
+++ b/flake.nix
@ -161,7 +161,9 @@
            # "zen-kernels.patch"
            "fix-args-override.patch"
          ];
-          stable-patches = shared-patches ++ patchesPath [ "netbird-24.05.patch" "vaultwarden-24.05.patch" ];
+          stable-patches = shared-patches ++ patchesPath [
+            "netbird-24.05.patch" "vaultwarden-24.05.patch"
+          ];
        in {
          customModules = builtins.listToAttrs (findModules ./modules);
          customProfiles = builtins.listToAttrs (findModules ./profiles);
@ -201,7 +203,7 @@
            in builtins.mapAttrs mkDeploy {
              Home-Hypervisor = { hostname = "192.168.0.10"; };
              Dell-Laptop = { hostname = "192.168.0.101"; };
-              NixOS-VPS = { hostname = "83.138.55.118"; };
+              NixOS-VPS = { hostname = "45.135.180.193"; };
            }
          );

--- a/machines/NixOS-VPS/default.nix
+++ b/machines/NixOS-VPS/default.nix
@ -80,7 +80,7 @@
  boot = {
    supportedFilesystems = [ "vfat" "btrfs" ];
    kernelModules = [
-      "kvm-amd" "tcp_bbr" "veth"
+      "kvm-intel" "tcp_bbr" "veth"
      # podman
      "nft_chain_nat" "xt_addrtype" "xt_comment" "xt_mark" "xt_MASQUERADE"
    ];
@ -169,7 +169,7 @@
    "en_US.UTF-8/UTF-8"
    "ru_RU.UTF-8/UTF-8"
  ];
-  time.timeZone = "Europe/Vienna";
+  time.timeZone = "Etc/UTC";
  environment.sessionVariables = {
    XKB_DEFAULT_LAYOUT = "us,ru";
    XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";
--- a/machines/NixOS-VPS/disk-config.nix
+++ b/machines/NixOS-VPS/disk-config.nix
@ -22,7 +22,7 @@
        };
        swap = {
          name = "swap";
-          size = "4G";
+          size = "2G";
          content = {
            type = "swap";
            randomEncryption = true;
--- a/machines/NixOS-VPS/hardware/networks.nix
+++ b/machines/NixOS-VPS/hardware/networks.nix
@ -1,23 +1,24 @@
 rec {
  privateIPv6Prefix = "fd3a:900e:8e74:ffff";
  domain = "wg.ataraxiadev.com";
+  hasIPv6 = false;

  interfaces = {
      # This is the public-facing interface. Any interface name with a prime
      # symbol means it's a public-facing interface.
      main' = {
-        mac = "72:df:16:d2:1b:d7";
+        mac = "bc:24:11:79:81:d7";
        bridgeName = "br0";
        ifname = "enp0s18";
        IPv4 = {
-          address = "83.138.55.118/26";
-          gateway = "83.138.55.65";
-          dns = [ "46.102.157.27" "46.102.157.42" ];
+          address = "45.135.180.193/32";
+          gateway = "45.135.180.1";
+          dns = [ "9.9.9.9" "149.112.112.112" ];
        };
        IPv6 = {
-          address = "2a0d:f302:109:3487::1/48";
-          gateway = "2a0d:f302:109::1";
-          dns = [ "2a0d:f302:99::99" "2a0d:f302:100::100" ];
+          address = "";
+          gateway = "";
+          dns = [ ];
        };
      };

--- a/machines/NixOS-VPS/network.nix
+++ b/machines/NixOS-VPS/network.nix
@ -1,11 +1,11 @@
-{ config, ... }:
+{ config, lib, ... }:
 let
-  inherit (import ./hardware/networks.nix) interfaces domain;
+  inherit (import ./hardware/networks.nix) interfaces domain hasIPv6;
 in {
  services.resolved.enable = true;
  networking = {
-    enableIPv6 = true;
-    usePredictableInterfaceNames = true;
+    enableIPv6 = lib.mkForce hasIPv6;
+    usePredictableInterfaceNames = lib.mkForce true;
    useDHCP = false;
    dhcpcd.enable = false;
    nftables.enable = false; # incompatible with tailscale and docker
@ -27,8 +27,9 @@ in {
        matchConfig.Name = bridgeName;
        address = [
          IPv4.address
-          IPv6.address
          "192.168.0.1/24"
+        ] ++ lib.optionals hasIPv6 [
+          IPv6.address
          "fc00::1/64"
        ];
        linkConfig.RequiredForOnline = "routable";
@ -36,12 +37,12 @@ in {
          DHCPServer = true;
          IPForward = true;
          # IPv6PrivacyExtensions = "kernel";
-          DNS = IPv4.dns ++ IPv6.dns;
+          DNS = IPv4.dns ++ lib.optionals hasIPv6 IPv6.dns;
        };
        routes = [{
          routeConfig.Gateway = IPv4.gateway;
          routeConfig.GatewayOnLink = true;
-        } {
+        }] ++ lib.optionals hasIPv6 [{
          routeConfig.Gateway = IPv6.gateway;
          routeConfig.GatewayOnLink = true;
        }];
--- a/machines/NixOS-VPS/services/dns.nix
+++ b/machines/NixOS-VPS/services/dns.nix
@ -6,6 +6,9 @@ let
  brIfname = interfaces.main'.bridgeName;
  tailscaleIfname = config.services.tailscale.interfaceName;
 in {
+  networking.extraHosts = ''
+    192.0.46.9 www.internic.net
+  '';
  # For debugging purposes
  environment.systemPackages = with pkgs; [ tcpdump dnsutils ];
  services.resolved.extraConfig = ''
@ -113,7 +116,7 @@ in {
      ${pkgs.wget}/bin/wget -O ${config.services.unbound.stateDir}/root.hints https://www.internic.net/domain/named.root
    '';
    serviceConfig.Type = "oneshot";
-    startAt = "1 0 1 */1 *";
+    startAt = "weekly";
  };
  # Blocky + prometheus + grafana
  services.blocky = {
--- a/machines/NixOS-VPS/services/wireguard.nix
+++ b/machines/NixOS-VPS/services/wireguard.nix
@ -1,6 +1,6 @@
 { lib, pkgs, ... }:
 let
-  inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers;
+  inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers hasIPv6;
  wireguardIFName = interfaces.wireguard0.ifname;
 in {
  # Sometimes we need to disable checksum validation
@ -21,13 +21,14 @@ in {
      matchConfig.Name = wireguardIFName;
      address = [
        "${IPv4.address}/16"
+      ] ++ lib.optionals hasIPv6 [
        "${IPv6.address}/64"
      ];
      DHCP = "no";
      networkConfig = {
        IPForward = true;
        IPMasquerade = "both";
-        DNS = interfaces.main'.IPv4.dns ++ interfaces.main'.IPv6.dns;
+        DNS = interfaces.main'.IPv4.dns ++ lib.optionals hasIPv6 interfaces.main'.IPv6.dns;
      };
    };