diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix new file mode 100644 index 0000000..d514520 --- /dev/null +++ b/hosts/Infini-DL360/default.nix @@ -0,0 +1,71 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ./disks.nix + ({ options, lib, ... }: { + options.storage = lib.our.mkOpt lib.types.attrs { }; + environment.persistence."/storage" = lib.mkAliasDefinitions options.storage; + }) + ]; + + networking.hostId = "8fa7a57c"; + system.stateVersion = "23.11"; + + info.loc.purdue = true; + + modules = { + boot.grub.enable = true; + boot.timeout = 1; + hardware.form.server = true; + }; + + persist = { + directories = [ + "/srv" + + # TODO: Setup in module + "/var/lib/acme" + ]; + files = [ + ]; + }; + + networking = { + firewall = { + allowedUDPPorts = [ 80 443 ]; + allowedTCPPorts = [ 80 443 ]; + }; + }; + + services.fail2ban.enable = true; + + environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ^.*(GET /(wp-|admin|boaform|phpmyadmin|\.env|\.git|notifications)|\.(dll|so|cfm|asp)|(\?|&)(=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000|=PHPE9568F36-D428-11d2-A769-00AA001ACF42|=PHPE9568F35-D428-11d2-A769-00AA001ACF42|=PHPE9568F34-D428-11d2-A769-00AA001ACF42)|\\x[0-9a-zA-Z]{2}) + ''); + + services.fail2ban.jails.nginx-url-probe.settings = { + enabled = true; + filter = "nginx-url-probe"; + logpath = "/var/log/nginx/access.log"; + action = "%(action_)s[blocktype=DROP]"; + backend = "auto"; + maxretry = 5; + findtime = 600; + }; + + services.nginx.enable = true; + + security.acme.certs."inx.moe" = { + group = "nginx"; + extraDomainNames = [ "*.inx.moe" ]; + }; + + services.nginx.virtualHosts."*.inx.moe" = { + useACMEHost = "inx.moe"; + addSSL = true; + default = true; + globalRedirect = "inx.moe"; + redirectCode = 302; + }; +} diff --git a/hosts/Infini-DL360/disks.nix b/hosts/Infini-DL360/disks.nix new file mode 100644 index 0000000..074023d --- /dev/null +++ b/hosts/Infini-DL360/disks.nix @@ -0,0 +1,57 @@ +{ config, lib, ... }: +with lib.disko; +let + inherit (builtins) mapAttrs; + mountOptions = defaultMountOptions; +in +{ + boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages; + + disko.devices = { + nodev."/" = { + fsType = "tmpfs"; + mountOptions = mountOptions ++ [ + "size=64G" + "mode=755" + ]; + }; + disk = { + lun = "usb-HP_iLO_LUN_01_Media_0_000002660A01-0:1" { + partitions = { + ESP = { + name = "boot"; + size = "256M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + inherit mountOptions; + }; + }; + # Keystore partition? + #keystore = { + # size = "100%"; + #}; + }; + }; + ssd1 = mkZDisk "wwn-0x50026b728203a6fb" "zssd"; + ssd2 = mkZDisk "wwn-0x50026b72780172e3" "zssd"; + ssd3 = mkZDisk "wwn-0x50026b727801727b" "zssd"; + hdd1 = mkZDisk "wwn-0x5000c5004da15fce" "zhdd"; + hdd2 = mkZDisk "wwn-0x5000c5004d9a5e51" "zhdd"; + hdd3 = mkZDisk "wwn-0x5000c5004da92a24" "zhdd"; + hdd4 = mkZDisk "wwn-0x5000c5004d30f464" "zhdd"; + hdd5 = mkZDisk "wwn-0x5000c5004d30dc88" "zhdd"; + }; + zpool = mapAttrs mkZPool { + zssd = { + nix = mkZfs "/nix" {}; + persist = mkZfs "/persist" {}; + }; + zhdd = { + storage = mkZfs "/storage" {}; + }; + }; + }; +} diff --git a/hosts/Infini-DL360/hardware-configuration.nix b/hosts/Infini-DL360/hardware-configuration.nix new file mode 100644 index 0000000..988c6fc --- /dev/null +++ b/hosts/Infini-DL360/hardware-configuration.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + boot.kernelParams = [ "boot.shell_on_fail" ]; + boot.supportedFilesystems = [ "btrfs" "zfs" ]; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + info.model = "HPE ProLiant DL360 Gen 9"; +}