Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

setup vps1 ingress

Browse source
This commit is contained in:
nora 2024-07-26 22:21:48 +02:00
parent d925b4783e
commit 03c4ca2f95
5 changed files with 109 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

29
newinfra/README.md Normal file
View file

@ -0,0 +1,29 @@
# new infra
New infra based on more servers and more shit.
All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`.
They will have different firewall configurations depending on their roles.
```
-------- --------
| dns1 | | dns2 |
-------- --------
--------
| vps1 |
--------
```
## DNS
Two [knot-dns](https://www.knot-dns.cz/) nameservers (`dns1`, `dns2`).
All records are fully static, generated in the NixOS config.
## HTTP(S)
Right now, there's only a single server (`vps1`) serving Caddy.
In the future, there might be a second one in a shared-storage HA setup (with a postgres cluster probably)?

31
newinfra/nix/hive.nix
View file

@ -37,7 +37,10 @@
}; };
dns1 = { name, nodes, modulesPath, ... }: { dns1 = { name, nodes, modulesPath, ... }: {
imports = [ ./modules/dns (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./modules/dns
];
# The name and nodes parameters are supported in Colmena, # The name and nodes parameters are supported in Colmena,
# allowing you to reference configurations in other nodes. # allowing you to reference configurations in other nodes.
@ -54,7 +57,10 @@
fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; }; fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; };
}; };
dns2 = { name, nodes, modulesPath, lib, ... }: { dns2 = { name, nodes, modulesPath, lib, ... }: {
imports = [ ./modules/dns (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./modules/dns
];
# The name and nodes parameters are supported in Colmena, # The name and nodes parameters are supported in Colmena,
# allowing you to reference configurations in other nodes. # allowing you to reference configurations in other nodes.
@ -102,4 +108,25 @@
ATTR{address}=="96:00:03:91:16:47", NAME="eth0" ATTR{address}=="96:00:03:91:16:47", NAME="eth0"
''; '';
}; };
vps1 = { name, nodes, modulesPath, ... }: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./modules/ingress
];
# The name and nodes parameters are supported in Colmena,
# allowing you to reference configurations in other nodes.
networking.hostName = name;
deployment.targetHost = "vps1.nilstrieb.dev";
deployment.tags = [ "ingress" "eu" ];
system.stateVersion = "23.11";
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; };
};
} }

29
newinfra/nix/modules/ingress/Caddyfile Normal file
View file

@ -0,0 +1,29 @@
{
email nilstrieb@proton.me
}
# https://gist.github.com/ryanburnette/d13575c9ced201e73f8169d3a793c1a3
(cors) {
@cors_preflight{args.0} method OPTIONS
@cors{args.0} header Origin {args.0}
handle @cors_preflight{args.0} {
header {
Access-Control-Allow-Origin "{args.0}"
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
Access-Control-Allow-Credentials "false"
Access-Control-Allow-Headers "${args.1}"
Access-Control-Max-Age "86400"
defer
}
respond "" 204
}
handle @cors{args.0} {
header {
Access-Control-Allow-Origin "{args.0}"
Access-Control-Expose-Headers *
defer
}
}
}

5
debug.html → newinfra/nix/modules/ingress/debugging-page/index.html
View file

@ -2,12 +2,11 @@
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>nils' server</title> <title>nora' server</title>
</head> </head>
<body> <body>
<h1>congrats, you landed on my server directly!?</h1> <h1>congrats, you landed on my server (100% NixOS) directly!?</h1>
<p>sorry, but there isn't anything cool here. this is <b>my</b> infra, you are not allowed here.</p> <p>sorry, but there isn't anything cool here. this is <b>my</b> infra, you are not allowed here.</p>
<p>if you do want to be allowed here, then uh.. still no.</p> <p>if you do want to be allowed here, then uh.. still no.</p>
<p>:3</p> <p>:3</p>

21
newinfra/nix/modules/ingress/default.nix
View file

@ -1 +1,20 @@
{ ... }: { } { pkgs, ... }: {
networking.firewall.allowedTCPPorts = [
22
443
];
services.caddy = {
enable = true;
configFile = pkgs.writeText "Caddyfile"
(
builtins.readFile ./Caddyfile +
''
vps1.nilstrieb.dev {
root * ${./debugging-page}
file_server
}
''
);
};
}