Add origan node in staging cluster (+ refactor system.stateVersion)
This commit is contained in:
parent
36e6756b3c
commit
578075a925
14 changed files with 73 additions and 22 deletions
|
@ -117,4 +117,10 @@
|
||||||
|
|
||||||
# For Garage external communication
|
# For Garage external communication
|
||||||
networking.firewall.allowedTCPPorts = [ 3901 ];
|
networking.firewall.allowedTCPPorts = [ 3901 ];
|
||||||
|
|
||||||
|
# All prod nodes were deployed on the same version.
|
||||||
|
# This could be put in individual node .nix files if we deploy
|
||||||
|
# newer nodes on a different system version, OR we can bump this
|
||||||
|
# regularly cluster-wide
|
||||||
|
system.stateVersion = "21.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
job "core-system" {
|
job "core-system" {
|
||||||
datacenters = ["neptune"]
|
datacenters = ["neptune", "jupiter"]
|
||||||
type = "system"
|
type = "system"
|
||||||
priority = 90
|
priority = 90
|
||||||
|
|
||||||
|
@ -13,6 +13,7 @@ job "core-system" {
|
||||||
stagger = "1m"
|
stagger = "1m"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
group "diplonat" {
|
group "diplonat" {
|
||||||
task "diplonat" {
|
task "diplonat" {
|
||||||
driver = "nix2"
|
driver = "nix2"
|
||||||
|
@ -68,6 +69,7 @@ EOH
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
group "tricot" {
|
group "tricot" {
|
||||||
network {
|
network {
|
||||||
|
|
|
@ -32,6 +32,14 @@
|
||||||
lan_endpoint = "192.168.1.23:33799";
|
lan_endpoint = "192.168.1.23:33799";
|
||||||
endpoint = "77.207.15.215:33723";
|
endpoint = "77.207.15.215:33723";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
hostname = "origan";
|
||||||
|
site_name = "jupiter";
|
||||||
|
publicKey = "smBQYUS60JDkNoqkTT7TgbpqFiM43005fcrT6472llI=";
|
||||||
|
IP = "10.14.2.33";
|
||||||
|
lan_endpoint = "192.168.1.33:33799";
|
||||||
|
endpoint = "192.168.1.199:33799"; # TODO NAT
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
# Bootstrap IPs for Consul cluster,
|
# Bootstrap IPs for Consul cluster,
|
||||||
|
|
|
@ -21,4 +21,6 @@
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.14.1.2";
|
deuxfleurs.cluster_ip = "10.14.1.2";
|
||||||
deuxfleurs.is_raft_server = true;
|
deuxfleurs.is_raft_server = true;
|
||||||
|
|
||||||
|
system.stateVersion = "21.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,4 +21,6 @@
|
||||||
|
|
||||||
deuxfleurs.cluster_ip = "10.14.1.1";
|
deuxfleurs.cluster_ip = "10.14.1.1";
|
||||||
deuxfleurs.is_raft_server = true;
|
deuxfleurs.is_raft_server = true;
|
||||||
|
|
||||||
|
system.stateVersion = "21.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,4 +19,6 @@
|
||||||
|
|
||||||
# Open SSB port
|
# Open SSB port
|
||||||
networking.firewall.allowedTCPPorts = [ 8008 ];
|
networking.firewall.allowedTCPPorts = [ 8008 ];
|
||||||
|
|
||||||
|
system.stateVersion = "21.05";
|
||||||
}
|
}
|
||||||
|
|
24
cluster/staging/node/origan.nix
Normal file
24
cluster/staging/node/origan.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# Configuration file local to this node
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.timeout = 20;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "origan";
|
||||||
|
|
||||||
|
deuxfleurs.network_interface = "eno1";
|
||||||
|
deuxfleurs.lan_ip = "192.168.1.33";
|
||||||
|
deuxfleurs.ipv6 = "2a01:e0a:5e4:1d0:223:24ff:feaf:fdec";
|
||||||
|
|
||||||
|
deuxfleurs.cluster_ip = "10.14.2.33";
|
||||||
|
deuxfleurs.is_raft_server = false;
|
||||||
|
|
||||||
|
# Open SSB port
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8008 ];
|
||||||
|
|
||||||
|
system.stateVersion = "22.11";
|
||||||
|
}
|
1
cluster/staging/node/origan.site.nix
Symbolic link
1
cluster/staging/node/origan.site.nix
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../site/jupiter.nix
|
16
cluster/staging/site/jupiter.nix
Normal file
16
cluster/staging/site/jupiter.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
deuxfleurs.site_name = "jupiter";
|
||||||
|
deuxfleurs.lan_default_gateway = "192.168.1.1";
|
||||||
|
deuxfleurs.ipv6_default_gateway = "fe80::9038:202a:73a0:e73b";
|
||||||
|
deuxfleurs.lan_ip_prefix_length = 24;
|
||||||
|
deuxfleurs.ipv6_prefix_length = 64;
|
||||||
|
deuxfleurs.nameservers = [ "192.168.1.1" ];
|
||||||
|
deuxfleurs.cname_target = "jupiter.site.staging.deuxfleurs.org.";
|
||||||
|
|
||||||
|
# no public ipv4 is used for the staging cluster on Jupiter
|
||||||
|
# deuxfleurs.public_ipv4 = "???";
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
}
|
|
@ -14,12 +14,4 @@
|
||||||
# deuxfleurs.public_ipv4 = "77.207.15.215";
|
# deuxfleurs.public_ipv4 = "77.207.15.215";
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
services.cron = {
|
|
||||||
enable = true;
|
|
||||||
systemCronJobs = [
|
|
||||||
"0 2 * * * root nix-collect-garbage --delete-older-than 10d >> /root/nix_gc_log 2>&1"
|
|
||||||
"30 2 1 * * root docker run --rm -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 30d >> /root/drone_nix_gc_log 2>&1"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,3 +15,6 @@ Host cariacou
|
||||||
Host spoutnik
|
Host spoutnik
|
||||||
HostName 10.42.0.2
|
HostName 10.42.0.2
|
||||||
Port 220
|
Port 220
|
||||||
|
|
||||||
|
Host origan
|
||||||
|
HostName 2a01:e0a:5e4:1d0:223:24ff:feaf:fdec
|
||||||
|
|
10
deploy_pki
10
deploy_pki
|
@ -23,7 +23,7 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
|
||||||
do
|
do
|
||||||
if pass $PKI/$file >/dev/null; then
|
if pass $PKI/$file >/dev/null; then
|
||||||
write_pass $PKI/$file /var/lib/nomad/pki/$file
|
write_pass $PKI/$file /var/lib/nomad/pki/$file
|
||||||
cmd "chown \$(stat -c %u /var/lib/private/nomad) /var/lib/nomad/pki/$file"
|
cmd "chown \$(stat -c %u /var/lib/nomad) /var/lib/nomad/pki/$file"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul$YEAR
|
||||||
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
|
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
|
||||||
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"
|
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"
|
||||||
|
|
||||||
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/private/nomad/pki/nomad-ca.crt"
|
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
|
||||||
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/private/nomad/pki/nomad$YEAR.crt"
|
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad$YEAR.crt"
|
||||||
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/private/nomad/pki/nomad$YEAR-client.crt"
|
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad$YEAR-client.crt"
|
||||||
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/private/nomad/pki/nomad$YEAR-client.key"
|
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad$YEAR-client.key"
|
||||||
|
|
|
@ -84,13 +84,5 @@ SystemMaxUse=1G
|
||||||
dns = [ "172.17.0.1" ];
|
dns = [ "172.17.0.1" ];
|
||||||
})}";
|
})}";
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,3 +24,4 @@ df-ymf.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2el374ejNXqF+
|
||||||
2001:910:1204:1::31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR
|
2001:910:1204:1::31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR
|
||||||
2001:910:1204:1::32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
|
2001:910:1204:1::32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
|
||||||
192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
|
192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
|
||||||
|
2a01:e0a:5e4:1d0:223:24ff:feaf:fdec ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsZas74RT6lCZwuUOPR23nPdbSdpWORyAmRgjoiMVHK
|
||||||
|
|
Loading…
Reference in a new issue