Add origan node in staging cluster (+ refactor system.stateVersion)

This commit is contained in:
Alex 2022-12-11 22:37:28 +01:00
parent 36e6756b3c
commit 578075a925
Signed by: lx
GPG key ID: 0E496D15096376BE
14 changed files with 73 additions and 22 deletions

View file

@ -117,4 +117,10 @@
# For Garage external communication # For Garage external communication
networking.firewall.allowedTCPPorts = [ 3901 ]; networking.firewall.allowedTCPPorts = [ 3901 ];
# All prod nodes were deployed on the same version.
# This could be put in individual node .nix files if we deploy
# newer nodes on a different system version, OR we can bump this
# regularly cluster-wide
system.stateVersion = "21.05";
} }

View file

@ -1,5 +1,5 @@
job "core-system" { job "core-system" {
datacenters = ["neptune"] datacenters = ["neptune", "jupiter"]
type = "system" type = "system"
priority = 90 priority = 90
@ -13,6 +13,7 @@ job "core-system" {
stagger = "1m" stagger = "1m"
} }
/*
group "diplonat" { group "diplonat" {
task "diplonat" { task "diplonat" {
driver = "nix2" driver = "nix2"
@ -68,6 +69,7 @@ EOH
} }
} }
} }
*/
group "tricot" { group "tricot" {
network { network {

View file

@ -32,6 +32,14 @@
lan_endpoint = "192.168.1.23:33799"; lan_endpoint = "192.168.1.23:33799";
endpoint = "77.207.15.215:33723"; endpoint = "77.207.15.215:33723";
} }
{
hostname = "origan";
site_name = "jupiter";
publicKey = "smBQYUS60JDkNoqkTT7TgbpqFiM43005fcrT6472llI=";
IP = "10.14.2.33";
lan_endpoint = "192.168.1.33:33799";
endpoint = "192.168.1.199:33799"; # TODO NAT
}
]; ];
# Bootstrap IPs for Consul cluster, # Bootstrap IPs for Consul cluster,

View file

@ -21,4 +21,6 @@
deuxfleurs.cluster_ip = "10.14.1.2"; deuxfleurs.cluster_ip = "10.14.1.2";
deuxfleurs.is_raft_server = true; deuxfleurs.is_raft_server = true;
system.stateVersion = "21.05";
} }

View file

@ -21,4 +21,6 @@
deuxfleurs.cluster_ip = "10.14.1.1"; deuxfleurs.cluster_ip = "10.14.1.1";
deuxfleurs.is_raft_server = true; deuxfleurs.is_raft_server = true;
system.stateVersion = "21.05";
} }

View file

@ -19,4 +19,6 @@
# Open SSB port # Open SSB port
networking.firewall.allowedTCPPorts = [ 8008 ]; networking.firewall.allowedTCPPorts = [ 8008 ];
system.stateVersion = "21.05";
} }

View file

@ -0,0 +1,24 @@
# Configuration file local to this node
{ config, pkgs, ... }:
{
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.timeout = 20;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "origan";
deuxfleurs.network_interface = "eno1";
deuxfleurs.lan_ip = "192.168.1.33";
deuxfleurs.ipv6 = "2a01:e0a:5e4:1d0:223:24ff:feaf:fdec";
deuxfleurs.cluster_ip = "10.14.2.33";
deuxfleurs.is_raft_server = false;
# Open SSB port
networking.firewall.allowedTCPPorts = [ 8008 ];
system.stateVersion = "22.11";
}

View file

@ -0,0 +1 @@
../site/jupiter.nix

View file

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
deuxfleurs.site_name = "jupiter";
deuxfleurs.lan_default_gateway = "192.168.1.1";
deuxfleurs.ipv6_default_gateway = "fe80::9038:202a:73a0:e73b";
deuxfleurs.lan_ip_prefix_length = 24;
deuxfleurs.ipv6_prefix_length = 64;
deuxfleurs.nameservers = [ "192.168.1.1" ];
deuxfleurs.cname_target = "jupiter.site.staging.deuxfleurs.org.";
# no public ipv4 is used for the staging cluster on Jupiter
# deuxfleurs.public_ipv4 = "???";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -14,12 +14,4 @@
# deuxfleurs.public_ipv4 = "77.207.15.215"; # deuxfleurs.public_ipv4 = "77.207.15.215";
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.cron = {
enable = true;
systemCronJobs = [
"0 2 * * * root nix-collect-garbage --delete-older-than 10d >> /root/nix_gc_log 2>&1"
"30 2 1 * * root docker run --rm -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 30d >> /root/drone_nix_gc_log 2>&1"
];
};
} }

View file

@ -15,3 +15,6 @@ Host cariacou
Host spoutnik Host spoutnik
HostName 10.42.0.2 HostName 10.42.0.2
Port 220 Port 220
Host origan
HostName 2a01:e0a:5e4:1d0:223:24ff:feaf:fdec

View file

@ -23,7 +23,7 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
do do
if pass $PKI/$file >/dev/null; then if pass $PKI/$file >/dev/null; then
write_pass $PKI/$file /var/lib/nomad/pki/$file write_pass $PKI/$file /var/lib/nomad/pki/$file
cmd "chown \$(stat -c %u /var/lib/private/nomad) /var/lib/nomad/pki/$file" cmd "chown \$(stat -c %u /var/lib/nomad) /var/lib/nomad/pki/$file"
fi fi
done done
@ -39,7 +39,7 @@ cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul$YEAR
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt" cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key" cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/private/nomad/pki/nomad-ca.crt" cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/private/nomad/pki/nomad$YEAR.crt" cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad$YEAR.crt"
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/private/nomad/pki/nomad$YEAR-client.crt" cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad$YEAR-client.crt"
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/private/nomad/pki/nomad$YEAR-client.key" cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad$YEAR-client.key"

View file

@ -84,13 +84,5 @@ SystemMaxUse=1G
dns = [ "172.17.0.1" ]; dns = [ "172.17.0.1" ];
})}"; })}";
}; };
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
} }

View file

@ -24,3 +24,4 @@ df-ymf.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2el374ejNXqF+
2001:910:1204:1::31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR 2001:910:1204:1::31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR
2001:910:1204:1::32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G 2001:910:1204:1::32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22 192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
2a01:e0a:5e4:1d0:223:24ff:feaf:fdec ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsZas74RT6lCZwuUOPR23nPdbSdpWORyAmRgjoiMVHK