Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/nixcfg into main

This commit is contained in:
ADRN 2021-11-28 13:37:11 +01:00
commit 839e691880
12 changed files with 57 additions and 48 deletions

View file

@ -6,6 +6,7 @@
# Configuration local for this cluster node (hostname, IP, etc) # Configuration local for this cluster node (hostname, IP, etc)
let node_config = import ./node.nix args; let node_config = import ./node.nix args;
site_config = import ./site.nix args;
in in
{ {
imports = imports =
@ -13,6 +14,8 @@ in
./hardware-configuration.nix ./hardware-configuration.nix
# Configuration local for this cluster node (hostname, IP, etc) # Configuration local for this cluster node (hostname, IP, etc)
./node.nix ./node.nix
# Configuration local for this Deuxfleurs site (set of nodes)
./site.nix
]; ];
# The global useDHCP flag is deprecated, therefore explicitly set to false here. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
@ -187,6 +190,7 @@ in
htop htop
links links
git git
docker
docker-compose docker-compose
]; ];
@ -211,27 +215,25 @@ in
# Enable Hashicorp Consul & Nomad # Enable Hashicorp Consul & Nomad
services.consul.enable = true; services.consul.enable = true;
services.consul.extraConfig = services.consul.extraConfig =
let public_ip = (builtins.head node_config.networking.wireguard.interfaces.wg0.ips); let public_ip = (builtins.head (builtins.split "/" (builtins.head node_config.networking.wireguard.interfaces.wg0.ips)));
in in
{ {
datacenter = "neptune";
bootstrap_expect = 3;
server = true; server = true;
ui = true; ui = true;
bind_addr = public_ip; bind_addr = public_ip;
addresses.http = "0.0.0.0"; addresses.http = "0.0.0.0";
retry_join = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ]; retry_join = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ];
retry_join_wan = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ];
}; };
services.nomad.enable = true; services.nomad.enable = true;
services.nomad.settings = services.nomad.settings =
let public_ip = (builtins.head node_config.networking.wireguard.interfaces.wg0.ips); let public_ip = (builtins.head (builtins.split "/" (builtins.head node_config.networking.wireguard.interfaces.wg0.ips)));
in in
{ {
datacenter = "neptune"; region = site_config.services.nomad.settings.datacenter;
server = { server = {
enabled = true; enabled = true;
bootstrap_expect = 3;
}; };
advertise = { advertise = {
rpc = public_ip; rpc = public_ip;
@ -241,7 +243,7 @@ in
consul.address = "127.0.0.1:8500"; consul.address = "127.0.0.1:8500";
client = { client = {
enabled = true; enabled = true;
network_interface = "eno1"; network_interface = "wg0";
}; };
plugin = [ plugin = [
{ {
@ -261,7 +263,7 @@ in
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
(builtins.head ({ openssh.ports = [22]; } // node_config.services).openssh.ports) (builtins.head ({ openssh.ports = [22]; } // node_config.services).openssh.ports)
3900 3901 # Garage (internal RPC traffic) 3990 3991 3992 # Garage
4646 4647 4648 # Nomad 4646 4647 4648 # Nomad
8500 8300 8301 8302 # Consul 8500 8300 8301 8302 # Consul
19999 # Netdata 19999 # Netdata

View file

@ -3,7 +3,7 @@
cd $(dirname $0) cd $(dirname $0)
if [ -z "$@" ]; then if [ -z "$@" ]; then
NIXHOSTLIST=$(ls node) NIXHOSTLIST=$(ls node | grep -v '\.site\.')
else else
NIXHOSTLIST="$@" NIXHOSTLIST="$@"
fi fi
@ -19,7 +19,12 @@ for NIXHOST in $NIXHOSTLIST; do
echo "==== DOING $NIXHOST ====" echo "==== DOING $NIXHOST ===="
echo "updating"
ssh -F ssh_config $SSH_DEST sudo nix-channel --update
echo "generating config"
cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null
cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null
cat node/$NIXHOST.site.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/site.nix > /dev/null
ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch
done done

View file

@ -17,10 +17,6 @@
prefixLength = 24; prefixLength = 24;
} }
]; ];
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = [ "10.42.0.22/16" ]; ips = [ "10.42.0.22/16" ];
@ -29,15 +25,4 @@
# Enable netdata monitoring # Enable netdata monitoring
services.netdata.enable = true; services.netdata.enable = true;
# ----
nix = {
binaryCaches = [
"http://binarycache.home.adnab.me"
];
binaryCachePublicKeys = [
"binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
];
};
} }

1
node/carcajou.site.nix Symbolic link
View file

@ -0,0 +1 @@
../site/neptune.nix

View file

@ -17,10 +17,6 @@
prefixLength = 24; prefixLength = 24;
} }
]; ];
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = [ "10.42.0.21/16" ]; ips = [ "10.42.0.21/16" ];
@ -29,15 +25,4 @@
# Enable netdata monitoring # Enable netdata monitoring
services.netdata.enable = true; services.netdata.enable = true;
# ----
nix = {
binaryCaches = [
"http://binarycache.home.adnab.me"
];
binaryCachePublicKeys = [
"binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
];
};
} }

1
node/cariacou.site.nix Symbolic link
View file

@ -0,0 +1 @@
../site/neptune.nix

View file

@ -17,10 +17,6 @@
prefixLength = 24; prefixLength = 24;
} }
]; ];
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = [ "10.42.0.23/16" ]; ips = [ "10.42.0.23/16" ];
@ -30,7 +26,6 @@
# OR use USB modem plugged in here # OR use USB modem plugged in here
#networking.interfaces.enp0s20u1.useDHCP = true; #networking.interfaces.enp0s20u1.useDHCP = true;
# Enable netdata monitoring # Enable netdata monitoring
services.netdata.enable = true; services.netdata.enable = true;

1
node/caribou.site.nix Symbolic link
View file

@ -0,0 +1 @@
../site/neptune.nix

View file

@ -19,10 +19,6 @@
prefixLength = 24; prefixLength = 24;
} }
]; ];
networking.defaultGateway = {
address = "192.168.0.1";
interface = "enp0s25";
};
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = [ "10.42.0.2/16" ]; ips = [ "10.42.0.2/16" ];

1
node/spoutnik.site.nix Symbolic link
View file

@ -0,0 +1 @@
../site/pluton.nix

24
site/neptune.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, pkgs, ... }:
{
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
services.consul.extraConfig.datacenter = "neptune";
services.nomad.settings.datacenter = "neptune";
services.consul.extraConfig.bootstrap_expect = 3;
services.nomad.settings.server.bootstrap_expect = 3;
# ----
nix = {
binaryCaches = [
"http://binarycache.home.adnab.me"
];
binaryCachePublicKeys = [
"binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
];
};
}

13
site/pluton.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
networking.defaultGateway = {
address = "192.168.0.1";
interface = "enp0s25";
};
services.consul.extraConfig.datacenter = "pluton";
services.nomad.settings.datacenter = "pluton";
services.consul.extraConfig.bootstrap_expect = 1;
services.nomad.settings.server.bootstrap_expect = 1;
}