forked from Deuxfleurs/nixcfg
Remove mount garage using rclone systemd service
This commit is contained in:
parent
7d486b3907
commit
02ed668286
4 changed files with 10 additions and 30 deletions
|
@ -11,6 +11,10 @@ output.elasticsearch:
|
||||||
username: "apm"
|
username: "apm"
|
||||||
password: "{{ key "secrets/telemetry/elastic_passwords/apm" }}"
|
password: "{{ key "secrets/telemetry/elastic_passwords/apm" }}"
|
||||||
|
|
||||||
|
instrumentation:
|
||||||
|
enabled: true
|
||||||
|
environment: staging
|
||||||
|
|
||||||
logging:
|
logging:
|
||||||
level: warning
|
level: warning
|
||||||
to_stderr: true
|
to_stderr: true
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
[staging]
|
|
||||||
type = s3
|
|
||||||
provider = Other
|
|
||||||
env_auth = false
|
|
||||||
access_key_id = GK...
|
|
||||||
secret_access_key = ...
|
|
||||||
endpoint = http://127.0.0.1:3990
|
|
||||||
region = garage-staging
|
|
|
@ -38,6 +38,10 @@
|
||||||
"vm.max_map_count" = 262144;
|
"vm.max_map_count" = 262144;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.journald.extraConfig = ''
|
||||||
|
SystemMaxUse=1G
|
||||||
|
'';
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -72,24 +76,6 @@
|
||||||
|
|
||||||
# ---- CONFIG FOR DEUXFLEURS CLUSTER ----
|
# ---- CONFIG FOR DEUXFLEURS CLUSTER ----
|
||||||
|
|
||||||
# Mount Garage using Rclone
|
|
||||||
systemd.services.mountgarage = {
|
|
||||||
enable = false;
|
|
||||||
description = "Mount the Garage data store";
|
|
||||||
path = [
|
|
||||||
pkgs.fuse
|
|
||||||
pkgs.rclone
|
|
||||||
];
|
|
||||||
unitConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStartPre = "${pkgs.bash}/bin/sh -c \"mkdir -p /mnt/garage-staging; fusermount -u /mnt/garage-staging || exit 0\"";
|
|
||||||
ExecStart = "${pkgs.rclone}/bin/rclone --config /root/rclone.conf mount --vfs-cache-mode full --vfs-cache-max-size 1G --cache-dir /root/mountgarage-cache staging: /mnt/garage-staging";
|
|
||||||
};
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -46,8 +46,8 @@ for NIXHOST in $NIXHOSTLIST; do
|
||||||
cat cluster/$CLUSTER/node/$NIXHOST.site.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/site.nix > /dev/null
|
cat cluster/$CLUSTER/node/$NIXHOST.site.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/site.nix > /dev/null
|
||||||
|
|
||||||
echo "Sending secret files"
|
echo "Sending secret files"
|
||||||
for SECRET in rclone.conf \
|
for SECRET in pki/consul-ca.crt pki/consul$YEAR.crt pki/consul$YEAR.key \
|
||||||
pki/consul-ca.crt pki/consul$YEAR.crt pki/consul$YEAR.key pki/consul$YEAR-client.crt pki/consul$YEAR-client.key \
|
pki/consul$YEAR-client.crt pki/consul$YEAR-client.key \
|
||||||
pki/nomad-ca.crt pki/nomad$YEAR.crt pki/nomad$YEAR.key; do
|
pki/nomad-ca.crt pki/nomad$YEAR.crt pki/nomad$YEAR.key; do
|
||||||
test -f cluster/$CLUSTER/secrets/$SECRET && (cat cluster/$CLUSTER/secrets/$SECRET | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/$SECRET > /dev/null)
|
test -f cluster/$CLUSTER/secrets/$SECRET && (cat cluster/$CLUSTER/secrets/$SECRET | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/$SECRET > /dev/null)
|
||||||
done
|
done
|
||||||
|
@ -62,8 +62,6 @@ mv deuxfleurs.nix remote-unlock.nix configuration.nix cluster.nix node.nix site.
|
||||||
|
|
||||||
nixos-rebuild switch
|
nixos-rebuild switch
|
||||||
|
|
||||||
test -f rclone.conf && (mv rclone.conf /root; chmod 600 /root/rclone.conf)
|
|
||||||
|
|
||||||
mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
|
mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
|
||||||
|
|
||||||
if [ -f pki/consul-ca.crt ]; then
|
if [ -f pki/consul-ca.crt ]; then
|
||||||
|
|
Loading…
Reference in a new issue