KokaKiwi/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity

Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/nixcfg into main

Browse source
This commit is contained in:
ADRN 2021-11-28 13:37:11 +01:00
commit 839e691880
12 changed files with 57 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
configuration.nix
View file

@ -6,6 +6,7 @@
# Configuration local for this cluster node (hostname, IP, etc)
let node_config = import ./node.nix args;
site_config = import ./site.nix args;
in
{
imports =
@ -13,6 +14,8 @@ in
./hardware-configuration.nix
# Configuration local for this cluster node (hostname, IP, etc)
./node.nix
# Configuration local for this Deuxfleurs site (set of nodes)
./site.nix
];
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
@ -187,6 +190,7 @@ in
htop
links
git
docker
docker-compose
];
@ -211,27 +215,25 @@ in
# Enable Hashicorp Consul & Nomad
services.consul.enable = true;
services.consul.extraConfig =
let public_ip = (builtins.head node_config.networking.wireguard.interfaces.wg0.ips);
let public_ip = (builtins.head (builtins.split "/" (builtins.head node_config.networking.wireguard.interfaces.wg0.ips)));
in
{
datacenter = "neptune";
bootstrap_expect = 3;
server = true;
ui = true;
bind_addr = public_ip;
addresses.http = "0.0.0.0";
retry_join = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ];
retry_join_wan = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ];
};
services.nomad.enable = true;
services.nomad.settings =
let public_ip = (builtins.head node_config.networking.wireguard.interfaces.wg0.ips);
let public_ip = (builtins.head (builtins.split "/" (builtins.head node_config.networking.wireguard.interfaces.wg0.ips)));
in
{
datacenter = "neptune";
region = site_config.services.nomad.settings.datacenter;
server = {
enabled = true;
bootstrap_expect = 3;
};
advertise = {
rpc = public_ip;
@ -241,7 +243,7 @@ in
consul.address = "127.0.0.1:8500";
client = {
enabled = true;
network_interface = "eno1";
network_interface = "wg0";
};
plugin = [
{
@ -261,7 +263,7 @@ in
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
(builtins.head ({ openssh.ports = [22]; } // node_config.services).openssh.ports)
3900 3901 # Garage (internal RPC traffic)
3990 3991 3992 # Garage
4646 4647 4648 # Nomad
8500 8300 8301 8302 # Consul
19999 # Netdata

7
deploy.sh
View file

@ -3,7 +3,7 @@
cd $(dirname $0)
if [ -z "$@" ]; then
NIXHOSTLIST=$(ls node)
NIXHOSTLIST=$(ls node | grep -v '\.site\.')
else
NIXHOSTLIST="$@"
fi
@ -19,7 +19,12 @@ for NIXHOST in $NIXHOSTLIST; do
echo "==== DOING $NIXHOST ===="
echo "updating"
ssh -F ssh_config $SSH_DEST sudo nix-channel --update
echo "generating config"
cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null
cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null
cat node/$NIXHOST.site.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/site.nix > /dev/null
ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch
done

15
node/carcajou.nix
View file

@ -17,10 +17,6 @@
prefixLength = 24;
}
];
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.42.0.22/16" ];
@ -29,15 +25,4 @@
# Enable netdata monitoring
services.netdata.enable = true;
# ----
nix = {
binaryCaches = [
"http://binarycache.home.adnab.me"
];
binaryCachePublicKeys = [
"binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
];
};
}

1
node/carcajou.site.nix Symbolic link
View file

@ -0,0 +1 @@
../site/neptune.nix

15
node/cariacou.nix
View file

@ -17,10 +17,6 @@
prefixLength = 24;
}
];
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.42.0.21/16" ];
@ -29,15 +25,4 @@
# Enable netdata monitoring
services.netdata.enable = true;
# ----
nix = {
binaryCaches = [
"http://binarycache.home.adnab.me"
];
binaryCachePublicKeys = [
"binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
];
};
}

1
node/cariacou.site.nix Symbolic link
View file

@ -0,0 +1 @@
../site/neptune.nix

5
node/caribou.nix
View file

@ -17,10 +17,6 @@
prefixLength = 24;
}
];
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.42.0.23/16" ];
@ -30,7 +26,6 @@
# OR use USB modem plugged in here
#networking.interfaces.enp0s20u1.useDHCP = true;
# Enable netdata monitoring
services.netdata.enable = true;

1
node/caribou.site.nix Symbolic link
View file

@ -0,0 +1 @@
../site/neptune.nix

4
node/spoutnik.nix
View file

@ -19,10 +19,6 @@
prefixLength = 24;
}
];
networking.defaultGateway = {
address = "192.168.0.1";
interface = "enp0s25";
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.42.0.2/16" ];

1
node/spoutnik.site.nix Symbolic link
View file

@ -0,0 +1 @@
../site/pluton.nix

24
site/neptune.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, pkgs, ... }:
{
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
services.consul.extraConfig.datacenter = "neptune";
services.nomad.settings.datacenter = "neptune";
services.consul.extraConfig.bootstrap_expect = 3;
services.nomad.settings.server.bootstrap_expect = 3;
# ----
nix = {
binaryCaches = [
"http://binarycache.home.adnab.me"
];
binaryCachePublicKeys = [
"binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
];
};
}

13
site/pluton.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
networking.defaultGateway = {
address = "192.168.0.1";
interface = "enp0s25";
};
services.consul.extraConfig.datacenter = "pluton";
services.nomad.settings.datacenter = "pluton";
services.consul.extraConfig.bootstrap_expect = 1;
services.nomad.settings.server.bootstrap_expect = 1;
}