forked from Deuxfleurs/nixcfg
Config for prod cluster
This commit is contained in:
parent
f03cafd49b
commit
b0010b309b
18 changed files with 201 additions and 15 deletions
58
cluster/prod/cluster.nix
Normal file
58
cluster/prod/cluster.nix
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
{ config, pkgs, ... } @ args:
|
||||||
|
|
||||||
|
{
|
||||||
|
deuxfleurs.cluster_name = "prod";
|
||||||
|
deuxfleurs.cluster_nodes = [
|
||||||
|
{
|
||||||
|
hostname = "concombre";
|
||||||
|
publicKey = "VvXT0fPDfWsHxumZqVShpS33dJQAdpJ1E79ZbCBJP34=";
|
||||||
|
IP = "10.42.1.31";
|
||||||
|
endpoint = "82.66.112.151:33731";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostname = "courgette";
|
||||||
|
publicKey = "goTkBJGmzrGDOAjUcdH9G0JekipqSMoaYQdB6IHnzi0=";
|
||||||
|
IP = "10.42.1.32";
|
||||||
|
endpoint = "82.66.112.151:33732";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostname = "celeri";
|
||||||
|
publicKey = "oZDAb8LoLW87ktUHyFFec0VaIar97bqq47mGbdVqJ0U=";
|
||||||
|
IP = "10.42.1.33";
|
||||||
|
endpoint = "82.66.112.151:33733";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
deuxfleurs.admin_nodes = [
|
||||||
|
{
|
||||||
|
hostname = "hammerhead";
|
||||||
|
publicKey = "b5hF+GSTgg3oM6wnjL7jRbfyf1jtsWdVptPPbAh3Qic=";
|
||||||
|
IP = "10.42.0.1";
|
||||||
|
endpoint = "5.135.179.11:51349";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostname = "robinson";
|
||||||
|
publicKey = "ETaZFil3mFXlJ0LaJZyWqJVLV2IZUF5PB/8M7WbQSTg=";
|
||||||
|
IP = "10.42.0.42";
|
||||||
|
endpoint = "77.141.67.109:33742";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostname = "shiki";
|
||||||
|
publicKey = "QUiUNMk70TEQ75Ut7Uqikr5uGVSXmx8EGNkGM6tANlg=";
|
||||||
|
IP = "10.42.0.206";
|
||||||
|
endpoint = "37.187.118.206:51820";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostname = "lindy";
|
||||||
|
publicKey = "wen9GnZy2iLT6RyHfn7ydS/wvdvow1XPmhZxIkrDbks=";
|
||||||
|
IP = "10.42.0.66";
|
||||||
|
endpoint = "82.66.112.151:33766";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
deuxfleurs.admin_accounts = {
|
||||||
|
lx = [
|
||||||
|
# Keys for accessing nodes from outside
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIDdVbA9fEdqSr5UJ77NnoIqDTVp8ca5kHExhZYI4ecBExFJfonJllXMBN9KdC4ukxtY8Ug47PcMOfMaTBZQc+e+KpvDWpkBt15Xpem3RCxmMBES79sLL7LgtAdBXc5mNaCX8EOEVixWKdarjvxRyf6py6the51G5muaiMpoj5fae4ZpRGjhGTPefzc7y7zRWBUUZ8pYHW774BIaK6XT9gn3hyHV+Occjl/UODXvodktk55YtnuPi8adXTYEsHrVVz8AkFhx+cr0U/U8vtQnsTrZG+JmgQLqpXVs0RDw5bE1RefEbMuYNKxutYKUe3L+ZJtDe0M0MqOFI8a4F5TxP5 katchup@konata"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
33
cluster/prod/node/celeri.nix
Normal file
33
cluster/prod/node/celeri.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Configuration file local to this node
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.timeout = 20;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "celeri";
|
||||||
|
|
||||||
|
networking.interfaces.eno1.useDHCP = false;
|
||||||
|
networking.interfaces.eno1.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.1.33";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.interfaces.eno1.ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2a01:e0a:c:a720::33";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
deuxfleurs.vpn_ip = "10.42.1.33";
|
||||||
|
deuxfleurs.vpn_listen_port = 33733;
|
||||||
|
deuxfleurs.is_raft_server = true;
|
||||||
|
|
||||||
|
# Enable netdata monitoring
|
||||||
|
services.netdata.enable = true;
|
||||||
|
}
|
1
cluster/prod/node/celeri.site.nix
Symbolic link
1
cluster/prod/node/celeri.site.nix
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../site/neptune.nix
|
33
cluster/prod/node/concombre.nix
Normal file
33
cluster/prod/node/concombre.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Configuration file local to this node
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.timeout = 20;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "concombre";
|
||||||
|
|
||||||
|
networking.interfaces.eno1.useDHCP = false;
|
||||||
|
networking.interfaces.eno1.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.1.31";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.interfaces.eno1.ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2a01:e0a:c:a720::31";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
deuxfleurs.vpn_ip = "10.42.1.31";
|
||||||
|
deuxfleurs.vpn_listen_port = 33731;
|
||||||
|
deuxfleurs.is_raft_server = true;
|
||||||
|
|
||||||
|
# Enable netdata monitoring
|
||||||
|
services.netdata.enable = true;
|
||||||
|
}
|
1
cluster/prod/node/concombre.site.nix
Symbolic link
1
cluster/prod/node/concombre.site.nix
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../site/neptune.nix
|
33
cluster/prod/node/courgette.nix
Normal file
33
cluster/prod/node/courgette.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Configuration file local to this node
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.timeout = 20;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "courgette";
|
||||||
|
|
||||||
|
networking.interfaces.eno1.useDHCP = false;
|
||||||
|
networking.interfaces.eno1.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.1.32";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.interfaces.eno1.ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2a01:e0a:c:a720::32";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
deuxfleurs.vpn_ip = "10.42.1.32";
|
||||||
|
deuxfleurs.vpn_listen_port = 33732;
|
||||||
|
deuxfleurs.is_raft_server = true;
|
||||||
|
|
||||||
|
# Enable netdata monitoring
|
||||||
|
services.netdata.enable = true;
|
||||||
|
}
|
1
cluster/prod/node/courgette.site.nix
Symbolic link
1
cluster/prod/node/courgette.site.nix
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../site/neptune.nix
|
10
cluster/prod/site/neptune.nix
Normal file
10
cluster/prod/site/neptune.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.1.254";
|
||||||
|
interface = "eno1";
|
||||||
|
};
|
||||||
|
|
||||||
|
deuxfleurs.site_name = "neptune";
|
||||||
|
}
|
10
cluster/prod/ssh_config
Normal file
10
cluster/prod/ssh_config
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
UserKnownHostsFile ./ssh_known_hosts
|
||||||
|
|
||||||
|
Host concombre
|
||||||
|
HostName 10.42.1.31
|
||||||
|
|
||||||
|
Host courgette
|
||||||
|
HostName 10.42.1.32
|
||||||
|
|
||||||
|
Host celeri
|
||||||
|
HostName 10.42.1.33
|
|
@ -6,25 +6,25 @@
|
||||||
{
|
{
|
||||||
hostname = "spoutnik";
|
hostname = "spoutnik";
|
||||||
publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg=";
|
publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg=";
|
||||||
IP = "10.42.0.2";
|
IP = "10.42.2.2";
|
||||||
endpoint = "77.141.67.109:42136";
|
endpoint = "77.141.67.109:42136";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "cariacou";
|
hostname = "cariacou";
|
||||||
publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA=";
|
publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA=";
|
||||||
IP = "10.42.0.21";
|
IP = "10.42.2.21";
|
||||||
endpoint = "82.66.112.151:33721";
|
endpoint = "82.66.112.151:33721";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "carcajou";
|
hostname = "carcajou";
|
||||||
publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk=";
|
publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk=";
|
||||||
IP = "10.42.0.22";
|
IP = "10.42.2.22";
|
||||||
endpoint = "82.66.112.151:33722";
|
endpoint = "82.66.112.151:33722";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "caribou";
|
hostname = "caribou";
|
||||||
publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY=";
|
publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY=";
|
||||||
IP = "10.42.0.23";
|
IP = "10.42.2.23";
|
||||||
endpoint = "82.66.112.151:33723";
|
endpoint = "82.66.112.151:33723";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
deuxfleurs.vpn_ip = "10.42.0.22";
|
deuxfleurs.vpn_ip = "10.42.2.22";
|
||||||
deuxfleurs.vpn_listen_port = 33722;
|
deuxfleurs.vpn_listen_port = 33722;
|
||||||
deuxfleurs.is_raft_server = true;
|
deuxfleurs.is_raft_server = true;
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
deuxfleurs.vpn_ip = "10.42.0.21";
|
deuxfleurs.vpn_ip = "10.42.2.21";
|
||||||
deuxfleurs.vpn_listen_port = 33721;
|
deuxfleurs.vpn_listen_port = 33721;
|
||||||
deuxfleurs.is_raft_server = true;
|
deuxfleurs.is_raft_server = true;
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
deuxfleurs.vpn_ip = "10.42.0.23";
|
deuxfleurs.vpn_ip = "10.42.2.23";
|
||||||
deuxfleurs.vpn_listen_port = 33723;
|
deuxfleurs.vpn_listen_port = 33723;
|
||||||
deuxfleurs.is_raft_server = true;
|
deuxfleurs.is_raft_server = true;
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.wireguard.interfaces.wg0 = {
|
networking.wireguard.interfaces.wg0 = {
|
||||||
ips = [ "10.42.0.2/16" ];
|
ips = [ "10.42.2.2/16" ];
|
||||||
listenPort = 42136;
|
listenPort = 42136;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
UserKnownHostsFile ./ssh_known_hosts
|
UserKnownHostsFile ./ssh_known_hosts
|
||||||
|
|
||||||
Host caribou
|
Host caribou
|
||||||
HostName 10.42.0.23
|
HostName 10.42.2.23
|
||||||
|
|
||||||
Host carcajou
|
Host carcajou
|
||||||
HostName 10.42.0.22
|
HostName 10.42.2.22
|
||||||
|
|
||||||
Host cariacou
|
Host cariacou
|
||||||
HostName 10.42.0.21
|
HostName 10.42.2.21
|
||||||
|
|
||||||
Host spoutnik
|
Host spoutnik
|
||||||
HostName 10.42.0.2
|
HostName 10.42.0.2
|
||||||
|
|
|
@ -63,8 +63,8 @@ extendedKeyUsage = serverAuth, clientAuth
|
||||||
subjectAltName = @alt_names
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
[alt_names]
|
[alt_names]
|
||||||
DNS.1 = server.staging.$APP
|
DNS.1 = server.$CLUSTER.$APP
|
||||||
DNS.2 = client.staging.$APP
|
DNS.2 = client.$CLUSTER.$APP
|
||||||
DNS.3 = localhost
|
DNS.3 = localhost
|
||||||
DNS.4 = 127.0.0.1
|
DNS.4 = 127.0.0.1
|
||||||
EOF
|
EOF
|
||||||
|
@ -104,7 +104,7 @@ extendedKeyUsage = clientAuth
|
||||||
subjectAltName = @alt_names
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
[alt_names]
|
[alt_names]
|
||||||
DNS.1 = client.staging.$APP
|
DNS.1 = client.$CLUSTER.$APP
|
||||||
EOF
|
EOF
|
||||||
) \
|
) \
|
||||||
-CA $APP-ca.crt -CAkey $APP-ca.key -CAcreateserial \
|
-CA $APP-ca.crt -CAkey $APP-ca.key -CAcreateserial \
|
||||||
|
|
|
@ -79,7 +79,7 @@ in
|
||||||
networking.wireguard.interfaces.wg0 = {
|
networking.wireguard.interfaces.wg0 = {
|
||||||
ips = [ "${cfg.vpn_ip}/16" ];
|
ips = [ "${cfg.vpn_ip}/16" ];
|
||||||
listenPort = cfg.vpn_listen_port;
|
listenPort = cfg.vpn_listen_port;
|
||||||
privateKeyFile = "/root/wireguard-keys/private";
|
privateKeyFile = "/var/lib/deuxfleurs/wireguard-keys/private";
|
||||||
peers = map ({ publicKey, endpoint, IP, ... }: {
|
peers = map ({ publicKey, endpoint, IP, ... }: {
|
||||||
publicKey = publicKey;
|
publicKey = publicKey;
|
||||||
allowedIPs = [ "${IP}/32" ];
|
allowedIPs = [ "${IP}/32" ];
|
||||||
|
|
|
@ -2,3 +2,9 @@
|
||||||
10.42.0.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds
|
10.42.0.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds
|
||||||
10.42.0.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNRilSqrgqdZlLdhN2eOY5ZMbzqpeqAdIf6QuChhXU+
|
10.42.0.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNRilSqrgqdZlLdhN2eOY5ZMbzqpeqAdIf6QuChhXU+
|
||||||
10.42.0.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORTjNdFaDbhto8kuMPB3hYkfnzdnceZVIELApUe5PPL
|
10.42.0.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORTjNdFaDbhto8kuMPB3hYkfnzdnceZVIELApUe5PPL
|
||||||
|
10.42.1.33 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuY1CvhxBP9BtKkTlmOUu6Hhy8OQTB3R8OCFXbHA/RA
|
||||||
|
10.42.1.31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR
|
||||||
|
10.42.1.32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
|
||||||
|
192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXyY9yZdq/VYpg3K1plBzFvim41tWlu+Dmov3BNSm39
|
||||||
|
192.168.1.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds
|
||||||
|
192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNRilSqrgqdZlLdhN2eOY5ZMbzqpeqAdIf6QuChhXU+
|
||||||
|
|
Loading…
Reference in a new issue