Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/nixcfg into main

12 files changed, 57 insertions, 48 deletions

diff --git a/configuration.nix b/configuration.nix
index 5d40366..9c8cb79 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -6,6 +6,7 @@
 
 # Configuration local for this cluster node (hostname, IP, etc)
 let node_config = import ./node.nix args;
+    site_config = import ./site.nix args;
 in
 {
   imports =
@@ -13,6 +14,8 @@ in
       ./hardware-configuration.nix
       # Configuration local for this cluster node (hostname, IP, etc)
       ./node.nix
+      # Configuration local for this Deuxfleurs site (set of nodes)
+      ./site.nix
     ];
 
   # The global useDHCP flag is deprecated, therefore explicitly set to false here.
@@ -187,6 +190,7 @@ in
     htop
     links
     git
+    docker
     docker-compose
   ];
 
@@ -211,27 +215,25 @@ in
   # Enable Hashicorp Consul & Nomad
   services.consul.enable = true;
   services.consul.extraConfig =
-    let public_ip = (builtins.head node_config.networking.wireguard.interfaces.wg0.ips);
+    let public_ip = (builtins.head (builtins.split "/" (builtins.head node_config.networking.wireguard.interfaces.wg0.ips)));
     in
   {
-    datacenter = "neptune";
-    bootstrap_expect = 3;
     server = true;
     ui = true;
     bind_addr = public_ip;
     addresses.http = "0.0.0.0";
     retry_join = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ];
+    retry_join_wan = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ];
   };
 
   services.nomad.enable = true;
   services.nomad.settings =
-    let public_ip = (builtins.head node_config.networking.wireguard.interfaces.wg0.ips);
+    let public_ip = (builtins.head (builtins.split "/" (builtins.head node_config.networking.wireguard.interfaces.wg0.ips)));
     in
   {
-    datacenter = "neptune";
+    region = site_config.services.nomad.settings.datacenter;
     server = {
       enabled = true;
-      bootstrap_expect = 3;
     };
     advertise = {
       rpc = public_ip;
@@ -241,7 +243,7 @@ in
     consul.address = "127.0.0.1:8500";
     client = {
       enabled = true;
-      network_interface = "eno1";
+      network_interface = "wg0";
     };
     plugin = [
       {
@@ -261,7 +263,7 @@ in
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [
     (builtins.head ({ openssh.ports = [22]; } // node_config.services).openssh.ports)
-    3900 3901               # Garage (internal RPC traffic)
+    3990 3991 3992          # Garage
     4646 4647 4648          # Nomad
     8500 8300 8301 8302     # Consul
     19999                   # Netdata
diff --git a/deploy.sh b/deploy.sh
index fb55f60..c327c67 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -3,7 +3,7 @@
 cd $(dirname $0)
 
 if [ -z "$@" ]; then
-	NIXHOSTLIST=$(ls node)
+	NIXHOSTLIST=$(ls node | grep -v '\.site\.')
 else
 	NIXHOSTLIST="$@"
 fi
@@ -19,7 +19,12 @@ for NIXHOST in $NIXHOSTLIST; do
 
 	echo "==== DOING $NIXHOST ===="
 
+	echo "updating"
+	ssh -F ssh_config $SSH_DEST sudo nix-channel --update
+
+	echo "generating config"
 	cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null
 	cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null
+	cat node/$NIXHOST.site.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/site.nix > /dev/null
 	ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch
 done
diff --git a/node/carcajou.nix b/node/carcajou.nix
index 0d12899..9cf6cde 100644
--- a/node/carcajou.nix
+++ b/node/carcajou.nix
@@ -17,10 +17,6 @@
       prefixLength = 24;
     }
   ];
-  networking.defaultGateway = {
-    address = "192.168.1.254";
-    interface = "eno1";
-  };
 
   networking.wireguard.interfaces.wg0 = {
     ips = [ "10.42.0.22/16" ];
@@ -29,15 +25,4 @@
 
   # Enable netdata monitoring
   services.netdata.enable = true;
-
-  # ----
-
-  nix = {
-    binaryCaches = [
-      "http://binarycache.home.adnab.me"
-    ];
-    binaryCachePublicKeys = [
-      "binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
-    ];
-  };
 }
diff --git a/node/carcajou.site.nix b/node/carcajou.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/node/carcajou.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/node/cariacou.nix b/node/cariacou.nix
index bad08e8..bb43c22 100644
--- a/node/cariacou.nix
+++ b/node/cariacou.nix
@@ -17,10 +17,6 @@
       prefixLength = 24;
     }
   ];
-  networking.defaultGateway = {
-    address = "192.168.1.254";
-    interface = "eno1";
-  };
 
   networking.wireguard.interfaces.wg0 = {
     ips = [ "10.42.0.21/16" ];
@@ -29,15 +25,4 @@
 
   # Enable netdata monitoring
   services.netdata.enable = true;
-
-  # ----
-
-  nix = {
-    binaryCaches = [
-      "http://binarycache.home.adnab.me"
-    ];
-    binaryCachePublicKeys = [
-      "binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
-    ];
-  };
 }
diff --git a/node/cariacou.site.nix b/node/cariacou.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/node/cariacou.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/node/caribou.nix b/node/caribou.nix
index b325739..d4b186d 100644
--- a/node/caribou.nix
+++ b/node/caribou.nix
@@ -17,10 +17,6 @@
       prefixLength = 24;
     }
   ];
-  networking.defaultGateway = {
-    address = "192.168.1.254";
-    interface = "eno1";
-  };
 
   networking.wireguard.interfaces.wg0 = {
     ips = [ "10.42.0.23/16" ];
@@ -30,7 +26,6 @@
   # OR use USB modem plugged in here
   #networking.interfaces.enp0s20u1.useDHCP = true;
 
-
   # Enable netdata monitoring
   services.netdata.enable = true;
 
diff --git a/node/caribou.site.nix b/node/caribou.site.nix
new file mode 120000
index 0000000..04ee36c
--- /dev/null
+++ b/node/caribou.site.nix
@@ -0,0 +1 @@
+../site/neptune.nix
\ No newline at end of file
diff --git a/node/spoutnik.nix b/node/spoutnik.nix
index 8e84a2b..55df7d7 100644
--- a/node/spoutnik.nix
+++ b/node/spoutnik.nix
@@ -19,10 +19,6 @@
       prefixLength = 24;
     }
   ];
-  networking.defaultGateway = {
-    address = "192.168.0.1";
-    interface = "enp0s25";
-  };
 
   networking.wireguard.interfaces.wg0 = {
     ips = [ "10.42.0.2/16" ];
diff --git a/node/spoutnik.site.nix b/node/spoutnik.site.nix
new file mode 120000
index 0000000..87c7991
--- /dev/null
+++ b/node/spoutnik.site.nix
@@ -0,0 +1 @@
+../site/pluton.nix
\ No newline at end of file
diff --git a/site/neptune.nix b/site/neptune.nix
new file mode 100644
index 0000000..7fa6252
--- /dev/null
+++ b/site/neptune.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+
+{
+  networking.defaultGateway = {
+    address = "192.168.1.254";
+    interface = "eno1";
+  };
+
+  services.consul.extraConfig.datacenter = "neptune";
+  services.nomad.settings.datacenter = "neptune";
+  services.consul.extraConfig.bootstrap_expect = 3;
+  services.nomad.settings.server.bootstrap_expect = 3;
+
+  # ----
+
+  nix = {
+    binaryCaches = [
+      "http://binarycache.home.adnab.me"
+    ];
+    binaryCachePublicKeys = [
+      "binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw="
+    ];
+  };
+}
diff --git a/site/pluton.nix b/site/pluton.nix
new file mode 100644
index 0000000..ec94018
--- /dev/null
+++ b/site/pluton.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+  networking.defaultGateway = {
+    address = "192.168.0.1";
+    interface = "enp0s25";
+  };
+
+  services.consul.extraConfig.datacenter = "pluton";
+  services.nomad.settings.datacenter = "pluton";
+  services.consul.extraConfig.bootstrap_expect = 1;
+  services.nomad.settings.server.bootstrap_expect = 1;
+}