diff options
| author | ADRN <adrien@luxeylab.net> | 2021-11-28 13:37:11 +0100 |
|---|---|---|
| committer | ADRN <adrien@luxeylab.net> | 2021-11-28 13:37:11 +0100 |
| commit | 839e6918803deee72a6c8444e9a61ca0af75b79d (patch) | |
| tree | fc0a0c6baa7d3a17887feeb44b6883e44f792c2f | |
| parent | 9578121f5b99c096447829f7fff6da54b0e9deab (diff) | |
| parent | fe080ff4b6ffd435ab62f193072ec22e30b8602f (diff) | |
| download | nixcfg-839e6918803deee72a6c8444e9a61ca0af75b79d.tar.gz nixcfg-839e6918803deee72a6c8444e9a61ca0af75b79d.zip | |
Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/nixcfg into main
| -rw-r--r-- | configuration.nix | 18 | ||||
| -rwxr-xr-x | deploy.sh | 7 | ||||
| -rw-r--r-- | node/carcajou.nix | 15 | ||||
| l--------- | node/carcajou.site.nix | 1 | ||||
| -rw-r--r-- | node/cariacou.nix | 15 | ||||
| l--------- | node/cariacou.site.nix | 1 | ||||
| -rw-r--r-- | node/caribou.nix | 5 | ||||
| l--------- | node/caribou.site.nix | 1 | ||||
| -rw-r--r-- | node/spoutnik.nix | 4 | ||||
| l--------- | node/spoutnik.site.nix | 1 | ||||
| -rw-r--r-- | site/neptune.nix | 24 | ||||
| -rw-r--r-- | site/pluton.nix | 13 |
12 files changed, 57 insertions, 48 deletions
diff --git a/configuration.nix b/configuration.nix index 5d40366..9c8cb79 100644 --- a/configuration.nix +++ b/configuration.nix @@ -6,6 +6,7 @@ # Configuration local for this cluster node (hostname, IP, etc) let node_config = import ./node.nix args; + site_config = import ./site.nix args; in { imports = @@ -13,6 +14,8 @@ in ./hardware-configuration.nix # Configuration local for this cluster node (hostname, IP, etc) ./node.nix + # Configuration local for this Deuxfleurs site (set of nodes) + ./site.nix ]; # The global useDHCP flag is deprecated, therefore explicitly set to false here. @@ -187,6 +190,7 @@ in htop links git + docker docker-compose ]; @@ -211,27 +215,25 @@ in # Enable Hashicorp Consul & Nomad services.consul.enable = true; services.consul.extraConfig = - let public_ip = (builtins.head node_config.networking.wireguard.interfaces.wg0.ips); + let public_ip = (builtins.head (builtins.split "/" (builtins.head node_config.networking.wireguard.interfaces.wg0.ips))); in { - datacenter = "neptune"; - bootstrap_expect = 3; server = true; ui = true; bind_addr = public_ip; addresses.http = "0.0.0.0"; retry_join = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ]; + retry_join_wan = [ "10.42.0.2" "10.42.0.21" "10.42.0.22" "10.42.0.23" ]; }; services.nomad.enable = true; services.nomad.settings = - let public_ip = (builtins.head node_config.networking.wireguard.interfaces.wg0.ips); + let public_ip = (builtins.head (builtins.split "/" (builtins.head node_config.networking.wireguard.interfaces.wg0.ips))); in { - datacenter = "neptune"; + region = site_config.services.nomad.settings.datacenter; server = { enabled = true; - bootstrap_expect = 3; }; advertise = { rpc = public_ip; @@ -241,7 +243,7 @@ in consul.address = "127.0.0.1:8500"; client = { enabled = true; - network_interface = "eno1"; + network_interface = "wg0"; }; plugin = [ { @@ -261,7 +263,7 @@ in # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ (builtins.head ({ openssh.ports = [22]; } // node_config.services).openssh.ports) - 3900 3901 # Garage (internal RPC traffic) + 3990 3991 3992 # Garage 4646 4647 4648 # Nomad 8500 8300 8301 8302 # Consul 19999 # Netdata @@ -3,7 +3,7 @@ cd $(dirname $0) if [ -z "$@" ]; then - NIXHOSTLIST=$(ls node) + NIXHOSTLIST=$(ls node | grep -v '\.site\.') else NIXHOSTLIST="$@" fi @@ -19,7 +19,12 @@ for NIXHOST in $NIXHOSTLIST; do echo "==== DOING $NIXHOST ====" + echo "updating" + ssh -F ssh_config $SSH_DEST sudo nix-channel --update + + echo "generating config" cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null + cat node/$NIXHOST.site.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/site.nix > /dev/null ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch done diff --git a/node/carcajou.nix b/node/carcajou.nix index 0d12899..9cf6cde 100644 --- a/node/carcajou.nix +++ b/node/carcajou.nix @@ -17,10 +17,6 @@ prefixLength = 24; } ]; - networking.defaultGateway = { - address = "192.168.1.254"; - interface = "eno1"; - }; networking.wireguard.interfaces.wg0 = { ips = [ "10.42.0.22/16" ]; @@ -29,15 +25,4 @@ # Enable netdata monitoring services.netdata.enable = true; - - # ---- - - nix = { - binaryCaches = [ - "http://binarycache.home.adnab.me" - ]; - binaryCachePublicKeys = [ - "binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw=" - ]; - }; } diff --git a/node/carcajou.site.nix b/node/carcajou.site.nix new file mode 120000 index 0000000..04ee36c --- /dev/null +++ b/node/carcajou.site.nix @@ -0,0 +1 @@ +../site/neptune.nix
\ No newline at end of file diff --git a/node/cariacou.nix b/node/cariacou.nix index bad08e8..bb43c22 100644 --- a/node/cariacou.nix +++ b/node/cariacou.nix @@ -17,10 +17,6 @@ prefixLength = 24; } ]; - networking.defaultGateway = { - address = "192.168.1.254"; - interface = "eno1"; - }; networking.wireguard.interfaces.wg0 = { ips = [ "10.42.0.21/16" ]; @@ -29,15 +25,4 @@ # Enable netdata monitoring services.netdata.enable = true; - - # ---- - - nix = { - binaryCaches = [ - "http://binarycache.home.adnab.me" - ]; - binaryCachePublicKeys = [ - "binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw=" - ]; - }; } diff --git a/node/cariacou.site.nix b/node/cariacou.site.nix new file mode 120000 index 0000000..04ee36c --- /dev/null +++ b/node/cariacou.site.nix @@ -0,0 +1 @@ +../site/neptune.nix
\ No newline at end of file diff --git a/node/caribou.nix b/node/caribou.nix index b325739..d4b186d 100644 --- a/node/caribou.nix +++ b/node/caribou.nix @@ -17,10 +17,6 @@ prefixLength = 24; } ]; - networking.defaultGateway = { - address = "192.168.1.254"; - interface = "eno1"; - }; networking.wireguard.interfaces.wg0 = { ips = [ "10.42.0.23/16" ]; @@ -30,7 +26,6 @@ # OR use USB modem plugged in here #networking.interfaces.enp0s20u1.useDHCP = true; - # Enable netdata monitoring services.netdata.enable = true; diff --git a/node/caribou.site.nix b/node/caribou.site.nix new file mode 120000 index 0000000..04ee36c --- /dev/null +++ b/node/caribou.site.nix @@ -0,0 +1 @@ +../site/neptune.nix
\ No newline at end of file diff --git a/node/spoutnik.nix b/node/spoutnik.nix index 8e84a2b..55df7d7 100644 --- a/node/spoutnik.nix +++ b/node/spoutnik.nix @@ -19,10 +19,6 @@ prefixLength = 24; } ]; - networking.defaultGateway = { - address = "192.168.0.1"; - interface = "enp0s25"; - }; networking.wireguard.interfaces.wg0 = { ips = [ "10.42.0.2/16" ]; diff --git a/node/spoutnik.site.nix b/node/spoutnik.site.nix new file mode 120000 index 0000000..87c7991 --- /dev/null +++ b/node/spoutnik.site.nix @@ -0,0 +1 @@ +../site/pluton.nix
\ No newline at end of file diff --git a/site/neptune.nix b/site/neptune.nix new file mode 100644 index 0000000..7fa6252 --- /dev/null +++ b/site/neptune.nix @@ -0,0 +1,24 @@ +{ config, pkgs, ... }: + +{ + networking.defaultGateway = { + address = "192.168.1.254"; + interface = "eno1"; + }; + + services.consul.extraConfig.datacenter = "neptune"; + services.nomad.settings.datacenter = "neptune"; + services.consul.extraConfig.bootstrap_expect = 3; + services.nomad.settings.server.bootstrap_expect = 3; + + # ---- + + nix = { + binaryCaches = [ + "http://binarycache.home.adnab.me" + ]; + binaryCachePublicKeys = [ + "binarycache.home.adnab.me:ErR6pMnewf9oVyZJd5uC2nI4EZF49c7Mh86eDZWYZaw=" + ]; + }; +} diff --git a/site/pluton.nix b/site/pluton.nix new file mode 100644 index 0000000..ec94018 --- /dev/null +++ b/site/pluton.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + networking.defaultGateway = { + address = "192.168.0.1"; + interface = "enp0s25"; + }; + + services.consul.extraConfig.datacenter = "pluton"; + services.nomad.settings.datacenter = "pluton"; + services.consul.extraConfig.bootstrap_expect = 1; + services.nomad.settings.server.bootstrap_expect = 1; +} |