aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cluster/prod/cluster.nix6
-rw-r--r--cluster/staging/app/core/deploy/core-system.hcl4
-rw-r--r--cluster/staging/cluster.nix8
-rw-r--r--cluster/staging/node/carcajou.nix2
-rw-r--r--cluster/staging/node/cariacou.nix2
-rw-r--r--cluster/staging/node/caribou.nix2
-rw-r--r--cluster/staging/node/origan.nix24
l---------cluster/staging/node/origan.site.nix1
-rw-r--r--cluster/staging/site/jupiter.nix16
-rw-r--r--cluster/staging/site/neptune.nix8
-rw-r--r--cluster/staging/ssh_config3
-rwxr-xr-xdeploy_pki10
-rw-r--r--nix/configuration.nix8
-rw-r--r--ssh_known_hosts1
14 files changed, 73 insertions, 22 deletions
diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix
index 95391ac..59fbcb5 100644
--- a/cluster/prod/cluster.nix
+++ b/cluster/prod/cluster.nix
@@ -117,4 +117,10 @@
# For Garage external communication
networking.firewall.allowedTCPPorts = [ 3901 ];
+
+ # All prod nodes were deployed on the same version.
+ # This could be put in individual node .nix files if we deploy
+ # newer nodes on a different system version, OR we can bump this
+ # regularly cluster-wide
+ system.stateVersion = "21.05";
}
diff --git a/cluster/staging/app/core/deploy/core-system.hcl b/cluster/staging/app/core/deploy/core-system.hcl
index d410573..15dc77f 100644
--- a/cluster/staging/app/core/deploy/core-system.hcl
+++ b/cluster/staging/app/core/deploy/core-system.hcl
@@ -1,5 +1,5 @@
job "core-system" {
- datacenters = ["neptune"]
+ datacenters = ["neptune", "jupiter"]
type = "system"
priority = 90
@@ -13,6 +13,7 @@ job "core-system" {
stagger = "1m"
}
+/*
group "diplonat" {
task "diplonat" {
driver = "nix2"
@@ -68,6 +69,7 @@ EOH
}
}
}
+ */
group "tricot" {
network {
diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix
index b9a4fed..42353e0 100644
--- a/cluster/staging/cluster.nix
+++ b/cluster/staging/cluster.nix
@@ -32,6 +32,14 @@
lan_endpoint = "192.168.1.23:33799";
endpoint = "77.207.15.215:33723";
}
+ {
+ hostname = "origan";
+ site_name = "jupiter";
+ publicKey = "smBQYUS60JDkNoqkTT7TgbpqFiM43005fcrT6472llI=";
+ IP = "10.14.2.33";
+ lan_endpoint = "192.168.1.33:33799";
+ endpoint = "192.168.1.199:33799"; # TODO NAT
+ }
];
# Bootstrap IPs for Consul cluster,
diff --git a/cluster/staging/node/carcajou.nix b/cluster/staging/node/carcajou.nix
index b6d15df..0ec2582 100644
--- a/cluster/staging/node/carcajou.nix
+++ b/cluster/staging/node/carcajou.nix
@@ -21,4 +21,6 @@
deuxfleurs.cluster_ip = "10.14.1.2";
deuxfleurs.is_raft_server = true;
+
+ system.stateVersion = "21.05";
}
diff --git a/cluster/staging/node/cariacou.nix b/cluster/staging/node/cariacou.nix
index 61d3f28..d8fe564 100644
--- a/cluster/staging/node/cariacou.nix
+++ b/cluster/staging/node/cariacou.nix
@@ -21,4 +21,6 @@
deuxfleurs.cluster_ip = "10.14.1.1";
deuxfleurs.is_raft_server = true;
+
+ system.stateVersion = "21.05";
}
diff --git a/cluster/staging/node/caribou.nix b/cluster/staging/node/caribou.nix
index 65168a9..af46273 100644
--- a/cluster/staging/node/caribou.nix
+++ b/cluster/staging/node/caribou.nix
@@ -19,4 +19,6 @@
# Open SSB port
networking.firewall.allowedTCPPorts = [ 8008 ];
+
+ system.stateVersion = "21.05";
}
diff --git a/cluster/staging/node/origan.nix b/cluster/staging/node/origan.nix
new file mode 100644
index 0000000..3085cca
--- /dev/null
+++ b/cluster/staging/node/origan.nix
@@ -0,0 +1,24 @@
+# Configuration file local to this node
+
+{ config, pkgs, ... }:
+
+{
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.timeout = 20;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.hostName = "origan";
+
+ deuxfleurs.network_interface = "eno1";
+ deuxfleurs.lan_ip = "192.168.1.33";
+ deuxfleurs.ipv6 = "2a01:e0a:5e4:1d0:223:24ff:feaf:fdec";
+
+ deuxfleurs.cluster_ip = "10.14.2.33";
+ deuxfleurs.is_raft_server = false;
+
+ # Open SSB port
+ networking.firewall.allowedTCPPorts = [ 8008 ];
+
+ system.stateVersion = "22.11";
+}
diff --git a/cluster/staging/node/origan.site.nix b/cluster/staging/node/origan.site.nix
new file mode 120000
index 0000000..7cdd625
--- /dev/null
+++ b/cluster/staging/node/origan.site.nix
@@ -0,0 +1 @@
+../site/jupiter.nix \ No newline at end of file
diff --git a/cluster/staging/site/jupiter.nix b/cluster/staging/site/jupiter.nix
new file mode 100644
index 0000000..31b9f47
--- /dev/null
+++ b/cluster/staging/site/jupiter.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+ deuxfleurs.site_name = "jupiter";
+ deuxfleurs.lan_default_gateway = "192.168.1.1";
+ deuxfleurs.ipv6_default_gateway = "fe80::9038:202a:73a0:e73b";
+ deuxfleurs.lan_ip_prefix_length = 24;
+ deuxfleurs.ipv6_prefix_length = 64;
+ deuxfleurs.nameservers = [ "192.168.1.1" ];
+ deuxfleurs.cname_target = "jupiter.site.staging.deuxfleurs.org.";
+
+ # no public ipv4 is used for the staging cluster on Jupiter
+ # deuxfleurs.public_ipv4 = "???";
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
diff --git a/cluster/staging/site/neptune.nix b/cluster/staging/site/neptune.nix
index 506da65..5399826 100644
--- a/cluster/staging/site/neptune.nix
+++ b/cluster/staging/site/neptune.nix
@@ -14,12 +14,4 @@
# deuxfleurs.public_ipv4 = "77.207.15.215";
networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- services.cron = {
- enable = true;
- systemCronJobs = [
- "0 2 * * * root nix-collect-garbage --delete-older-than 10d >> /root/nix_gc_log 2>&1"
- "30 2 1 * * root docker run --rm -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 30d >> /root/drone_nix_gc_log 2>&1"
- ];
- };
}
diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config
index 0f8ea0a..407d39b 100644
--- a/cluster/staging/ssh_config
+++ b/cluster/staging/ssh_config
@@ -15,3 +15,6 @@ Host cariacou
Host spoutnik
HostName 10.42.0.2
Port 220
+
+Host origan
+ HostName 2a01:e0a:5e4:1d0:223:24ff:feaf:fdec
diff --git a/deploy_pki b/deploy_pki
index d6b0d3a..d7f5832 100755
--- a/deploy_pki
+++ b/deploy_pki
@@ -23,7 +23,7 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
do
if pass $PKI/$file >/dev/null; then
write_pass $PKI/$file /var/lib/nomad/pki/$file
- cmd "chown \$(stat -c %u /var/lib/private/nomad) /var/lib/nomad/pki/$file"
+ cmd "chown \$(stat -c %u /var/lib/nomad) /var/lib/nomad/pki/$file"
fi
done
@@ -39,7 +39,7 @@ cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul$YEAR
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"
-cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/private/nomad/pki/nomad-ca.crt"
-cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/private/nomad/pki/nomad$YEAR.crt"
-cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/private/nomad/pki/nomad$YEAR-client.crt"
-cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/private/nomad/pki/nomad$YEAR-client.key"
+cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
+cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad$YEAR.crt"
+cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad$YEAR-client.crt"
+cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad$YEAR-client.key"
diff --git a/nix/configuration.nix b/nix/configuration.nix
index aa979db..0b07056 100644
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@@ -84,13 +84,5 @@ SystemMaxUse=1G
dns = [ "172.17.0.1" ];
})}";
};
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "21.05"; # Did you read the comment?
}
diff --git a/ssh_known_hosts b/ssh_known_hosts
index 9b1c4d1..530df33 100644
--- a/ssh_known_hosts
+++ b/ssh_known_hosts
@@ -24,3 +24,4 @@ df-ymf.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2el374ejNXqF+
2001:910:1204:1::31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR
2001:910:1204:1::32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
+2a01:e0a:5e4:1d0:223:24ff:feaf:fdec ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsZas74RT6lCZwuUOPR23nPdbSdpWORyAmRgjoiMVHK