diff options
-rw-r--r-- | app/telemetry/config/apm-config.yaml | 4 | ||||
-rw-r--r-- | cluster/staging/secrets/rclone.conf.sample | 8 | ||||
-rw-r--r-- | configuration.nix | 22 | ||||
-rwxr-xr-x | deploy.sh | 6 |
4 files changed, 10 insertions, 30 deletions
diff --git a/app/telemetry/config/apm-config.yaml b/app/telemetry/config/apm-config.yaml index 881cb40..9288036 100644 --- a/app/telemetry/config/apm-config.yaml +++ b/app/telemetry/config/apm-config.yaml @@ -11,6 +11,10 @@ output.elasticsearch: username: "apm" password: "{{ key "secrets/telemetry/elastic_passwords/apm" }}" +instrumentation: + enabled: true + environment: staging + logging: level: warning to_stderr: true diff --git a/cluster/staging/secrets/rclone.conf.sample b/cluster/staging/secrets/rclone.conf.sample deleted file mode 100644 index 048bdba..0000000 --- a/cluster/staging/secrets/rclone.conf.sample +++ /dev/null @@ -1,8 +0,0 @@ -[staging] -type = s3 -provider = Other -env_auth = false -access_key_id = GK... -secret_access_key = ... -endpoint = http://127.0.0.1:3990 -region = garage-staging diff --git a/configuration.nix b/configuration.nix index 4e323eb..7e32a8d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -38,6 +38,10 @@ "vm.max_map_count" = 262144; }; + services.journald.extraConfig = '' +SystemMaxUse=1G + ''; + # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ @@ -72,24 +76,6 @@ # ---- CONFIG FOR DEUXFLEURS CLUSTER ---- - # Mount Garage using Rclone - systemd.services.mountgarage = { - enable = false; - description = "Mount the Garage data store"; - path = [ - pkgs.fuse - pkgs.rclone - ]; - unitConfig = { - Type = "simple"; - }; - serviceConfig = { - ExecStartPre = "${pkgs.bash}/bin/sh -c \"mkdir -p /mnt/garage-staging; fusermount -u /mnt/garage-staging || exit 0\""; - ExecStart = "${pkgs.rclone}/bin/rclone --config /root/rclone.conf mount --vfs-cache-mode full --vfs-cache-max-size 1G --cache-dir /root/mountgarage-cache staging: /mnt/garage-staging"; - }; - wantedBy = [ "multi-user.target" ]; - }; - # Open ports in the firewall. networking.firewall = { enable = true; @@ -46,8 +46,8 @@ for NIXHOST in $NIXHOSTLIST; do cat cluster/$CLUSTER/node/$NIXHOST.site.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/site.nix > /dev/null echo "Sending secret files" - for SECRET in rclone.conf \ - pki/consul-ca.crt pki/consul$YEAR.crt pki/consul$YEAR.key pki/consul$YEAR-client.crt pki/consul$YEAR-client.key \ + for SECRET in pki/consul-ca.crt pki/consul$YEAR.crt pki/consul$YEAR.key \ + pki/consul$YEAR-client.crt pki/consul$YEAR-client.key \ pki/nomad-ca.crt pki/nomad$YEAR.crt pki/nomad$YEAR.key; do test -f cluster/$CLUSTER/secrets/$SECRET && (cat cluster/$CLUSTER/secrets/$SECRET | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/$SECRET > /dev/null) done @@ -62,8 +62,6 @@ mv deuxfleurs.nix remote-unlock.nix configuration.nix cluster.nix node.nix site. nixos-rebuild switch -test -f rclone.conf && (mv rclone.conf /root; chmod 600 /root/rclone.conf) - mkdir -p /var/lib/nomad/pki /var/lib/consul/pki if [ -f pki/consul-ca.crt ]; then |