aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/telemetry/config/apm-config.yaml4
-rw-r--r--cluster/staging/secrets/rclone.conf.sample8
-rw-r--r--configuration.nix22
-rwxr-xr-xdeploy.sh6
4 files changed, 10 insertions, 30 deletions
diff --git a/app/telemetry/config/apm-config.yaml b/app/telemetry/config/apm-config.yaml
index 881cb40..9288036 100644
--- a/app/telemetry/config/apm-config.yaml
+++ b/app/telemetry/config/apm-config.yaml
@@ -11,6 +11,10 @@ output.elasticsearch:
username: "apm"
password: "{{ key "secrets/telemetry/elastic_passwords/apm" }}"
+instrumentation:
+ enabled: true
+ environment: staging
+
logging:
level: warning
to_stderr: true
diff --git a/cluster/staging/secrets/rclone.conf.sample b/cluster/staging/secrets/rclone.conf.sample
deleted file mode 100644
index 048bdba..0000000
--- a/cluster/staging/secrets/rclone.conf.sample
+++ /dev/null
@@ -1,8 +0,0 @@
-[staging]
-type = s3
-provider = Other
-env_auth = false
-access_key_id = GK...
-secret_access_key = ...
-endpoint = http://127.0.0.1:3990
-region = garage-staging
diff --git a/configuration.nix b/configuration.nix
index 4e323eb..7e32a8d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -38,6 +38,10 @@
"vm.max_map_count" = 262144;
};
+ services.journald.extraConfig = ''
+SystemMaxUse=1G
+ '';
+
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
@@ -72,24 +76,6 @@
# ---- CONFIG FOR DEUXFLEURS CLUSTER ----
- # Mount Garage using Rclone
- systemd.services.mountgarage = {
- enable = false;
- description = "Mount the Garage data store";
- path = [
- pkgs.fuse
- pkgs.rclone
- ];
- unitConfig = {
- Type = "simple";
- };
- serviceConfig = {
- ExecStartPre = "${pkgs.bash}/bin/sh -c \"mkdir -p /mnt/garage-staging; fusermount -u /mnt/garage-staging || exit 0\"";
- ExecStart = "${pkgs.rclone}/bin/rclone --config /root/rclone.conf mount --vfs-cache-mode full --vfs-cache-max-size 1G --cache-dir /root/mountgarage-cache staging: /mnt/garage-staging";
- };
- wantedBy = [ "multi-user.target" ];
- };
-
# Open ports in the firewall.
networking.firewall = {
enable = true;
diff --git a/deploy.sh b/deploy.sh
index 7527f7f..74949b8 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -46,8 +46,8 @@ for NIXHOST in $NIXHOSTLIST; do
cat cluster/$CLUSTER/node/$NIXHOST.site.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/site.nix > /dev/null
echo "Sending secret files"
- for SECRET in rclone.conf \
- pki/consul-ca.crt pki/consul$YEAR.crt pki/consul$YEAR.key pki/consul$YEAR-client.crt pki/consul$YEAR-client.key \
+ for SECRET in pki/consul-ca.crt pki/consul$YEAR.crt pki/consul$YEAR.key \
+ pki/consul$YEAR-client.crt pki/consul$YEAR-client.key \
pki/nomad-ca.crt pki/nomad$YEAR.crt pki/nomad$YEAR.key; do
test -f cluster/$CLUSTER/secrets/$SECRET && (cat cluster/$CLUSTER/secrets/$SECRET | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/$SECRET > /dev/null)
done
@@ -62,8 +62,6 @@ mv deuxfleurs.nix remote-unlock.nix configuration.nix cluster.nix node.nix site.
nixos-rebuild switch
-test -f rclone.conf && (mv rclone.conf /root; chmod 600 /root/rclone.conf)
-
mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
if [ -f pki/consul-ca.crt ]; then