configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
k-ot ed16802776 Merge branch 'master' of ssh://gitea.c3d2.de:2222/C3D2/nix-config 3 days ago
ansible update filebeat 2 weeks ago
hosts update deployer 3 days ago
kubernetes update deployer 3 months ago
lib Remove peers from Yggdrasil config 1 week ago
overlays Add lib/yggdrasil.nix 1 week ago
secrets @ 573ca8e712 secrets... 1 month ago
.gitignore add mongo. add missing files 3 months ago
.gitmodules Add lib/yggdrasil.nix 1 week ago
README.md activate central logging 3 months ago
hq.nixops add spaceapi container 1 month ago
install-host.sh pulsebert: add home-manager home.nix 7 months ago
nix-maintenance.sh add nix-maintenance.sh 7 months ago

README.md

Deployment

Beide failen bei Activation des neuen Profils. (TODO)

Mit NixOps

The official way for deployment is through deployer.serv.zentralwerk.org

Deploy changes

Use deployer system:

ssh k-ot@172.20.73.9
cd nix-config/
nixops deploy -d hq --check --include=[hostname]

Creating new Container

This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.

  1. log into any proxmox server
  2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
  3. adjustments through ui if necessary
  4. Adjust hq.nixops, add [hostname]
  5. Run shell ssh k-ot@172.20.73.16 cd nix-config/ nixops deploy -d hq --check --include=[hostname]

Mit nixos-switch rebuild

nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"

Secrets

Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you. Maybe this works for you, maybe not. I did it somehow: PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}`

Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait. This is necessary, so you can login to any machine with your gpg key.