add mongo. add missing files

.gitignore

@@ -1 +1,2 @@
 .*.swp
+*.retry

README.md

@@ -2,19 +2,45 @@
 
 Beide failen bei Activation des neuen Profils. (TODO)
 
-## Mit `nixos-switch rebuild`
+
+## Mit NixOps
+
+The official way for deployment is through `deployer.serv.zentralwerk.org`
+
+### Deploy changes
+
+Use deployer system:
 
 ```shell
-nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
+ssh k-ot@172.20.73.9
+cd nix-config/
+nixops deploy -d hq --check --include=[hostname]
 ```
 
-## Mit NixOps
+
+
+### Creating new Container
+
+This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
+
+1. log into any proxmox server
+2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
+3. adjustments through ui if necessary
+4. Adjust hq.nixops, add  [hostname]
+5. Run
+    ```shell
+    ssh k-ot@172.20.73.9
+    cd nix-config/
+    nixops deploy -d hq --check --include=[hostname]
+    ```
+
+## Mit `nixos-switch rebuild`
 
 ```shell
-nixops create  hq.nixops -d hq
-nixops deploy -d hq --check --include=dhcp
+nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
 ```
 
+
 # Secrets
 
 Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.

ansible/roles/proxmox/files/sysctl/zentralwerk.conf

@@ -0,0 +1,2 @@
+ # for elastic
+ vm.max_map_count=262144

hosts/containers/logging/configuration.nix

@@ -19,8 +19,6 @@
     hostName = "logging";
   };
 
-  nixpkgs.config.allowUnfree = true; 
-
   services.openssh = {
     enable = true;
     permitRootLogin = "yes";
@@ -29,7 +27,11 @@
   services.graylog = {
     enable = true;
     passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
-    elasticsearchHosts = [ "elastic1.serv.zentralwerk.org" ];
+    # mongo.serv.zentralwerk. ?
+    elasticsearchHosts = [ "http://172.20.73.10:9200" ];
+    rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
+    # mongo.serv.zentralwerk. ?
+    mongodbUri = "mongodb://172.20.73.12/graylog";
   };
 
   system.stateVersion = "19.03"; # Did you read the comment?

hosts/containers/lxc-template.nix

@@ -9,6 +9,8 @@
     [ ../../lib/lxc-container.nix
       ../../lib/shared.nix
       ../../lib/admins.nix
+      ../../lib/common/common.nix
+      <nixpkgs/nixos/modules/profiles/minimal.nix>
     ];
 
   networking.hostName = "nixbert"; # Define your hostname.
@@ -29,5 +31,5 @@
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you
   # should.
-  system.stateVersion = "18.09"; # Did you read the comment?
+  system.stateVersion = "19.03"; # Did you read the comment?
 }

hosts/containers/lxc-template.sh

@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
-
+set -e
 nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball

hosts/containers/mongo/configuration.nix

@@ -0,0 +1,35 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [ ../../../lib/lxc-container.nix
+    ../../../lib/shared.nix
+    ../../../lib/admins.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    vim
+  ];
+
+  networking = {
+    hostName = "mongo";
+  };
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+  };
+
+  services.mongodb = {
+    enable = true;
+    bind_ip = "0.0.0.0";
+    dbpath = "/srv/mongodb";
+  };
+
+  system.stateVersion = "19.03"; # Did you read the comment?
+
+}

hosts/containers/upload-template.sh

@@ -0,0 +1 @@
+scp result/tarball/nixos-system-x86_64-linux.tar.xz root@storage-ng.hq.c3d2.de:/mnt/cephfs/template/cache/

hosts/storage-ng/configuration.nix

@@ -9,6 +9,7 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ../../lib/common/c3d2.nix
+      ../../lib/shared.nix
       ../../lib/users.nix
       ./ncdc.nix
       ../../lib/mpd.nix
@@ -102,7 +103,7 @@
   fileSystems."/mnt/cephfs" = {
     device = "172.22.99.13:6789:/";
     fsType = "ceph";
-    options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
+    options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
   };
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -174,6 +175,6 @@
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you
   # should.
-  system.stateVersion = "18.09"; # Did you read the comment?
+  system.stateVersion = "19.03"; # Did you read the comment?
 
 }

hq.nixops

@@ -93,4 +93,17 @@
 				storeKeysOnMachine = true;
 			};
 	  };
+    "mongo" =
+    { ... }:
+		{
+			imports = [
+				hosts/containers/mongo/configuration.nix
+			];
+			deployment = {
+				targetHost = "2a02:8106:208:5282:14ec:c8ff:fe0a:fc5c";
+				storeKeysOnMachine = true;
+			};
+	  };
+
+    
 }

lib/common/c3d2.nix

@@ -1,12 +1,11 @@
 { config, pkgs, ... }:
 
 {
-  time.timeZone = "Europe/Berlin";
+  imports = [./common.nix];
 
   networking = {
     domain = "hq.c3d2.de";
     defaultGateway.address = "172.22.99.1";
-    nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
   };
 
 }

lib/common/common.nix

@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+  networking = {
+    nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
+  };
+
+}

lib/lxc-container.nix

@@ -8,6 +8,7 @@
   nix.useSandbox = false;
   nix.maxJobs = lib.mkDefault 1;
   nix.buildCores = lib.mkDefault 4;
+  networking.useNetworkd = true;
 
   boot.isContainer = true;
   # /sbin/init

lib/shared.nix

@@ -6,6 +6,6 @@
   # Select internationalisation properties.
   i18n = {
     defaultLocale = "en_US.UTF-8";
-    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
+    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
   };
 }

secrets

@@ -1 +1 @@
-Subproject commit a5a4343d7fe8550fc2163c2e377f39682b57e6be
+Subproject commit 573ca8e7120de6fe36af90dace36f9222c155cec