Browse Source

add mongo. add missing files

pull/1/head
Daniel Poelzleithner 1 month ago
parent
commit
e65f04fb32

+ 1
- 0
.gitignore View File

@@ -1 +1,2 @@
1 1
 .*.swp
2
+*.retry

+ 31
- 5
README.md View File

@@ -2,19 +2,45 @@
2 2
 
3 3
 Beide failen bei Activation des neuen Profils. (TODO)
4 4
 
5
-## Mit `nixos-switch rebuild`
5
+
6
+## Mit NixOps
7
+
8
+The official way for deployment is through `deployer.serv.zentralwerk.org`
9
+
10
+### Deploy changes
11
+
12
+Use deployer system:
6 13
 
7 14
 ```shell
8
-nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
15
+ssh k-ot@172.20.73.9
16
+cd nix-config/
17
+nixops deploy -d hq --check --include=[hostname]
9 18
 ```
10 19
 
11
-## Mit NixOps
20
+
21
+
22
+### Creating new Container
23
+
24
+This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
25
+
26
+1. log into any proxmox server
27
+2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
28
+3. adjustments through ui if necessary
29
+4. Adjust hq.nixops, add  [hostname]
30
+5. Run
31
+    ```shell
32
+    ssh k-ot@172.20.73.9
33
+    cd nix-config/
34
+    nixops deploy -d hq --check --include=[hostname]
35
+    ```
36
+
37
+## Mit `nixos-switch rebuild`
12 38
 
13 39
 ```shell
14
-nixops create  hq.nixops -d hq
15
-nixops deploy -d hq --check --include=dhcp
40
+nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
16 41
 ```
17 42
 
43
+
18 44
 # Secrets
19 45
 
20 46
 Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you.

+ 2
- 0
ansible/roles/proxmox/files/sysctl/zentralwerk.conf View File

@@ -0,0 +1,2 @@
1
+ # for elastic
2
+ vm.max_map_count=262144

+ 5
- 3
hosts/containers/logging/configuration.nix View File

@@ -19,8 +19,6 @@
19 19
     hostName = "logging";
20 20
   };
21 21
 
22
-  nixpkgs.config.allowUnfree = true; 
23
-
24 22
   services.openssh = {
25 23
     enable = true;
26 24
     permitRootLogin = "yes";
@@ -29,7 +27,11 @@
29 27
   services.graylog = {
30 28
     enable = true;
31 29
     passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
32
-    elasticsearchHosts = [ "elastic1.serv.zentralwerk.org" ];
30
+    # mongo.serv.zentralwerk. ?
31
+    elasticsearchHosts = [ "http://172.20.73.10:9200" ];
32
+    rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
33
+    # mongo.serv.zentralwerk. ?
34
+    mongodbUri = "mongodb://172.20.73.12/graylog";
33 35
   };
34 36
 
35 37
   system.stateVersion = "19.03"; # Did you read the comment?

+ 3
- 1
hosts/containers/lxc-template.nix View File

@@ -9,6 +9,8 @@
9 9
     [ ../../lib/lxc-container.nix
10 10
       ../../lib/shared.nix
11 11
       ../../lib/admins.nix
12
+      ../../lib/common/common.nix
13
+      <nixpkgs/nixos/modules/profiles/minimal.nix>
12 14
     ];
13 15
 
14 16
   networking.hostName = "nixbert"; # Define your hostname.
@@ -29,5 +31,5 @@
29 31
   # compatible, in order to avoid breaking some software such as database
30 32
   # servers. You should change this only after NixOS release notes say you
31 33
   # should.
32
-  system.stateVersion = "18.09"; # Did you read the comment?
34
+  system.stateVersion = "19.03"; # Did you read the comment?
33 35
 }

+ 1
- 1
hosts/containers/lxc-template.sh View File

@@ -1,3 +1,3 @@
1 1
 #!/usr/bin/env bash
2
-
2
+set -e
3 3
 nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball

+ 35
- 0
hosts/containers/mongo/configuration.nix View File

@@ -0,0 +1,35 @@
1
+# Edit this configuration file to define what should be installed on
2
+# your system.  Help is available in the configuration.nix(5) man page
3
+# and in the NixOS manual (accessible by running ‘nixos-help’).
4
+
5
+{ config, pkgs, lib, ... }:
6
+
7
+{
8
+  imports =
9
+    [ ../../../lib/lxc-container.nix
10
+    ../../../lib/shared.nix
11
+    ../../../lib/admins.nix
12
+  ];
13
+
14
+  environment.systemPackages = with pkgs; [
15
+    vim
16
+  ];
17
+
18
+  networking = {
19
+    hostName = "mongo";
20
+  };
21
+
22
+  services.openssh = {
23
+    enable = true;
24
+    permitRootLogin = "yes";
25
+  };
26
+
27
+  services.mongodb = {
28
+    enable = true;
29
+    bind_ip = "0.0.0.0";
30
+    dbpath = "/srv/mongodb";
31
+  };
32
+
33
+  system.stateVersion = "19.03"; # Did you read the comment?
34
+
35
+}

+ 1
- 0
hosts/containers/upload-template.sh View File

@@ -0,0 +1 @@
1
+scp result/tarball/nixos-system-x86_64-linux.tar.xz root@storage-ng.hq.c3d2.de:/mnt/cephfs/template/cache/

+ 3
- 2
hosts/storage-ng/configuration.nix View File

@@ -9,6 +9,7 @@
9 9
     [ # Include the results of the hardware scan.
10 10
       ./hardware-configuration.nix
11 11
       ../../lib/common/c3d2.nix
12
+      ../../lib/shared.nix
12 13
       ../../lib/users.nix
13 14
       ./ncdc.nix
14 15
       ../../lib/mpd.nix
@@ -102,7 +103,7 @@
102 103
   fileSystems."/mnt/cephfs" = {
103 104
     device = "172.22.99.13:6789:/";
104 105
     fsType = "ceph";
105
-    options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
106
+    options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
106 107
   };
107 108
 
108 109
   # Some programs need SUID wrappers, can be configured further or are
@@ -174,6 +175,6 @@
174 175
   # compatible, in order to avoid breaking some software such as database
175 176
   # servers. You should change this only after NixOS release notes say you
176 177
   # should.
177
-  system.stateVersion = "18.09"; # Did you read the comment?
178
+  system.stateVersion = "19.03"; # Did you read the comment?
178 179
 
179 180
 }

hosts/containers/feile/www/index.html → hosts/storage-ng/www/index.html View File


+ 13
- 0
hq.nixops View File

@@ -93,4 +93,17 @@
93 93
 				storeKeysOnMachine = true;
94 94
 			};
95 95
 	  };
96
+    "mongo" =
97
+    { ... }:
98
+		{
99
+			imports = [
100
+				hosts/containers/mongo/configuration.nix
101
+			];
102
+			deployment = {
103
+				targetHost = "2a02:8106:208:5282:14ec:c8ff:fe0a:fc5c";
104
+				storeKeysOnMachine = true;
105
+			};
106
+	  };
107
+
108
+    
96 109
 }

+ 1
- 2
lib/common/c3d2.nix View File

@@ -1,12 +1,11 @@
1 1
 { config, pkgs, ... }:
2 2
 
3 3
 {
4
-  time.timeZone = "Europe/Berlin";
4
+  imports = [./common.nix];
5 5
 
6 6
   networking = {
7 7
     domain = "hq.c3d2.de";
8 8
     defaultGateway.address = "172.22.99.1";
9
-    nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
10 9
   };
11 10
 
12 11
 }

+ 8
- 0
lib/common/common.nix View File

@@ -0,0 +1,8 @@
1
+{ config, pkgs, ... }:
2
+
3
+{
4
+  networking = {
5
+    nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
6
+  };
7
+
8
+}

+ 1
- 0
lib/lxc-container.nix View File

@@ -8,6 +8,7 @@
8 8
   nix.useSandbox = false;
9 9
   nix.maxJobs = lib.mkDefault 1;
10 10
   nix.buildCores = lib.mkDefault 4;
11
+  networking.useNetworkd = true;
11 12
 
12 13
   boot.isContainer = true;
13 14
   # /sbin/init

+ 1
- 1
lib/shared.nix View File

@@ -6,6 +6,6 @@
6 6
   # Select internationalisation properties.
7 7
   i18n = {
8 8
     defaultLocale = "en_US.UTF-8";
9
-    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
9
+    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
10 10
   };
11 11
 }

+ 1
- 1
secrets

@@ -1 +1 @@
1
-Subproject commit a5a4343d7fe8550fc2163c2e377f39682b57e6be
1
+Subproject commit 573ca8e7120de6fe36af90dace36f9222c155cec

Loading…
Cancel
Save