add mongo. add missing files

This commit is contained in:
Daniel Poelzleithner 2019-07-04 00:31:45 +02:00
父節點 d4a933f473
當前提交 e65f04fb32
共有 16 個文件被更改,包括 108 次插入17 次删除

1
.gitignore vendored
查看文件

@ -1 +1,2 @@
.*.swp
*.retry

查看文件

@ -2,18 +2,44 @@
Beide failen bei Activation des neuen Profils. (TODO)
## Mit NixOps
The official way for deployment is through `deployer.serv.zentralwerk.org`
### Deploy changes
Use deployer system:
```shell
ssh k-ot@172.20.73.9
cd nix-config/
nixops deploy -d hq --check --include=[hostname]
```
### Creating new Container
This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
1. log into any proxmox server
2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
3. adjustments through ui if necessary
4. Adjust hq.nixops, add [hostname]
5. Run
```shell
ssh k-ot@172.20.73.9
cd nix-config/
nixops deploy -d hq --check --include=[hostname]
```
## Mit `nixos-switch rebuild`
```shell
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
```
## Mit NixOps
```shell
nixops create hq.nixops -d hq
nixops deploy -d hq --check --include=dhcp
```
# Secrets

查看文件

@ -0,0 +1,2 @@
# for elastic
vm.max_map_count=262144

查看文件

@ -19,8 +19,6 @@
hostName = "logging";
};
nixpkgs.config.allowUnfree = true;
services.openssh = {
enable = true;
permitRootLogin = "yes";
@ -29,7 +27,11 @@
services.graylog = {
enable = true;
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
elasticsearchHosts = [ "elastic1.serv.zentralwerk.org" ];
# mongo.serv.zentralwerk. ?
elasticsearchHosts = [ "http://172.20.73.10:9200" ];
rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
# mongo.serv.zentralwerk. ?
mongodbUri = "mongodb://172.20.73.12/graylog";
};
system.stateVersion = "19.03"; # Did you read the comment?

查看文件

@ -9,6 +9,8 @@
[ ../../lib/lxc-container.nix
../../lib/shared.nix
../../lib/admins.nix
../../lib/common/common.nix
<nixpkgs/nixos/modules/profiles/minimal.nix>
];
networking.hostName = "nixbert"; # Define your hostname.
@ -29,5 +31,5 @@
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
system.stateVersion = "19.03"; # Did you read the comment?
}

查看文件

@ -1,3 +1,3 @@
#!/usr/bin/env bash
set -e
nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball

查看文件

@ -0,0 +1,35 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
environment.systemPackages = with pkgs; [
vim
];
networking = {
hostName = "mongo";
};
services.openssh = {
enable = true;
permitRootLogin = "yes";
};
services.mongodb = {
enable = true;
bind_ip = "0.0.0.0";
dbpath = "/srv/mongodb";
};
system.stateVersion = "19.03"; # Did you read the comment?
}

查看文件

@ -0,0 +1 @@
scp result/tarball/nixos-system-x86_64-linux.tar.xz root@storage-ng.hq.c3d2.de:/mnt/cephfs/template/cache/

查看文件

@ -9,6 +9,7 @@
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../lib/common/c3d2.nix
../../lib/shared.nix
../../lib/users.nix
./ncdc.nix
../../lib/mpd.nix
@ -102,7 +103,7 @@
fileSystems."/mnt/cephfs" = {
device = "172.22.99.13:6789:/";
fsType = "ceph";
options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
};
# Some programs need SUID wrappers, can be configured further or are
@ -174,6 +175,6 @@
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
system.stateVersion = "19.03"; # Did you read the comment?
}

查看文件

@ -93,4 +93,17 @@
storeKeysOnMachine = true;
};
};
"mongo" =
{ ... }:
{
imports = [
hosts/containers/mongo/configuration.nix
];
deployment = {
targetHost = "2a02:8106:208:5282:14ec:c8ff:fe0a:fc5c";
storeKeysOnMachine = true;
};
};
}

查看文件

@ -1,12 +1,11 @@
{ config, pkgs, ... }:
{
time.timeZone = "Europe/Berlin";
imports = [./common.nix];
networking = {
domain = "hq.c3d2.de";
defaultGateway.address = "172.22.99.1";
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
};
}

8
lib/common/common.nix Normal file
查看文件

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
networking = {
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
};
}

查看文件

@ -8,6 +8,7 @@
nix.useSandbox = false;
nix.maxJobs = lib.mkDefault 1;
nix.buildCores = lib.mkDefault 4;
networking.useNetworkd = true;
boot.isContainer = true;
# /sbin/init

查看文件

@ -6,6 +6,6 @@
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
};
}

@ -1 +1 @@
Subproject commit a5a4343d7fe8550fc2163c2e377f39682b57e6be
Subproject commit 573ca8e7120de6fe36af90dace36f9222c155cec