add mongo. add missing files
This commit is contained in:
parent
d4a933f473
commit
e65f04fb32
|
@ -1 +1,2 @@
|
||||||
.*.swp
|
.*.swp
|
||||||
|
*.retry
|
||||||
|
|
38
README.md
38
README.md
|
@ -2,18 +2,44 @@
|
||||||
|
|
||||||
Beide failen bei Activation des neuen Profils. (TODO)
|
Beide failen bei Activation des neuen Profils. (TODO)
|
||||||
|
|
||||||
|
|
||||||
|
## Mit NixOps
|
||||||
|
|
||||||
|
The official way for deployment is through `deployer.serv.zentralwerk.org`
|
||||||
|
|
||||||
|
### Deploy changes
|
||||||
|
|
||||||
|
Use deployer system:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
ssh k-ot@172.20.73.9
|
||||||
|
cd nix-config/
|
||||||
|
nixops deploy -d hq --check --include=[hostname]
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
### Creating new Container
|
||||||
|
|
||||||
|
This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
|
||||||
|
|
||||||
|
1. log into any proxmox server
|
||||||
|
2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
|
||||||
|
3. adjustments through ui if necessary
|
||||||
|
4. Adjust hq.nixops, add [hostname]
|
||||||
|
5. Run
|
||||||
|
```shell
|
||||||
|
ssh k-ot@172.20.73.9
|
||||||
|
cd nix-config/
|
||||||
|
nixops deploy -d hq --check --include=[hostname]
|
||||||
|
```
|
||||||
|
|
||||||
## Mit `nixos-switch rebuild`
|
## Mit `nixos-switch rebuild`
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
|
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Mit NixOps
|
|
||||||
|
|
||||||
```shell
|
|
||||||
nixops create hq.nixops -d hq
|
|
||||||
nixops deploy -d hq --check --include=dhcp
|
|
||||||
```
|
|
||||||
|
|
||||||
# Secrets
|
# Secrets
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
# for elastic
|
||||||
|
vm.max_map_count=262144
|
|
@ -19,8 +19,6 @@
|
||||||
hostName = "logging";
|
hostName = "logging";
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = "yes";
|
permitRootLogin = "yes";
|
||||||
|
@ -29,7 +27,11 @@
|
||||||
services.graylog = {
|
services.graylog = {
|
||||||
enable = true;
|
enable = true;
|
||||||
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||||
elasticsearchHosts = [ "elastic1.serv.zentralwerk.org" ];
|
# mongo.serv.zentralwerk. ?
|
||||||
|
elasticsearchHosts = [ "http://172.20.73.10:9200" ];
|
||||||
|
rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
|
||||||
|
# mongo.serv.zentralwerk. ?
|
||||||
|
mongodbUri = "mongodb://172.20.73.12/graylog";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "19.03"; # Did you read the comment?
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
|
|
|
@ -9,6 +9,8 @@
|
||||||
[ ../../lib/lxc-container.nix
|
[ ../../lib/lxc-container.nix
|
||||||
../../lib/shared.nix
|
../../lib/shared.nix
|
||||||
../../lib/admins.nix
|
../../lib/admins.nix
|
||||||
|
../../lib/common/common.nix
|
||||||
|
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "nixbert"; # Define your hostname.
|
networking.hostName = "nixbert"; # Define your hostname.
|
||||||
|
@ -29,5 +31,5 @@
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
# servers. You should change this only after NixOS release notes say you
|
# servers. You should change this only after NixOS release notes say you
|
||||||
# should.
|
# should.
|
||||||
system.stateVersion = "18.09"; # Did you read the comment?
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
set -e
|
||||||
nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball
|
nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ ../../../lib/lxc-container.nix
|
||||||
|
../../../lib/shared.nix
|
||||||
|
../../../lib/admins.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "mongo";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
permitRootLogin = "yes";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.mongodb = {
|
||||||
|
enable = true;
|
||||||
|
bind_ip = "0.0.0.0";
|
||||||
|
dbpath = "/srv/mongodb";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
scp result/tarball/nixos-system-x86_64-linux.tar.xz root@storage-ng.hq.c3d2.de:/mnt/cephfs/template/cache/
|
|
@ -9,6 +9,7 @@
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../lib/common/c3d2.nix
|
../../lib/common/c3d2.nix
|
||||||
|
../../lib/shared.nix
|
||||||
../../lib/users.nix
|
../../lib/users.nix
|
||||||
./ncdc.nix
|
./ncdc.nix
|
||||||
../../lib/mpd.nix
|
../../lib/mpd.nix
|
||||||
|
@ -102,7 +103,7 @@
|
||||||
fileSystems."/mnt/cephfs" = {
|
fileSystems."/mnt/cephfs" = {
|
||||||
device = "172.22.99.13:6789:/";
|
device = "172.22.99.13:6789:/";
|
||||||
fsType = "ceph";
|
fsType = "ceph";
|
||||||
options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
|
options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
@ -174,6 +175,6 @@
|
||||||
# compatible, in order to avoid breaking some software such as database
|
# compatible, in order to avoid breaking some software such as database
|
||||||
# servers. You should change this only after NixOS release notes say you
|
# servers. You should change this only after NixOS release notes say you
|
||||||
# should.
|
# should.
|
||||||
system.stateVersion = "18.09"; # Did you read the comment?
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
13
hq.nixops
13
hq.nixops
|
@ -93,4 +93,17 @@
|
||||||
storeKeysOnMachine = true;
|
storeKeysOnMachine = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
"mongo" =
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
hosts/containers/mongo/configuration.nix
|
||||||
|
];
|
||||||
|
deployment = {
|
||||||
|
targetHost = "2a02:8106:208:5282:14ec:c8ff:fe0a:fc5c";
|
||||||
|
storeKeysOnMachine = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,11 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
time.timeZone = "Europe/Berlin";
|
imports = [./common.nix];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
domain = "hq.c3d2.de";
|
domain = "hq.c3d2.de";
|
||||||
defaultGateway.address = "172.22.99.1";
|
defaultGateway.address = "172.22.99.1";
|
||||||
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking = {
|
||||||
|
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -8,6 +8,7 @@
|
||||||
nix.useSandbox = false;
|
nix.useSandbox = false;
|
||||||
nix.maxJobs = lib.mkDefault 1;
|
nix.maxJobs = lib.mkDefault 1;
|
||||||
nix.buildCores = lib.mkDefault 4;
|
nix.buildCores = lib.mkDefault 4;
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
# /sbin/init
|
# /sbin/init
|
||||||
|
|
|
@ -6,6 +6,6 @@
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
i18n = {
|
i18n = {
|
||||||
defaultLocale = "en_US.UTF-8";
|
defaultLocale = "en_US.UTF-8";
|
||||||
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
|
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
2
secrets
2
secrets
|
@ -1 +1 @@
|
||||||
Subproject commit a5a4343d7fe8550fc2163c2e377f39682b57e6be
|
Subproject commit 573ca8e7120de6fe36af90dace36f9222c155cec
|
Loading…
Reference in New Issue