Go to file
Daniel Poelzleithner fb9d929bc4 add prometheus host
unify logging into lib/logging
cleanup registry
2019-07-06 02:10:46 +02:00
ansible add mongo. add missing files 2019-07-04 00:31:45 +02:00
hosts add prometheus host 2019-07-06 02:10:46 +02:00
kubernetes update deployer 2019-07-03 20:16:11 +02:00
lib add prometheus host 2019-07-06 02:10:46 +02:00
secrets@573ca8e712 add mongo. add missing files 2019-07-04 00:31:45 +02:00
.gitignore add mongo. add missing files 2019-07-04 00:31:45 +02:00
.gitmodules refactor into lib/lxc-container,shared for grafana 2019-04-01 01:24:54 +02:00
README.md activate central logging 2019-07-04 04:23:39 +02:00
hq.nixops add prometheus host 2019-07-06 02:10:46 +02:00
install-host.sh pulsebert: add home-manager home.nix 2019-02-19 23:30:27 +01:00
nix-maintenance.sh add nix-maintenance.sh 2019-02-18 19:56:44 +01:00

README.md

Deployment

Beide failen bei Activation des neuen Profils. (TODO)

Mit NixOps

The official way for deployment is through deployer.serv.zentralwerk.org

Deploy changes

Use deployer system:

ssh k-ot@172.20.73.9
cd nix-config/
nixops deploy -d hq --check --include=[hostname]

Creating new Container

This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.

  1. log into any proxmox server
  2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
  3. adjustments through ui if necessary
  4. Adjust hq.nixops, add [hostname]
  5. Run
    ssh k-ot@172.20.73.16
    cd nix-config/
    nixops deploy -d hq --check --include=[hostname]
    

Mit nixos-switch rebuild

nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"

Secrets

Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you. Maybe this works for you, maybe not. I did it somehow: ```PASSWORD_STORE_DIR=pwd tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}````

Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait. This is necessary, so you can login to any machine with your gpg key.