Browse Source

Merge branch 'master' of ssh://gitea.c3d2.de:2222/C3D2/nix-config

container/radius
Markus Schmidl 3 years ago
parent
commit
0e5096599e
  1. 15
      README.md
  2. 40
      hosts/storage-ng/dhcp/configuration.nix
  3. 34
      hosts/storage-ng/lxc-template.nix
  4. 4
      hosts/storage-ng/lxc-template.sh
  5. 21
      hq.nixops
  6. 1
      lib/lxc-container.nix
  7. 2
      secrets

15
README.md

@ -0,0 +1,15 @@
# Deployment
Beide failen bei Activation des neuen Profils. (TODO)
## Mit `nixos-switch rebuild`
```shell
nixos-rebuild switch -I nixos-config=./hosts/storage-ng/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
```
## Mit NixOps
```shell
nixops create hq.nixops -d hq
```

40
hosts/storage-ng/dhcp/configuration.nix

@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
{
imports =
[ ../../../lib/lxc-container.nix
../../../lib/shared.nix
];
networking.hostName = "dhcp";
networking.defaultGateway = "172.22.99.1";
networking.nameservers = [ "172.20.72.6" "172.20.72.10" ];
networking.interfaces.eth0 = {
ipv4.addresses = [ {
address = "172.22.99.254";
prefixLength = 24;
} ];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
];
# dhcp
networking.firewall.allowedUDPPorts = [ 67 68 ];
networking.useDHCP = false;
services.dhcpd4 = {
enable = true;
interfaces = [ "eth0" ];
extraConfig = builtins.readFile ../../../secrets/hosts/dhcp/config;
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
}

34
hosts/storage-ng/lxc-template.nix

@ -6,30 +6,12 @@
{
imports =
[ <nixpkgs/nixos/modules/profiles/minimal.nix>
[ ../../lib/lxc-container.nix
../../lib/shared.nix
];
nix.useSandbox = false;
nix.maxJobs = lib.mkDefault 4;
boot.isContainer = true;
# /sbin/init
boot.loader.initScript.enable = true;
boot.loader.grub.enable = false;
#boot.supportedFilesystems = ["zfs" "ext2" "ext3" "vfat" "fat32" "bcache" "bcachefs"];
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
networking.hostName = "nixbert"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.useNetworkd = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
};
networking.useNetworkd = false;
# List packages installed in system profile. To search, run:
# $ nix search wget
@ -37,16 +19,6 @@
wget vim
];
# Create a few files early before packing tarball for Proxmox
# architecture/OS detection.
system.extraSystemBuilderCmds =
''
mkdir -m 0755 -p $out/bin
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
mkdir -m 0755 -p $out/sbin
ln -s ../init $out/sbin/init
'';
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you

4
hosts/storage-ng/lxc-template.sh

@ -1,5 +1,3 @@
#!/usr/bin/env bash
# Doesn't boot in Proxmox, use nixos-install to generate an image instead!
nix-build -E '(import ../../nixpkgs/nixos/release.nix { configuration = import ./lxc-template.nix; }).containerTarball.x86_64-linux'
nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball

21
hq.nixops

@ -0,0 +1,21 @@
{
network.description = "C3D2 HQ";
"grafana" =
{ ... }:
{
imports = [
hosts/storage-ng/grafana/configuration.nix
];
deployment.targetHost = "grafana.hq.c3d2.de";
};
"dhcp" =
{ ... }:
{
imports = [
hosts/storage-ng/dhcp/configuration.nix
];
deployment.targetHost = "2a02:8106:208:5201:3801:15ff:fe95:8988";
};
}

1
lib/lxc-container.nix

@ -3,6 +3,7 @@
{
imports =
[ <nixpkgs/nixos/modules/profiles/minimal.nix>
<nixpkgs/nixos/modules/profiles/docker-container.nix>
];
nix.useSandbox = false;
nix.maxJobs = lib.mkDefault 1;

2
secrets

@ -1 +1 @@
Subproject commit f43e472380ae045952c2f5c68d6da580f7b958d0
Subproject commit 57621eb036ccaee2ea1af85b31abe93526fd0e79
Loading…
Cancel
Save