From e65f04fb32463d8930948da026b1a8b4c64dd03e Mon Sep 17 00:00:00 2001
From: Daniel Poelzleithner <git@poelzi.org>
Date: Thu, 4 Jul 2019 00:31:45 +0200
Subject: [PATCH] add mongo. add missing files

---
 .gitignore                                    |  1 +
 README.md                                     | 38 ++++++++++++++++---
 .../proxmox/files/sysctl/zentralwerk.conf     |  2 +
 hosts/containers/logging/configuration.nix    |  8 ++--
 hosts/containers/lxc-template.nix             |  4 +-
 hosts/containers/lxc-template.sh              |  2 +-
 hosts/containers/mongo/configuration.nix      | 35 +++++++++++++++++
 hosts/containers/upload-template.sh           |  1 +
 hosts/storage-ng/configuration.nix            |  5 ++-
 .../feile => storage-ng}/www/index.html       |  0
 hq.nixops                                     | 13 +++++++
 lib/common/c3d2.nix                           |  3 +-
 lib/common/common.nix                         |  8 ++++
 lib/lxc-container.nix                         |  1 +
 lib/shared.nix                                |  2 +-
 secrets                                       |  2 +-
 16 files changed, 108 insertions(+), 17 deletions(-)
 create mode 100644 ansible/roles/proxmox/files/sysctl/zentralwerk.conf
 create mode 100644 hosts/containers/mongo/configuration.nix
 create mode 100755 hosts/containers/upload-template.sh
 rename hosts/{containers/feile => storage-ng}/www/index.html (100%)
 create mode 100644 lib/common/common.nix

diff --git a/.gitignore b/.gitignore
index a01ee289..d3d1782c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .*.swp
+*.retry
diff --git a/README.md b/README.md
index 3fb2cf6b..7c3ac7c2 100644
--- a/README.md
+++ b/README.md
@@ -2,18 +2,44 @@
 
 Beide failen bei Activation des neuen Profils. (TODO)
 
+
+## Mit NixOps
+
+The official way for deployment is through `deployer.serv.zentralwerk.org`
+
+### Deploy changes
+
+Use deployer system:
+
+```shell
+ssh k-ot@172.20.73.9
+cd nix-config/
+nixops deploy -d hq --check --include=[hostname]
+```
+
+
+
+### Creating new Container
+
+This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
+
+1. log into any proxmox server
+2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
+3. adjustments through ui if necessary
+4. Adjust hq.nixops, add  [hostname]
+5. Run
+    ```shell
+    ssh k-ot@172.20.73.9
+    cd nix-config/
+    nixops deploy -d hq --check --include=[hostname]
+    ```
+
 ## Mit `nixos-switch rebuild`
 
 ```shell
 nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
 ```
 
-## Mit NixOps
-
-```shell
-nixops create  hq.nixops -d hq
-nixops deploy -d hq --check --include=dhcp
-```
 
 # Secrets
 
diff --git a/ansible/roles/proxmox/files/sysctl/zentralwerk.conf b/ansible/roles/proxmox/files/sysctl/zentralwerk.conf
new file mode 100644
index 00000000..5fc48497
--- /dev/null
+++ b/ansible/roles/proxmox/files/sysctl/zentralwerk.conf
@@ -0,0 +1,2 @@
+ # for elastic
+ vm.max_map_count=262144
\ No newline at end of file
diff --git a/hosts/containers/logging/configuration.nix b/hosts/containers/logging/configuration.nix
index 95dde08a..f434079c 100644
--- a/hosts/containers/logging/configuration.nix
+++ b/hosts/containers/logging/configuration.nix
@@ -19,8 +19,6 @@
     hostName = "logging";
   };
 
-  nixpkgs.config.allowUnfree = true; 
-
   services.openssh = {
     enable = true;
     permitRootLogin = "yes";
@@ -29,7 +27,11 @@
   services.graylog = {
     enable = true;
     passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
-    elasticsearchHosts = [ "elastic1.serv.zentralwerk.org" ];
+    # mongo.serv.zentralwerk. ?
+    elasticsearchHosts = [ "http://172.20.73.10:9200" ];
+    rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
+    # mongo.serv.zentralwerk. ?
+    mongodbUri = "mongodb://172.20.73.12/graylog";
   };
 
   system.stateVersion = "19.03"; # Did you read the comment?
diff --git a/hosts/containers/lxc-template.nix b/hosts/containers/lxc-template.nix
index 3b1e05a8..64b5b318 100644
--- a/hosts/containers/lxc-template.nix
+++ b/hosts/containers/lxc-template.nix
@@ -9,6 +9,8 @@
     [ ../../lib/lxc-container.nix
       ../../lib/shared.nix
       ../../lib/admins.nix
+      ../../lib/common/common.nix
+      <nixpkgs/nixos/modules/profiles/minimal.nix>
     ];
 
   networking.hostName = "nixbert"; # Define your hostname.
@@ -29,5 +31,5 @@
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you
   # should.
-  system.stateVersion = "18.09"; # Did you read the comment?
+  system.stateVersion = "19.03"; # Did you read the comment?
 }
diff --git a/hosts/containers/lxc-template.sh b/hosts/containers/lxc-template.sh
index 7703a382..0c15c0fc 100755
--- a/hosts/containers/lxc-template.sh
+++ b/hosts/containers/lxc-template.sh
@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
-
+set -e
 nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball
diff --git a/hosts/containers/mongo/configuration.nix b/hosts/containers/mongo/configuration.nix
new file mode 100644
index 00000000..f9790c33
--- /dev/null
+++ b/hosts/containers/mongo/configuration.nix
@@ -0,0 +1,35 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [ ../../../lib/lxc-container.nix
+    ../../../lib/shared.nix
+    ../../../lib/admins.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    vim
+  ];
+
+  networking = {
+    hostName = "mongo";
+  };
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+  };
+
+  services.mongodb = {
+    enable = true;
+    bind_ip = "0.0.0.0";
+    dbpath = "/srv/mongodb";
+  };
+
+  system.stateVersion = "19.03"; # Did you read the comment?
+
+}
diff --git a/hosts/containers/upload-template.sh b/hosts/containers/upload-template.sh
new file mode 100755
index 00000000..78e16c77
--- /dev/null
+++ b/hosts/containers/upload-template.sh
@@ -0,0 +1 @@
+scp result/tarball/nixos-system-x86_64-linux.tar.xz root@storage-ng.hq.c3d2.de:/mnt/cephfs/template/cache/
diff --git a/hosts/storage-ng/configuration.nix b/hosts/storage-ng/configuration.nix
index edffe50d..8183321e 100644
--- a/hosts/storage-ng/configuration.nix
+++ b/hosts/storage-ng/configuration.nix
@@ -9,6 +9,7 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ../../lib/common/c3d2.nix
+      ../../lib/shared.nix
       ../../lib/users.nix
       ./ncdc.nix
       ../../lib/mpd.nix
@@ -102,7 +103,7 @@
   fileSystems."/mnt/cephfs" = {
     device = "172.22.99.13:6789:/";
     fsType = "ceph";
-    options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
+    options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
   };
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -174,6 +175,6 @@
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you
   # should.
-  system.stateVersion = "18.09"; # Did you read the comment?
+  system.stateVersion = "19.03"; # Did you read the comment?
 
 }
diff --git a/hosts/containers/feile/www/index.html b/hosts/storage-ng/www/index.html
similarity index 100%
rename from hosts/containers/feile/www/index.html
rename to hosts/storage-ng/www/index.html
diff --git a/hq.nixops b/hq.nixops
index 2ec7022b..009af515 100644
--- a/hq.nixops
+++ b/hq.nixops
@@ -93,4 +93,17 @@
 				storeKeysOnMachine = true;
 			};
 	  };
+    "mongo" =
+    { ... }:
+		{
+			imports = [
+				hosts/containers/mongo/configuration.nix
+			];
+			deployment = {
+				targetHost = "2a02:8106:208:5282:14ec:c8ff:fe0a:fc5c";
+				storeKeysOnMachine = true;
+			};
+	  };
+
+    
 }
diff --git a/lib/common/c3d2.nix b/lib/common/c3d2.nix
index 98701d1d..f3b0625e 100644
--- a/lib/common/c3d2.nix
+++ b/lib/common/c3d2.nix
@@ -1,12 +1,11 @@
 { config, pkgs, ... }:
 
 {
-  time.timeZone = "Europe/Berlin";
+  imports = [./common.nix];
 
   networking = {
     domain = "hq.c3d2.de";
     defaultGateway.address = "172.22.99.1";
-    nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
   };
 
 }
diff --git a/lib/common/common.nix b/lib/common/common.nix
new file mode 100644
index 00000000..088f4d1f
--- /dev/null
+++ b/lib/common/common.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+  networking = {
+    nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
+  };
+
+}
diff --git a/lib/lxc-container.nix b/lib/lxc-container.nix
index 00a501cd..0f8440c8 100644
--- a/lib/lxc-container.nix
+++ b/lib/lxc-container.nix
@@ -8,6 +8,7 @@
   nix.useSandbox = false;
   nix.maxJobs = lib.mkDefault 1;
   nix.buildCores = lib.mkDefault 4;
+  networking.useNetworkd = true;
 
   boot.isContainer = true;
   # /sbin/init
diff --git a/lib/shared.nix b/lib/shared.nix
index 8df4aa61..441170b1 100644
--- a/lib/shared.nix
+++ b/lib/shared.nix
@@ -6,6 +6,6 @@
   # Select internationalisation properties.
   i18n = {
     defaultLocale = "en_US.UTF-8";
-    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
+    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
   };
 }
diff --git a/secrets b/secrets
index a5a4343d..573ca8e7 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit a5a4343d7fe8550fc2163c2e377f39682b57e6be
+Subproject commit 573ca8e7120de6fe36af90dace36f9222c155cec