add mongo. add missing files
This commit is contained in:
parent
d4a933f473
commit
e65f04fb32
|
@ -1 +1,2 @@
|
|||
.*.swp
|
||||
*.retry
|
||||
|
|
38
README.md
38
README.md
|
@ -2,18 +2,44 @@
|
|||
|
||||
Beide failen bei Activation des neuen Profils. (TODO)
|
||||
|
||||
|
||||
## Mit NixOps
|
||||
|
||||
The official way for deployment is through `deployer.serv.zentralwerk.org`
|
||||
|
||||
### Deploy changes
|
||||
|
||||
Use deployer system:
|
||||
|
||||
```shell
|
||||
ssh k-ot@172.20.73.9
|
||||
cd nix-config/
|
||||
nixops deploy -d hq --check --include=[hostname]
|
||||
```
|
||||
|
||||
|
||||
|
||||
### Creating new Container
|
||||
|
||||
This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
|
||||
|
||||
1. log into any proxmox server
|
||||
2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
|
||||
3. adjustments through ui if necessary
|
||||
4. Adjust hq.nixops, add [hostname]
|
||||
5. Run
|
||||
```shell
|
||||
ssh k-ot@172.20.73.9
|
||||
cd nix-config/
|
||||
nixops deploy -d hq --check --include=[hostname]
|
||||
```
|
||||
|
||||
## Mit `nixos-switch rebuild`
|
||||
|
||||
```shell
|
||||
nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
|
||||
```
|
||||
|
||||
## Mit NixOps
|
||||
|
||||
```shell
|
||||
nixops create hq.nixops -d hq
|
||||
nixops deploy -d hq --check --include=dhcp
|
||||
```
|
||||
|
||||
# Secrets
|
||||
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
# for elastic
|
||||
vm.max_map_count=262144
|
|
@ -19,8 +19,6 @@
|
|||
hostName = "logging";
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "yes";
|
||||
|
@ -29,7 +27,11 @@
|
|||
services.graylog = {
|
||||
enable = true;
|
||||
passwordSecret = "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
|
||||
elasticsearchHosts = [ "elastic1.serv.zentralwerk.org" ];
|
||||
# mongo.serv.zentralwerk. ?
|
||||
elasticsearchHosts = [ "http://172.20.73.10:9200" ];
|
||||
rootPasswordSha2 = "0319baba53abe8b33e1da12fd906c27cbe61fad6a129b9d5ecf196b6661e959d";
|
||||
# mongo.serv.zentralwerk. ?
|
||||
mongodbUri = "mongodb://172.20.73.12/graylog";
|
||||
};
|
||||
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
|
|
|
@ -9,6 +9,8 @@
|
|||
[ ../../lib/lxc-container.nix
|
||||
../../lib/shared.nix
|
||||
../../lib/admins.nix
|
||||
../../lib/common/common.nix
|
||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
];
|
||||
|
||||
networking.hostName = "nixbert"; # Define your hostname.
|
||||
|
@ -29,5 +31,5 @@
|
|||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "18.09"; # Did you read the comment?
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
}
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "mongo";
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
|
||||
services.mongodb = {
|
||||
enable = true;
|
||||
bind_ip = "0.0.0.0";
|
||||
dbpath = "/srv/mongodb";
|
||||
};
|
||||
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
scp result/tarball/nixos-system-x86_64-linux.tar.xz root@storage-ng.hq.c3d2.de:/mnt/cephfs/template/cache/
|
|
@ -9,6 +9,7 @@
|
|||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../../lib/common/c3d2.nix
|
||||
../../lib/shared.nix
|
||||
../../lib/users.nix
|
||||
./ncdc.nix
|
||||
../../lib/mpd.nix
|
||||
|
@ -102,7 +103,7 @@
|
|||
fileSystems."/mnt/cephfs" = {
|
||||
device = "172.22.99.13:6789:/";
|
||||
fsType = "ceph";
|
||||
options = [ "name=storage2" ("secret=" + (builtins.readFile("/etc/nixos/storage-secret.key"))) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
|
||||
options = [ "name=storage2" ("secret=" + (import ../../secrets/hosts/storage-ng/storage-secret.nix)) "noatime,_netdev" "noauto" "x-systemd.automount" "x-systemd.device-timeout=175" "users" ];
|
||||
};
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
|
@ -174,6 +175,6 @@
|
|||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "18.09"; # Did you read the comment?
|
||||
system.stateVersion = "19.03"; # Did you read the comment?
|
||||
|
||||
}
|
||||
|
|
13
hq.nixops
13
hq.nixops
|
@ -93,4 +93,17 @@
|
|||
storeKeysOnMachine = true;
|
||||
};
|
||||
};
|
||||
"mongo" =
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
hosts/containers/mongo/configuration.nix
|
||||
];
|
||||
deployment = {
|
||||
targetHost = "2a02:8106:208:5282:14ec:c8ff:fe0a:fc5c";
|
||||
storeKeysOnMachine = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
time.timeZone = "Europe/Berlin";
|
||||
imports = [./common.nix];
|
||||
|
||||
networking = {
|
||||
domain = "hq.c3d2.de";
|
||||
defaultGateway.address = "172.22.99.1";
|
||||
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
networking = {
|
||||
nameservers = [ "172.20.72.6" "9.9.9.9" "74.82.42.42" ];
|
||||
};
|
||||
|
||||
}
|
|
@ -8,6 +8,7 @@
|
|||
nix.useSandbox = false;
|
||||
nix.maxJobs = lib.mkDefault 1;
|
||||
nix.buildCores = lib.mkDefault 4;
|
||||
networking.useNetworkd = true;
|
||||
|
||||
boot.isContainer = true;
|
||||
# /sbin/init
|
||||
|
|
|
@ -6,6 +6,6 @@
|
|||
# Select internationalisation properties.
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
|
||||
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
|
||||
};
|
||||
}
|
||||
|
|
2
secrets
2
secrets
|
@ -1 +1 @@
|
|||
Subproject commit a5a4343d7fe8550fc2163c2e377f39682b57e6be
|
||||
Subproject commit 573ca8e7120de6fe36af90dace36f9222c155cec
|
Loading…
Reference in New Issue