Compare commits
264 Commits
d76a4f1e7a
...
1fce631c24
Author | SHA1 | Date |
---|---|---|
Tassilo - | 1fce631c24 | |
Tassilo - | 16351819ca | |
Sandro - | e43ce3b29b | |
Astro | 7d18fad68a | |
Astro | 38f69300bb | |
Astro | af9a1a6161 | |
Astro | 601c5c3716 | |
Sandro - | 845bea7584 | |
Sandro - | b549947a39 | |
Sandro - | c2e19af7e8 | |
Sandro - | 24329a062e | |
Sandro - | 93c020f582 | |
Sandro - | d6a994598b | |
Astro | 8ea43cc31d | |
Astro | 917b38a895 | |
Astro | 3571d962fa | |
Sandro - | eb39c1d403 | |
Sandro - | c2d21103f8 | |
Sandro - | fb7a393660 | |
Astro | 1affe00d39 | |
Sandro - | 59e47436f3 | |
Astro | a704213e59 | |
Astrobot | a598a46b53 | |
Sandro - | 77c6fb4dcd | |
Sandro - | 5cbd4ee6a5 | |
Sandro - | a789ba633e | |
Sandro - | 5926f0aca6 | |
Sandro - | 5640331aef | |
Astro | 0906569551 | |
Astro | 233498c9ae | |
Astro | fccd9d918d | |
Astro | 9f64181a58 | |
Astro | bfae8d96d5 | |
Astro | 49b6b5dc4d | |
Astro | 592d79a9e0 | |
Astro | 0f3810ddd8 | |
Astro | fe4deea101 | |
Astro | 8f192b81ff | |
Astro | c63d8e3f15 | |
Astro | af7b75df9e | |
astro | 3d276740a2 | |
Astro | 585a5ce6e5 | |
Astro | f12ee0f88e | |
Astro | 7cd28db298 | |
Sandro - | add3740477 | |
Sandro - | 5eecc110af | |
Astro | 1e21c9e129 | |
Sandro - | 82ecb7fea5 | |
Sandro - | 8653a20c98 | |
Astro | d918cf7d86 | |
Sandro - | 442c02f13e | |
Sandro - | 93806bd148 | |
Leon Vita | 959a0931be | |
Leon Vita | 03f9d82600 | |
Sandro - | 7f120207d5 | |
Sandro - | 618e1ed9b9 | |
Sandro - | 37c98c9ae9 | |
Sandro - | 7bc63111a2 | |
Sandro - | ff04c649c3 | |
Sandro - | 98d59e10d5 | |
Sandro - | ea2878fd36 | |
Sandro - | 5907e29413 | |
Leon Vita | 78f5cb4feb | |
Leon Vita | 0beda8f0e3 | |
Astro | 3f45c026df | |
Leon Vita | 2232760bb2 | |
Leon Vita | 4029190310 | |
astro | 689e951945 | |
Leon Vita | e011ff965b | |
Sandro - | 734a977835 | |
Sandro - | eb21d0bbb3 | |
Astro | c2337cce40 | |
Sandro - | 3992f966f3 | |
Tassilo - | e0a3393290 | |
Sandro - | 58c4f8bec5 | |
Sandro - | 2a0920904b | |
Sandro - | 870f91a3d1 | |
Astro | 92dc5ba222 | |
Sandro - | 52161e0aa1 | |
Sandro - | 59c122b82c | |
Sandro - | fff8967826 | |
Astro | 875145884c | |
Astro | 1ef51c1d32 | |
Sandro - | cc63c41ba0 | |
Sandro - | 65107fc07e | |
Sandro - | 93c283f235 | |
Sandro - | b467bb4e74 | |
Sandro - | 6b8d8541c6 | |
Sandro - | 32dd3e9d8a | |
Sandro - | 695e095d44 | |
Sandro - | a9590e3242 | |
Sandro - | dcaecc7229 | |
Sandro - | f5e671befb | |
Sandro - | e16bd28785 | |
Sandro - | c4241c25ab | |
Sandro - | f97b96387d | |
Sandro - | dc16c9d4b8 | |
Sandro - | f664a189fd | |
Astro | 5d7005342e | |
Astro | 70377149b2 | |
Sandro - | 2621bd671f | |
Sandro - | 9873b56a29 | |
Sandro - | 759df9e927 | |
Astro | 67a8de43f1 | |
Astro | 308dd5bd22 | |
Astro | 486c2a3720 | |
Astro | 3e6c35086c | |
Astro | 83b37db967 | |
Sandro - | 202942d9d0 | |
Sandro - | 0c3cdd016f | |
Astro | 263068fc32 | |
Astro | 14d2855366 | |
Astro | 72d537b742 | |
Astro | fcda09f7c4 | |
Astro | 6ce8454fd9 | |
Astro | 877d9f04c7 | |
Astro | b421de33dd | |
Astro | bf2933f574 | |
Astro | 224ddc2631 | |
Astro | 897139a46b | |
Astro | 9e97c34038 | |
Astro | a4474a5f39 | |
Astro | 7811d3c444 | |
Astrobot | 828a374f38 | |
Astro | 7d203cb0d2 | |
Astro | af51086c18 | |
Astro | 69a66f3eba | |
Astrobot | c21bae9dd6 | |
Astro | d99d4129f3 | |
Astro | 07bfd31ee7 | |
Astro | b3caf1a39b | |
Astro | 18d0694b10 | |
Astro | 71a611467d | |
Astro | c469c46ffe | |
Astro | e85c3d8c51 | |
Astro | da110aa138 | |
Astro | 27a6cdfed8 | |
Leon Vita | 4f785ca1c9 | |
Leon Vita | b53c53a6f7 | |
Leon Vita | 97b7d2d71f | |
Leon Vita | b70d9bcb78 | |
Leon Vita | e141ce6ee0 | |
Leon Vita | 6bc6834498 | |
Leon Vita | dadf8c72c7 | |
Leon Vita | 966bb7389f | |
Leon Vita | 8c1b350f1a | |
Astro | c61bb308a3 | |
Astro | 588bebc3cf | |
Astro | 9ad4bd0649 | |
Astro | 035617c112 | |
Leon Vita | 2b2982961c | |
Leon Vita | c67ba25488 | |
Leon Vita | a33b2abe29 | |
Astro | e91e69b14a | |
Astro | 7bc3b49cc3 | |
Astro | 65a91dc324 | |
Leon Vita | e6ab80fc5e | |
Astro | d95e924778 | |
Astro | de9ce610e9 | |
Astro | b9e42515c7 | |
Leon Vita | 930c3a67e0 | |
Astro | 699a043d24 | |
Leon Vita | 0669b29a23 | |
Astro | 572af7e31d | |
Astro | ebf4e41b73 | |
Astro | 27d2252d11 | |
astro | 9c9c52b659 | |
Leon Vita | 3c0c101dd7 | |
Leon Vita | deb314f8e4 | |
Astro | 7a19ac58e3 | |
Astro | 79dcef419e | |
Astro | 8c9afdf9b8 | |
Leon Vita | 69da87ecdb | |
Leon Vita | 82c6de7b9d | |
Leon Vita | aa607866d1 | |
Leon Vita | e4262a4dab | |
Leon Vita | 80c8ed5a45 | |
Leon Vita | 65eba5ebf7 | |
Leon Vita | 3d5e202ac0 | |
Leon Vita | afcd7f32a7 | |
Leon Vita | 4a1ac9dc9d | |
Leon Vita | f1203f33df | |
Astro | 9fca77eb57 | |
Astro | 3ef0df9608 | |
Astro | 7befe68673 | |
Astro | 2ecc873647 | |
Leon Vita | f377c855c5 | |
Leon Vita | 474c9f90da | |
Leon Vita | 08c7664625 | |
Leon Vita | 45d40e1e1b | |
Leon Vita | 37dd2e0591 | |
Leon Vita | f2b57ee0ec | |
Leon Vita | bcd82e69fe | |
Leon Vita | 50d29f7af3 | |
Leon Vita | 056276a579 | |
Leon Vita | 345960c777 | |
Leon Vita | ecd85a41e8 | |
Leon Vita | 9ea5e27a42 | |
Leon Vita | 7a749c9a45 | |
Leon Vita | ac039e0367 | |
Leon Vita | c3d1cb2fa6 | |
Leon Vita | b2d52e18ea | |
Leon Vita | 9032b47bba | |
Leon Vita | 1c46b25771 | |
Leon Vita | 830c9a8f97 | |
Leon Vita | d5dc241f3e | |
Leon Vita | dcc2dfd349 | |
Leon Vita | b0d3cdc14f | |
Leon Vita | 2cd2f86bc5 | |
Leon Vita | f6f280c008 | |
Leon Vita | 436f2e59f0 | |
Leon Vita | dab7d198aa | |
Leon Vita | 0475cc58b0 | |
Leon Vita | e0d42faa3c | |
Leon Vita | 200b82bd5a | |
Leon Vita | 614b3bc3b2 | |
Leon Vita | 0b64798dd1 | |
Leon Vita | 6a7d931601 | |
Astro | fd962a5133 | |
Astro | a117ac243e | |
Astro | 736f79cc2e | |
Astro | cfbb7cd933 | |
Astro | dbb7e552e5 | |
Astro | 3bdd61084b | |
Astro | 6120944b50 | |
Astro | 642ef73b16 | |
Astro | 261d4a1d78 | |
Astro | 4cf2b62ebe | |
Astro | 203cf88662 | |
Astro | 0bd2e02db7 | |
Astro | 4b6fce111a | |
Astro | ecbb8818bb | |
Astro | 2f451e841f | |
Astro | 51f8af0c52 | |
Astro | a732189ee2 | |
Astro | 905c4c0fe4 | |
Astro | 33fecdb43e | |
Astro | 3cdd41f816 | |
astro | eabf198247 | |
Astro | e685ad686d | |
Leon Vita | 6d200ea7b4 | |
astro | db1c553fb7 | |
Leon Vita | 17fbf1328d | |
Leon Vita | eef6ee53b4 | |
Astro | 4255e083c0 | |
Astro | e359623c8c | |
Astro | 992d7d0ddf | |
astro | 64b3f3cb7a | |
Leon Vita | b339f45d36 | |
Leon Vita | 0bff25fc05 | |
Astro | d60a2c7a45 | |
Astro | 5236be655b | |
Astro | 07f2829a69 | |
astro | e2aaafa1aa | |
Leon Vita | 0401cdd6db | |
Leon Vita | 6715589da7 | |
Astrobot | b32e553abb | |
Astro | 6a5395b040 | |
Astro | 4a0e9d5cfa | |
Astro | d22d137f04 | |
Astro | 330aea7cae | |
Leon Vita | b6eb71333d | |
astro | e1bce38ce4 | |
Leon Vita | 9ae97dffb7 |
22
.sops.yaml
22
.sops.yaml
|
@ -40,6 +40,7 @@ keys:
|
||||||
- &leon age1cm0cjk2764s4pv5g7e67as34g9xtcltex96ga87wckndw62wqqlsvkscqc
|
- &leon age1cm0cjk2764s4pv5g7e67as34g9xtcltex96ga87wckndw62wqqlsvkscqc
|
||||||
- &leoncloud age1aw9s4kcd6ys64ddzzfya9ajzln2tv8pm9uvz6d85v0r6eq4dudqq5vts86
|
- &leoncloud age1aw9s4kcd6ys64ddzzfya9ajzln2tv8pm9uvz6d85v0r6eq4dudqq5vts86
|
||||||
- &mailtngbert age1lgjvtszpds9flpwsstxdht00c7zlk3mz7nlc5qftyt8rhfdm330qqmhl72
|
- &mailtngbert age1lgjvtszpds9flpwsstxdht00c7zlk3mz7nlc5qftyt8rhfdm330qqmhl72
|
||||||
|
- &mastodon age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
|
||||||
- &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
|
- &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
|
||||||
- &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
|
- &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
|
||||||
- &mucbot age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh
|
- &mucbot age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh
|
||||||
|
@ -58,6 +59,7 @@ keys:
|
||||||
- &stream age1j5csp5v5s2g8am47dd85kcke8986e0qc88f0vfgd3kmvwu8azg3smslk92
|
- &stream age1j5csp5v5s2g8am47dd85kcke8986e0qc88f0vfgd3kmvwu8azg3smslk92
|
||||||
- &storage-ng age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu
|
- &storage-ng age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu
|
||||||
- &ticker age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl
|
- &ticker age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl
|
||||||
|
- &prometheus age13xhxqulvswuckmpkmy2fgeqd5jx0ar8e2hst33leljt69r6hsvnsrdw63k
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: config/[^/]+\.yaml$
|
- path_regex: config/[^/]+\.yaml$
|
||||||
|
@ -86,11 +88,13 @@ creation_rules:
|
||||||
- *leon
|
- *leon
|
||||||
- *leoncloud
|
- *leoncloud
|
||||||
- *mailtngbert
|
- *mailtngbert
|
||||||
|
- *mastodon
|
||||||
- *matemat
|
- *matemat
|
||||||
- *mediawiki
|
- *mediawiki
|
||||||
- *mucbot
|
- *mucbot
|
||||||
- *nfsroot
|
- *nfsroot
|
||||||
- *oparl
|
- *oparl
|
||||||
|
- *prometheus
|
||||||
- *public-access-proxy
|
- *public-access-proxy
|
||||||
- *pulsebert
|
- *pulsebert
|
||||||
- *radiobert
|
- *radiobert
|
||||||
|
@ -127,6 +131,12 @@ creation_rules:
|
||||||
age:
|
age:
|
||||||
- *dn42
|
- *dn42
|
||||||
- *polygon-snowflake
|
- *polygon-snowflake
|
||||||
|
- path_regex: hosts/dacbert/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp: *admins
|
||||||
|
age:
|
||||||
|
- *dacbert
|
||||||
|
- *polygon-snowflake
|
||||||
- path_regex: hosts/freifunk/[^/]+\.yaml$
|
- path_regex: hosts/freifunk/[^/]+\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: *admins
|
- pgp: *admins
|
||||||
|
@ -163,6 +173,12 @@ creation_rules:
|
||||||
age:
|
age:
|
||||||
- *mailtngbert
|
- *mailtngbert
|
||||||
- *polygon-snowflake
|
- *polygon-snowflake
|
||||||
|
- path_regex: hosts/mastodon/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp: *admins
|
||||||
|
age:
|
||||||
|
- *mastodon
|
||||||
|
- *polygon-snowflake
|
||||||
- path_regex: hosts/mediawiki/[^/]+\.yaml$
|
- path_regex: hosts/mediawiki/[^/]+\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp: *admins
|
- pgp: *admins
|
||||||
|
@ -187,3 +203,9 @@ creation_rules:
|
||||||
age:
|
age:
|
||||||
- *storage-ng
|
- *storage-ng
|
||||||
- *polygon-snowflake
|
- *polygon-snowflake
|
||||||
|
- path_regex: hosts/prometheus/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- pgp: *admins
|
||||||
|
age:
|
||||||
|
- *prometheus
|
||||||
|
- *polygon-snowflake
|
||||||
|
|
121
README.md
121
README.md
|
@ -139,14 +139,123 @@ so the following is all that is needed on a MicroVM-hosting server:
|
||||||
microvm -Ru $hostname
|
microvm -Ru $hostname
|
||||||
```
|
```
|
||||||
|
|
||||||
## High Availability Deployment on Nomad
|
# Cluster deployment with Skyflake
|
||||||
|
|
||||||
First, stop and delete `/var/lib/microvm/$NAME` where the
|
## About
|
||||||
systemd-managed MicroVMs live, or move the state to
|
|
||||||
`/glusterfs/fast/microvms/$NAME`.
|
|
||||||
|
|
||||||
```sh
|
[Skyflake](https://github.com/astro/skyflake) provides Hyperconverged
|
||||||
nix run .#nomad-$NAME
|
Infrastructure to run NixOS MicroVMs on a cluster. Our setup unifies
|
||||||
|
networking with one bridge per VLAN. Persistent storage is replicated
|
||||||
|
with Glusterfs.
|
||||||
|
|
||||||
|
Recognize nixosConfiguration for our Skyflake deployment by the
|
||||||
|
`self.nixosModules.cluster-options` module being included.
|
||||||
|
|
||||||
|
## User interface
|
||||||
|
|
||||||
|
We use the less-privileged `c3d2@` user for deployment. This flake's
|
||||||
|
name on the cluster is `config`. Other flakes can coexist in the same
|
||||||
|
user so that we can run separately developed projects like
|
||||||
|
*dump-dvb*. *leon* and potentially other users can deploy Flakes and
|
||||||
|
MicroVMs without name clashes.
|
||||||
|
|
||||||
|
### Deploying
|
||||||
|
|
||||||
|
**git push** this repo to any machine in the cluster, preferably to
|
||||||
|
Hydra because there building won't disturb any services.
|
||||||
|
|
||||||
|
You don't deploy all MicroVMs at once. Instead, Skyflake allows you to
|
||||||
|
select NixOS systems by the branches you push to. **You must commit
|
||||||
|
before you push!**
|
||||||
|
|
||||||
|
**Example:** deploy nixosConfigurations `mucbot` and `sdrweb` (`HEAD` is your
|
||||||
|
current commit)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git push c3d2@hydra.serv.zentralwerk.org:config HEAD:mucbot HEAD:sdrweb
|
||||||
|
```
|
||||||
|
|
||||||
|
This will:
|
||||||
|
1. Build the configuration on Hydra, refusing the branch update on
|
||||||
|
broken builds (through a git hook)
|
||||||
|
2. Copy the MicroVM package and its dependencies to the binary cache
|
||||||
|
that is accessible to all nodes with Glusterfs
|
||||||
|
3. Submit one job per MicroVM into the Nomad cluster
|
||||||
|
|
||||||
|
*Deleting* a nixosConfiguration's branch will **stop** the MicroVM in Nomad.
|
||||||
|
|
||||||
|
### Updating
|
||||||
|
|
||||||
|
**TODO:** how would you like it?
|
||||||
|
|
||||||
|
### MicroVM status
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ssh c3d2@hydra.serv.zentralwerk.org status
|
||||||
|
```
|
||||||
|
|
||||||
|
## Debugging for cluster admins
|
||||||
|
|
||||||
|
### Glusterfs
|
||||||
|
|
||||||
|
Glusterfs holds our MicroVMs' state. They *must always be mounted* or
|
||||||
|
brains are split.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
gluster volume info
|
||||||
|
gluster volume status
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Restart glusterd
|
||||||
|
|
||||||
|
```bash
|
||||||
|
systemctl restart glusterd
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Remount volumes
|
||||||
|
|
||||||
|
```bash
|
||||||
|
systemctl restart /glusterfs/fast
|
||||||
|
systemctl restart /glusterfs/big
|
||||||
|
```
|
||||||
|
|
||||||
|
### Nomad
|
||||||
|
|
||||||
|
#### Check the cluster state
|
||||||
|
|
||||||
|
```shell
|
||||||
|
nomad server members
|
||||||
|
```
|
||||||
|
|
||||||
|
Nomad *servers* **coordinate** the cluster.
|
||||||
|
|
||||||
|
Nomad *clients* **run** the tasks.
|
||||||
|
|
||||||
|
#### Browse in the terminal
|
||||||
|
|
||||||
|
[wander](https://github.com/robinovitch61/wander) and
|
||||||
|
[damon](https://github.com/hashicorp/damon) are nice TUIs that are
|
||||||
|
preinstalled on our cluster nodes.
|
||||||
|
|
||||||
|
#### Browse with a browser
|
||||||
|
|
||||||
|
First, tunnel TCP port `:4646` from a cluster server:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ssh -L 4646:localhost:4646 root@server10.cluster.zentralwerk.org
|
||||||
|
```
|
||||||
|
|
||||||
|
Then, visit https://localhost:4646 for for full klickibunti.
|
||||||
|
|
||||||
|
#### Reset the Nomad state on a node
|
||||||
|
|
||||||
|
After upgrades, Nomad servers may fail rejoining the cluster. Do this
|
||||||
|
to make a *Nomad server* behave like a newborn:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
systemctl stop nomad
|
||||||
|
rm -rf /var/lib/nomad/server/raft/
|
||||||
|
systemctl start nomad
|
||||||
```
|
```
|
||||||
|
|
||||||
# Secrets management
|
# Secrets management
|
||||||
|
|
313
flake.lock
313
flake.lock
|
@ -10,11 +10,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1663176622,
|
"lastModified": 1669920985,
|
||||||
"narHash": "sha256-ahmQXwS2P34x7PxXt8Ve2ZVKJHW6yP1m/nZoo8sHwmE=",
|
"narHash": "sha256-Ff9FxYqYNVovOCDcECGKHoiqpIOUvF6/q17H+k06iXw=",
|
||||||
"ref": "master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "b56ed86e45b2a8cdf811f2659644192a69ab5818",
|
"rev": "5bef189c308df9dda1449a8305a7092fb5c77827",
|
||||||
"revCount": 293,
|
"revCount": 298,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://gitea.nek0.eu/nek0/affection"
|
"url": "https://gitea.nek0.eu/nek0/affection"
|
||||||
},
|
},
|
||||||
|
@ -23,9 +23,37 @@
|
||||||
"url": "https://gitea.nek0.eu/nek0/affection"
|
"url": "https://gitea.nek0.eu/nek0/affection"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"alert2muc": {
|
||||||
|
"inputs": {
|
||||||
|
"naersk": [
|
||||||
|
"naersk"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
],
|
||||||
|
"utils": [
|
||||||
|
"flake-utils"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1671329943,
|
||||||
|
"narHash": "sha256-7gFF8z1ww+LoC9Pk5hflvnlrzIf8gp7UbL6o8Xyl4Dw=",
|
||||||
|
"ref": "refs/heads/main",
|
||||||
|
"rev": "0ae1024cc7bf45dceb03f089f3e5485c0a43b860",
|
||||||
|
"revCount": 14,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://gitea.c3d2.de/astro/alert2muc"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://gitea.c3d2.de/astro/alert2muc"
|
||||||
|
}
|
||||||
|
},
|
||||||
"bevy-julia": {
|
"bevy-julia": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"naersk": "naersk",
|
"naersk": [
|
||||||
|
"naersk"
|
||||||
|
],
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
],
|
],
|
||||||
|
@ -91,11 +119,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668535353,
|
"lastModified": 1670028698,
|
||||||
"narHash": "sha256-cVe++C4wg2CG80qjjSVG4H1udcRi7sbdU/xMGC5WSxc=",
|
"narHash": "sha256-JjmRgUg5004snQL03r5n4TjJmyD4qiwKdPDmx/1GeFw=",
|
||||||
"ref": "main",
|
"ref": "main",
|
||||||
"rev": "a12dc753b3f3d145883e1de7a0c12407bbe97288",
|
"rev": "908fb9c8d3d2b0fbe5a17895639ef478f81e3f8d",
|
||||||
"revCount": 111,
|
"revCount": 153,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://gitea.c3d2.de/astro/caveman.git"
|
"url": "https://gitea.c3d2.de/astro/caveman.git"
|
||||||
},
|
},
|
||||||
|
@ -113,11 +141,11 @@
|
||||||
"rust-analyzer-src": "rust-analyzer-src"
|
"rust-analyzer-src": "rust-analyzer-src"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668493618,
|
"lastModified": 1671171782,
|
||||||
"narHash": "sha256-Pw8dzHPI3My/nWthhWlD6nVLVPDAi9+NODvayVhKGKk=",
|
"narHash": "sha256-G7FNiYVl/jOkvNEhLO8O7uq0MuhFLKGMsCxFjqATVc0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "fenix",
|
"repo": "fenix",
|
||||||
"rev": "3e59a48c3171664ea0797f28273f9929a2335617",
|
"rev": "d3eaf97d81161bea9177cc80e07d26ba2d96569f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -144,11 +172,11 @@
|
||||||
"harmonia": {
|
"harmonia": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668458039,
|
"lastModified": 1670319728,
|
||||||
"narHash": "sha256-w4OCjMRPrPIY0dlUkiA1XPSmRstnNSRVmglw7hfSs3s=",
|
"narHash": "sha256-7hsq6Sv06UcIjjlZTFlsYWDfGrc9u77OAr25SjnvZ4A=",
|
||||||
"owner": "helsinki-systems",
|
"owner": "helsinki-systems",
|
||||||
"repo": "harmonia",
|
"repo": "harmonia",
|
||||||
"rev": "9b61645fce85a7abfe6e812f68df085d688f9711",
|
"rev": "f2476198fb8236c7c7eb432aab4472083cb9831d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -175,7 +203,7 @@
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1657923513,
|
"lastModified": 1657923513,
|
||||||
"narHash": "sha256-YzHPow09B9uSdybUxP5lQn2hXk90Q6oTDL6UXzD0/+k=",
|
"narHash": "sha256-YzHPow09B9uSdybUxP5lQn2hXk90Q6oTDL6UXzD0/+k=",
|
||||||
"ref": "master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "f7cf04a7ad47e388121f0771651fec0df91407f3",
|
"rev": "f7cf04a7ad47e388121f0771651fec0df91407f3",
|
||||||
"revCount": 61,
|
"revCount": 61,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
|
@ -237,11 +265,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668518796,
|
"lastModified": 1670897870,
|
||||||
"narHash": "sha256-DyteijJn0JZphJdQaHpPWxvkKrBPvCW3B53tCasDX8c=",
|
"narHash": "sha256-nWLU48WlhVYm53cTUEDX8mZwZqdzObO6299hrCmdYcU=",
|
||||||
"owner": "astro",
|
"owner": "astro",
|
||||||
"repo": "microvm.nix",
|
"repo": "microvm.nix",
|
||||||
"rev": "5181933ca7bbaad37ceb82a848630ea3b30d522b",
|
"rev": "b12b4d426e1050479e9d571c81cda2b7ae0256da",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -251,35 +279,17 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"naersk": {
|
"naersk": {
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": "nixpkgs"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1662220400,
|
|
||||||
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "naersk",
|
|
||||||
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "naersk",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"naersk_2": {
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1662220400,
|
"lastModified": 1671096816,
|
||||||
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
|
"narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "naersk",
|
"repo": "naersk",
|
||||||
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
|
"rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -288,28 +298,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"naersk_3": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"ticker",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1659610603,
|
|
||||||
"narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "naersk",
|
|
||||||
"rev": "c6a45e4277fa58abd524681466d3450f896dc094",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "naersk",
|
|
||||||
"rev": "c6a45e4277fa58abd524681466d3450f896dc094",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"newNixpkgs": {
|
"newNixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1647380550,
|
"lastModified": 1647380550,
|
||||||
|
@ -329,7 +317,7 @@
|
||||||
"nix": {
|
"nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"lowdown-src": "lowdown-src",
|
"lowdown-src": "lowdown-src",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-regression": "nixpkgs-regression"
|
"nixpkgs-regression": "nixpkgs-regression"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -349,43 +337,27 @@
|
||||||
},
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668459637,
|
"lastModified": 1671217927,
|
||||||
"narHash": "sha256-HqnWCKujmtu8v0CjzOT0sr7m2AR7+vpbZJOp1R0rodY=",
|
"narHash": "sha256-VjoidSKImZGWYqL1Z+ntfEzqeMjNX4zxcBr9PIqORwM=",
|
||||||
"owner": "nixos",
|
"owner": "SuperSandro2000",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "16f4e04658c2ab10114545af2f39db17d51bd1bd",
|
"rev": "0a597dc83e81526de48488088c92349d7170445c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "SuperSandro2000",
|
||||||
"ref": "nixos-22.05",
|
"ref": "nixos-22.11",
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixos-armv6": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1664701736,
|
|
||||||
"narHash": "sha256-Va3NyZ+uyZztu506qM+sLxd69DBzN5CdoCAu1lzVk0U=",
|
|
||||||
"owner": "rnhmjoj",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "10b75bee02bc7c25e596847357c70b277c534588",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "rnhmjoj",
|
|
||||||
"ref": "pr-fix-armv6",
|
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668334946,
|
"lastModified": 1671183612,
|
||||||
"narHash": "sha256-omMbUj4r5DVBWh7KxkoO/Z/1V1shVR6Ls4jXNB4mr3U=",
|
"narHash": "sha256-Q6so0tBGEb9Bhx++FP6cJQ+K83hOZ99ffmcdcWtDS14=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "e0452b33ab0ef16ffe075e980644ed92a6a200bb",
|
"rev": "488931efb69a50307fa0d71e23e78c8706909416",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -394,37 +366,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixos-unstable": {
|
"nixos-mobilizon": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1668417584,
|
|
||||||
"narHash": "sha256-yeuEyxKPwsm5fIHN49L/syn9g5coxnPp3GsVquhrv5A=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "013fcdd106823416918004bb684c3c186d3c460f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1663264531,
|
|
||||||
"narHash": "sha256-2ncO5chPXlTxaebDlhx7MhL0gOEIWxzSyfsl0r0hxQk=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "454887a35de6317a30be284e8adc2d2f6d8a07c4",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nixpkgs",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs-mobilizon": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1664466500,
|
"lastModified": 1664466500,
|
||||||
"narHash": "sha256-FvEUAKkf0PDZ2j2qIbI4+3oPTnuQq4HdX00iqBkvKOU=",
|
"narHash": "sha256-FvEUAKkf0PDZ2j2qIbI4+3oPTnuQq4HdX00iqBkvKOU=",
|
||||||
|
@ -440,6 +382,53 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixos-unstable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1671108576,
|
||||||
|
"narHash": "sha256-6ggOL6KoaELNA1562tnPjtAnQ9SwsKRTgeuaXvPzCwI=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "0f5996b524c91677891a432cc99c7567c7c402b1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixos-unstable-simd": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1671211489,
|
||||||
|
"narHash": "sha256-0AbRULr8+U70TPLiMz7PK8mTp1lD+Ct8VKElZ0WmPzE=",
|
||||||
|
"owner": "SuperSandro2000",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "8ef6d44870fbc02b5c43922b8dbe95aa8b53091b",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "SuperSandro2000",
|
||||||
|
"ref": "nixos-unstable-simd",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1645296114,
|
||||||
|
"narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-21.05-small",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-regression": {
|
"nixpkgs-regression": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1643052045,
|
"lastModified": 1643052045,
|
||||||
|
@ -455,21 +444,6 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1645296114,
|
|
||||||
"narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nixpkgs",
|
|
||||||
"ref": "nixos-21.05-small",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"oparl-scraper": {
|
"oparl-scraper": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -490,11 +464,11 @@
|
||||||
"openwrt": {
|
"openwrt": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668297972,
|
"lastModified": 1670552749,
|
||||||
"narHash": "sha256-i39KfzBoNiiScd1M8kV/5WrGzEgG6+PxsFxoW+DT9UQ=",
|
"narHash": "sha256-ZhbNee6F+vJRirskdiYpXVRldJTHSbClLiYtJe4wgqE=",
|
||||||
"ref": "openwrt-21.02",
|
"ref": "openwrt-21.02",
|
||||||
"rev": "079ce0413a1e3c19dd00be1b90de737c2bc09223",
|
"rev": "784565b6a0ad482b19c4851b0ce8ffeddb7010c1",
|
||||||
"revCount": 51164,
|
"revCount": 51264,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.openwrt.org/openwrt/openwrt.git"
|
"url": "https://git.openwrt.org/openwrt/openwrt.git"
|
||||||
},
|
},
|
||||||
|
@ -511,11 +485,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668458369,
|
"lastModified": 1671207552,
|
||||||
"narHash": "sha256-Mv4F2AgOIpGyvfoHQtw/sDg3hU7O0K1P9ercnfrwnEQ=",
|
"narHash": "sha256-7C3QXWM615TJJqNQlKS27HaQh/m6vctKhZ1fw9ex7xE=",
|
||||||
"owner": "astro",
|
"owner": "astro",
|
||||||
"repo": "nix-openwrt-imagebuilder",
|
"repo": "nix-openwrt-imagebuilder",
|
||||||
"rev": "818db40dd8a0a22b029823ba477c5c3301bd7534",
|
"rev": "a53edbc364df74d467d4f1e8d45dca6ee4e92ced",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -527,6 +501,7 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"affection-src": "affection-src",
|
"affection-src": "affection-src",
|
||||||
|
"alert2muc": "alert2muc",
|
||||||
"bevy-julia": "bevy-julia",
|
"bevy-julia": "bevy-julia",
|
||||||
"bevy-mandelbrot": "bevy-mandelbrot",
|
"bevy-mandelbrot": "bevy-mandelbrot",
|
||||||
"caveman": "caveman",
|
"caveman": "caveman",
|
||||||
|
@ -536,12 +511,12 @@
|
||||||
"heliwatch": "heliwatch",
|
"heliwatch": "heliwatch",
|
||||||
"hydra-ca": "hydra-ca",
|
"hydra-ca": "hydra-ca",
|
||||||
"microvm": "microvm",
|
"microvm": "microvm",
|
||||||
"naersk": "naersk_2",
|
"naersk": "naersk",
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-armv6": "nixos-armv6",
|
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
|
"nixos-mobilizon": "nixos-mobilizon",
|
||||||
"nixos-unstable": "nixos-unstable",
|
"nixos-unstable": "nixos-unstable",
|
||||||
"nixpkgs-mobilizon": "nixpkgs-mobilizon",
|
"nixos-unstable-simd": "nixos-unstable-simd",
|
||||||
"oparl-scraper": "oparl-scraper",
|
"oparl-scraper": "oparl-scraper",
|
||||||
"openwrt": "openwrt",
|
"openwrt": "openwrt",
|
||||||
"openwrt-imagebuilder": "openwrt-imagebuilder",
|
"openwrt-imagebuilder": "openwrt-imagebuilder",
|
||||||
|
@ -562,11 +537,11 @@
|
||||||
"rust-analyzer-src": {
|
"rust-analyzer-src": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668182250,
|
"lastModified": 1671029659,
|
||||||
"narHash": "sha256-PYGaOCiFvnJdVz+ZCaKF8geGdffXjJUNcMwaBHv0FT4=",
|
"narHash": "sha256-2sqAgHcLWpNGVHG2LQIXgRMuqgCArOD9frQSrrXrwSA=",
|
||||||
"owner": "rust-lang",
|
"owner": "rust-lang",
|
||||||
"repo": "rust-analyzer",
|
"repo": "rust-analyzer",
|
||||||
"rev": "45ec315e01dc8dd1146dfeb65f0ef6e5c2efed78",
|
"rev": "95671d53ea3063da5316784af9ef69c71219f320",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -586,11 +561,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668479979,
|
"lastModified": 1671157233,
|
||||||
"narHash": "sha256-UI+JUCBaMpn+5Y1hSePmndbYX5zu0+bavlfzrhPrGEk=",
|
"narHash": "sha256-gvQaOKaV1UK6IzsFzkVLsEavGxnAsQFT3zUqcg0RXLU=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "2342f70f7257046effc031333c4cfdea66c91d82",
|
"rev": "7da2f6b3a0c32f661cb2864d7fbd1d7e6f0c7543",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -604,7 +579,7 @@
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1665446321,
|
"lastModified": 1665446321,
|
||||||
"narHash": "sha256-GuZr+BCAIe+UYmQrLHaVr8iRRajn5nSdWyqhjWDIX1Y=",
|
"narHash": "sha256-GuZr+BCAIe+UYmQrLHaVr8iRRajn5nSdWyqhjWDIX1Y=",
|
||||||
"ref": "master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "3700761dd06f271ef26261ed2a90dce8c22b6dca",
|
"rev": "3700761dd06f271ef26261ed2a90dce8c22b6dca",
|
||||||
"revCount": 61,
|
"revCount": 61,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
|
@ -624,7 +599,7 @@
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1659890996,
|
"lastModified": 1659890996,
|
||||||
"narHash": "sha256-xURgGoznCPmpX35dn5AXcyNYicVn5ruvUKxfIMMiu8o=",
|
"narHash": "sha256-xURgGoznCPmpX35dn5AXcyNYicVn5ruvUKxfIMMiu8o=",
|
||||||
"ref": "master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "5ca106f648bef15d9954d956bda336eea28e8d75",
|
"rev": "5ca106f648bef15d9954d956bda336eea28e8d75",
|
||||||
"revCount": 149,
|
"revCount": 149,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
|
@ -645,11 +620,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668537992,
|
"lastModified": 1670188372,
|
||||||
"narHash": "sha256-dktkznGkVUtOXyA19J4YoSiyhBkCinqH8LDnU2o/rmw=",
|
"narHash": "sha256-lKjP3rYsmiXb9kEU+stcsm48dTEMC6Ed+rLEClEl+Vs=",
|
||||||
"owner": "astro",
|
"owner": "astro",
|
||||||
"repo": "skyflake",
|
"repo": "skyflake",
|
||||||
"rev": "4ccb72c616212ef2149458dade8d1199dc69477a",
|
"rev": "c78a3e8f64930bf5c48b0f75e577e4294d8750c6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -663,16 +638,16 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
],
|
],
|
||||||
"nixpkgs-22_05": [
|
"nixpkgs-stable": [
|
||||||
"nixos"
|
"nixos"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668311578,
|
"lastModified": 1670149631,
|
||||||
"narHash": "sha256-nF6mwSbVyvnlIICWFZlADegWdTsgrk1pZnA/0VqByNw=",
|
"narHash": "sha256-rwmtlxx45PvOeZNP51wql/cWjY3rqzIR3Oj2Y+V7jM0=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "39f0fe57f1ef78764c1abc1de145f091fee1bbbb",
|
"rev": "da98a111623101c64474a14983d83dad8f09f93d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -732,7 +707,9 @@
|
||||||
"fenix": [
|
"fenix": [
|
||||||
"fenix"
|
"fenix"
|
||||||
],
|
],
|
||||||
"naersk": "naersk_3",
|
"naersk": [
|
||||||
|
"naersk"
|
||||||
|
],
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixos"
|
"nixos"
|
||||||
],
|
],
|
||||||
|
@ -743,7 +720,7 @@
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1666559258,
|
"lastModified": 1666559258,
|
||||||
"narHash": "sha256-m4f5QQbE+usnEnM6CJ+nCgXcsi9mm0cCwFm2BhJ0pvQ=",
|
"narHash": "sha256-m4f5QQbE+usnEnM6CJ+nCgXcsi9mm0cCwFm2BhJ0pvQ=",
|
||||||
"ref": "master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "22ecb2b375bebffdfb1af3435a4c4486e6dd923b",
|
"rev": "22ecb2b375bebffdfb1af3435a4c4486e6dd923b",
|
||||||
"revCount": 108,
|
"revCount": 108,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
|
@ -785,7 +762,7 @@
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1663279525,
|
"lastModified": 1663279525,
|
||||||
"narHash": "sha256-lUq4CY//ISplh/4i33nOU7cchpxKrw5V8mVdRnHMBaA=",
|
"narHash": "sha256-lUq4CY//ISplh/4i33nOU7cchpxKrw5V8mVdRnHMBaA=",
|
||||||
"ref": "master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "6d8d2cb1268d26add05baa3f21c325cfe051add3",
|
"rev": "6d8d2cb1268d26add05baa3f21c325cfe051add3",
|
||||||
"revCount": 342,
|
"revCount": 342,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
|
@ -830,11 +807,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668554331,
|
"lastModified": 1671215340,
|
||||||
"narHash": "sha256-QExvepHzH2QtHjeu1ZG2gIWh3bOxwsNsO2SBVmGIlRo=",
|
"narHash": "sha256-e1+KFpcOxdz0yvThbHszq9+sXhH7SsFGP/dsIpUrvZY=",
|
||||||
"ref": "master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "9cb7dbc38595e7c213d193f2adf3cbeffcded74b",
|
"rev": "4f090527d4cc64305add16ba68c6f72a275a507b",
|
||||||
"revCount": 1669,
|
"revCount": 1689,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
||||||
},
|
},
|
||||||
|
|
491
flake.nix
491
flake.nix
|
@ -2,11 +2,12 @@
|
||||||
description = "C3D2 NixOS configurations";
|
description = "C3D2 NixOS configurations";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
|
# use sandro's fork full with cherry-picked fixes
|
||||||
nixpkgs-mobilizon.url = "github:minijackson/nixpkgs/init-mobilizon";
|
nixos.url = "github:SuperSandro2000/nixpkgs/nixos-22.11";
|
||||||
nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixos-mobilizon.url = "github:minijackson/nixpkgs/init-mobilizon";
|
||||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||||
nixos-armv6.url = "github:rnhmjoj/nixpkgs/pr-fix-armv6";
|
nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
nixos-unstable-simd.url = "github:SuperSandro2000/nixpkgs/nixos-unstable-simd";
|
||||||
|
|
||||||
affection-src = {
|
affection-src = {
|
||||||
url = "git+https://gitea.nek0.eu/nek0/affection";
|
url = "git+https://gitea.nek0.eu/nek0/affection";
|
||||||
|
@ -15,6 +16,14 @@
|
||||||
flake-utils.follows = "flake-utils";
|
flake-utils.follows = "flake-utils";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
alert2muc = {
|
||||||
|
url = "git+https://gitea.c3d2.de/astro/alert2muc";
|
||||||
|
inputs = {
|
||||||
|
naersk.follows = "naersk";
|
||||||
|
nixpkgs.follows = "nixos";
|
||||||
|
utils.follows = "flake-utils";
|
||||||
|
};
|
||||||
|
};
|
||||||
bevy-mandelbrot = {
|
bevy-mandelbrot = {
|
||||||
# url = "github:matelab/bevy_mandelbrot";
|
# url = "github:matelab/bevy_mandelbrot";
|
||||||
url = "git+https://gitea.c3d2.de/astro/bevy-mandelbrot.git?ref=main";
|
url = "git+https://gitea.c3d2.de/astro/bevy-mandelbrot.git?ref=main";
|
||||||
|
@ -29,9 +38,7 @@
|
||||||
url = "git+https://gitea.c3d2.de/astro/bevy-julia.git?ref=main";
|
url = "git+https://gitea.c3d2.de/astro/bevy-julia.git?ref=main";
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.follows = "nixos";
|
nixpkgs.follows = "nixos";
|
||||||
# breaks the build:
|
naersk.follows = "naersk";
|
||||||
# naersk.follows = "naersk";
|
|
||||||
# naersk.inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
rust-overlay.follows = "rust-overlay";
|
rust-overlay.follows = "rust-overlay";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -129,7 +136,7 @@
|
||||||
url = "github:Mic92/sops-nix";
|
url = "github:Mic92/sops-nix";
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.follows = "nixos";
|
nixpkgs.follows = "nixos";
|
||||||
nixpkgs-22_05.follows = "nixos";
|
nixpkgs-stable.follows = "nixos";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
spacemsg = {
|
spacemsg = {
|
||||||
|
@ -140,8 +147,7 @@
|
||||||
url = "git+https://gitea.c3d2.de/astro/ticker.git";
|
url = "git+https://gitea.c3d2.de/astro/ticker.git";
|
||||||
inputs = {
|
inputs = {
|
||||||
fenix.follows = "fenix";
|
fenix.follows = "fenix";
|
||||||
# TODO: build regression in https://github.com/nix-community/naersk/commit/6944160c19cb591eb85bbf9b2f2768a935623ed3
|
naersk.follows = "naersk";
|
||||||
# naersk.follows = "naersk";
|
|
||||||
nixpkgs.follows = "nixos";
|
nixpkgs.follows = "nixos";
|
||||||
utils.follows = "flake-utils";
|
utils.follows = "flake-utils";
|
||||||
};
|
};
|
||||||
|
@ -173,14 +179,9 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = inputs@{ self, fenix, harmonia, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
outputs = inputs@{ self, alert2muc, fenix, harmonia, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
|
||||||
let
|
let
|
||||||
inherit (nixos) lib;
|
inherit (nixos) lib;
|
||||||
forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
|
|
||||||
|
|
||||||
# all the input flakes for `nix copy` to the build machine,
|
|
||||||
# allowing --override-input
|
|
||||||
inputPaths = lib.escapeShellArgs (builtins.attrValues inputs);
|
|
||||||
|
|
||||||
extractZwHosts = { hosts4, hosts6, ... }:
|
extractZwHosts = { hosts4, hosts6, ... }:
|
||||||
lib.recursiveUpdate (
|
lib.recursiveUpdate (
|
||||||
|
@ -207,348 +208,56 @@
|
||||||
extraHostRegistry.hosts = import ./host-registry.nix;
|
extraHostRegistry.hosts = import ./host-registry.nix;
|
||||||
hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry;
|
hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry;
|
||||||
|
|
||||||
getHostAddr = name:
|
# Our custom NixOS builder
|
||||||
let
|
nixosSystem' =
|
||||||
hostConf = hostRegistry.hosts."${name}";
|
{ nixpkgs ? inputs.nixos
|
||||||
in
|
, modules
|
||||||
if hostConf ? ip4
|
, extraArgs ? { }
|
||||||
then hostConf.ip4
|
, specialArgs ? { }
|
||||||
else if hostConf ? ip6
|
, system ? "x86_64-linux"
|
||||||
then hostConf.ip6
|
}@args:
|
||||||
else throw "Host ${name} has no ip4 or ip6 address";
|
|
||||||
|
{ inherit args; } // nixpkgs.lib.nixosSystem {
|
||||||
|
inherit specialArgs system;
|
||||||
|
|
||||||
|
modules = [
|
||||||
|
({ ... }: {
|
||||||
|
_module.args = extraArgs // {
|
||||||
|
inherit hostRegistry inputs zentralwerk;
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs = {
|
||||||
|
overlays = [ self.overlays ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
|
self.nixosModules.c3d2
|
||||||
|
./modules/audio-server.nix
|
||||||
|
./modules/c3d2.nix
|
||||||
|
./modules/stats.nix
|
||||||
|
./modules/pi-sensors.nix
|
||||||
|
] ++ modules;
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
overlay = import ./overlay {
|
overlays = import ./overlays {
|
||||||
inherit nixos-unstable;
|
|
||||||
inherit (inputs) tracer bevy-mandelbrot bevy-julia;
|
inherit (inputs) tracer bevy-mandelbrot bevy-julia;
|
||||||
};
|
};
|
||||||
|
|
||||||
legacyPackages = lib.attrsets.mapAttrs (system: pkgs:
|
legacyPackages = lib.attrsets.mapAttrs (_: pkgs:
|
||||||
pkgs.appendOverlays [
|
pkgs.appendOverlays [
|
||||||
fenix.overlay
|
fenix.overlays.default
|
||||||
naersk.overlay
|
naersk.overlay
|
||||||
self.overlay
|
self.overlays
|
||||||
]) nixos.legacyPackages;
|
]) nixos.legacyPackages;
|
||||||
|
|
||||||
packages = lib.attrsets.mapAttrs (system: pkgs:
|
packages = import ./packages.nix { inherit hostRegistry inputs lib microvm secrets self; };
|
||||||
let overlayPkgs = builtins.intersectAttrs (self.overlay {} {}) pkgs;
|
|
||||||
in overlayPkgs //
|
|
||||||
{
|
|
||||||
host-registry = pkgs.runCommand "host-registry" {
|
|
||||||
src = builtins.toFile "host-registry.nix" (
|
|
||||||
lib.generators.toPretty {} hostRegistry
|
|
||||||
);
|
|
||||||
} ''
|
|
||||||
ln -s $src $out
|
|
||||||
'';
|
|
||||||
|
|
||||||
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
|
nixosConfigurations = {
|
||||||
#! ${pkgs.runtimeShell}
|
|
||||||
|
|
||||||
NORMAL="\033[0m"
|
|
||||||
RED="\033[0;31m"
|
|
||||||
YELLOW="\033[0;33m"
|
|
||||||
GREEN="\033[0;32m"
|
|
||||||
|
|
||||||
${pkgs.lib.concatMapStringsSep "\n" (name:
|
|
||||||
let
|
|
||||||
addr = getHostAddr name;
|
|
||||||
in nixos.lib.optionalString (addr != null) ''
|
|
||||||
echo -n -e "${name}: $RED"
|
|
||||||
RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system")
|
|
||||||
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
|
|
||||||
CURRENT=$(nix eval --raw ".#nixosConfigurations.${name}.config.system.build.toplevel" 2>/dev/null)
|
|
||||||
RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev)
|
|
||||||
RUNNING_DATE=$(echo $RUNNING_VER|cut -d . -f 3)
|
|
||||||
CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev)
|
|
||||||
CURRENT_DATE=$(echo $CURRENT_VER|cut -d . -f 3)
|
|
||||||
|
|
||||||
if [ "$RUNNING" = "$CURRENT" ]; then
|
|
||||||
echo -e "$GREEN"current"$NORMAL $RUNNING_VER"
|
|
||||||
elif [ $RUNNING_DATE -gt $CURRENT_DATE ]; then
|
|
||||||
echo -e "$GREEN"newer"$NORMAL $RUNNING_VER > $CURRENT_VER"
|
|
||||||
elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then
|
|
||||||
echo -e "$YELLOW"modified"$NORMAL $RUNNING_VER"
|
|
||||||
elif [ -n "$RUNNING_VER" ]; then
|
|
||||||
echo -e "$RED"outdated"$NORMAL $RUNNING_VER < $CURRENT_VER"
|
|
||||||
else
|
|
||||||
echo -e "$RED"error"$NORMAL $RUNNING_VER"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
echo -n -e "$NORMAL"
|
|
||||||
'') (builtins.attrNames self.nixosConfigurations)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
prebuild-all = pkgs.runCommand "prebuild-all" {
|
|
||||||
preferLocalBuild = true;
|
|
||||||
} ''
|
|
||||||
mkdir $out
|
|
||||||
|
|
||||||
${pkgs.lib.concatMapStrings (name: ''
|
|
||||||
ln -s ${self.nixosConfigurations."${name}".config.system.build.toplevel} name
|
|
||||||
'') (builtins.attrNames self.nixosConfigurations)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
prebuild-all-remote = pkgs.writeScriptBin "prebuild-all" ''
|
|
||||||
#!${pkgs.runtimeShell} -e
|
|
||||||
|
|
||||||
nix copy --no-check-sigs --to ssh-ng://$1 ${inputPaths}
|
|
||||||
|
|
||||||
set -x
|
|
||||||
ssh $1 -- nix build -L --no-link ${
|
|
||||||
pkgs.lib.concatMapStringsSep " " (name:
|
|
||||||
"${self}#nixosConfigurations.${name}.config.system.build.toplevel"
|
|
||||||
) (builtins.attrNames self.nixosConfigurations)
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
|
|
||||||
} //
|
|
||||||
|
|
||||||
builtins.foldl' (result: host: result // {
|
|
||||||
# TODO: check if the ethernet address is reachable and if not,
|
|
||||||
# execute wol on a machine in HQ.
|
|
||||||
"${host}-wake" = pkgs.writeScriptBin "${host}-wake" ''
|
|
||||||
#!${pkgs.runtimeShell}
|
|
||||||
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts."${host}".ether}
|
|
||||||
'';
|
|
||||||
}) {} (builtins.attrNames (nixos.lib.filterAttrs (_: { wol ? false, ... }: wol) hostRegistry.hosts)) //
|
|
||||||
|
|
||||||
builtins.foldl' (result: name:
|
|
||||||
let
|
|
||||||
host = getHostAddr name;
|
|
||||||
target = ''root@"${host}"'';
|
|
||||||
rebuildArg = "--flake ${self}#${name} --option extra-substituters https://nix-serve.hq.c3d2.de";
|
|
||||||
hostConfig = self.nixosConfigurations."${name}".config;
|
|
||||||
profile = hostConfig.system.build.toplevel;
|
|
||||||
# let /var/lib/microvm/*/flake point to the flake-update branch so that
|
|
||||||
# `microvm -u $NAME` updates to what hydra built today.
|
|
||||||
selfRef = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update";
|
|
||||||
in result // {
|
|
||||||
# Generate a small script for copying this flake to the
|
|
||||||
# remote machine and bulding and switching there.
|
|
||||||
# Can be run with `nix run c3d2#…-nixos-rebuild switch`
|
|
||||||
"${name}-nixos-rebuild" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
|
||||||
#!${pkgs.runtimeShell} -ex
|
|
||||||
[[ $(ssh ${target} cat /etc/hostname) == ${name} ]]
|
|
||||||
nix copy --no-check-sigs --to ssh-ng://${target} ${inputPaths}
|
|
||||||
ssh ${target} nixos-rebuild ${rebuildArg} "$@"
|
|
||||||
'';
|
|
||||||
|
|
||||||
"${name}-nixos-rebuild-hydra" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
|
||||||
#!${pkgs.runtimeShell} -e
|
|
||||||
echo Copying Flakes
|
|
||||||
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${inputPaths}
|
|
||||||
echo Building on Hydra
|
|
||||||
ssh root@hydra.serv.zentralwerk.org -- \
|
|
||||||
nix build -L -o /tmp/nixos-system-${name} \
|
|
||||||
${self}#nixosConfigurations.${name}.config.system.build.toplevel
|
|
||||||
echo Built. Obtaining link to data
|
|
||||||
TOPLEVEL=$(ssh root@hydra.serv.zentralwerk.org \
|
|
||||||
readlink /tmp/nixos-system-${name})
|
|
||||||
echo Checking target ${name}
|
|
||||||
ssh ${target} -- bash -e <<EOF
|
|
||||||
[[ \$(cat /etc/hostname) == ${name} ]]
|
|
||||||
echo Copying data from Hydra to ${name}
|
|
||||||
nix copy --from https://nix-serve.hq.c3d2.de \
|
|
||||||
$TOPLEVEL
|
|
||||||
echo Activation on ${name}: "$@"
|
|
||||||
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
|
|
||||||
$TOPLEVEL/bin/switch-to-configuration "$@"
|
|
||||||
EOF
|
|
||||||
'';
|
|
||||||
|
|
||||||
"${name}-nixos-rebuild-local" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
|
||||||
#!${pkgs.runtimeShell} -ex
|
|
||||||
[[ $1 == build || $(ssh ${target} cat /etc/hostname) == ${name} ]]
|
|
||||||
${pkgs.nixos-rebuild}/bin/nixos-rebuild ${rebuildArg} --target-host ${target} --use-remote-sudo "$@"
|
|
||||||
'';
|
|
||||||
|
|
||||||
"${name}-cleanup" = pkgs.writeScriptBin "${name}-cleanup" ''
|
|
||||||
#!${pkgs.runtimeShell} -ex
|
|
||||||
ssh ${target} "time nix-collect-garbage -d && time nix-store --optimise"
|
|
||||||
'';
|
|
||||||
|
|
||||||
"microvm-update-${name}" = pkgs.writeScriptBin "microvm-update-${name}" ''
|
|
||||||
#!${pkgs.runtimeShell} -e
|
|
||||||
|
|
||||||
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
|
|
||||||
echo "MicroVM must be configured to proper server" >&2
|
|
||||||
exit 1
|
|
||||||
''}
|
|
||||||
|
|
||||||
${hostConfig.system.build.copyToServer} ${inputPaths}
|
|
||||||
|
|
||||||
${hostConfig.system.build.runOnServer} bash -e <<END
|
|
||||||
mkdir -p /var/lib/microvms/${name}
|
|
||||||
cd /var/lib/microvms/${name}
|
|
||||||
chown root:kvm .
|
|
||||||
chmod 0775 .
|
|
||||||
|
|
||||||
rm -f old
|
|
||||||
[ -e current ] && cp --no-dereference current old
|
|
||||||
|
|
||||||
nix build -L \
|
|
||||||
-o current \
|
|
||||||
${self}#nixosConfigurations.${name}.config.microvm.declaredRunner
|
|
||||||
echo '${selfRef}' > flake
|
|
||||||
|
|
||||||
[ -e old ] && nix store diff-closures ./old ./current
|
|
||||||
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
|
|
||||||
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
|
|
||||||
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
|
|
||||||
|
|
||||||
systemctl restart microvm@${name}.service
|
|
||||||
END
|
|
||||||
'';
|
|
||||||
|
|
||||||
"microvm-update-${name}-local" = pkgs.writeScriptBin "microvm-update-${name}" ''
|
|
||||||
#!${pkgs.runtimeShell} -e
|
|
||||||
|
|
||||||
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
|
|
||||||
echo "MicroVM must be configured to proper server" >&2
|
|
||||||
exit 1
|
|
||||||
''}
|
|
||||||
|
|
||||||
${hostConfig.system.build.copyToServer} ${hostConfig.microvm.declaredRunner}
|
|
||||||
|
|
||||||
${hostConfig.system.build.runOnServer} bash -e <<END
|
|
||||||
mkdir -p /var/lib/microvms/${name}
|
|
||||||
cd /var/lib/microvms/${name}
|
|
||||||
chown root:kvm .
|
|
||||||
chmod 0775 .
|
|
||||||
|
|
||||||
rm -f old
|
|
||||||
[ -e current ] && cp --no-dereference current old
|
|
||||||
|
|
||||||
ln -sfT ${hostConfig.microvm.declaredRunner} current
|
|
||||||
echo '${selfRef}' > flake
|
|
||||||
|
|
||||||
[ -e old ] && nix store diff-closures ./old ./current
|
|
||||||
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
|
|
||||||
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
|
|
||||||
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
|
|
||||||
|
|
||||||
systemctl restart microvm@${name}.service
|
|
||||||
END
|
|
||||||
'';
|
|
||||||
|
|
||||||
"nomad-${name}" = pkgs.writeScriptBin "nomad-${name}" ''
|
|
||||||
#!${pkgs.runtimeShell} -e
|
|
||||||
|
|
||||||
${lib.optionalString (hostConfig.c3d2.deployment.server or null == "nomad") ''
|
|
||||||
echo "MicroVM must be configured for nomad" >&2
|
|
||||||
exit 1
|
|
||||||
''}
|
|
||||||
|
|
||||||
echo Copying Flakes
|
|
||||||
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${secrets} ${self}
|
|
||||||
|
|
||||||
echo Building on Hydra
|
|
||||||
ssh root@hydra.serv.zentralwerk.org -- \
|
|
||||||
nix build -L -o /tmp/microvm-${name}.job \
|
|
||||||
${self}#nixosConfigurations.${name}.config.system.build.nomadJob
|
|
||||||
|
|
||||||
echo -n Built. Obtaining path...
|
|
||||||
JOB=$(ssh root@hydra.serv.zentralwerk.org -- \
|
|
||||||
readlink /tmp/microvm-${name}.job)
|
|
||||||
echo \ $JOB
|
|
||||||
|
|
||||||
for h in server9 server10 ; do
|
|
||||||
echo Sharing with $h
|
|
||||||
ssh root@$h.cluster.zentralwerk.org -- \
|
|
||||||
bash -e <<EOF &
|
|
||||||
nix copy --from https://nix-serve.hq.c3d2.de $JOB
|
|
||||||
mkdir -p /glusterfs/fast/microvms/${name}
|
|
||||||
chown microvm:kvm /glusterfs/fast/microvms/${name}
|
|
||||||
chmod 0775 /glusterfs/fast/microvms/${name}
|
|
||||||
mkdir -p /nix/var/nix/gcroots/microvm
|
|
||||||
rm -f /nix/var/nix/gcroots/microvm/${name}
|
|
||||||
ln -sfT $JOB /nix/var/nix/gcroots/microvm/${name}
|
|
||||||
EOF
|
|
||||||
done
|
|
||||||
wait
|
|
||||||
|
|
||||||
echo Now starting the job
|
|
||||||
ssh root@hydra.serv.zentralwerk.org -- \
|
|
||||||
nomad run -detach $JOB
|
|
||||||
'';
|
|
||||||
}) {} (builtins.attrNames self.nixosConfigurations) //
|
|
||||||
|
|
||||||
builtins.foldl' (result: host:
|
|
||||||
let
|
|
||||||
inherit (self.nixosConfigurations.${host}) config;
|
|
||||||
in
|
|
||||||
result // {
|
|
||||||
# boot any machine in a microvm
|
|
||||||
"${host}-vm" = (self.nixosConfigurations.${host}
|
|
||||||
.extendModules {
|
|
||||||
modules = [ {
|
|
||||||
microvm = {
|
|
||||||
mem = nixos.lib.mkForce 2048;
|
|
||||||
hypervisor = nixos.lib.mkForce "qemu";
|
|
||||||
socket = nixos.lib.mkForce null;
|
|
||||||
shares = nixos.lib.mkForce [ {
|
|
||||||
tag = "ro-store";
|
|
||||||
source = "/nix/store";
|
|
||||||
mountPoint = "/nix/.ro-store";
|
|
||||||
} ];
|
|
||||||
interfaces = nixos.lib.mkForce [ {
|
|
||||||
type = "user";
|
|
||||||
id = "eth0";
|
|
||||||
mac = "02:23:de:ad:be:ef";
|
|
||||||
} ];
|
|
||||||
};
|
|
||||||
boot.isContainer = lib.mkForce false;
|
|
||||||
users.users.root.password = "";
|
|
||||||
fileSystems."/".fsType = lib.mkForce "tmpfs";
|
|
||||||
services.getty.helpLine = ''
|
|
||||||
Log in as "root" with an empty password.
|
|
||||||
Use "reboot" to shut qemu down.
|
|
||||||
'';
|
|
||||||
} ] ++ lib.optionals (! config ? microvm) [
|
|
||||||
microvm.nixosModules.microvm
|
|
||||||
];
|
|
||||||
})
|
|
||||||
.config.microvm.declaredRunner;
|
|
||||||
|
|
||||||
"${host}-tftproot" =
|
|
||||||
if config.system.build ? tftproot
|
|
||||||
then config.system.build.tftproot
|
|
||||||
else throw "No tftproot for ${host}";
|
|
||||||
}
|
|
||||||
) {} (builtins.attrNames self.nixosConfigurations)
|
|
||||||
) self.legacyPackages;
|
|
||||||
|
|
||||||
nixosConfigurations = let
|
|
||||||
nixosSystem' =
|
|
||||||
# Our custom NixOS builder
|
|
||||||
{ nixpkgs ? inputs.nixos, modules, extraArgs ? {}, specialArgs ? { }, system ? "x86_64-linux" }:
|
|
||||||
nixpkgs.lib.nixosSystem {
|
|
||||||
inherit specialArgs system;
|
|
||||||
|
|
||||||
modules = [
|
|
||||||
({ pkgs, ... }: {
|
|
||||||
_module.args = extraArgs // {
|
|
||||||
inherit hostRegistry inputs zentralwerk;
|
|
||||||
};
|
|
||||||
nixpkgs = {
|
|
||||||
overlays = [ self.overlay ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
self.nixosModules.c3d2
|
|
||||||
./modules/audio-server.nix
|
|
||||||
./modules/c3d2.nix
|
|
||||||
./modules/stats.nix
|
|
||||||
./modules/pi-sensors.nix
|
|
||||||
] ++ modules;
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
auth = nixosSystem' {
|
auth = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.microvm
|
self.nixosModules.microvm
|
||||||
./hosts/auth
|
./hosts/auth
|
||||||
];
|
];
|
||||||
nixpkgs = inputs.nixos-unstable;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
broker = nixosSystem' {
|
broker = nixosSystem' {
|
||||||
|
@ -590,7 +299,6 @@
|
||||||
self.nixosModules.microvm
|
self.nixosModules.microvm
|
||||||
./hosts/gitea
|
./hosts/gitea
|
||||||
];
|
];
|
||||||
nixpkgs = inputs.nixos-unstable;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
glotzbert = nixosSystem' {
|
glotzbert = nixosSystem' {
|
||||||
|
@ -608,7 +316,6 @@
|
||||||
self.nixosModules.microvm
|
self.nixosModules.microvm
|
||||||
./hosts/hedgedoc
|
./hosts/hedgedoc
|
||||||
];
|
];
|
||||||
nixpkgs = inputs.nixos-unstable;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
pulsebert = nixosSystem' {
|
pulsebert = nixosSystem' {
|
||||||
|
@ -624,12 +331,11 @@
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
nixpkgs = inputs.nixos-unstable;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
radiobert = nixosSystem' {
|
radiobert = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
({ modulesPath, ... }:
|
({ ... }:
|
||||||
{
|
{
|
||||||
nixpkgs.overlays = [ heliwatch.overlay ];
|
nixpkgs.overlays = [ heliwatch.overlay ];
|
||||||
})
|
})
|
||||||
|
@ -674,7 +380,6 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
schalter = nixosSystem' {
|
schalter = nixosSystem' {
|
||||||
nixpkgs = inputs.nixos-armv6;
|
|
||||||
modules = [
|
modules = [
|
||||||
"${nixos}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
|
"${nixos}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
|
||||||
({ lib, ... }: {
|
({ lib, ... }: {
|
||||||
|
@ -751,7 +456,6 @@
|
||||||
self.nixosModules.microvm
|
self.nixosModules.microvm
|
||||||
./hosts/grafana
|
./hosts/grafana
|
||||||
];
|
];
|
||||||
nixpkgs = nixos-unstable;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
hydra = nixosSystem' {
|
hydra = nixosSystem' {
|
||||||
|
@ -767,7 +471,6 @@
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
nixpkgs = nixos-unstable;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
mucbot = nixosSystem' {
|
mucbot = nixosSystem' {
|
||||||
|
@ -805,14 +508,14 @@
|
||||||
|
|
||||||
stream = nixosSystem' {
|
stream = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.microvm
|
self.nixosModules.cluster-options
|
||||||
./hosts/stream
|
./hosts/stream
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
mobilizon = nixosSystem' {
|
mobilizon = nixosSystem' {
|
||||||
# TODO: pending https://github.com/NixOS/nixpkgs/pull/119132
|
# TODO: pending https://github.com/NixOS/nixpkgs/pull/119132
|
||||||
nixpkgs = inputs.nixpkgs-mobilizon;
|
nixpkgs = inputs.nixos-mobilizon;
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.microvm
|
self.nixosModules.microvm
|
||||||
./hosts/mobilizon
|
./hosts/mobilizon
|
||||||
|
@ -835,7 +538,7 @@
|
||||||
heliwatch.nixosModules.heliwatch
|
heliwatch.nixosModules.heliwatch
|
||||||
./hosts/sdrweb
|
./hosts/sdrweb
|
||||||
];
|
];
|
||||||
nixpkgs = nixos-unstable;
|
# nixpkgs = nixos-unstable;
|
||||||
};
|
};
|
||||||
|
|
||||||
bind = nixosSystem' {
|
bind = nixosSystem' {
|
||||||
|
@ -862,6 +565,16 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
server8 = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
./hosts/server8
|
||||||
|
self.nixosModules.cluster-network
|
||||||
|
self.nixosModules.cluster
|
||||||
|
skyflake.nixosModules.default
|
||||||
|
{ _module.args = { inherit self; }; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
server9 = nixosSystem' {
|
server9 = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/server9
|
./hosts/server9
|
||||||
|
@ -872,7 +585,6 @@
|
||||||
skyflake.nixosModules.default
|
skyflake.nixosModules.default
|
||||||
{ _module.args = { inherit self; }; }
|
{ _module.args = { inherit self; }; }
|
||||||
];
|
];
|
||||||
nixpkgs = nixos-unstable;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
server10 = nixosSystem' {
|
server10 = nixosSystem' {
|
||||||
|
@ -885,7 +597,6 @@
|
||||||
skyflake.nixosModules.default
|
skyflake.nixosModules.default
|
||||||
{ _module.args = { inherit self; }; }
|
{ _module.args = { inherit self; }; }
|
||||||
];
|
];
|
||||||
nixpkgs = nixos-unstable;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
oparl = nixosSystem' {
|
oparl = nixosSystem' {
|
||||||
|
@ -900,14 +611,14 @@
|
||||||
|
|
||||||
leon = nixosSystem' {
|
leon = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.microvm
|
self.nixosModules.cluster-options
|
||||||
./hosts/leon
|
./hosts/leon
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
leoncloud = nixosSystem' {
|
leoncloud = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.microvm
|
self.nixosModules.cluster-options
|
||||||
./hosts/leoncloud
|
./hosts/leoncloud
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -935,7 +646,7 @@
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
nixpkgs = nixos-unstable;
|
# nixpkgs = nixos-unstable;
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -951,15 +662,15 @@
|
||||||
self.nixosModules.microvm
|
self.nixosModules.microvm
|
||||||
./hosts/mediawiki
|
./hosts/mediawiki
|
||||||
];
|
];
|
||||||
nixpkgs = nixos-unstable;
|
# nixpkgs = nixos-unstable;
|
||||||
};
|
};
|
||||||
|
|
||||||
gnunet = nixosSystem' {
|
gnunet = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.microvm
|
self.nixosModules.cluster-options
|
||||||
./hosts/gnunet
|
./hosts/gnunet
|
||||||
];
|
];
|
||||||
nixpkgs = nixos-unstable;
|
# nixpkgs = nixos-unstable;
|
||||||
};
|
};
|
||||||
|
|
||||||
zengel = nixosSystem' {
|
zengel = nixosSystem' {
|
||||||
|
@ -971,7 +682,7 @@
|
||||||
|
|
||||||
sshlog = nixosSystem' {
|
sshlog = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.microvm
|
self.nixosModules.cluster-options
|
||||||
sshlogd.nixosModule
|
sshlogd.nixosModule
|
||||||
./hosts/sshlog
|
./hosts/sshlog
|
||||||
];
|
];
|
||||||
|
@ -992,9 +703,30 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
owncast = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
self.nixosModules.cluster-options
|
||||||
|
./hosts/owncast
|
||||||
|
];
|
||||||
|
# nixpkgs = nixos-unstable;
|
||||||
|
};
|
||||||
|
|
||||||
|
prometheus = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
self.nixosModules.cluster-options
|
||||||
|
alert2muc.nixosModules.default
|
||||||
|
./hosts/prometheus
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
mastodon = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
self.nixosModules.cluster-options
|
||||||
|
./hosts/mastodon
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModule = self.nixosModules.c3d2;
|
|
||||||
nixosModules = {
|
nixosModules = {
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -1004,7 +736,7 @@
|
||||||
./modules/backup.nix
|
./modules/backup.nix
|
||||||
./modules/c3d2.nix
|
./modules/c3d2.nix
|
||||||
./modules/nncp.nix
|
./modules/nncp.nix
|
||||||
./modules/logging.nix
|
./modules/monitoring.nix
|
||||||
./modules/stats.nix
|
./modules/stats.nix
|
||||||
];
|
];
|
||||||
c3d2.hosts = hostRegistry.hosts;
|
c3d2.hosts = hostRegistry.hosts;
|
||||||
|
@ -1022,7 +754,7 @@
|
||||||
nncp = ./modules/nncp.nix;
|
nncp = ./modules/nncp.nix;
|
||||||
plume = {
|
plume = {
|
||||||
imports = [ ./modules/plume.nix ];
|
imports = [ ./modules/plume.nix ];
|
||||||
nixpkgs.overlays = [ fenix.overlay naersk.overlay ];
|
nixpkgs.overlays = [ fenix.overlays.default naersk.overlay ];
|
||||||
};
|
};
|
||||||
rpi-netboot = ./modules/rpi-netboot.nix;
|
rpi-netboot = ./modules/rpi-netboot.nix;
|
||||||
};
|
};
|
||||||
|
@ -1039,15 +771,26 @@
|
||||||
) sops-nix.packages;
|
) sops-nix.packages;
|
||||||
|
|
||||||
hydraJobs =
|
hydraJobs =
|
||||||
builtins.mapAttrs (_: nixos.lib.hydraJob) (
|
lib.mapAttrs (_: nixos.lib.hydraJob) (
|
||||||
builtins.mapAttrs (_: nixosSystem:
|
let
|
||||||
if nixosSystem.config ? microvm.declaredRunner
|
getBuildEntryPoint = _: nixosSystem: nixosSystem.config.microvm.declaredRunner or nixosSystem.config.system.build.toplevel;
|
||||||
then nixosSystem.config.microvm.declaredRunner
|
in
|
||||||
else nixosSystem.config.system.build.toplevel
|
lib.mapAttrs getBuildEntryPoint self.nixosConfigurations
|
||||||
|
// lib.mapAttrs' (hostname: nixosSystem: lib.nameValuePair
|
||||||
|
# job display name
|
||||||
|
(hostname + "-nox")
|
||||||
|
(getBuildEntryPoint null (nixosSystem' (nixosSystem.args // (with nixosSystem.args; {
|
||||||
|
modules = modules ++ [
|
||||||
|
{
|
||||||
|
# c3d2.simd.enable = lib.mkForce true;
|
||||||
|
environment.noXlibs = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
# nixpkgs = nixos-unstable-simd;
|
||||||
|
}))))
|
||||||
) self.nixosConfigurations
|
) self.nixosConfigurations
|
||||||
//
|
// nixos.lib.filterAttrs (name: attr:
|
||||||
nixos.lib.filterAttrs (name: _:
|
(builtins.match ".+-tftproot" name != null && lib.isDerivation attr)
|
||||||
builtins.match ".+-tftproot" name != null
|
|
||||||
) self.packages.aarch64-linux
|
) self.packages.aarch64-linux
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets."portunus/seed" = {
|
secrets."portunus/seed" = {
|
||||||
group = config.services.portunus.group;
|
inherit (config.services.portunus) group;
|
||||||
owner = config.services.portunus.user;
|
owner = config.services.portunus.user;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostRegistry, zentralwerk, config, ... }:
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
microvm.mem = 2048;
|
microvm.mem = 2048;
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, zentralwerk, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
mymqttui = pkgs.writeScriptBin "mqttui" ''
|
mymqttui = pkgs.writeScriptBin "mqttui" ''
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, nixpkgs, config, lib, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
webroot = "/var/www";
|
webroot = "/var/www";
|
||||||
geminiRoot = "/var/gemini";
|
geminiRoot = "/var/gemini";
|
||||||
|
@ -16,6 +16,8 @@ in
|
||||||
# Network setup
|
# Network setup
|
||||||
networking.hostName = "c3d2-web";
|
networking.hostName = "c3d2-web";
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
# telme10
|
||||||
|
23
|
||||||
# http/https
|
# http/https
|
||||||
80 443
|
80 443
|
||||||
# gemini
|
# gemini
|
||||||
|
@ -48,11 +50,14 @@ in
|
||||||
index portal.html index.html;
|
index portal.html index.html;
|
||||||
'';
|
'';
|
||||||
locations = {
|
locations = {
|
||||||
|
# Mastodon
|
||||||
|
"/.well-known/webfinger".return = "301 https://c3d2.social$request_uri";
|
||||||
|
|
||||||
# SpaceAPI
|
# SpaceAPI
|
||||||
"/status.png".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/status.png";
|
"/status.png".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/status.png";
|
||||||
"/spaceapi.json".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/spaceapi.json";
|
"/spaceapi.json".proxyPass = "http://[${config.c3d2.hosts.spaceapi.ip6}]:3000/spaceapi.json";
|
||||||
|
|
||||||
# WKD: Web Key Directory for PGP Keys
|
# WKD: Web Key Directory for PGP Keys
|
||||||
"/openpgp" = {
|
"/openpgp" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
autoindex off;
|
autoindex off;
|
||||||
|
@ -109,6 +114,15 @@ in
|
||||||
contentDir = geminiRoot;
|
contentDir = geminiRoot;
|
||||||
language = "de";
|
language = "de";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.packages = with pkgs; [ telme10 ];
|
||||||
|
|
||||||
|
systemd.services.telme10 = {
|
||||||
|
serviceConfig = {
|
||||||
|
AmbientCapabilities="CAP_NET_BIND_SERVICE";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# let agate access the tls certs
|
# let agate access the tls certs
|
||||||
systemd.services.agate = {
|
systemd.services.agate = {
|
||||||
requires = [ "agate-keys.service" ];
|
requires = [ "agate-keys.service" ];
|
||||||
|
@ -147,11 +161,17 @@ in
|
||||||
home = "/var/lib/c3d2-web";
|
home = "/var/lib/c3d2-web";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
users.groups.telme10 = {};
|
||||||
"d ${webroot}/c3d2 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
|
users.users.telme10 = {
|
||||||
"d ${webroot}/log 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
|
isSystemUser = true;
|
||||||
"d ${geminiRoot} 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
|
group = "telme10";
|
||||||
"d ${config.users.users.c3d2-web.home} 0700 c3d2-web ${config.users.users.c3d2-web.group} -"
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = with config.users.users.c3d2-web; [
|
||||||
|
"d ${webroot}/c3d2 0755 c3d2-web ${group} -"
|
||||||
|
"d ${webroot}/log 0755 c3d2-web ${group} -"
|
||||||
|
"d ${geminiRoot} 0755 c3d2-web ${group} -"
|
||||||
|
"d ${home} 0700 c3d2-web ${group} -"
|
||||||
];
|
];
|
||||||
|
|
||||||
# Build script
|
# Build script
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
};
|
};
|
||||||
microvm = {
|
microvm = {
|
||||||
vcpu = 8;
|
vcpu = 8;
|
||||||
mem = 8 * 1024;
|
mem = 16 * 1024;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.caveman = {
|
services.caveman = {
|
||||||
redis.maxmemory = config.microvm.mem * 1024 * 1024 * 3 / 2;
|
redis.maxmemory = config.microvm.mem * 1024 * 1024 / 2;
|
||||||
|
|
||||||
hunter = {
|
hunter = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -54,6 +54,11 @@
|
||||||
];
|
];
|
||||||
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.caveman.gatherer.settings.listen_port}/";
|
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.caveman.gatherer.settings.listen_port}/";
|
||||||
};
|
};
|
||||||
|
virtualHosts."relay.fedi.buzz" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".proxyPass = "http://127.0.0.1:${toString 3000}/";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,38 @@
|
||||||
{ hostRegistry, config, lib, pkgs, modulesPath, ... }:
|
{ hostRegistry, config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
streamAudioToOwncastScript = pkgs.writeScriptBin "stream-audio-to-owncast" ''
|
||||||
|
#! ${pkgs.runtimeShell} -e
|
||||||
|
|
||||||
|
PATH=${with pkgs; lib.makeBinPath [ coreutils pavucontrol gnome.zenity ffmpeg ]}
|
||||||
|
|
||||||
|
MOVIE="$(zenity --file-selection --title 'Select a video to loop')"
|
||||||
|
MOVIE_PREENCODED="/tmp/`basename $MOVIE`.mp4"
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo Preencoding the movie. Wait a bit...
|
||||||
|
echo
|
||||||
|
|
||||||
|
ffmpeg -i "$MOVIE" -an -s:v 480x320 -c:v libx264 -b:v 600k -f mp4 -y "$MOVIE_PREENCODED"
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "Starting stream. End with <q>"
|
||||||
|
echo
|
||||||
|
|
||||||
|
pavucontrol &
|
||||||
|
|
||||||
|
ffmpeg -f pulse -ac 2 -i default -stream_loop -1 -i "$MOVIE_PREENCODED" -c:a aac -c:v copy -f flv rtmp://owncast.serv.zentralwerk.org:1935/live/$(cat ${config.sops.secrets."owncast/authKey".path})
|
||||||
|
'';
|
||||||
|
|
||||||
|
streamAudioToOwncast = pkgs.makeDesktopItem rec {
|
||||||
|
name = "Stream to Owncast";
|
||||||
|
exec = "${streamAudioToOwncastScript}/bin/stream-audio-to-owncast";
|
||||||
|
icon = "media-record";
|
||||||
|
desktopName = name;
|
||||||
|
terminal = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
in
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = true;
|
isInHq = true;
|
||||||
|
@ -20,6 +53,11 @@
|
||||||
} ];
|
} ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
secrets."owncast/authKey".owner = "k-ot";
|
||||||
|
};
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
hardware.enableRedistributableFirmware = true;
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||||
|
|
||||||
|
@ -73,16 +111,16 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
buildCores = 4;
|
|
||||||
maxJobs = 1;
|
|
||||||
trustedUsers = [ "client" ];
|
|
||||||
extraOptions = ''
|
|
||||||
builders-use-substitutes = true
|
|
||||||
extra-platforms = armv6l-linux
|
|
||||||
'';
|
|
||||||
daemonCPUSchedPolicy = "idle";
|
daemonCPUSchedPolicy = "idle";
|
||||||
daemonIOSchedClass = "idle";
|
daemonIOSchedClass = "idle";
|
||||||
settings.system-features = [];
|
settings = {
|
||||||
|
builders-use-substitutes = true;
|
||||||
|
cores = 4;
|
||||||
|
extra-platforms = "armv6l-linux";
|
||||||
|
max-jobs = 1;
|
||||||
|
system-features = [];
|
||||||
|
trusted-users = [ "client" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
# kernel 32bit personality patch from Ubuntu
|
# kernel 32bit personality patch from Ubuntu
|
||||||
boot.kernelPatches = [
|
boot.kernelPatches = [
|
||||||
|
@ -119,6 +157,7 @@
|
||||||
libva-utils
|
libva-utils
|
||||||
mpv
|
mpv
|
||||||
vlc
|
vlc
|
||||||
|
ffmpeg
|
||||||
yt-dlp
|
yt-dlp
|
||||||
ncpamixer
|
ncpamixer
|
||||||
pulseaudio # required for pactl
|
pulseaudio # required for pactl
|
||||||
|
@ -130,6 +169,7 @@
|
||||||
bevy_julia
|
bevy_julia
|
||||||
bevy_mandelbrot
|
bevy_mandelbrot
|
||||||
allcolors
|
allcolors
|
||||||
|
streamAudioToOwncast
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,181 @@
|
||||||
|
owncast:
|
||||||
|
authKey: ENC[AES256_GCM,data:Q0Zx9g==,iv:3RB7efC9t6SXEP4/yR5Or/f3GN820RiApqTJC0G5zaw=,tag:UaiJAdGefjuwVd3gGwTXTg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1hg0mmua5y82ct7l6q9gpc8w940ce5seqcjhm4dgx7tlzvflznyas7v3hf4
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQ1l6MkNscFl3b0FReENC
|
||||||
|
cFozbUE4clBFSXlmSEtKaWFLV0I1aVFNVUg0ClhTTld1TkxsSWxWcDV1T2F6M0Ex
|
||||||
|
cHNGZnprMlljc1dBcG1iWEs5WTZGaFEKLS0tIHNrVk5uTDRwUlVkSVZxT0txUmxO
|
||||||
|
L0pDVlhTa0QyRWc5MHQ0dEJBOE1DMlkKXT0txgyo3DPYni8QKoZQqcmZckrKOehx
|
||||||
|
UJcHM6O7gwJ1cglkByFcAwhmMB+cPerUqsxoLt7RplILr2bET2gyyg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1OTFkbXNxWEYzZVZ0ZDlS
|
||||||
|
ak1VYlBzaThma3ZjaGVwZlNuaThXTHJFL2xjCkRMREdKdG9CTUNDZUZDY213cndI
|
||||||
|
ZVFBdEVVbDdwVUdyYzE0d3JVcHB0RnMKLS0tIFFvbVhsR1VKbWhQTzJsUXIzRzNI
|
||||||
|
K3I1KzNqT2RqL2I4alkrVGlBUWJjQjQKE8Icz22zUmZRlPLGBSVYK2O98jWTtsO2
|
||||||
|
sgEx3ZDqJi47bCqUKMhPz55TpIKsCx/bAAQ+qfV8g7DaoSz9UMk+/w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-12-04T21:39:27Z"
|
||||||
|
mac: ENC[AES256_GCM,data:PQtTAEXBgp6MuPl5+6SE/zaOuYGvDRpl0w9XYgUJJHhDqiIEQfcAYIUEKv+Dvtxj94TQZ3v2kjT4Y3FF0ROYIcN8H1K1PtVXRLu+vptr2+wZ1Mahg6K4Ukk1s0eiBB3vsGrMONqaky5Jqy4My3+0NMnBuIvlqErpoUT3Gin37do=,iv:RUTAvD/hczbaX7w7ROPQZNII3kTRnEBG6aMMkTHuV/M=,tag:XLgfZnnDM1ffv6uBLYJXmg==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2022-12-04T21:39:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA6j84+xkv3y7ARAAvea1x4I5nwUVUI5DHoflHivlVRauxetPBZoLIyfNklX3
|
||||||
|
oO2euRsEC66ZtuqDzSSoHpUM5NIdDPPgNf0sw6YJnbRH8F88ghNE87NXyevlvGnA
|
||||||
|
8IFOokn7ASjPk2DYLlh8xtZ+T7ZgAhIgv0lnZLa36n5h0tSL4t0OdGAnwWa9j9Mj
|
||||||
|
2gWGKymunpXMjRqEj/PGEuXEDRCdwpvmwi+8YKrh4D9dB67tepAA28MofSfJ5295
|
||||||
|
Sfyer+Hh41zPgYI2WeBRTS9Rn8Ea98Y5eWQsXIivG7+CnKl+uu53nzZevRJDk5NS
|
||||||
|
0qRsyIxeJvmX0fqLgHD1jZJ/UGeUoiRNNkifN9DVIikDj8coAyVCb3ebbQWs63nn
|
||||||
|
NL26fuONgZtfqF6DuIoFpGS+klQscWdmYQ729EIEvxzBo8jeSPnwf2ySyt8gA0J4
|
||||||
|
Y5lxnwoPl4b6nT4TAHSQ65HWxq2y2+KUT4oE3PrN883N5702Qlr6MxN3tFJ/V98x
|
||||||
|
7OyA9UjgkkHuFl7EnumkUOix3BqnBk5za4ABhWvYfBtm0nVVAnesEcjsIeT4ihJx
|
||||||
|
5lhi/CiNPth+PhsIDaqA2QVU2sjswgmOK3KbQcpktAROFoXTDayr2t4QNZUTmbWF
|
||||||
|
vwHxNIZ1CndzaPgl5WI4QJDerWErEPKVxf65HxrLtWft4MyhfevSfH63C0TO4YDS
|
||||||
|
UQHKQhF01t0ZXKPLnQDGAwZijyA7GD493Sr6pFMzenSipvwybvNEnfDOZuc7AU9b
|
||||||
|
4oXevCzGjpaub33hqorp1bcygwgl0aA1H3YvleyHBg5Mgw==
|
||||||
|
=sPOS
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||||
|
- created_at: "2022-12-04T21:39:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8zMZ+ak7y/zARAAuhnyVNytAgqL03jN9rXwwHuqgaqQ4SdjM7kTLe4WVCXJ
|
||||||
|
PwLtPoNNjlFqRKufXPQQuOBx2FMJl1yUQsI4P7OiWGak6/0f41U0bLFczTTGRgTh
|
||||||
|
vmEHwRtRGQAsWi5g+KqP0zAoiZNiBdk7s4THcA24tBBGViRtLS+swhV2SRvTT0NA
|
||||||
|
pLsOB/GpA94kEjfHhZ1RunKBMIxDKYaQvXUFlEPSkv/Q6ek8Tc3wgPMUp5wiN+cz
|
||||||
|
q628/KNM78nWCEyV0rQ3YAccnC6h1Wb6cHCOKE6jJJTfwm503tzZv1klQUkKrP0j
|
||||||
|
BvgFGIdn76XTER47A3sPweDbnHV8Z0qxnJ4z6YGN5zYW4HVAOWCSvI1OvM1q9oIj
|
||||||
|
SiwXVUIuhhGj1kb3LPstSWJvPmJR0bgmO4xSMYpB2d71iRTL7S82p9aWk3/Zzcr7
|
||||||
|
DNYWFxs0r7s0L0xJCDma0fM6krGof/ZcCdo1eRgSJZWbPrGL8ips++9/Fm0/xgzf
|
||||||
|
A8CxWpnWRE6S3dBRQZNfHOn9OyHJGKNVR85mF/gPI14viYmr9iJ4gqDzLcZF27V6
|
||||||
|
uasJrcnaKkSL8fBah4UiT3lRfNqX24HXZnDMhTHwJD1RQHn4qvmE+FiB4m8SEYS0
|
||||||
|
TCLTCxuWZV0p9MtzQbNyadmpCxb5JL2EugKaal2pW2cxhMuUryV8axj7QhD2UJ/S
|
||||||
|
UQE421UkjynmGgjRa8jYiS4sFYlrbNsHLAtRlinRyNya2je8vyOZNekQl59sVYA3
|
||||||
|
mb7bgu0XN1Y3cZtKAxughzSpkLjSGCR9GebNawKdUUcsPg==
|
||||||
|
=VokK
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A
|
||||||
|
- created_at: "2022-12-04T21:39:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcBMA45bZkLXmBFpAQf/XjbniHgbytyURYZ3qFCzijhLi7e99Q2jdsOQTQG4sOoE
|
||||||
|
jpPlOP4yU6lGjnYfQVYqH7CgyquqGrSB3M4ZHxUR2916xveG8vjWDUhURGWAUXwk
|
||||||
|
ho5dGm+HZGMJdETCmmCTALqxlrv/TgrUiUfSn1C9MKloR4PxYDFqupk9Bl5RyvQT
|
||||||
|
xdcIzVM6/7+xCasBErKoIQ3YoPKlxNWkr73S4Y/jhEVVaxEZWHoyCtK7SRDA4GOi
|
||||||
|
nIO2TMQ/eCbnrHbftwUsZNkeP1bee3+U7wiPOXOozftLrA2FYuT+SmCOK1/xaqHT
|
||||||
|
n4WwcPamFNqWqWMGyVNQd/rR0/Ry+hDYbY4jzm2+vtJRAXNtZLLw5BmnAbpZ0PY5
|
||||||
|
eBUYkDMJ81ua+I9fJIzg0WtbLTBWeIo50v6SrrUuCXdBbtvtsvMBPHuGDdwoqM61
|
||||||
|
kJoAZV8D9JDznjOnn0wUlFtF
|
||||||
|
=55R4
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||||
|
- created_at: "2022-12-04T21:39:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAwMCBBrc/JA6AQ/+Ksp81JefhSw9XHfgtutZRbx/yhPi+OX2mMDNPjPpNykT
|
||||||
|
zSMVuZWA2Io/RxmVCOrEcJi1hHGZ989tZS8vPWyB+ddnnCx1h78PabJh0d/jqUN3
|
||||||
|
XTKli26QtGKvMPioVg89NQjD0pTqoHc6tTXdOP1XSS7R6lZCxz4hTn39jPwrhSgA
|
||||||
|
z5GocHUfTWoSYoG5GV8jsKrWNUqd6HwoKlucTku64SvquJQ8Ld+VeiwAbcxXtPAa
|
||||||
|
QuQ3cXkerYen5l86Hp8NkyqOub+DW5fgPfC5LqBdEhjp3tH0HUHsK9CWHv+3tQ+l
|
||||||
|
fDpmGt3RVQ5X5NJM1QKJeVkX33HI3ntqnhThnVbC6R1FBASaabQzyekdHpu1JWxM
|
||||||
|
YP5gh04+VZm0qdoPMgPin1aSKvNBCzyQqNK4f7/iwz/beX5V3wnq7G2hsfDQCzBt
|
||||||
|
W0y0bv7q0ToWlXmj/A2dytxHb0bWIRsbXU2p2Szl/ccoLDZYH5Mz/ZKrKH5xtD9Z
|
||||||
|
z4hq6p8WO2dAe2dkN48Bd8xbddNUs0Xem73T9FoHNKIcWMP/CA7Ir7p0agnYs7id
|
||||||
|
Dni/BB5bm6XIwqpwOPG2TqNl051MSVDLXB1ia88Z5WvRL+EYdm4o0xGzL1fPPxWX
|
||||||
|
S85Y0pe8QGxd8qikPHlHmFc0TLB05yN3LT17+CC1T3zjlNff0uMdFgiioLJHwz7S
|
||||||
|
UQGMPRKXvg1RZiU1GUfaXG/PFH/KAouKx+m97iCRzg2SNULNakq0tvWIV4Fp19yn
|
||||||
|
DpQs+g2eq7KYwW/udKzDpGOM2/IDY/s07YCipn48XEfaDw==
|
||||||
|
=7TJ4
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||||
|
- created_at: "2022-12-04T21:39:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA9XEenRNYVGHARAAkzr6nZaSnq88e+JHXvkKGBqxduAfWFlGvXYrp/2e1tyy
|
||||||
|
BCpiMCXrzoend43/Kz5pTCjV3KvcYOl22OYJMi2mYObsJKoi1ftInL5mc6NPMU/O
|
||||||
|
ixJncQ8NBa3lv3HGO1j9xETLLTt3220gUc4CKo65YkaIsJYumw2oCAbFhCdZy17g
|
||||||
|
qlzjFRy8VfWad48nAezymnfGFdTWKThxGzvOJLo5Jm98UIt2lC5T7vZjEwQSsjra
|
||||||
|
EnF/I6sAeT9kEVg17m2CEFK5LVb/4GtSr/rXFUDbihO3OVYRbdGk/7y4lo55pRi2
|
||||||
|
daZcwUFCqdj83QUUYimYpXQWhgyBSgIWCK7vb6Sr0rO7j0poqncpm3gX3dlIzmDk
|
||||||
|
bK8N+Heb7u7kZ24+p96jabgEBphLgPepE2fMoXFpnZ2P2e8QgiA8b/5Rqq2KomYD
|
||||||
|
4hbqUmSTpG1j+77+l5LMkbg/ugzRd3VviJO5dKsNvaUsKz7e5NNRV3mvtgaakP1s
|
||||||
|
ygQ3DBnJibKiR2QR6pJRvLAlNTy/bguKCZI8DCMO7SWlRuatBujV3htlG2AgzrKp
|
||||||
|
KLRSU4HuoyZXiOsqNA4tVH4ZklzXzhNAELt30+yYNJbS8evcd3ZZZnfsaZmr3jWE
|
||||||
|
jK2vXo+FUkbJHQrCLCHymURH+TijvvOgCYSYTmzvn7R+4Esfs+abrWugoXLwoznS
|
||||||
|
UQGIyCN+1XfmWTkHiiygdNWRb4HdB8OTTe75rsPnTJSmKbYhafE/Iqhf9rDEPNUk
|
||||||
|
e5l1I1sgwYq/bR2FKd1iWAfZlqa39dOi/C/tBD2KnuISOA==
|
||||||
|
=Ut63
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||||
|
- created_at: "2022-12-04T21:39:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcBMA/Z87ylQaotQAQf9GF9yX0w0OwL251Ex76j3k3MF1Q0qOfgjsDBY3Ow56VO+
|
||||||
|
KhJ0Ugn0beKoYZrVn2ezvJZaNa7YAPry/oomul/Kvv3rTZDh2bs4lBu8qrjznj+m
|
||||||
|
bdX+dtKr3znJkkqqQkA+DF8bQ9DoZxDDz7FNQSuZocn+TpMn253cl0vBi7gyxxpb
|
||||||
|
Rfch55vZrhpGU2+QfH9euqSv8k3fOMbMEwVHL82uGybxN7a2fe/BtRwuyeSRjyGl
|
||||||
|
q1L4FrF1w1aUDp4M7bK+3eo2WpqCH9UxgLu74DW6SdVM3MV0B/IUXRU1rEqV4vja
|
||||||
|
bLMxnJ6xsByKsOVUP2ivalTnLyrtZPOcJ1wDe2SCKdJRAaegKPecQEqIuGuWBlng
|
||||||
|
t/W+RD/P0CqtDvly/2ALLZtAmyvXloCOtrMWkz/bnGpoqOlNL609FkY05RY3Quvm
|
||||||
|
C2OTSTvQ//MP7BPV99syTVTo
|
||||||
|
=xgMp
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9EA68B7F21204979645182E4287B083353C3241C
|
||||||
|
- created_at: "2022-12-04T21:39:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA9qJIVK2WMV7AQ//c9HmDg63M7yWpeVOx7Eha/QVzPtXyJ7/G9dJrGltLbUj
|
||||||
|
B8xn/BeDT+ARVDRFnGJS053RxHJz5WqCIdcEQTZlD4GHp3Ez7vtXPEUJNymTmug7
|
||||||
|
VrCX4GhNjKdb55SlTkoeAbxdlUfyPUIhaLcdQ8pzHqyurcpRs8ZuYoSENbNoAbYY
|
||||||
|
NZbNJZoKJTc2vmI2zrO1HtVNc8HZYtnN5dawvlCn66Q3lhNLZ1wR4AFmmKvKgKIR
|
||||||
|
XFAjbsoEUDlYNBDw+yv8jkB179+wa6pLAhIaJ8NM2asimUz7GWxDumgesNbacTR0
|
||||||
|
ZJXrQWyuHruQ1FbZdVJ3+Ko2S2JnAiN7Ezmauqo3IQGt++ZXNOC5dl/FusY25TQ9
|
||||||
|
lpAW+klKkIqMfIZU0WsWWufhgv6cI8HqPY9z5TalSrGB5zyJeW2bnU2/ZAr5yNH8
|
||||||
|
/rOJVVF/1c4xkEqE0/Coy2ZqbE1IOTq5aiqaMuZIToSn+ftvg2KIxkdEvQ8gVigU
|
||||||
|
uZfnZ4HN0FQqJ2/9BHHFlhW8CdWdffTk8m2GEdfyjH+WIPCoRyvbf7RWAad8NFni
|
||||||
|
RHTf8+Uee5R2hth82UO0wSlMrLrQwdS7ju6ctpag1gm2YxEHRZBs6hnD8Ade//xR
|
||||||
|
RFkmcW5BICAPbBmJM4o1HSUjYqGhk46xU7y3UVNs4R144DtqEAMwjWE7U/IsvRTS
|
||||||
|
UQF2/UFLDd/LgVHt1uVhpzuWl5ot97FU6HIPSYrlkOPAzI49VQ0H+tLlywMbgjcD
|
||||||
|
0HoNDhCDgzTzp2/loq3wECS93QAx6L9+zHpUz+2db9LBFw==
|
||||||
|
=356k
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||||
|
- created_at: "2022-12-04T21:39:01Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA/YLzOYaRIJJAQ/8CFz+BjJA03Sgq6TeYzycAjdSFi3mTZ50L/sGvj2B5WBQ
|
||||||
|
WnVwA7tWSSQGmt91XZwSNgf7PTCgm3v6zMTHnYN5WMwk9vaDL/WIGbqD1LZw4zgK
|
||||||
|
fD+Lm/Yc/0vPrEahL9irCb9jrolWGagdPzQYqRLReD1aB5NnYp96FuELm6RF2YC9
|
||||||
|
AU6ZxrtrQkEZ61SsAP9ODTruRmCtmtpbJYweN1CmkatMj8yIu4I/Y939T5lx8V8F
|
||||||
|
ZgT89f/p795/2uFWJ4HpZk0Rkq78RJCO8HytKEw1CVS55P49PnjKKxqzyESZCaVU
|
||||||
|
bLI5MKUQowBSmgoHZWd+B4DO/7+4sgu30A4CuldZR2SZOqW+FwdEAuwdK8HrG9G8
|
||||||
|
d0gzujb4Iq7PtqbAMErr7h73hTXdBeFrUG8z5mgWmeEhP9o0Zlx/oXGpi2JOJYBb
|
||||||
|
VySPDLQxWBV65XpM0Qb8zxsKYAIrouy8YmbbrbNX8nzG/KLgUaNJcj3PYp3WI/cs
|
||||||
|
4MkBc2nh4s6OLGJ7YP5AoCayPSuFwsJ/+WZ+neQ6X1gkgSFtYmb/LoTSU4w35xPi
|
||||||
|
rbDwqxf2Lg1MbPP+hhW/Y0fZKVWUcLs9x4EbhS5LlmlKC66mRXgATKozLpivjDOa
|
||||||
|
kTTIwptGeo02NTIeEegP24AmMvXnvvFzUBZmN57ztCuj/Sckc7ICTMrFV8vo2fXS
|
||||||
|
UQHWb0zzNY1kk5Ui+kL2exUHdIdGDD8lc2Cpz40Fo6emfIGVlNgCCDK/upnu/Ims
|
||||||
|
GE35n8h33MapqihsFQpXJ2lNkzuckV/yIRUfRXTkP4miXw==
|
||||||
|
=RITE
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
|
@ -1,7 +1,6 @@
|
||||||
{ pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
|
||||||
domain = "direkthilfe.c3d2.de";
|
{
|
||||||
in {
|
|
||||||
networking.hostName = "direkthilfe";
|
networking.hostName = "direkthilfe";
|
||||||
microvm.mem = 1024;
|
microvm.mem = 1024;
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
|
@ -27,7 +26,7 @@ in {
|
||||||
|
|
||||||
services.engelsystem = {
|
services.engelsystem = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = domain;
|
domain = "direkthilfe.c3d2.de";
|
||||||
createDatabase = true;
|
createDatabase = true;
|
||||||
package = pkgs.engelsystem.override { php = pkgs.php74; };
|
package = pkgs.engelsystem.override { php = pkgs.php74; };
|
||||||
config = {
|
config = {
|
||||||
|
@ -64,7 +63,7 @@ in {
|
||||||
services.phpfpm.phpPackage = pkgs.php74;
|
services.phpfpm.phpPackage = pkgs.php74;
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${domain}" = {
|
virtualHosts."${config.services.engelsystem.domain}" = {
|
||||||
default = true;
|
default = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -140,7 +140,7 @@ in {
|
||||||
}
|
}
|
||||||
'' else
|
'' else
|
||||||
"";
|
"";
|
||||||
interface = if conf ? interface then conf.interface else name;
|
interface = conf.interface or name;
|
||||||
in "${neighbor4}${neighbor6}") neighbors));
|
in "${neighbor4}${neighbor6}") neighbors));
|
||||||
in ''
|
in ''
|
||||||
protocol kernel {
|
protocol kernel {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, zentralwerk, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "gitea";
|
hostName = "gitea";
|
||||||
hosts = {
|
hosts = with zentralwerk.lib.config.site.net.serv; {
|
||||||
"2a00:8180:2c00:282::48" = [ "auth.c3d2.de" ];
|
${hosts6.up4.auth} = [ "auth.c3d2.de" ];
|
||||||
"172.20.73.72" = [ "auth.c3d2.de" ];
|
${hosts4.auth} = [ "auth.c3d2.de" ];
|
||||||
};
|
};
|
||||||
firewall.allowedTCPPorts = [ 80 443 2222 ];
|
firewall.allowedTCPPorts = [ 80 443 2222 ];
|
||||||
};
|
};
|
||||||
|
@ -60,7 +60,7 @@
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
};
|
};
|
||||||
"cron.repo_health_check" = {
|
"cron.repo_health_check" = {
|
||||||
TIMEOUT = "120s";
|
TIMEOUT = "300s";
|
||||||
};
|
};
|
||||||
"cron.resync_all_sshkeys" = {
|
"cron.resync_all_sshkeys" = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ ./hardware-configuration.nix ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
@ -13,9 +13,9 @@
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
nix = {
|
nix.settings = {
|
||||||
buildCores = 4;
|
cores = 4;
|
||||||
maxJobs = 4;
|
max-jobs = 4;
|
||||||
};
|
};
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules =
|
boot.initrd.availableKernelModules =
|
||||||
[ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
[ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" "nct6775" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
|
@ -24,6 +24,5 @@
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 4;
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
c3d2.hq.statistics.enable = true;
|
c3d2.hq.statistics.enable = true;
|
||||||
c3d2.deployment = {
|
deployment = {
|
||||||
server = "server10";
|
# needs to keep just its ssh key for sops-nix
|
||||||
mounts = [ "etc" "var" ];
|
persistedShares = [ "/etc" "/var" ];
|
||||||
|
mem = 1024;
|
||||||
};
|
};
|
||||||
microvm.mem = 1024;
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "gnunet";
|
hostName = "gnunet";
|
||||||
|
|
|
@ -3,30 +3,38 @@
|
||||||
"list": [
|
"list": [
|
||||||
{
|
{
|
||||||
"builtIn": 1,
|
"builtIn": 1,
|
||||||
"datasource": "-- Grafana --",
|
"datasource": {
|
||||||
|
"type": "datasource",
|
||||||
|
"uid": "grafana"
|
||||||
|
},
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"hide": true,
|
"hide": true,
|
||||||
"iconColor": "rgba(0, 211, 255, 1)",
|
"iconColor": "rgba(0, 211, 255, 1)",
|
||||||
"name": "Annotations & Alerts",
|
"name": "Annotations & Alerts",
|
||||||
|
"target": {
|
||||||
|
"limit": 100,
|
||||||
|
"matchAny": false,
|
||||||
|
"tags": [],
|
||||||
|
"type": "dashboard"
|
||||||
|
},
|
||||||
"type": "dashboard"
|
"type": "dashboard"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"editable": true,
|
"editable": true,
|
||||||
"gnetId": null,
|
"fiscalYearStartMonth": 0,
|
||||||
"graphTooltip": 0,
|
"graphTooltip": 0,
|
||||||
"id": 21,
|
|
||||||
"links": [],
|
"links": [],
|
||||||
|
"liveNow": false,
|
||||||
"panels": [
|
"panels": [
|
||||||
{
|
{
|
||||||
"aliasColors": {},
|
"aliasColors": {},
|
||||||
"bars": false,
|
"bars": false,
|
||||||
"dashLength": 10,
|
"dashLength": 10,
|
||||||
"dashes": false,
|
"dashes": false,
|
||||||
"datasource": null,
|
"datasource": {
|
||||||
"fieldConfig": {
|
"type": "influxdb",
|
||||||
"defaults": {},
|
"uid": "P79EA3E036FD9FF91"
|
||||||
"overrides": []
|
|
||||||
},
|
},
|
||||||
"fill": 6,
|
"fill": 6,
|
||||||
"fillGradient": 0,
|
"fillGradient": 0,
|
||||||
|
@ -55,7 +63,7 @@
|
||||||
"alertThreshold": true
|
"alertThreshold": true
|
||||||
},
|
},
|
||||||
"percentage": false,
|
"percentage": false,
|
||||||
"pluginVersion": "7.5.11",
|
"pluginVersion": "9.3.1",
|
||||||
"pointradius": 2,
|
"pointradius": 2,
|
||||||
"points": false,
|
"points": false,
|
||||||
"renderer": "flot",
|
"renderer": "flot",
|
||||||
|
@ -66,6 +74,10 @@
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"alias": "$tag_host C2S $tag_type_instance",
|
"alias": "$tag_host C2S $tag_type_instance",
|
||||||
|
"datasource": {
|
||||||
|
"type": "influxdb",
|
||||||
|
"uid": "P79EA3E036FD9FF91"
|
||||||
|
},
|
||||||
"groupBy": [
|
"groupBy": [
|
||||||
{
|
{
|
||||||
"params": [
|
"params": [
|
||||||
|
@ -121,9 +133,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"thresholds": [],
|
"thresholds": [],
|
||||||
"timeFrom": null,
|
|
||||||
"timeRegions": [],
|
"timeRegions": [],
|
||||||
"timeShift": null,
|
|
||||||
"title": "Client to Server connections",
|
"title": "Client to Server connections",
|
||||||
"tooltip": {
|
"tooltip": {
|
||||||
"shared": true,
|
"shared": true,
|
||||||
|
@ -132,9 +142,7 @@
|
||||||
},
|
},
|
||||||
"type": "graph",
|
"type": "graph",
|
||||||
"xaxis": {
|
"xaxis": {
|
||||||
"buckets": null,
|
|
||||||
"mode": "time",
|
"mode": "time",
|
||||||
"name": null,
|
|
||||||
"show": true,
|
"show": true,
|
||||||
"values": []
|
"values": []
|
||||||
},
|
},
|
||||||
|
@ -142,75 +150,107 @@
|
||||||
{
|
{
|
||||||
"$$hashKey": "object:58",
|
"$$hashKey": "object:58",
|
||||||
"format": "short",
|
"format": "short",
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
"logBase": 1,
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
"show": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"$$hashKey": "object:59",
|
"$$hashKey": "object:59",
|
||||||
"format": "short",
|
"format": "short",
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
"logBase": 1,
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
"show": true
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"yaxis": {
|
"yaxis": {
|
||||||
"align": false,
|
"align": false
|
||||||
"alignLevel": null
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"aliasColors": {},
|
"datasource": {
|
||||||
"bars": false,
|
"type": "influxdb",
|
||||||
"dashLength": 10,
|
"uid": "P79EA3E036FD9FF91"
|
||||||
"dashes": false,
|
},
|
||||||
"datasource": null,
|
|
||||||
"fieldConfig": {
|
"fieldConfig": {
|
||||||
"defaults": {},
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 60,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "never",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"min": 0,
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "short"
|
||||||
|
},
|
||||||
"overrides": []
|
"overrides": []
|
||||||
},
|
},
|
||||||
"fill": 6,
|
|
||||||
"fillGradient": 0,
|
|
||||||
"gridPos": {
|
"gridPos": {
|
||||||
"h": 9,
|
"h": 9,
|
||||||
"w": 12,
|
"w": 12,
|
||||||
"x": 12,
|
"x": 12,
|
||||||
"y": 0
|
"y": 0
|
||||||
},
|
},
|
||||||
"hiddenSeries": false,
|
|
||||||
"id": 3,
|
"id": 3,
|
||||||
"interval": "180",
|
"interval": "180",
|
||||||
"legend": {
|
|
||||||
"avg": false,
|
|
||||||
"current": false,
|
|
||||||
"max": false,
|
|
||||||
"min": false,
|
|
||||||
"show": true,
|
|
||||||
"total": false,
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"lines": true,
|
|
||||||
"linewidth": 1,
|
|
||||||
"nullPointMode": "null as zero",
|
|
||||||
"options": {
|
"options": {
|
||||||
"alertThreshold": true
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "multi",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"percentage": false,
|
"pluginVersion": "9.3.1",
|
||||||
"pluginVersion": "7.5.11",
|
|
||||||
"pointradius": 2,
|
|
||||||
"points": false,
|
|
||||||
"renderer": "flot",
|
|
||||||
"seriesOverrides": [],
|
|
||||||
"spaceLength": 10,
|
|
||||||
"stack": true,
|
|
||||||
"steppedLine": false,
|
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"alias": "$tag_host S2S $tag_type_instance",
|
"alias": "$tag_host S2S $tag_type_instance",
|
||||||
|
"datasource": {
|
||||||
|
"type": "influxdb",
|
||||||
|
"uid": "P79EA3E036FD9FF91"
|
||||||
|
},
|
||||||
"groupBy": [
|
"groupBy": [
|
||||||
{
|
{
|
||||||
"params": [
|
"params": [
|
||||||
|
@ -266,98 +306,97 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"thresholds": [],
|
|
||||||
"timeFrom": null,
|
|
||||||
"timeRegions": [],
|
|
||||||
"timeShift": null,
|
|
||||||
"title": "Incoming Server to Server connections",
|
"title": "Incoming Server to Server connections",
|
||||||
"tooltip": {
|
"type": "timeseries"
|
||||||
"shared": true,
|
|
||||||
"sort": 0,
|
|
||||||
"value_type": "individual"
|
|
||||||
},
|
|
||||||
"type": "graph",
|
|
||||||
"xaxis": {
|
|
||||||
"buckets": null,
|
|
||||||
"mode": "time",
|
|
||||||
"name": null,
|
|
||||||
"show": true,
|
|
||||||
"values": []
|
|
||||||
},
|
|
||||||
"yaxes": [
|
|
||||||
{
|
|
||||||
"$$hashKey": "object:58",
|
|
||||||
"format": "short",
|
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"$$hashKey": "object:59",
|
|
||||||
"format": "short",
|
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"yaxis": {
|
|
||||||
"align": false,
|
|
||||||
"alignLevel": null
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"aliasColors": {},
|
"datasource": {
|
||||||
"bars": false,
|
"type": "influxdb",
|
||||||
"dashLength": 10,
|
"uid": "P79EA3E036FD9FF91"
|
||||||
"dashes": false,
|
},
|
||||||
"datasource": null,
|
|
||||||
"description": "",
|
"description": "",
|
||||||
"fieldConfig": {
|
"fieldConfig": {
|
||||||
"defaults": {},
|
"defaults": {
|
||||||
|
"color": {
|
||||||
|
"mode": "palette-classic"
|
||||||
|
},
|
||||||
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
|
"axisLabel": "",
|
||||||
|
"axisPlacement": "auto",
|
||||||
|
"barAlignment": 0,
|
||||||
|
"drawStyle": "line",
|
||||||
|
"fillOpacity": 60,
|
||||||
|
"gradientMode": "none",
|
||||||
|
"hideFrom": {
|
||||||
|
"legend": false,
|
||||||
|
"tooltip": false,
|
||||||
|
"viz": false
|
||||||
|
},
|
||||||
|
"lineInterpolation": "linear",
|
||||||
|
"lineWidth": 1,
|
||||||
|
"pointSize": 5,
|
||||||
|
"scaleDistribution": {
|
||||||
|
"type": "linear"
|
||||||
|
},
|
||||||
|
"showPoints": "never",
|
||||||
|
"spanNulls": false,
|
||||||
|
"stacking": {
|
||||||
|
"group": "A",
|
||||||
|
"mode": "normal"
|
||||||
|
},
|
||||||
|
"thresholdsStyle": {
|
||||||
|
"mode": "off"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"mappings": [],
|
||||||
|
"min": 0,
|
||||||
|
"thresholds": {
|
||||||
|
"mode": "absolute",
|
||||||
|
"steps": [
|
||||||
|
{
|
||||||
|
"color": "green",
|
||||||
|
"value": null
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"color": "red",
|
||||||
|
"value": 80
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"unit": "short"
|
||||||
|
},
|
||||||
"overrides": []
|
"overrides": []
|
||||||
},
|
},
|
||||||
"fill": 6,
|
|
||||||
"fillGradient": 0,
|
|
||||||
"gridPos": {
|
"gridPos": {
|
||||||
"h": 9,
|
"h": 9,
|
||||||
"w": 12,
|
"w": 12,
|
||||||
"x": 12,
|
"x": 12,
|
||||||
"y": 9
|
"y": 9
|
||||||
},
|
},
|
||||||
"hiddenSeries": false,
|
|
||||||
"id": 4,
|
"id": 4,
|
||||||
"interval": "180",
|
"interval": "180",
|
||||||
"legend": {
|
|
||||||
"avg": false,
|
|
||||||
"current": false,
|
|
||||||
"max": false,
|
|
||||||
"min": false,
|
|
||||||
"show": true,
|
|
||||||
"total": false,
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"lines": true,
|
|
||||||
"linewidth": 1,
|
|
||||||
"nullPointMode": "null as zero",
|
|
||||||
"options": {
|
"options": {
|
||||||
"alertThreshold": true
|
"legend": {
|
||||||
|
"calcs": [],
|
||||||
|
"displayMode": "list",
|
||||||
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
|
},
|
||||||
|
"tooltip": {
|
||||||
|
"mode": "multi",
|
||||||
|
"sort": "none"
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"percentage": false,
|
"pluginVersion": "9.3.1",
|
||||||
"pluginVersion": "7.5.11",
|
|
||||||
"pointradius": 2,
|
|
||||||
"points": false,
|
|
||||||
"renderer": "flot",
|
|
||||||
"seriesOverrides": [],
|
|
||||||
"spaceLength": 10,
|
|
||||||
"stack": true,
|
|
||||||
"steppedLine": false,
|
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"alias": "$tag_host S2S out $tag_type_instance",
|
"alias": "$tag_host S2S out $tag_type_instance",
|
||||||
|
"datasource": {
|
||||||
|
"type": "influxdb",
|
||||||
|
"uid": "P79EA3E036FD9FF91"
|
||||||
|
},
|
||||||
"groupBy": [
|
"groupBy": [
|
||||||
{
|
{
|
||||||
"params": [
|
"params": [
|
||||||
|
@ -412,64 +451,25 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"thresholds": [],
|
|
||||||
"timeFrom": null,
|
|
||||||
"timeRegions": [],
|
|
||||||
"timeShift": null,
|
|
||||||
"title": "Outgoing Server to Server connections",
|
"title": "Outgoing Server to Server connections",
|
||||||
"tooltip": {
|
"type": "timeseries"
|
||||||
"shared": true,
|
|
||||||
"sort": 0,
|
|
||||||
"value_type": "individual"
|
|
||||||
},
|
|
||||||
"type": "graph",
|
|
||||||
"xaxis": {
|
|
||||||
"buckets": null,
|
|
||||||
"mode": "time",
|
|
||||||
"name": null,
|
|
||||||
"show": true,
|
|
||||||
"values": []
|
|
||||||
},
|
|
||||||
"yaxes": [
|
|
||||||
{
|
|
||||||
"$$hashKey": "object:58",
|
|
||||||
"format": "short",
|
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"$$hashKey": "object:59",
|
|
||||||
"format": "short",
|
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"yaxis": {
|
|
||||||
"align": false,
|
|
||||||
"alignLevel": null
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"refresh": "5s",
|
"refresh": "5s",
|
||||||
"schemaVersion": 27,
|
"schemaVersion": 37,
|
||||||
"style": "dark",
|
"style": "dark",
|
||||||
"tags": [],
|
"tags": [],
|
||||||
"templating": {
|
"templating": {
|
||||||
"list": []
|
"list": []
|
||||||
},
|
},
|
||||||
"time": {
|
"time": {
|
||||||
"from": "now-2d",
|
"from": "now-30d",
|
||||||
"to": "now"
|
"to": "now"
|
||||||
},
|
},
|
||||||
"timepicker": {},
|
"timepicker": {},
|
||||||
"timezone": "",
|
"timezone": "",
|
||||||
"title": "Prosody",
|
"title": "Prosody",
|
||||||
"uid": "UX0rEpd7z",
|
"uid": "UX0rEpd7z",
|
||||||
"version": 3
|
"version": 1,
|
||||||
}
|
"weekStart": ""
|
||||||
|
}
|
|
@ -26,7 +26,6 @@
|
||||||
"editable": true,
|
"editable": true,
|
||||||
"fiscalYearStartMonth": 0,
|
"fiscalYearStartMonth": 0,
|
||||||
"graphTooltip": 0,
|
"graphTooltip": 0,
|
||||||
"iteration": 1655678212481,
|
|
||||||
"links": [],
|
"links": [],
|
||||||
"liveNow": false,
|
"liveNow": false,
|
||||||
"panels": [
|
"panels": [
|
||||||
|
@ -41,6 +40,8 @@
|
||||||
"mode": "palette-classic"
|
"mode": "palette-classic"
|
||||||
},
|
},
|
||||||
"custom": {
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
@ -99,7 +100,8 @@
|
||||||
"legend": {
|
"legend": {
|
||||||
"calcs": [],
|
"calcs": [],
|
||||||
"displayMode": "list",
|
"displayMode": "list",
|
||||||
"placement": "bottom"
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
},
|
},
|
||||||
"tooltip": {
|
"tooltip": {
|
||||||
"mode": "multi",
|
"mode": "multi",
|
||||||
|
@ -199,7 +201,7 @@
|
||||||
"alertThreshold": true
|
"alertThreshold": true
|
||||||
},
|
},
|
||||||
"percentage": false,
|
"percentage": false,
|
||||||
"pluginVersion": "8.5.6",
|
"pluginVersion": "9.3.1",
|
||||||
"pointradius": 2,
|
"pointradius": 2,
|
||||||
"points": false,
|
"points": false,
|
||||||
"renderer": "flot",
|
"renderer": "flot",
|
||||||
|
@ -322,6 +324,8 @@
|
||||||
"mode": "palette-classic"
|
"mode": "palette-classic"
|
||||||
},
|
},
|
||||||
"custom": {
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
@ -380,7 +384,8 @@
|
||||||
"legend": {
|
"legend": {
|
||||||
"calcs": [],
|
"calcs": [],
|
||||||
"displayMode": "list",
|
"displayMode": "list",
|
||||||
"placement": "bottom"
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
},
|
},
|
||||||
"tooltip": {
|
"tooltip": {
|
||||||
"mode": "multi",
|
"mode": "multi",
|
||||||
|
@ -535,6 +540,8 @@
|
||||||
"mode": "palette-classic"
|
"mode": "palette-classic"
|
||||||
},
|
},
|
||||||
"custom": {
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
"axisLabel": "Temperature",
|
"axisLabel": "Temperature",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
@ -621,8 +628,9 @@
|
||||||
"options": {
|
"options": {
|
||||||
"legend": {
|
"legend": {
|
||||||
"calcs": [],
|
"calcs": [],
|
||||||
"displayMode": "hidden",
|
"displayMode": "list",
|
||||||
"placement": "bottom"
|
"placement": "bottom",
|
||||||
|
"showLegend": false
|
||||||
},
|
},
|
||||||
"tooltip": {
|
"tooltip": {
|
||||||
"mode": "single",
|
"mode": "single",
|
||||||
|
@ -862,7 +870,7 @@
|
||||||
"alertThreshold": true
|
"alertThreshold": true
|
||||||
},
|
},
|
||||||
"percentage": false,
|
"percentage": false,
|
||||||
"pluginVersion": "8.5.6",
|
"pluginVersion": "9.3.1",
|
||||||
"pointradius": 2,
|
"pointradius": 2,
|
||||||
"points": false,
|
"points": false,
|
||||||
"renderer": "flot",
|
"renderer": "flot",
|
||||||
|
@ -992,6 +1000,8 @@
|
||||||
"mode": "palette-classic"
|
"mode": "palette-classic"
|
||||||
},
|
},
|
||||||
"custom": {
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
@ -1172,8 +1182,9 @@
|
||||||
"options": {
|
"options": {
|
||||||
"legend": {
|
"legend": {
|
||||||
"calcs": [],
|
"calcs": [],
|
||||||
"displayMode": "hidden",
|
"displayMode": "list",
|
||||||
"placement": "bottom"
|
"placement": "bottom",
|
||||||
|
"showLegend": false
|
||||||
},
|
},
|
||||||
"tooltip": {
|
"tooltip": {
|
||||||
"mode": "multi",
|
"mode": "multi",
|
||||||
|
@ -1269,6 +1280,8 @@
|
||||||
"mode": "palette-classic"
|
"mode": "palette-classic"
|
||||||
},
|
},
|
||||||
"custom": {
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
@ -1362,7 +1375,8 @@
|
||||||
"max"
|
"max"
|
||||||
],
|
],
|
||||||
"displayMode": "table",
|
"displayMode": "table",
|
||||||
"placement": "bottom"
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
},
|
},
|
||||||
"tooltip": {
|
"tooltip": {
|
||||||
"mode": "multi",
|
"mode": "multi",
|
||||||
|
@ -1533,6 +1547,8 @@
|
||||||
"mode": "palette-classic"
|
"mode": "palette-classic"
|
||||||
},
|
},
|
||||||
"custom": {
|
"custom": {
|
||||||
|
"axisCenteredZero": false,
|
||||||
|
"axisColorMode": "text",
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
@ -1566,8 +1582,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -1591,7 +1606,8 @@
|
||||||
"legend": {
|
"legend": {
|
||||||
"calcs": [],
|
"calcs": [],
|
||||||
"displayMode": "list",
|
"displayMode": "list",
|
||||||
"placement": "bottom"
|
"placement": "bottom",
|
||||||
|
"showLegend": true
|
||||||
},
|
},
|
||||||
"tooltip": {
|
"tooltip": {
|
||||||
"mode": "multi",
|
"mode": "multi",
|
||||||
|
@ -1748,7 +1764,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"refresh": false,
|
"refresh": false,
|
||||||
"schemaVersion": 36,
|
"schemaVersion": 37,
|
||||||
"style": "dark",
|
"style": "dark",
|
||||||
"tags": [],
|
"tags": [],
|
||||||
"templating": {
|
"templating": {
|
||||||
|
@ -1756,17 +1772,10 @@
|
||||||
{
|
{
|
||||||
"current": {
|
"current": {
|
||||||
"selected": false,
|
"selected": false,
|
||||||
"text": "server10",
|
"text": "hydra",
|
||||||
"value": "server10"
|
"value": "hydra"
|
||||||
},
|
|
||||||
"datasource": {
|
|
||||||
"type": "influxdb",
|
|
||||||
"uid": "000000001"
|
|
||||||
},
|
},
|
||||||
"definition": "SHOW TAG VALUES WITH KEY = \"host\"",
|
"definition": "SHOW TAG VALUES WITH KEY = \"host\"",
|
||||||
"error": {
|
|
||||||
"message": "Datasource 000000001 was not found"
|
|
||||||
},
|
|
||||||
"hide": 0,
|
"hide": 0,
|
||||||
"includeAll": false,
|
"includeAll": false,
|
||||||
"multi": false,
|
"multi": false,
|
||||||
|
@ -1807,4 +1816,4 @@
|
||||||
"uid": "pVoyupoZk",
|
"uid": "pVoyupoZk",
|
||||||
"version": 1,
|
"version": 1,
|
||||||
"weekStart": ""
|
"weekStart": ""
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, pkgs, lib, modulesPath, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
restartServices = [ "grafana" "influxdb" ];
|
restartServices = [ "grafana" "influxdb" ];
|
||||||
|
@ -11,8 +11,6 @@ in {
|
||||||
c3d2.isInHq = false;
|
c3d2.isInHq = false;
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
# noXlibs breaks cairo:
|
|
||||||
environment.noXlibs = false;
|
|
||||||
|
|
||||||
networking.hostName = "grafana";
|
networking.hostName = "grafana";
|
||||||
|
|
||||||
|
@ -41,7 +39,7 @@ in {
|
||||||
datasources.settings.datasources = map (datasource: {
|
datasources.settings.datasources = map (datasource: {
|
||||||
inherit (datasource) name type access orgId url password user database isDefault jsonData;
|
inherit (datasource) name type access orgId url password user database isDefault jsonData;
|
||||||
}) (with builtins; fromJSON (readFile ./datasources.json));
|
}) (with builtins; fromJSON (readFile ./datasources.json));
|
||||||
dashboards = [ {
|
dashboards.settings.providers = [ {
|
||||||
settings = {
|
settings = {
|
||||||
apiVersion = 1;
|
apiVersion = 1;
|
||||||
providers = [ {
|
providers = [ {
|
||||||
|
@ -69,7 +67,7 @@ in {
|
||||||
services.influxdb = let
|
services.influxdb = let
|
||||||
collectdTypes = pkgs.runCommand "collectd-types" {} ''
|
collectdTypes = pkgs.runCommand "collectd-types" {} ''
|
||||||
mkdir -p $out/share/collectd
|
mkdir -p $out/share/collectd
|
||||||
cat ${config.services.collectd.package}/share/collectd/types.db >> $out/share/collectd/types.db
|
cat ${pkgs.collectd-data}/share/collectd/types.db >> $out/share/collectd/types.db
|
||||||
echo "stations value:GAUGE:0:U" >> $out/share/collectd/types.db
|
echo "stations value:GAUGE:0:U" >> $out/share/collectd/types.db
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, pkgs, zentralwerk, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
@ -18,9 +18,9 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "hedgedoc";
|
hostName = "hedgedoc";
|
||||||
hosts = {
|
hosts = with zentralwerk.lib.config.site.net.serv; {
|
||||||
"2a00:8180:2c00:282::48" = [ "auth.c3d2.de" ];
|
${hosts6.up4.auth} = [ "auth.c3d2.de" ];
|
||||||
"172.20.73.72" = [ "auth.c3d2.de" ];
|
${hosts4.auth} = [ "auth.c3d2.de" ];
|
||||||
};
|
};
|
||||||
firewall.allowedTCPPorts = [ 80 443 ];
|
firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
|
|
|
@ -1,5 +1,8 @@
|
||||||
{ zentralwerk, config, pkgs, lib, ... }:
|
{ config, lib, pkgs, zentralwerk, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cachePort = 5000;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
@ -9,28 +12,9 @@
|
||||||
../../modules/c3d2.nix
|
../../modules/c3d2.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
c3d2 = {
|
||||||
|
hq.statistics.enable = true;
|
||||||
security.pam.enableSSHAgentAuth = true;
|
simd.arch = "ivybridge";
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
passwordAuthentication = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.mosh.enable = true;
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
sshServe.enable = true;
|
|
||||||
trustedUsers = [ "@wheel" ];
|
|
||||||
settings = {
|
|
||||||
auto-optimise-store = true;
|
|
||||||
cores = 20;
|
|
||||||
keep-outputs = true;
|
|
||||||
max-jobs = 8;
|
|
||||||
# restore default overridden by harmonia
|
|
||||||
allowed-users = lib.mkForce [ "*" ];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
@ -43,14 +27,265 @@
|
||||||
binfmt.emulatedSystems = [ "armv6l-linux" "armv7l-linux" "aarch64-linux" "riscv32-linux" "riscv64-linux" ];
|
binfmt.emulatedSystems = [ "armv6l-linux" "armv7l-linux" "aarch64-linux" "riscv32-linux" "riscv64-linux" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
buildMachines = [{
|
||||||
|
hostName = "client@dacbert.hq.c3d2.de";
|
||||||
|
system = lib.concatStringsSep "," [
|
||||||
|
"aarch64-linux" "armv6l-linux" "armv7l-linux"
|
||||||
|
];
|
||||||
|
supportedFeatures = [ "kvm" "nixos-test" ];
|
||||||
|
maxJobs = 1;
|
||||||
|
}];
|
||||||
|
daemonCPUSchedPolicy = "idle";
|
||||||
|
daemonIOSchedClass = "idle";
|
||||||
|
daemonIOSchedPriority = 7;
|
||||||
|
settings = {
|
||||||
|
allowed-uris = "http:// https:// ssh://";
|
||||||
|
auto-optimise-store = true;
|
||||||
|
builders-use-substitutes = true;
|
||||||
|
cores = 20;
|
||||||
|
keep-outputs = true;
|
||||||
|
max-jobs = 8;
|
||||||
|
trusted-users = [ "hydra" "root" "@wheel" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
# disabled because currently it display `ARRAY(0x4ec2040)` on the website and also uses a perl array in store paths instead of /nix/store
|
||||||
|
# containers = {
|
||||||
|
# hydra-ca = {
|
||||||
|
# autoStart = true;
|
||||||
|
# config = { ... }: {
|
||||||
|
# imports = [
|
||||||
|
# hydra-ca.nixosModules.hydra
|
||||||
|
# ];
|
||||||
|
|
||||||
|
# environment.systemPackages = with pkgs; [ git ];
|
||||||
|
|
||||||
|
# networking.firewall.allowedTCPPorts = [ 3001 ];
|
||||||
|
|
||||||
|
# nix = {
|
||||||
|
# settings = {
|
||||||
|
# allowed-uris = "https://gitea.c3d2.de/ https://github.com/ https://gitlab.com/ ssh://gitea@gitea.c3d2.de/";
|
||||||
|
# builders-use-substitutes = true;
|
||||||
|
# experimental-features = "ca-derivations nix-command flakes";
|
||||||
|
# extra-substituters = "https://cache.ngi0.nixos.org/";
|
||||||
|
# extra-trusted-public-keys = "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=";
|
||||||
|
# substituters = [
|
||||||
|
# "https://cache.ngi0.nixos.org/"
|
||||||
|
# ];
|
||||||
|
# trusted-public-keys = [
|
||||||
|
# "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
|
||||||
|
# ];
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
|
# nixpkgs = {
|
||||||
|
# # config.contentAddressedByDefault = true;
|
||||||
|
# overlays = [ self.overlay ];
|
||||||
|
# };
|
||||||
|
|
||||||
|
# services = {
|
||||||
|
# hydra-dev = lib.recursiveUpdate config.services.hydra-dev {
|
||||||
|
# hydraURL = "https://hydra-ca.hq.c3d2.de";
|
||||||
|
# port = 3001;
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
|
# system.stateVersion = "22.05"; # Did you read the comment? No.
|
||||||
|
# };
|
||||||
|
# hostAddress = "192.168.100.1";
|
||||||
|
# localAddress = "192.168.100.2";
|
||||||
|
# privateNetwork = true;
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
hosts = with zentralwerk.lib.config.site.net.serv; {
|
||||||
|
${hosts6.up4.auth} = [ "auth.c3d2.de" ];
|
||||||
|
${hosts4.auth} = [ "auth.c3d2.de" ];
|
||||||
|
};
|
||||||
hostName = "hydra";
|
hostName = "hydra";
|
||||||
firewall.enable = false;
|
firewall.enable = false;
|
||||||
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||||
|
# nat = {
|
||||||
|
# enable = true;
|
||||||
|
# externalInterface = "serv";
|
||||||
|
# internalInterfaces = [ "ve-hydra-ca" ];
|
||||||
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
c3d2.hq.statistics.enable = true;
|
services = {
|
||||||
services.smartd.enable = true;
|
hydra = {
|
||||||
|
enable = true;
|
||||||
|
buildMachinesFiles = [
|
||||||
|
"/etc/nix/machines"
|
||||||
|
"/var/lib/hydra/machines"
|
||||||
|
];
|
||||||
|
hydraURL = "https://hydra.hq.c3d2.de";
|
||||||
|
logo = ./c3d2.svg;
|
||||||
|
minimumDiskFree = 50;
|
||||||
|
minimumDiskFreeEvaluator = 50;
|
||||||
|
notificationSender = "hydra@spam.works";
|
||||||
|
useSubstitutes = true;
|
||||||
|
extraConfig =
|
||||||
|
let
|
||||||
|
key = config.sops.secrets."nix-serve/secretKey".path;
|
||||||
|
in
|
||||||
|
''
|
||||||
|
binary_cache_secret_key_file = ${key}
|
||||||
|
evaluator_workers = 4
|
||||||
|
evaluator_max_memory_size = 2048
|
||||||
|
max_output_size = ${toString (5*1024*1024*1024)} # sd card and raw images
|
||||||
|
store_uri = auto?secret-key=${key}&write-nar-listing=1&ls-compression=zstd&log-compression=zstd
|
||||||
|
upload_logs_to_binary_cache = true
|
||||||
|
|
||||||
system.stateVersion = "20.09"; # Did you read the comment?
|
# https://hydra.nixos.org/build/196107287/download/1/hydra/configuration.html#using-ldap-as-authentication-backend-optional
|
||||||
|
<ldap>
|
||||||
|
<config>
|
||||||
|
<credential>
|
||||||
|
class = Password
|
||||||
|
password_field = password
|
||||||
|
password_type = self_check
|
||||||
|
</credential>
|
||||||
|
<store>
|
||||||
|
class = LDAP
|
||||||
|
ldap_server = auth.c3d2.de
|
||||||
|
<ldap_server_options>
|
||||||
|
scheme = ldaps
|
||||||
|
timeout = 10
|
||||||
|
</ldap_server_options>
|
||||||
|
binddn = "uid=search,ou=users,dc=c3d2,dc=de"
|
||||||
|
include ldap-password.conf
|
||||||
|
start_tls = 0
|
||||||
|
<start_tls_options>
|
||||||
|
ciphers = TLS_AES_256_GCM_SHA384
|
||||||
|
sslversion = tlsv1_3
|
||||||
|
# verify = none
|
||||||
|
</start_tls_options>
|
||||||
|
user_basedn = "ou=users,dc=c3d2,dc=de"
|
||||||
|
user_filter = "(&(objectclass=person)(uid=%s))"
|
||||||
|
user_scope = one
|
||||||
|
user_field = uid
|
||||||
|
<user_search_options>
|
||||||
|
deref = always
|
||||||
|
</user_search_options>
|
||||||
|
# Important for role mappings to work:
|
||||||
|
use_roles = 1
|
||||||
|
role_basedn = "ou=groups,dc=c3d2,dc=de"
|
||||||
|
role_filter = "(&(objectclass=group)(%s))"
|
||||||
|
role_scope = one
|
||||||
|
role_field = cn
|
||||||
|
role_value = dn
|
||||||
|
<role_search_options>
|
||||||
|
deref = always
|
||||||
|
</role_search_options>
|
||||||
|
</store>
|
||||||
|
</config>
|
||||||
|
<role_mapping>
|
||||||
|
# maps directly to user roles
|
||||||
|
# Make all users in the hydra-admin group Hydra admins
|
||||||
|
hydra-admins = admin
|
||||||
|
# Allow all users in the dev group to restart jobs and cancel builds
|
||||||
|
#dev = restart-jobs
|
||||||
|
#dev = cancel-build
|
||||||
|
</role_mapping>
|
||||||
|
</ldap>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# A rust nix binary cache
|
||||||
|
harmonia = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
bind = "127.0.0.1:${toString cachePort}";
|
||||||
|
workers = 20;
|
||||||
|
max_connection_rate = 1024;
|
||||||
|
priority = 30;
|
||||||
|
sign_key_path = config.sops.secrets."nix-serve/secretKey".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nginx =
|
||||||
|
let
|
||||||
|
hydraVhost = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
enable = true;
|
||||||
|
virtualHosts = {
|
||||||
|
"hydra.hq.c3d2.de" = hydraVhost // {
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
# "hydra-ca.hq.c3d2.de" = hydraVhost // {
|
||||||
|
# locations."/".proxyPass = "http://192.168.100.2:3001";
|
||||||
|
# };
|
||||||
|
"hydra.serv.zentralwerk.org" = hydraVhost;
|
||||||
|
"nix-serve.hq.c3d2.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".proxyPass = "http://localhost:${toString cachePort}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
smartd.enable = true;
|
||||||
|
|
||||||
|
resolved.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
secrets."nix-serve/secretKey" = {
|
||||||
|
mode = "440";
|
||||||
|
owner = config.users.users.hydra-queue-runner.name;
|
||||||
|
inherit (config.users.users.hydra-queue-runner) group;
|
||||||
|
};
|
||||||
|
secrets."ldap/search-user-pw" = {
|
||||||
|
mode = "440";
|
||||||
|
owner = config.users.users.hydra-queue-runner.name;
|
||||||
|
inherit (config.users.users.hydra-queue-runner) group;
|
||||||
|
path = "/var/lib/hydra/ldap-password.conf";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "20.09";
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
hydra-evaluator.serviceConfig = {
|
||||||
|
CPUWeight = 2;
|
||||||
|
MemoryHigh = "64G";
|
||||||
|
MemoryMax = "64G";
|
||||||
|
MemorySwapMax = "64G";
|
||||||
|
};
|
||||||
|
|
||||||
|
hydra-init.preStart = let
|
||||||
|
makesSenseForQemuUser = feature:
|
||||||
|
! (builtins.elem feature [ "kvm" "benchmark" ]);
|
||||||
|
# strips features that don't make sense on qemu-user
|
||||||
|
extraPlatformSystemFeatures =
|
||||||
|
builtins.filter makesSenseForQemuUser config.nix.settings.system-features;
|
||||||
|
in
|
||||||
|
# both entries cannot have localhost alone because then hydra would merge them together but we want explictily two to not allow benchmarkts for binfmt emulated arches
|
||||||
|
''
|
||||||
|
cat << EOF > ~/machines
|
||||||
|
localhost x86_64-linux - ${toString config.nix.settings.max-jobs} 10 ${lib.concatStringsSep "," config.nix.settings.system-features} -
|
||||||
|
hydra@localhost ${lib.concatStringsSep "," config.nix.settings.extra-platforms} - ${toString config.nix.settings.max-jobs} 10 ${lib.concatStringsSep "," extraPlatformSystemFeatures} -
|
||||||
|
EOF
|
||||||
|
'';
|
||||||
|
|
||||||
|
nix-daemon.serviceConfig = {
|
||||||
|
CPUWeight = 5;
|
||||||
|
MemoryHigh = "64G";
|
||||||
|
MemoryMax = "64G";
|
||||||
|
MemorySwapMax = "64G";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# allow reading nix-serve secret
|
||||||
|
users.users.harmonia.extraGroups = [ "hydra" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,184 +1,2 @@
|
||||||
{ self, hostRegistry, hydra-ca, config, lib, pkgs, ... }:
|
{ config, lib, zentralwerk, ... }:
|
||||||
|
|
||||||
let
|
|
||||||
cachePort = 5000;
|
|
||||||
|
|
||||||
in
|
|
||||||
{
|
|
||||||
# disabled because currently it display `ARRAY(0x4ec2040)` on the website and also uses a perl array in store paths instead of /nix/store
|
|
||||||
# containers = {
|
|
||||||
# hydra-ca = {
|
|
||||||
# autoStart = true;
|
|
||||||
# config = { ... }: {
|
|
||||||
# imports = [
|
|
||||||
# hydra-ca.nixosModules.hydra
|
|
||||||
# ];
|
|
||||||
|
|
||||||
# environment.systemPackages = with pkgs; [ git ];
|
|
||||||
|
|
||||||
# networking.firewall.allowedTCPPorts = [ 3001 ];
|
|
||||||
|
|
||||||
# nix = {
|
|
||||||
# settings = {
|
|
||||||
# allowed-uris = "https://gitea.c3d2.de/ https://github.com/ https://gitlab.com/ ssh://gitea@gitea.c3d2.de/";
|
|
||||||
# builders-use-substitutes = true;
|
|
||||||
# experimental-features = "ca-derivations nix-command flakes";
|
|
||||||
# extra-substituters = "https://cache.ngi0.nixos.org/";
|
|
||||||
# extra-trusted-public-keys = "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=";
|
|
||||||
# substituters = [
|
|
||||||
# "https://cache.ngi0.nixos.org/"
|
|
||||||
# ];
|
|
||||||
# trusted-public-keys = [
|
|
||||||
# "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
|
|
||||||
# ];
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# nixpkgs = {
|
|
||||||
# # config.contentAddressedByDefault = true;
|
|
||||||
# overlays = [ self.overlay ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
# services = {
|
|
||||||
# hydra-dev = lib.recursiveUpdate config.services.hydra-dev {
|
|
||||||
# hydraURL = "https://hydra-ca.hq.c3d2.de";
|
|
||||||
# port = 3001;
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# system.stateVersion = "22.05"; # Did you read the comment? No.
|
|
||||||
# };
|
|
||||||
# hostAddress = "192.168.100.1";
|
|
||||||
# localAddress = "192.168.100.2";
|
|
||||||
# privateNetwork = true;
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# networking.nat = {
|
|
||||||
# enable = true;
|
|
||||||
# externalInterface = "serv";
|
|
||||||
# internalInterfaces = [ "ve-hydra-ca" ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
buildMachines = [{
|
|
||||||
hostName = "client@dacbert.hq.c3d2.de";
|
|
||||||
system = lib.concatStringsSep "," [
|
|
||||||
"aarch64-linux" "armv6l-linux" "armv7l-linux"
|
|
||||||
];
|
|
||||||
supportedFeatures = [ "kvm" "nixos-test" ];
|
|
||||||
maxJobs = 1;
|
|
||||||
}];
|
|
||||||
daemonCPUSchedPolicy = "idle";
|
|
||||||
daemonIOSchedClass = "idle";
|
|
||||||
daemonIOSchedPriority = 7;
|
|
||||||
settings = {
|
|
||||||
allowed-uris = "http:// https:// ssh://";
|
|
||||||
builders-use-substitutes = true;
|
|
||||||
experimental-features = "ca-derivations nix-command flakes";
|
|
||||||
trusted-users = [ "hydra" "root" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
hydra = {
|
|
||||||
enable = true;
|
|
||||||
buildMachinesFiles = [
|
|
||||||
"/etc/nix/machines"
|
|
||||||
"/var/lib/hydra/machines"
|
|
||||||
];
|
|
||||||
hydraURL = "https://hydra.hq.c3d2.de";
|
|
||||||
logo = ./c3d2.svg;
|
|
||||||
minimumDiskFree = 50;
|
|
||||||
minimumDiskFreeEvaluator = 50;
|
|
||||||
notificationSender = "hydra@spam.works";
|
|
||||||
useSubstitutes = true;
|
|
||||||
extraConfig =
|
|
||||||
let
|
|
||||||
key = config.sops.secrets."nix-serve/secretKey".path;
|
|
||||||
in
|
|
||||||
''
|
|
||||||
binary_cache_secret_key_file = ${key}
|
|
||||||
evaluator_workers = 4
|
|
||||||
evaluator_max_memory_size = 2048
|
|
||||||
max_output_size = ${toString (5*1024*1024*1024)} # sd card and raw images
|
|
||||||
store_uri = auto?secret-key=${key}&write-nar-listing=1&ls-compression=zstd&log-compression=zstd
|
|
||||||
upload_logs_to_binary_cache = true
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# A rust nix binary cache
|
|
||||||
harmonia = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
bind = "127.0.0.1:${toString cachePort}";
|
|
||||||
workers = "20";
|
|
||||||
max_connection_rate = 1024;
|
|
||||||
priority = 30;
|
|
||||||
sign_key_path = config.sops.secrets."nix-serve/secretKey".path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
nginx =
|
|
||||||
let
|
|
||||||
hydraVhost = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
enable = true;
|
|
||||||
virtualHosts = {
|
|
||||||
"hydra.hq.c3d2.de" = hydraVhost // {
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
# "hydra-ca.hq.c3d2.de" = hydraVhost // {
|
|
||||||
# locations."/".proxyPass = "http://192.168.100.2:3001";
|
|
||||||
# };
|
|
||||||
"hydra.serv.zentralwerk.org" = hydraVhost;
|
|
||||||
"nix-serve.hq.c3d2.de" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/".proxyPass = "http://localhost:${toString cachePort}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
resolved.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
sops = {
|
|
||||||
defaultSopsFile = ./secrets.yaml;
|
|
||||||
secrets."nix-serve/secretKey".mode = "0444";
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services = {
|
|
||||||
hydra-evaluator.serviceConfig = {
|
|
||||||
CPUWeight = 2;
|
|
||||||
MemoryHigh = "64G";
|
|
||||||
MemoryMax = "64G";
|
|
||||||
MemorySwapMax = "64G";
|
|
||||||
};
|
|
||||||
|
|
||||||
hydra-init.preStart = let
|
|
||||||
makesSenseForQemuUser = feature:
|
|
||||||
! (builtins.elem feature [ "kvm" "benchmark" ]);
|
|
||||||
# strips features that don't make sense on qemu-user
|
|
||||||
extraPlatformSystemFeatures =
|
|
||||||
builtins.filter makesSenseForQemuUser config.nix.settings.system-features;
|
|
||||||
in ''
|
|
||||||
cat << EOF > ~/machines
|
|
||||||
localhost x86_64-linux - ${toString config.nix.settings.max-jobs} 10 ${lib.concatStringsSep "," config.nix.settings.system-features} -
|
|
||||||
hydra@localhost ${lib.concatStringsSep "," config.nix.settings.extra-platforms} - ${toString config.nix.settings.max-jobs} 10 ${lib.concatStringsSep "," extraPlatformSystemFeatures} -
|
|
||||||
EOF
|
|
||||||
'';
|
|
||||||
|
|
||||||
nix-daemon.serviceConfig = {
|
|
||||||
CPUWeight = 5;
|
|
||||||
MemoryHigh = "64G";
|
|
||||||
MemoryMax = "64G";
|
|
||||||
MemorySwapMax = "64G";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
nix-serve:
|
nix-serve:
|
||||||
|
publicKey: ENC[AES256_GCM,data:sR5wk7yvH5+lLpSIP0zNqCLvDRRvR8ws4Q8rVcVJx8YkrywwPcvIsJ1h6mVEu3nc6SLoZlQsuxOGCyNGD98CBNY=,iv:fFV2D27hWoxGtqVt3EnS4hMlrqW5LnIZ3LB5k4xmFWs=,tag:g7R1ossy2On6B2nVfKC9iA==,type:str]
|
||||||
secretKey: ENC[AES256_GCM,data:cm84sA7E6AnzpVoYuaYepbHGWkRigLdD2RxN21UsXCe7FXQxeTQTxxbzVxJ3G9Lt3kRXuZnODntOo5EQKhs46+wzpO8YLKQxkJXrdluXoGVIWl3/6QFVq66XLJ2i6G4eBK9IH0DYJ+anj8/i8Q==,iv:GEM8Vmx0A8LfJo7QOl0N67Cgk+JqHpp7r+41VivmTg4=,tag:O4Kq4WKgbyt354HSa/7eQQ==,type:str]
|
secretKey: ENC[AES256_GCM,data:cm84sA7E6AnzpVoYuaYepbHGWkRigLdD2RxN21UsXCe7FXQxeTQTxxbzVxJ3G9Lt3kRXuZnODntOo5EQKhs46+wzpO8YLKQxkJXrdluXoGVIWl3/6QFVq66XLJ2i6G4eBK9IH0DYJ+anj8/i8Q==,iv:GEM8Vmx0A8LfJo7QOl0N67Cgk+JqHpp7r+41VivmTg4=,tag:O4Kq4WKgbyt354HSa/7eQQ==,type:str]
|
||||||
|
ldap:
|
||||||
|
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -24,8 +27,8 @@ sops:
|
||||||
K3Bpb0svZ1YvVm9ha1ArdVBlN3NHM0kKM6CEQ+dStjEsgppQZYjb1zwyzfwAc0FI
|
K3Bpb0svZ1YvVm9ha1ArdVBlN3NHM0kKM6CEQ+dStjEsgppQZYjb1zwyzfwAc0FI
|
||||||
O5+vi2x8/N/1OH5jeVzLnLjOhXRXrYcR9EDsjT+KDo0ykYh+NjB0DA==
|
O5+vi2x8/N/1OH5jeVzLnLjOhXRXrYcR9EDsjT+KDo0ykYh+NjB0DA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-09-25T21:00:25Z"
|
lastmodified: "2022-12-18T17:49:41Z"
|
||||||
mac: ENC[AES256_GCM,data:eqaN9WFcKAl7Y0HW9liiUyn9eZmLjWOGcNGfu5CQbvQvBXq89mCDyb05gHyQmDm0AsAXI4bU0DUgmdCc846NfOT2kujPQWwiofmTQxlTwxfqt+AVqpwejVqxO3VApCSnkhDrt0jiO9WeyDYUbeVwgnL5CZoJGyYBmmU1LZ2twMo=,iv:tIQpTh0V9qiJsIQ6y0b1+rh+oLRCDrenOixi0GG1Y/M=,tag:J6QLNSH5gQpCAy+P1UAdeg==,type:str]
|
mac: ENC[AES256_GCM,data:oQGsk4gJ4dGCr3zCanOpSsKQyx/OuWiYe0ef8pvWhqFq0+YvwUzoiF3jQmqahLWGLHUl1yb1kb91GEr7q47G83Z9YXVVtTTzJUWpKZQL1WD12f5ERPSlKnT251fvoMtqNqKrRirGA9ao8OxVpeh3/SQCAGTqWAcpz1J7dxvL7E4=,iv:td9t1MKcXH5RYZxsD1wA4oG61AfLLGSiVIEq/sPRZG4=,tag:UqHGkKqXeeBYXQYtvplCdA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-07-15T23:31:58Z"
|
- created_at: "2022-07-15T23:31:58Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
|
@ -26,27 +26,14 @@
|
||||||
# `...-' `...-'
|
# `...-' `...-'
|
||||||
#--------------------------------------------------------------------------------
|
#--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
{ lib, pkgs, ... }:
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
microvm = {
|
deployment = {
|
||||||
|
persistedShares = [ "/etc" "/home" "/var" ];
|
||||||
mem = 2048;
|
mem = 2048;
|
||||||
writableStoreOverlay = "/nix/.rw-store";
|
|
||||||
volumes = [ {
|
|
||||||
image = "nix-store-overlay.img";
|
|
||||||
mountPoint = config.microvm.writableStoreOverlay;
|
|
||||||
size = 3048;
|
|
||||||
} ];
|
|
||||||
};
|
};
|
||||||
nix.settings.auto-optimise-store = lib.mkForce false;
|
nix.settings.auto-optimise-store = lib.mkForce false;
|
||||||
|
|
||||||
c3d2.deployment = {
|
|
||||||
server = "server10";
|
|
||||||
mounts = [ "etc" "home" "var"];
|
|
||||||
autoNetSetup = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "leon";
|
hostName = "leon";
|
||||||
firewall.enable = true;
|
firewall.enable = true;
|
||||||
|
@ -65,26 +52,23 @@
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget vim python3Full python310Packages.pip nmap htop wireguard-tools docker-compose
|
wget vim python3Full python310Packages.pip python310Packages.flask nmap htop wireguard-tools docker-compose
|
||||||
];
|
];
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
|
|
||||||
users.users.leon = {
|
users.users.leon = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" "docker" ];
|
extraGroups = [ "wheel" "docker" ];
|
||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = with import ../../users.nix;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANupx+diz5N8sGZOc7ZXopyPh9HaML8M7Qh70aVVIaJ leon@leons-Air"
|
leon.sshKeys;
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
networking.nameservers = ["172.20.73.8" "9.9.9.9"];
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [ 5000 22 53 80 8080 ];
|
allowedTCPPorts = [ 5000 22 53 80 443 8080 12000 ];
|
||||||
allowedUDPPorts = [ 5000 22 53 80 8080 18900 19900 ];
|
allowedUDPPorts = [ 53 80 8080 18900 19900 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
#_______________________________Begin-VPN1-Server____________________________________
|
#_______________________________Begin-VPN1-Server____________________________________
|
||||||
|
|
||||||
networking.wireguard.interfaces = {
|
networking.wireguard.interfaces = {
|
||||||
|
@ -172,17 +156,7 @@
|
||||||
allowedIPs = [ "10.10.11.30" ];
|
allowedIPs = [ "10.10.11.30" ];
|
||||||
}
|
}
|
||||||
#---------------------black----------------------------.
|
#---------------------black----------------------------.
|
||||||
{
|
|
||||||
#black-phone
|
|
||||||
publicKey= "3GEocBTOztOKWtWQFOmI5hynPiPcMMe54kVaHECAG1A=";
|
|
||||||
allowedIPs = [ "10.10.11.90" ];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
#black-desktop
|
|
||||||
publicKey= "24TAa1HMXTPaFNfbXLkuxVy305NjSAegMSYjKLH5Kjc=";
|
|
||||||
allowedIPs = [ "10.10.11.91" ];
|
|
||||||
}
|
|
||||||
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -219,20 +193,45 @@ networking.wireguard.interfaces = {
|
||||||
|
|
||||||
#-----------------------------ngin-X--------------------------------
|
#-----------------------------ngin-X--------------------------------
|
||||||
|
|
||||||
# services.nginx = {
|
services.nginx = {
|
||||||
# listen 80;
|
enable = true;
|
||||||
# enable = true;
|
virtualHosts."bicospacetech.c3d2.de" = {
|
||||||
# virtualHosts."bicospacetech.c3d2.de" = {
|
forceSSL = true;
|
||||||
# default = true;
|
enableACME = true;
|
||||||
# forceSSL = true;
|
locations."/" = {
|
||||||
# enableACME = true;
|
proxyPass = "http://45.158.40.162:12000";
|
||||||
# locations."/login" = {
|
proxyWebsockets = true;
|
||||||
# proxyPass = "http://10.10.11.1:80";
|
};
|
||||||
# proxyWebsockets = true;
|
};
|
||||||
# };
|
virtualHosts."bicospacetech.cloud.c3d2.de" = {
|
||||||
# };
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://45.158.40.165:80";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
virtualHosts."bicospacetech.stream.c3d2.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://10.10.11.4:14500";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
virtualHosts."portainer.netlab.c3d2.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://10.10.11.60:9000";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
};
|
||||||
#-----------------------------ngin-X--------------------------------
|
#-----------------------------ngin-X--------------------------------
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,24 +1,14 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
microvm = {
|
deployment = {
|
||||||
mem = 4024;
|
persistedShares = [ "/etc" "/home" "/var" ];
|
||||||
writableStoreOverlay = "/nix/.rw-store";
|
storage = "big";
|
||||||
volumes = [ {
|
mem = 2048;
|
||||||
image = "nix-store-overlay.img";
|
|
||||||
mountPoint = config.microvm.writableStoreOverlay;
|
|
||||||
size = 32 * 1024;
|
|
||||||
} ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.settings.auto-optimise-store = lib.mkForce false;
|
nix.settings.auto-optimise-store = lib.mkForce false;
|
||||||
|
|
||||||
c3d2.deployment = {
|
|
||||||
server = "server9";
|
|
||||||
mounts = [ "etc" "home" "var" ];
|
|
||||||
autoNetSetup = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "leoncloud";
|
hostName = "leoncloud";
|
||||||
firewall.enable = true;
|
firewall.enable = true;
|
||||||
|
@ -38,6 +28,7 @@
|
||||||
vim
|
vim
|
||||||
python3Full
|
python3Full
|
||||||
python310Packages.pip
|
python310Packages.pip
|
||||||
|
python310Packages.flask
|
||||||
nmap
|
nmap
|
||||||
htop
|
htop
|
||||||
wireguard-tools
|
wireguard-tools
|
||||||
|
@ -48,19 +39,15 @@
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" "docker" ];
|
extraGroups = [ "wheel" "docker" ];
|
||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = with import ../../users.nix;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPZoT83l0ogbJpviBs4VmO+NdF4NPtYAnyf8RRSoXsv leon@leon"
|
leon.sshKeys;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANupx+diz5N8sGZOc7ZXopyPh9HaML8M7Qh70aVVIaJ leon@leons-Air"
|
};
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# enable IP routing
|
# enable IP routing
|
||||||
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = 1;
|
|
||||||
boot.kernel.sysctl."net.ipv4.conf.default.forwarding" = 1;
|
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [ 80 443 22 53 14000 14500 15000 ];
|
allowedTCPPorts = [ 80 443 8080 22 53 14000 14500 15000 ];
|
||||||
allowedUDPPorts = [ 18900 53 ];
|
allowedUDPPorts = [ 18900 53 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -79,7 +66,7 @@
|
||||||
privateKeyFile = "/etc/nixos/wireguard-keys/private-key";
|
privateKeyFile = "/etc/nixos/wireguard-keys/private-key";
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
publicKey = "w3qegSSuqFTFrGk4XJaWBSwGDOiqbnnAIR9MzwjYVA8=";
|
publicKey = "iEVq4lvvKFfqjcoYYyNkA0MS8rcSGaDfPwQGN3C7+D0=";
|
||||||
allowedIPs = [ "10.10.11.0/24" ];
|
allowedIPs = [ "10.10.11.0/24" ];
|
||||||
endpoint = "45.158.40.162:18900";
|
endpoint = "45.158.40.162:18900";
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
|
@ -102,8 +89,8 @@ services.nextcloud = {
|
||||||
dbname = "nextcloud";
|
dbname = "nextcloud";
|
||||||
adminpassFile = "/etc/nixos/next-cloud/pass";
|
adminpassFile = "/etc/nixos/next-cloud/pass";
|
||||||
adminuser = "root";
|
adminuser = "root";
|
||||||
extraTrustedDomains = [ "45.158.40.162" "172.20.79.254" "10.10.11.4" "10.10.11.1" ];
|
extraTrustedDomains = ["10.10.11.4" "10.10.11.1" "45.158.40.165" "bicospacetech.cloud.c3d2.de"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
|
@ -123,6 +110,8 @@ services.nextcloud = {
|
||||||
after = ["postgresql.service"];
|
after = ["postgresql.service"];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#<-----------------nextcloud----------------------
|
#<-----------------nextcloud----------------------
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
|
@ -6,7 +6,8 @@ let
|
||||||
ldap-auth-config = pkgs.writeText ''
|
ldap-auth-config = pkgs.writeText ''
|
||||||
hosts = auth.c3d2.de
|
hosts = auth.c3d2.de
|
||||||
dn = uid=search,ou=users,dc=c3d2,dc=de
|
dn = uid=search,ou=users,dc=c3d2,dc=de
|
||||||
dnpass = #add cat sops help where credential sandro help
|
|
||||||
|
!include ${config.sops.secrets."ldap/search-user-pw".path}
|
||||||
auth_bind = yes
|
auth_bind = yes
|
||||||
auth_bind_userdn = uid=%u,ou=users,dc=c3d2,dc=de
|
auth_bind_userdn = uid=%u,ou=users,dc=c3d2,dc=de
|
||||||
ldap_version = 3
|
ldap_version = 3
|
||||||
|
@ -46,6 +47,11 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."ldap/search-user-pw" = {
|
||||||
|
owner = config.systemd.services.dovecot2.serviceConfig.User;
|
||||||
|
group = config.systemd.services.dovecot2.serviceConfig.Group;
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
postfix = {
|
postfix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
mock-data: ENC[AES256_GCM,data:fQ88gg==,iv:TphtBcDzX9xHW8eu4BwyitiOg6D6pnTRUrVtMUOjKTo=,tag:v4xjJNFTKyA7kbjeXDDz7w==,type:bool]
|
ldap:
|
||||||
|
search-user-pw: ENC[AES256_GCM,data:Pd6Qy8Ilu1RAkIOnpHNoGV+VBNCg/IAl9InWOGDlsTSbDVqK4B5aUmX2sl0=,iv:nZQwmiWJtQ4AmzAgv3Fhh625K11U4uxTCE6Rj5okRns=,tag:v9pVGrSQoaGGYG5X8wUyoA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -23,8 +24,8 @@ sops:
|
||||||
bTBPcjZCZFNBWWtUVGNRUWE4eTA1ZjgKF4qoSyKCL2ytTf5vZRVLFr89R5/7HCji
|
bTBPcjZCZFNBWWtUVGNRUWE4eTA1ZjgKF4qoSyKCL2ytTf5vZRVLFr89R5/7HCji
|
||||||
hsPXdE607b+s5PAaOPMWF8Zfy7QJr6hqG9+Pbr4FnGB5nTvTsO5d3Q==
|
hsPXdE607b+s5PAaOPMWF8Zfy7QJr6hqG9+Pbr4FnGB5nTvTsO5d3Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-02-25T18:51:17Z"
|
lastmodified: "2022-12-18T19:16:04Z"
|
||||||
mac: ENC[AES256_GCM,data:/xwOBXbYBd9TqosVFDEAyjVBOcZ1NdxNEz5nTmaFwiBHJSICflX54YSx+1QT44jFCkDFdvf3ZSojZ/bJ9EBsGZycaa4dQvReF5jjMnDzdwPvf+R84F/QuyHZTNnxXfneXUP9SWcenREr/ku/96x7ignKg1n4YsRq1hiot4W8sFk=,iv:7gzXGTlZ+A6ihSF6B94ttyWlREXLTUJukv45nBYPVKI=,tag:E3zlnQrMs0gCNdeuX2Bmfw==,type:str]
|
mac: ENC[AES256_GCM,data:7bqWB5fzhL6J18vak2pfW0Oq8mo0iLiHefCYEklTcUVVHOJy//hO9yw95gjUpGyq6Fx77SKOgu7SaM2bnBOTSdbvoz3mUsUZUUztSlJ+vrXNeD2tNHES6laa3W+lxDwl4WYOz5rPM5oOo0jWuMkIayE+fYC6d21AK8H910fdMjQ=,iv:tYIt1vi4FQezs7LoLXiF4J++KHUOQV8tYfap3l072zY=,tag:Pu0pXHG3WI1WoWXwCvKAXg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-07-15T23:32:09Z"
|
- created_at: "2022-07-15T23:32:09Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
@ -179,4 +180,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.1
|
version: 3.7.3
|
||||||
|
|
|
@ -0,0 +1,168 @@
|
||||||
|
{ zentralwerk, config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
deployment = {
|
||||||
|
mem = 16 * 1024;
|
||||||
|
vcpu = 16;
|
||||||
|
needForSpeed = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "mastodon";
|
||||||
|
hosts = with zentralwerk.lib.config.site.net.serv; {
|
||||||
|
${hosts6.up4.auth} = [ "auth.c3d2.de" ];
|
||||||
|
${hosts4.auth} = [ "auth.c3d2.de" ];
|
||||||
|
};
|
||||||
|
firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "22.11";
|
||||||
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||||
|
lib.getName pkg == "elasticsearch";
|
||||||
|
|
||||||
|
services = {
|
||||||
|
elasticsearch = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.elasticsearch7;
|
||||||
|
};
|
||||||
|
|
||||||
|
mastodon = {
|
||||||
|
enable = true;
|
||||||
|
localDomain = "c3d2.social";
|
||||||
|
|
||||||
|
smtp = {
|
||||||
|
host = "mail.c3d2.de";
|
||||||
|
port = 587;
|
||||||
|
fromAddress = "mail@c3d2.social";
|
||||||
|
authenticate = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
elasticsearch.host = "127.0.0.1";
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
ALTERNATE_DOMAINS = lib.concatStringsSep "," config.services.nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases;
|
||||||
|
DEFAULT_LOCALE = "de";
|
||||||
|
WEB_CONCURRENCY = toString config.deployment.vcpu;
|
||||||
|
# MAX_THREADS = toString 5;
|
||||||
|
LOG_LEVEL = "debug";
|
||||||
|
|
||||||
|
LDAP_ENABLED = "true";
|
||||||
|
LDAP_METHOD = "simple_tls";
|
||||||
|
LDAP_HOST = "auth.c3d2.de";
|
||||||
|
LDAP_PORT = "636";
|
||||||
|
LDAP_BIND_DN = "uid=search,ou=users,dc=c3d2,dc=de";
|
||||||
|
LDAP_BASE = "ou=users,dc=c3d2,dc=de";
|
||||||
|
LDAP_SEARCH_FILTER = "(&(objectclass=person)(|(%{uid}=%{email})(%{mail}=%{email})))";
|
||||||
|
LDAP_UID = "uid";
|
||||||
|
};
|
||||||
|
|
||||||
|
configureNginx = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
nginx.virtualHosts.${config.services.mastodon.localDomain}.serverAliases = [
|
||||||
|
"${config.networking.hostName}.flpk.zentralwerk.org"
|
||||||
|
"social.c3d2.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureUsers = [ {
|
||||||
|
name = "collectd";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE \"${config.services.mastodon.database.name}\"" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Inject LDAP secrets
|
||||||
|
systemd.services.mastodon-init-dirs.script = lib.mkAfter ''
|
||||||
|
cat ${config.sops.secrets."mastodon/env".path} >> /var/lib/mastodon/.secrets_env
|
||||||
|
'';
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
secrets."mastodon/env" = {
|
||||||
|
owner = "mastodon";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Sidekiq monitoring
|
||||||
|
c3d2.hq.statistics.enable = true;
|
||||||
|
services.collectd.plugins = {
|
||||||
|
redis =
|
||||||
|
let
|
||||||
|
queries = [ {
|
||||||
|
command = "GET stat:processed";
|
||||||
|
type = "counter";
|
||||||
|
instance = "sidekiq_stat_processed";
|
||||||
|
} {
|
||||||
|
command = "GET stat:failed";
|
||||||
|
type = "counter";
|
||||||
|
instance = "sidekiq_stat_failed";
|
||||||
|
} {
|
||||||
|
command = "LLEN queue:#default";
|
||||||
|
type = "queue_length";
|
||||||
|
instance = "sidekiq_default_queue_len";
|
||||||
|
} {
|
||||||
|
command = "LLEN queue:#ingress";
|
||||||
|
type = "queue_length";
|
||||||
|
instance = "sidekiq_ingress_queue_len";
|
||||||
|
} {
|
||||||
|
command = "LLEN queue:#mailers";
|
||||||
|
type = "queue_length";
|
||||||
|
instance = "sidekiq_mailers_queue_len";
|
||||||
|
} {
|
||||||
|
command = "LLEN queue:#pull";
|
||||||
|
type = "queue_length";
|
||||||
|
instance = "sidekiq_pull_queue_len";
|
||||||
|
} {
|
||||||
|
command = "LLEN queue:#push";
|
||||||
|
type = "queue_length";
|
||||||
|
instance = "sidekiq_push_queue_len";
|
||||||
|
} {
|
||||||
|
command = "LLEN queue:#scheduler";
|
||||||
|
type = "queue_length";
|
||||||
|
instance = "sidekiq_scheduler_queue_len";
|
||||||
|
} {
|
||||||
|
command = "ZCARD schedule";
|
||||||
|
type = "count";
|
||||||
|
instance = "sidekiq_scheduled";
|
||||||
|
} {
|
||||||
|
command = "ZCARD retry";
|
||||||
|
type = "count";
|
||||||
|
instance = "sidekiq_retries";
|
||||||
|
} {
|
||||||
|
command = "ZCARD dead";
|
||||||
|
type = "count";
|
||||||
|
instance = "sidekiq_dead";
|
||||||
|
} {
|
||||||
|
command = "SCARD processes";
|
||||||
|
type = "backends";
|
||||||
|
instance = "sidekiq_processes";
|
||||||
|
} ];
|
||||||
|
in ''
|
||||||
|
<Node "mastodon">
|
||||||
|
Host "${config.services.mastodon.redis.host}"
|
||||||
|
Port "${toString config.services.mastodon.redis.port}"
|
||||||
|
Timeout 3000
|
||||||
|
|
||||||
|
${lib.concatMapStrings ({ command, type, instance }: ''
|
||||||
|
<Query "${command}">
|
||||||
|
Type "${type}"
|
||||||
|
Instance "${instance}"
|
||||||
|
</Query>
|
||||||
|
'') queries}
|
||||||
|
</Node>
|
||||||
|
'';
|
||||||
|
postgresql = ''
|
||||||
|
<Database "${config.services.mastodon.database.name}">
|
||||||
|
Param database "${config.services.mastodon.database.name}"
|
||||||
|
Query backends
|
||||||
|
Query transactions
|
||||||
|
Query queries
|
||||||
|
Query disk_io
|
||||||
|
Query disk_usage
|
||||||
|
</Database>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,181 @@
|
||||||
|
mastodon:
|
||||||
|
env: ENC[AES256_GCM,data:m7NvIAydlGvvNEShlqH8GngjPb6z3TIGkZNcFcBoAWYHCimcp+0c8NNVf4cP7sq3Xg==,iv:PMC4vVN4felWaa7FDUyoYzNk4Eiy56pxK1cOxbAfZ9c=,tag:NQXqWljloBTxXC1tlxylpQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUmZnVjR3SGs3MnJSaUxT
|
||||||
|
aVJJZDRVK2hXdDZqeTBRT2ovVmxWMm5SMGdvCm5LSGtKVkprQmlUaDdGT3krZnVl
|
||||||
|
aE5kTG5QZ1JhbjdiWVNwRUp5dkRKbk0KLS0tIFdhSnd5OU02ZTlrMGNMemdYbVNO
|
||||||
|
YlRrbklFV3lmWGRYVXhvUkNLSzdkRUEKWppsjTBRljJnyXTgMSnq4eSlXdzjF0Bc
|
||||||
|
LN6oLoylo3zeT+pWjDFG7A9+fIpCiXsIMcZsHiRR7kfX8lHGi5rv2A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdmNOUUpxOE03UFVoN2NY
|
||||||
|
dFMrUUwyVHZjeEZYWWhCMFM4YkVFVkpQa2x3CmoyUkhYRXZORnhXVUd2N0plZEdZ
|
||||||
|
UVUvS0dudkdCRkx0YXdMbWVGV3p4dmMKLS0tIHBCQ2RSRDgyclMzeGJwNndVU3dk
|
||||||
|
ZHQwTTZVNWRRTUR5STRQb3VIODdPcEEK7emzmECdUobG5/N3TMRcUaZSTsgTF6m/
|
||||||
|
5f8v8Tpf0Ve6veQhC/5+MYtHJOWDkN+nD8gFgRkPn/IlNz9IAMGx2A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-11-30T00:54:21Z"
|
||||||
|
mac: ENC[AES256_GCM,data:Ys/exz5C1UO3FZ5XXSx5wolzO+yJ7p59LFOwAOQM5h5wsSd7T43gql9ecjzYZkBub238+uSJYU8kDCaxUFOwLPBIZ6rmA/MS9wRUVr8z5NB9usQFgtD53NNdcRgMWZcM3GEkCBrjB0grIEA6/Btc2klYzLdYS0Glmnn5IMNwkvE=,iv:vJRinUplCiM6m53Yz5TObXaPI2cAcGVBlfvJAgJcd1U=,tag:7DhGp4KyfaOAFG3UT7PWEw==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2022-11-30T00:52:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA6j84+xkv3y7AQ//THu/1WoBYLiEjUWSgMXej4xbmN5sUCSxqnyaMaekcQXK
|
||||||
|
MsUODOaqLCo/c1mfpbZ/Pv5CLHah2R92idqShogaiB5tDqxq8MTk8VCR2bzGcg4f
|
||||||
|
CJHf4dvEBzTWIygUM/TH0AaLB277C9WvLHK1ANE2GolSls6hIN5YYiMmAJboImux
|
||||||
|
QYcwZIk5DUtk8CjMMdXoWXS3Nf5LyoV8TnqwGc8KyIK/l+PSLuOX6KqG5TArCCT5
|
||||||
|
BTCbXqpk5IPGVNiflWZfZBSrGFQ/7L+mHYABBR8bj1cCHKOtYJqVCKNQOkApRsc9
|
||||||
|
Z8UtGHedcArwZUNilFUNYMZjK0Iyrme3Fvjt7ztY//ZvgRgBzIfeUlMMYNCD0stT
|
||||||
|
OhjlclAkh7az5LPyhKW7FxEPhr+XsJCiAaaNpHntSwv/5yjPCDLoCbKF8pkZY7xW
|
||||||
|
oaYVJk2/BuNPG8wQAHl9N15XHN5bPK0JIqT8/aSwRx6rjI2JlBk8tOo5EpmdJrLa
|
||||||
|
xPJ7cS8KEpY+mlWO+GkmB3EomjbdgRtFqx4DEjbLYV/olN4+s2RLqK53WprNjqdv
|
||||||
|
fltEZvY8vWcg6UHc3DhAy9Oa6QnR8ifraPkpKlMUZyIiQFOWcrDs9XCpKx/ATmXO
|
||||||
|
+wpQHGZXq6b47Gfp/XA4HibA7YY9qDz2PDtu4PrKg00j6wWBujdc5+HTfBn05JvS
|
||||||
|
UQG2+OgjrHFdYKIK0+vMovt3WFzbrCAeIx9AU84dUMiUZMOtyHZvL+hU3ynVZYfu
|
||||||
|
Z/yvMM78Q1qEdcKWBtgEJORXQIwWTK3JyYRC0N4/3COViw==
|
||||||
|
=ULdx
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||||
|
- created_at: "2022-11-30T00:52:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8zMZ+ak7y/zAQ//bSruuL/XKnFtewxG3weWTIUzLjW2d4b0WffSzRogs3BM
|
||||||
|
FE0vbb6atEQVImnr8CFl8r6R1jE3lz6VEVirCAHdycPFxHFnIuzbzc5WYVgTC00E
|
||||||
|
v5L3UKJSccjzWMONdL0XaXUDHWE78vfiMKwjNMrg/SmLElkjJUvBVz1y9lih/Fwp
|
||||||
|
V/CWV/S4/v5WoO53hldoQ3jCDWLLVoJHB5rBO140hpmrLOkwTvXQNW1pK0GwJb6r
|
||||||
|
dKqzUQzJgmdQcMswNDcmtHQV59HGk7/anaWGMD5FvVz6FQdXA2bBH6WD9OmqggUw
|
||||||
|
xN5sWON3yYEkWZ7L0fmLIoNmmsH6gMnPVIpCK40g2nyFCjiqRdxf2gn5iasq9fzJ
|
||||||
|
LAZkUHt6LSNikRPsm9p/SKl5EfIWSmQfUGWYMRqwkHi+a85NfkDPgbOae2gQhaGi
|
||||||
|
TjdKy3wS5SQ1KZU1+YV19JJx8RnzevcIHv/SV8C+z4UosEDBGuncda3S8VRDvyOe
|
||||||
|
hI/ZbASGBwWXni3UIGQfLiDp0nGZz3NAGKcmbWN4DHN7tj36Xc0NkLe9AuWs+2fq
|
||||||
|
rhnfYCLl8tn8gdBQ2/sMC2K8AwpRLdcoOhZPz9CCY3Qv4edxXeSMMotQwhB3jglh
|
||||||
|
GBNFEKd/XKHMfwZsfWITxHBhtX0yL6CEG8A+OHHrYzXcphAcy981T07ThfTkU/DS
|
||||||
|
UQGAruf+SPfBRKj+jHdIXHtrVlYFtI1SHLueZzAw8vMPI4vXbvbZq2qNdWk5uLIx
|
||||||
|
AJHARp7tFLZjeVM8O3fR13HM5Ho50cJLnkCBqqDLXFKtSw==
|
||||||
|
=ZSmW
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A
|
||||||
|
- created_at: "2022-11-30T00:52:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcBMA45bZkLXmBFpAQf7BQARnoKk+Dl65Far++0lF3CvvOeiBttUCQoV8aNmMq2V
|
||||||
|
Sy1CfGGhg53xN6qeqh0GE5gXQU6Qio86KCxKZ6yh0i6wicv0G1Ld19omKGFrD6y+
|
||||||
|
ne6ognWNVXzOxp6jzT6bzTxN4KkIrtKwuFb6796E1N0haVzCOjxQaTqUKig7Vy8P
|
||||||
|
0cCR1K/HiVVDs/XdK3QL47Ty4oSCAZDD/Vj9r40w/fKykTw5PBwRsBMCPL1ZxoeI
|
||||||
|
WEMhxxKdCpp5OprMHtsRkulPoArUkyFOKtsCvCRAnLtwoJaJTBb4I0RcTy+wjwEv
|
||||||
|
ONdpobMPntiXY9P8L/ovmYX+GlQKi3AEHflmPmLPFdJRAdzGII2ZnF77Z+e7WpJK
|
||||||
|
SXkWRdSRwJzatIs2TfnEYKAMevqEpzYTIu2Am0NxbTj7MgmfGw7oUc0n+oGh0gLE
|
||||||
|
Jd5EMV7E8k8nHqyCLoEa3q+3
|
||||||
|
=poTN
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||||
|
- created_at: "2022-11-30T00:52:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAwMCBBrc/JA6AQ/9Hz/H90Ab0cQ0mBmFWdgc+zsPVhHXLlKaTszaMbrQ0Hlh
|
||||||
|
Db/1ap7tSQviLZMJFh1O9TjMfRrbCyGE8NRRr1jM2z1KxRSENHMywE+5wR+QlNE7
|
||||||
|
s5v5tNOYyLA5rlkyAL7tezKLnsi4CD3hj27ZVU3igtJ4GXW51rHABiwMQ1FOfVeo
|
||||||
|
vGCQdXAxcFo4TucdIjMWo9hAV8ncVYokw5jq4ufHKjb1keBFq4Ob82dkc3DWwaq7
|
||||||
|
sbUMPGzDkgqwVS2aFk2uoaBjceZeOjY1INNtxtSrmQvjrnJTjoKKRErU11OZ19Om
|
||||||
|
gal7gIUhHb3kJKLkXDZD0l2AD4NUeeFLI7SyVv7PmHD/dI58SQ3+ofsC+Cukvqeo
|
||||||
|
KI9Xyg6+pJCF8wer0tYD1uX4avF9TsdFwVjrrOW2iXvX7ePqP9+ZdwodPOmvB5g6
|
||||||
|
ofxgbX5clek2LCUO/Q8hytx3W/6oBHfqZgoiLitfT+Ss0NoEusGnSDnGlgUAbEyJ
|
||||||
|
KEWEMiRcj8OARw4/jbJrrBjvbIJJaWmdtHBSsqV+3/yY4GqTw8pvUYp3feocLu1Z
|
||||||
|
FwIx/TcvyOmhZ6MFu3sz+xWntyvOnDZoXfnzTLWt7XM2pNHwyWmG62fhlhAIo7jR
|
||||||
|
ENu1Zet7lpj/eUUJAbcx2sWtoClSq8rYqX4PBR4rFnLJBqyPZlVGLzFzlw/kr57S
|
||||||
|
UQGZijKUYvlcDtFjUTiVmUtYagb94Fm4v20P1N1IgwdZp5l00MYY1GT0s7+4QR7Y
|
||||||
|
rRRPLRu4wCvPsYeSpT3xf0bx5tZF7YuzuU0bcr13NcJADw==
|
||||||
|
=44mD
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||||
|
- created_at: "2022-11-30T00:52:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA9XEenRNYVGHARAAjqd4Vk98BuS7EGmWe9asgpmuF1hBpi6EGbfIJHy/QdMu
|
||||||
|
Ug27yGxrhVoxP4mX0KcdL0GES6zpcqAuSjKuqnjRIQaBqRmLImvlwpRELQyzJCsj
|
||||||
|
fkhTe3nG14Ew1ukuAPA4LiOpydpefdHb0KiCR4GYggR+P9nPo4CIUVDXIkWdCJHF
|
||||||
|
29b2febhwUZuxAQF0otzvFXd8VpFxP5aqiqjdVQ6wm9R0r/l5XyU8ZwtgN4TjcbO
|
||||||
|
DxvjS73i+CZhi2gPR4Q1pTOFunxQC/shyeOLHFpGnWZ/OkYO+93P9PHPIX9BSUz8
|
||||||
|
PVrBPtLLXm8rnnklqViBTBt+AfwjzyhWTC9BGoKfJ3gmfA//oVJNraQJRXS3AtlY
|
||||||
|
awvIWtLDGSDwzR68cpdoG9DzIES5rJ3gN9u+b/IV6pwvu35E0X3CKA4FN66wdNag
|
||||||
|
VXA6RsJVM1+pCxeKHAyMwD26Udq77XJ1nAxvUaOn0+MGdXD3KKF+WQ+4wv4LW5vl
|
||||||
|
mRKMVuI884B8Qm349TZxUalEy6v7ioC6pJMj13Yn0eWx91z/Kzj8IP06nZ2y486B
|
||||||
|
b8aDmbQUNIF4g3s/LN4y7ENYRVtvL4yhL4JQfDCMeA7wn4Ne/XNIX6/mgcN70JI5
|
||||||
|
ywS4udq+8NX6ZTDoiLNVwZwO3j2V61p1ISx5Q1vPrevCUHHRvUisFL/OzyYYDVXS
|
||||||
|
UQEfC+uXFz7eX15F0esLCcMfDZFWc73IWbGfLL+eXatw5R4Ii2nN+Q8eXLFolmg2
|
||||||
|
DQu+qK0ovO5/9I3VmQM9Y9n0b9CFsfcBLFLA8pfNtj6DOg==
|
||||||
|
=vjG5
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||||
|
- created_at: "2022-11-30T00:52:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcBMA/Z87ylQaotQAQgAki4625tAoV04bTPWkawsYck88PbAVctHuwWVi/YprVLy
|
||||||
|
VwXM4nMao+fg16UrRd1sc0Dh1TdPq3E+4oIf9gYJXH8GLcjkj5v3L8jWdaWhC+2G
|
||||||
|
M6IrXdn0kM5uXx3PTFQA6TYkfs/BdNsjTnspfr44EBvWG/OwLmTJo3QC6MDDHZk3
|
||||||
|
JF4cMXXhHe1gRMF5DznexxCHfrod5NYYIzGpqCo8qBtBnY5QnTf7wXwtWnFeRtQk
|
||||||
|
fA/EDgM1Xghyqx7oDxQ7ubaCWPyNREhiB6vKvF8ZnUyWW4oQmx7gmttb+Gm/Pb/G
|
||||||
|
HB9GMixRzmlo4dVGlTF9llYCxcIrvxJNasFEXnuHsdJRAXBwOvBH4JsYgjIYlo0a
|
||||||
|
l+INJ9JBJqvSqbrAadmhmtg7v6fJVaWQiwamI/N50ifHAQcKNxH/OiInuh80Qvtf
|
||||||
|
9utJNqgbFFnzPxx5028FriVd
|
||||||
|
=rqgj
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9EA68B7F21204979645182E4287B083353C3241C
|
||||||
|
- created_at: "2022-11-30T00:52:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA9qJIVK2WMV7AQ/8Ca/FQ2eZdaIerMMiGL0wP8uClgzDqW6Xku4sdGI9nO4s
|
||||||
|
oBzmj3amCgp588PV5/TbyawVrfbMQFvr78GF2T3MQS1KOzFePITQPXceuPia6KzV
|
||||||
|
bFNpElCP80AlYZKWkPQ26Uz1gB+Dk75F+Ws5ttP+A4bgSBUpW7R3CQr4eIM9rN7G
|
||||||
|
TXgTWlbcYZK5IyVZkueOXN+vwT5N/C+rf3Ockv77Yhrasbc/OiRd3kPvwYINrBk5
|
||||||
|
HRpaebK+/1Ku5SHIFhx/TGtyCcwS2ciPBCX1NYvcI+Kh1I2MlHKJqpgY6C0e6QHo
|
||||||
|
sByoi/cy6IIPXupuVMxs/dMzkaZJYMzM3te8D6aakO+yaR/xBlJgGZqzWVgrDZaR
|
||||||
|
7ioncUPcSbR28cGoV4l2bYGu+Z4bQ0oAE8CSV4IYLJeInwRed45E9G5zyTU9//Zd
|
||||||
|
C4dxATU17FXeom15LSoZkFnRLbWWPi6q2SwwidG7+oK5FcMCyc4zarR65/i/02Tm
|
||||||
|
mEUc533y+t0pud9GgdQKrjNyQ654mrsPrXOYviTrBVzy3BU6dkbEjPEmfw253a0Z
|
||||||
|
SDV88+WOSVzwVK9K0EY9NR+sRYlQtBkoKDYrLgthCN+Ucl/tOBIKjwv5lnBUihG/
|
||||||
|
ouTUDJEN5phT2tf8MDchNea31Cm6AT0ph6Iz/Pr0hqUNQOz6UmNgf1ZNH3RCehjS
|
||||||
|
UQGdPPcXxEG5JhmiltTOph024yMOkgmt+5xHyCZ6L1QaaYMjIV08Xq0I2YvJXUse
|
||||||
|
QlZRHAcOAsSI7mYd0jqFxOfj8ZrclTqn15peXweoEUzKIg==
|
||||||
|
=vX2f
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||||
|
- created_at: "2022-11-30T00:52:41Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA/YLzOYaRIJJAQ//RPrikrIQUJ6qVHdEQVtH9CKnNBDCk/ipP4CU1sdHFx7F
|
||||||
|
S4ssLv/sTDofJzo+LFB0QG3JRWEx1+IgtRF+6JCw0Mm7ed2STMPh6/emaX0MIcgS
|
||||||
|
x1t0LMsEmGa6Iuyjm24x5I8qdLpYtOjZd4r797GNeGEXUzRAUe9zbFEY45lSrzn+
|
||||||
|
H/mbohDAK/xEuvY0w1qYW2NgTkUqjxgpK7fx9df5GpiEE9XPHsQindpPYh7BNcau
|
||||||
|
fIqN7d+A+nMw3DI8YcmC2yYnr/5UWBe2UweQuFWyBxyI6548kKbjKOJcAboo1YVL
|
||||||
|
MPyf+Z3eySNG32MyE8vq2/d32/Sh+Cwk/YG6o4mpjwdSTT65JDNZs2eu2alOXnsi
|
||||||
|
uvGDMTlKwvUP89ynB8tDQ8HdV9bxFT3/9yOFAYa+yU9AguvV13zl6ublpO1pPY1q
|
||||||
|
iJMDc51iyRsH9jv9ALHqQ+FIptQDX1yjoIobHx64zrBaiOKeqkdWgZGUfnldbOyw
|
||||||
|
in8Ooa1qgG70h0T+tearHB0BDTCQx7FvEgUN+6eAdGLncoV9a2bGbtb2IBzm7pA3
|
||||||
|
YHV4Ab308WyO/8MkSwd9uGqlsxE772TN5XYLuWo+7KgcSCGght6vnlLWIDhbQ+YR
|
||||||
|
/ZLMik2Gbsl5bV6cpkbzI9VBEx8vHulpQazkHSAfsxr6/aiqmz0TJM8I0oe+d7TS
|
||||||
|
UQHZoPhsqIYDwOqNDi8erCeeQzkDxSVPlBICv8+YGXd5qSAAte7Fbo/uQvn4fGdg
|
||||||
|
9YAyhaZ/XAWnb3rL3VpKlzGXq6LAaog9OyQ+e+bnP/7x8A==
|
||||||
|
=76ZY
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.hostName = "mediawiki";
|
networking.hostName = "mediawiki";
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
{ zentralwerk, config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
microvm.mem = 1024;
|
|
||||||
c3d2.isInHq = false;
|
c3d2.isInHq = false;
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
server = "server10";
|
server = "server10";
|
||||||
mounts = [ "etc" "home" "var"];
|
mounts = [ "etc" "home" "var"];
|
||||||
};
|
};
|
||||||
|
microvm.mem = 2048;
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "mobilizon";
|
hostName = "mobilizon";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, tigger, ... }:
|
{ pkgs, tigger, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
deployment = {
|
deployment = {
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ zentralwerk, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ lib, ... }:
|
||||||
let
|
let
|
||||||
netConfig = zentralwerk.lib.config.site.net.serv;
|
|
||||||
|
|
||||||
nfsExports = [
|
nfsExports = [
|
||||||
"var/lib/nfsroot/dacbert"
|
"var/lib/nfsroot/dacbert"
|
||||||
"var/lib/nfsroot/riscbert"
|
"var/lib/nfsroot/riscbert"
|
||||||
|
|
|
@ -37,7 +37,7 @@
|
||||||
xx = "tx"; # transmit only
|
xx = "tx"; # transmit only
|
||||||
when-tx-exists = true;
|
when-tx-exists = true;
|
||||||
};
|
};
|
||||||
in lib.mapAttrs (name: value:
|
in lib.mapAttrs (_: value:
|
||||||
value // {
|
value // {
|
||||||
via = lib.lists.remove "c3d2" value.via;
|
via = lib.lists.remove "c3d2" value.via;
|
||||||
} // (lib.attrsets.optionalAttrs (value.addrs or { } != { }) {
|
} // (lib.attrsets.optionalAttrs (value.addrs or { } != { }) {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
{
|
||||||
exec = {
|
programs.nncp.settings.neigh.emery.exec = {
|
||||||
# A command to asynchronously export store paths to a remote caller.
|
# A command to asynchronously export store paths to a remote caller.
|
||||||
nix-store-export = with pkgs;
|
nix-store-export = with pkgs;
|
||||||
[
|
[
|
||||||
|
@ -16,4 +16,4 @@ let
|
||||||
# A command to import store paths from a remote caller.
|
# A command to import store paths from a remote caller.
|
||||||
nix-store-import = [ "${config.nix.package}/bin/nix-store" "--import" ];
|
nix-store-import = [ "${config.nix.package}/bin/nix-store" "--import" ];
|
||||||
};
|
};
|
||||||
in { programs.nncp.settings.neigh = { emery = { inherit exec; }; }; }
|
}
|
||||||
|
|
|
@ -1,15 +1,14 @@
|
||||||
{ zentralwerk, oparl-scraper, config, pkgs, ... }:
|
{ oparl-scraper, config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
ratsinfo-scraper = import oparl-scraper { inherit pkgs; };
|
ratsinfo-scraper = import oparl-scraper { inherit pkgs; };
|
||||||
|
|
||||||
netConfig = zentralwerk.lib.config.site.net.serv;
|
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
server = "server10";
|
server = "server10";
|
||||||
mounts = [ "etc" "home" "var"];
|
mounts = [ "etc" "home" "var"];
|
||||||
};
|
};
|
||||||
|
microvm.mem = 1024;
|
||||||
|
|
||||||
networking.hostName = "oparl";
|
networking.hostName = "oparl";
|
||||||
|
|
||||||
|
@ -41,7 +40,7 @@ in
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
git openssh poppler_utils ratsinfo-scraper
|
git openssh poppler_utils ratsinfo-scraper
|
||||||
];
|
];
|
||||||
script = ''
|
script = /* bash */ ''
|
||||||
if [ -d data ]; then
|
if [ -d data ]; then
|
||||||
pushd data
|
pushd data
|
||||||
git pull
|
git pull
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./owncast-archiver.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
deployment = {
|
||||||
|
vcpu = 8;
|
||||||
|
mem = 2048;
|
||||||
|
persistedShares = [ "/etc" "/home" "/var" ];
|
||||||
|
extraShares = [ {
|
||||||
|
source = "/glusterfs/big/microvms/c3d2/config/owncast/archive";
|
||||||
|
mountPoint = config.services.owncast-archiver.targetDir;
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
c3d2.hq.statistics.enable = true;
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "owncast";
|
||||||
|
firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.owncast = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
additionalModules = [ pkgs.nginxModules.fancyindex ];
|
||||||
|
virtualHosts."owncast.c3d2.de" = {
|
||||||
|
default = true;
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString config.services.owncast.port}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
locations."/archive/" = {
|
||||||
|
alias = "${config.services.owncast-archiver.targetDir}/";
|
||||||
|
extraConfig = ''
|
||||||
|
fancyindex on;
|
||||||
|
fancyindex_exact_size off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.nginx.serviceConfig.ReadWritePaths = [
|
||||||
|
config.services.owncast-archiver.targetDir
|
||||||
|
];
|
||||||
|
|
||||||
|
services.owncast-archiver.enable = true;
|
||||||
|
}
|
|
@ -0,0 +1,61 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
owncastArchiver = with pkgs; writeScript "owncast-archiver.sh" ''
|
||||||
|
#! ${runtimeShell} -e
|
||||||
|
|
||||||
|
PATH=${lib.makeBinPath [ coreutils curl jq ffmpeg ]}
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
|
||||||
|
STATUS="$(curl -s https://owncast.c3d2.de/api/status)"
|
||||||
|
ONLINE="$(echo "$STATUS" | jq -r .online)"
|
||||||
|
if [ "$ONLINE" = true ]; then
|
||||||
|
TITLE="$(echo "$STATUS" | jq -r .streamTitle)"
|
||||||
|
ffmpeg -i https://owncast.c3d2.de/hls/0/stream.m3u8 -c copy "$(echo "$(date -Iseconds)_$TITLE.mkv"|tr " +<>:/" "____\\-\\-")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
sleep ${toString cfg.pollInterval}
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
|
||||||
|
cfg = config.services.owncast-archiver;
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.services.owncast-archiver = with lib; {
|
||||||
|
enable = mkEnableOption "owncast archiver";
|
||||||
|
|
||||||
|
targetDir = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/mnt/archive";
|
||||||
|
};
|
||||||
|
|
||||||
|
pollInterval = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 10;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
users.users.archiver = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "nginx";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.owncast-archiver = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "owncast.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ReadWritePaths = cfg.targetDir;
|
||||||
|
WorkingDirectory = cfg.targetDir;
|
||||||
|
User = "archiver";
|
||||||
|
ExecStart = owncastArchiver;
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 60;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,83 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
../../../modules/lxc-container.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
hostName = "prometheus";
|
|
||||||
firewall = {
|
|
||||||
allowedTCPPorts = [ 22 80 443 9090 9091 9093 9094 ];
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.prometheus = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
alertmanager = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
webExternalUrl = "http://prometheus.serv.zentralwerk.org/alertmanager/";
|
|
||||||
listenAddress = "0.0.0.0";
|
|
||||||
configuration = {
|
|
||||||
"global" = {
|
|
||||||
"smtp_smarthost" = "mail.serv.zentralwerk.org:587";
|
|
||||||
"smtp_from" = "alertmanager@prometheus.serv.zentralwerk.org";
|
|
||||||
};
|
|
||||||
"route" = {
|
|
||||||
"group_by" = [ "alertname" "alias" ];
|
|
||||||
"group_wait" = "30s";
|
|
||||||
"group_interval" = "2m";
|
|
||||||
"repeat_interval" = "4h";
|
|
||||||
"receiver" = "team-admins";
|
|
||||||
};
|
|
||||||
"receivers" = [{
|
|
||||||
"name" = "team-admins";
|
|
||||||
# "email_configs" = [
|
|
||||||
# {
|
|
||||||
# "to" = "devnull@example.com";
|
|
||||||
# "send_resolved" = true;
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
# "webhook_configs" = [
|
|
||||||
# {
|
|
||||||
# "url" = "https://example.com/prometheus-alerts";
|
|
||||||
# "send_resolved" = true;
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# alertmanagerURL = [ "http://prometheus.serv.zentralwerk.org/alertmanager/" ];
|
|
||||||
|
|
||||||
pushgateway = {
|
|
||||||
enable = true;
|
|
||||||
web.external-url = "http://prometheus.serv.zentralwerk.org/push/";
|
|
||||||
};
|
|
||||||
|
|
||||||
exporters.collectd.enable = true;
|
|
||||||
exporters.collectd.openFirewall = true;
|
|
||||||
|
|
||||||
exporters.nginx.enable = true;
|
|
||||||
exporters.nginx.openFirewall = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
virtualHosts."prometheus.serv.zentralwerk.org" = {
|
|
||||||
# serverAliases = [ "registry.serv.zentralwerk.org" ];
|
|
||||||
enableACME = true;
|
|
||||||
onlySSL = true;
|
|
||||||
locations.".well-known/acme-challenge/" = {
|
|
||||||
root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
|
|
||||||
};
|
|
||||||
locations."/" = { proxyPass = "http://localhost:9090"; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "20.09"; # Did you read the comment?
|
|
||||||
}
|
|
|
@ -0,0 +1,154 @@
|
||||||
|
{ zentralwerk, config, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
deployment = {
|
||||||
|
mem = 1024;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "prometheus";
|
||||||
|
firewall = {
|
||||||
|
allowedTCPPorts = [
|
||||||
|
# nginx
|
||||||
|
80 443
|
||||||
|
];
|
||||||
|
allowedUDPPorts = [
|
||||||
|
# services.prometheus.exporters.collectd.collectdBinary
|
||||||
|
25826
|
||||||
|
];
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.prometheus = {
|
||||||
|
enable = true;
|
||||||
|
retentionTime = "7d";
|
||||||
|
|
||||||
|
alertmanager = {
|
||||||
|
enable = true;
|
||||||
|
webExternalUrl = "https://prometheus.serv.zentralwerk.org/alertmanager/";
|
||||||
|
listenAddress = "[::1]";
|
||||||
|
configuration = {
|
||||||
|
"route" = {
|
||||||
|
"group_by" = [ "instance" ];
|
||||||
|
"group_wait" = "1m";
|
||||||
|
"group_interval" = "1m";
|
||||||
|
"repeat_interval" = "7d";
|
||||||
|
"receiver" = "xmpp";
|
||||||
|
};
|
||||||
|
"receivers" = [{
|
||||||
|
"name" = "xmpp";
|
||||||
|
"webhook_configs" = [{
|
||||||
|
"url" = "http://127.0.0.1:9022/alert";
|
||||||
|
}];
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
alertmanagers = [{
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "localhost:${toString config.services.prometheus.alertmanager.port}" ];
|
||||||
|
}];
|
||||||
|
path_prefix = "/alertmanager";
|
||||||
|
} {
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "localhost:9022" ];
|
||||||
|
}];
|
||||||
|
}];
|
||||||
|
|
||||||
|
enableReload = true;
|
||||||
|
ruleFiles = [ ./rules.yaml ];
|
||||||
|
|
||||||
|
scrapeConfigs = [{
|
||||||
|
# TODO: authorization?
|
||||||
|
job_name = "node";
|
||||||
|
scrape_interval = "1m";
|
||||||
|
static_configs =
|
||||||
|
let
|
||||||
|
zwNets = zentralwerk.lib.config.site.net;
|
||||||
|
fromNet = net: _:
|
||||||
|
map
|
||||||
|
(host:
|
||||||
|
"${host}.${net}.zentralwerk.org:9100"
|
||||||
|
)
|
||||||
|
(builtins.attrNames zwNets.${net}.hosts4);
|
||||||
|
in
|
||||||
|
[ {
|
||||||
|
targets =
|
||||||
|
fromNet "serv" (_: true);
|
||||||
|
labels.__meta_net = "net-serv";
|
||||||
|
} {
|
||||||
|
targets =
|
||||||
|
fromNet "flpk" (host: host != "flpk-gw");
|
||||||
|
labels.__meta_net = "net-flpk";
|
||||||
|
} {
|
||||||
|
targets =
|
||||||
|
fromNet "cluster" (host: builtins.elem host [
|
||||||
|
"server8"
|
||||||
|
"server9"
|
||||||
|
"server10"
|
||||||
|
]);
|
||||||
|
labels.__meta_net = "net-flpk";
|
||||||
|
} {
|
||||||
|
targets = [ "localhost:${toString config.services.prometheus.exporters.collectd.port}" ];
|
||||||
|
} ];
|
||||||
|
}];
|
||||||
|
|
||||||
|
exporters = {
|
||||||
|
collectd = {
|
||||||
|
enable = true;
|
||||||
|
collectdBinary.enable = true;
|
||||||
|
};
|
||||||
|
# TODO: deploy with every nginx
|
||||||
|
nginx = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
webExternalUrl = "https://prometheus.serv.zentralwerk.org/";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.alert2muc = {
|
||||||
|
enable = true;
|
||||||
|
configFile = config.sops.secrets."alert2muc/config".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
virtualHosts."prometheus.serv.zentralwerk.org" = {
|
||||||
|
# serverAliases = [ "registry.serv.zentralwerk.org" ];
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:${toString config.services.prometheus.port}";
|
||||||
|
extraConfig = ''
|
||||||
|
auth_basic "Prometheus";
|
||||||
|
auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
locations."/alertmanager" = {
|
||||||
|
proxyPass = "http://localhost:${toString config.services.prometheus.alertmanager.port}";
|
||||||
|
extraConfig = ''
|
||||||
|
auth_basic "Prometheus";
|
||||||
|
auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
defaultSopsFile = ./secrets.yaml;
|
||||||
|
secrets."nginx/httpAuth".owner = config.systemd.services.nginx.serviceConfig.User;
|
||||||
|
secrets."alertmanager/xmpp-password".owner = config.systemd.services.prometheus-xmpp-alerts.serviceConfig.User;
|
||||||
|
secrets."alert2muc/config".owner = config.services.alert2muc.user;
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "22.11";
|
||||||
|
|
||||||
|
systemd.services.prometheus-xmpp-alerts.serviceConfig = {
|
||||||
|
DynamicUser = lib.mkForce false;
|
||||||
|
User = "prometheus";
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,84 @@
|
||||||
|
groups:
|
||||||
|
- name: default
|
||||||
|
rules:
|
||||||
|
- alert: oom_kills
|
||||||
|
expr: round(increase(node_vmstat_oom_kill[7d])) >= 1
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: error
|
||||||
|
annotations:
|
||||||
|
summary: service gets oom killed
|
||||||
|
|
||||||
|
- alert: disk_almost_full
|
||||||
|
expr: collectd_df_df_complex{type="free"} < 1024^3
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warn
|
||||||
|
annotations:
|
||||||
|
summary: filesystem has less than 1GB of free space
|
||||||
|
|
||||||
|
- alert: disk_full
|
||||||
|
expr: collectd_df_df_complex{type="free"} < 100 * 1024^2
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warn
|
||||||
|
annotations:
|
||||||
|
summary: filesystem has less than 100MB of free space
|
||||||
|
|
||||||
|
- alert: disk_free
|
||||||
|
expr: predict_linear(collectd_df_df_complex{type="free"}[1h], 8*3600) < 0
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warn
|
||||||
|
annotations:
|
||||||
|
summary: filesystem will be full within 8h
|
||||||
|
|
||||||
|
- alert: load1
|
||||||
|
expr: avg_over_time(node_load1[15m]) > 50
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warn
|
||||||
|
annotations:
|
||||||
|
summary: instance has high load avg
|
||||||
|
|
||||||
|
- alert: systemd_unit_failed
|
||||||
|
expr: increase(node_systemd_unit_state{state="failed"}[7d]) >= 1
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: error
|
||||||
|
annotations:
|
||||||
|
summary: service fails
|
||||||
|
|
||||||
|
- name: network
|
||||||
|
rules:
|
||||||
|
- alert: load1
|
||||||
|
expr: avg_over_time(collectd_load_0[15m]) > 1
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warn
|
||||||
|
annotations:
|
||||||
|
summary: network device has high load avg
|
||||||
|
|
||||||
|
- alert: memory_free
|
||||||
|
expr: collectd_memory{memory="free"} < 4 * 1024^2
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warn
|
||||||
|
annotations:
|
||||||
|
summary: memory full
|
||||||
|
|
||||||
|
- alert: throughput0
|
||||||
|
expr: increase(collectd_interface_if_octets_0_total[10m]) > 10 * 3600 * 1024^2
|
||||||
|
for: 2h
|
||||||
|
labels:
|
||||||
|
severity: warn
|
||||||
|
annotations:
|
||||||
|
summary: sustained throughput
|
||||||
|
|
||||||
|
- alert: throughput1
|
||||||
|
expr: increase(collectd_interface_if_octets_1_total[10m]) > 10 * 3600 * 1024^2
|
||||||
|
for: 2h
|
||||||
|
labels:
|
||||||
|
severity: warn
|
||||||
|
annotations:
|
||||||
|
summary: sustained throughput
|
|
@ -0,0 +1,185 @@
|
||||||
|
alertmanager:
|
||||||
|
xmpp-password: ENC[AES256_GCM,data:v+pRv/q4Z/ZT18PBxxKrq9P9QNbjN14edSeMCo5If6Y=,iv:oIdXFPdppgV7uTWY/eKSK9T2vDXW2Uur9iwnftQB+dQ=,tag:QD2MB3ZeMlvuGIMIpHI97Q==,type:str]
|
||||||
|
alert2muc:
|
||||||
|
config: ENC[AES256_GCM,data:hdVL+/bC67dP/MDfL+Jd7tq09IuP0l3uigi+kFdV6H6KVVj5XcqtTWd7ZUe6s5lo+ZHWx6QGwliSASNFyLWhF2TV6PGFnT/qQyKmQoY+R9nxeuJ8A8wib21F6qVSoiTHMxg0R13d2/Y1LqZdpsa+2KNdSe1UiBD6/LaIDxMd9rQizVUrnSQ5IDm0BNPhdlFfEvRYJO9TWkgQ0sfmt5Q7,iv:1yLsZLtUtfhJ+1+1w5lBSZ4TsDzmGgUFyA5XpJ/WZH4=,tag:78F5sgrrMezSuh8xbqTLiQ==,type:str]
|
||||||
|
nginx:
|
||||||
|
httpAuth: ENC[AES256_GCM,data:PS7icDVNB4g7XBMP7mMSbalkvQ==,iv:0GOfGl97k1AjkRxm2x2f4LpeQOuJcFqAHgdRrbceW6U=,tag:GX5L0wI5zwHwuls7ZOPlOQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age13xhxqulvswuckmpkmy2fgeqd5jx0ar8e2hst33leljt69r6hsvnsrdw63k
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZGJwdVkyejVHb1hLeU9Y
|
||||||
|
QVJ1bURJV2xwV3FaKzF6YXZHTHFyekR4TEJBCkZoUGxwU0trVXdLM3E5cmdPcmtu
|
||||||
|
bE5NNkRNNlBtclpsbXRNaVJtcnVpTW8KLS0tIFpzR1RlM2ZzYi9wSHRQWFZ6VUxs
|
||||||
|
Tml4ZENJd3Y0cmtTdnQ0ZCtTY256Sm8KRKvkk5WDaC8THCqgoKe2cD+AzdAqtfMH
|
||||||
|
GynKYyQU3rgXl4r8K4XUEkEX8g3+SLitfbo35E66531Q/+yQc79V8Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1M1F2N3FEY2xiRFZaVlJv
|
||||||
|
cXUyU1NZYXpKVmlDT2hGM2ltNmVHS0E3SFhVCkcwWmZuT2RZVzg3aC9zQXI3aDhk
|
||||||
|
cFp4RHN2b1RRcXRSNXFudmYrY3oydVEKLS0tIE1JUXdpVlFkQzZKNFBVaFFKTkxR
|
||||||
|
dkpOeVJIVnJtNDM5M0RQaWRudUcxOG8KZnHCLuyPFdx4j1WY6fk8nqMeACmpYZzU
|
||||||
|
EpNqjoBswCkUnaRMVcj5lrHvHDjdbQ0Ypn3s/YvI4UBsXMnnv9UD7w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-12-16T23:40:12Z"
|
||||||
|
mac: ENC[AES256_GCM,data:GXW0hMq84q5DrbV9YLNu5fvgAwFuBoq3cK7fD+FYHdnX1hq/6pTF2ksu7K7M9DE4yetXx7RKBWERm/1DShpV7Qe0jP/+kh31uwhCws6Ay0l14UDT52lL8uQ/jDHKv6ghG4/Q58u1Hvj/xZas34YmYxxJoyEzzCbMSfSgWh6GSMM=,iv:GuBCWI6s9yLhz3tEarZ1gbtXC+gUOVlbc43bezb9nbU=,tag:2bE8yOu87ooLdqjU5Ex1MQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2022-11-27T00:27:03Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA6j84+xkv3y7AQ//bQe3Ci9UwmvIuNasPiFzRtI+872msVZWlthYHc0SkrU9
|
||||||
|
A8exnBo0uQbA6h5sA/so+CCt4wIxhMGikzapgTQZ1oP24fzvInES0aSuUsBDfys8
|
||||||
|
Mgp9lvRGCv5jaxhfF8gAeI46M0qvkIkbSInfaLjjFbQn9xFwPrejE4l8RQ8At4Di
|
||||||
|
NSWkvxNQlLH0qBVyXbFvToMhSYVZFsGoncHcNTOC4nEktnFNhptsjsvtA4u6aatv
|
||||||
|
QXSLrlDY5ng4hvjtDTvrzdS1UH5pE9gm9xgqdb95xiS24zwTUGbACP8sWVIUKPX/
|
||||||
|
E38/g6H1AmaVadK/t9F/fP5sTcBI2dMHxHXbndpOb2MxS2lJ/sA4rbFmaVHmblgR
|
||||||
|
J3w1g7JqPOANEneKJ4JWVDRWYwfgQ2IpB4EAetiDtN7KJTWyUgSrB0unNcmy+4cd
|
||||||
|
2H+/CM9ARDwnohPhypSIovjXeh8L1uHqniUXxlIUbXHoNugRybQZYMxZx3cLoH5a
|
||||||
|
WTTy+KJKLdRjeYxDyxVq00KCe9dXsxP/CTRpxZN+ejVAFvDqukzmI3yfSlgiX/M1
|
||||||
|
Ysaa9su1NiFU5h4xsY828Vw4TsNfeiUB/MkHlQQc0f09cd0Aq7Z7lnGs9oWJQOKX
|
||||||
|
bqI6Fjw3nY1QYkfivFZ3baXq4rbt7kTN5WoA+tPXntNVibp93A4X3jl53X5coPbS
|
||||||
|
UQGz3jOgf7Vm5LUQ0VAErMClgKhddv9u+g0XH/uunfRO1ULw4fLFxBmpq/18Tfdg
|
||||||
|
YgiTyJRW/qEqXGzbRl+k2oJz49rn6uJ+Fj6quwZHU67EwA==
|
||||||
|
=kTaA
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: A5EE826D645DBE35F9B0993358512AE87A69900F
|
||||||
|
- created_at: "2022-11-27T00:27:03Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8zMZ+ak7y/zARAA3O9dCE+hACJ84wcEQ+eOF9xlZo96cUbcI/v75+PX9mBG
|
||||||
|
js0ST9ykF8YFtAkAjpuS/B3dwPQY8PdA1fYX83Ke/tw4UeikF3e5kJ2SadlhryGE
|
||||||
|
XpV0qRp79QCHPMauVGYiMK9gLtkgZFGYRcy3GEIz8EDvRpgYnSKJNrJXjDOJhW++
|
||||||
|
WyjwytvSE3WHogP+mhOMgRIn+uYuqirw5c6jIq33ZS3pPuaGe4IR3YysNL8vI+z5
|
||||||
|
6QFa/Vzrh+T2gE6/iGyZ+/Kc0N2Rbg8YwEec5nFGKMAyRsK4nO6e2h+nAjoCR2Hn
|
||||||
|
3NZ4elSTJB+/yRCxcs+TECynPkFpjER49c0sHSvyaCvkoQmRc4kZChukbPEG4SDi
|
||||||
|
qMQnmYNfto5TgkM/2SDpzK+UFq3iYVt+lTySW2sdtn2Kv/oDy/iFfsqFuIix1Egu
|
||||||
|
rlwfSusdLFzvkzD0Lc8ynEevJAA2q7ZnVxSpY7EUgR+9RLfRn3m5KwHzvl20Ylvk
|
||||||
|
O3GU3tJSERY794WmCNiGlmz4q6G84WQTGFo/7e/fxGQJ1gz4btQdxnHMZFJywHzh
|
||||||
|
klO3ZxgFPWfKiBzI47ta/xHxUhcYwjVud3IG8rc/g8LSt4ZJ4aEBIRvrQk6m5v5h
|
||||||
|
32AtP2c3bLz0uSyQWZ4z5OarAxKoReb+7aYPU7BZpoqciElQkyza/hAdC6iEf17S
|
||||||
|
UQFWWEbUvBNW3hWYNhv1sVcIownmObMP5jbwJ/1UuGVBK4MfCCpLcoJgIeVH0m5h
|
||||||
|
LHdHmgwkKO5Rpn7iO8EDn69lBYM2mhbCDeigCaAubLAnsQ==
|
||||||
|
=XHIF
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A
|
||||||
|
- created_at: "2022-11-27T00:27:03Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcBMA45bZkLXmBFpAQgAtwj46Mv1ih23i4RUjW+WwqTrt+2d65JK4Kjm5oPvpGyO
|
||||||
|
hoYLuEV2V9dI1WoJgmp0+pUS/f8LxJdo1OxeZP82ctrOFPxcb1wLfoG+Vg94GPHx
|
||||||
|
wMtY9jNn0W3FX66a32AK0GNorSLl1miT7NRBimD2KAvoPSqKEGc1av4xDm9ue1fc
|
||||||
|
tdcFf8MJjAvaNtAfCvnQ4NqM+lJwPjNmH6CtAQlHHJMgHFuNXZvY8lYbGOw7JpKt
|
||||||
|
opGQD11FjMa5EUyxZfTk8vrPuhgTGknbj/hJOaRLJtTRjnjPfFkLULS9lwaJ0RxN
|
||||||
|
UVI0v6FfrBcC/rfRJC7Uda0UvDSaaUNAiYlSlQZ4c9JRAVKh3yUxGC4rEDP+ecGO
|
||||||
|
8VPvF+H5c3xJ6Qe+81Q1B+vm6rq8WoguilPlQLD3fc8C3vqqNTWpA0b0vVUXm/oq
|
||||||
|
/yeF6f4+jLkZ16LNzIpQ9uyq
|
||||||
|
=qkB4
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9
|
||||||
|
- created_at: "2022-11-27T00:27:03Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAwMCBBrc/JA6AQ/9G/+euKdVS9Jiqs9yRyqAujcPwPlYr85zAk+Rjzjo1tux
|
||||||
|
N07qtz6z7HRHgHhP4lGRw7PkvUkxdFB19nnF41jn4ohoXGJrSkHlKEXGcrCJP+Lm
|
||||||
|
8bIKAkTqXvN3qqJH6Rbd76T3wpLAQuq9pm4fsxXl1qHU2PMxehbhVZnwHtPT5mD9
|
||||||
|
YkJV0ZVW91tDeJT5Od93vPyD+z+vccS0kBTWVwlSG7I0fMwQsbQwkVtqrJWM2Foa
|
||||||
|
UPYHDgZEKIMEvpYwy33l9NHjrsLf/kul/xNtKxFCzcjOkw9k/pJdc6CVzX2rVhtp
|
||||||
|
shUOMdzFh/DYqdtwm1h7VVS8xGSdlcFb7nxgYGZuIY8QsWuRB/+j/p5vDmlE46P9
|
||||||
|
SvsuwFJnNc7bE8EHuU1GJGJdQUpyVv+nPGam7L3zLoLRggB8OBS07e/z+ORLogB8
|
||||||
|
I7AF6Pcx9g0AwZeeEczhBYQvFcGjuHGb6uJNMYLylxoNm8u197Fyu7On3l7/IJqX
|
||||||
|
q0w4ickZlkPySbx1OeqIEektiw69HwYhr3/E9B6O+0YL8JRJ5qVtDSw5cudhgIlB
|
||||||
|
b5AfMqt1l+KvjByalhCK6msfuOUDnMhbdjLvSOr8iDUXQ/ZGPtiPaJDJ2Htx32yh
|
||||||
|
zmhWfI7Ws0l/z8Ai939k5ssESccOAfsV4WaKcCcbAke581n+jYEwcTp4KQKzoLLS
|
||||||
|
UQE1vWLijpOjby3So2IMu9gBF0ZmN9EkCt12IP1oa3mMU2yZ5wV/VW1BLSezuVvE
|
||||||
|
v7/FuFnC3jvvYxLV9VUYKQ492PS8oLAwirxrL5a45IyrMA==
|
||||||
|
=of/K
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 4F9F44A64CC2E438979329E1F122F05437696FCE
|
||||||
|
- created_at: "2022-11-27T00:27:03Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA9XEenRNYVGHARAAir30MBOtYtXP3K0hN++LgCtLefPi6455kns0KWkPI8Jd
|
||||||
|
tIrn7h7/O4Znd4QO8Iz1ouyubeEvLbLjS4wMc4NIUNVoDWpmlWveHDgp9ddLDLUG
|
||||||
|
MYBsswVVx2SwCzsIQHADpAa0m2MSfmhTxwBP+lieFg5T3LQi0Jo30DFrDtdIKLbN
|
||||||
|
GPeHuDFdQ8zB2dyPXvSgsOxW9ZNDXAObwewsuEAWhQtkNvtIH62fH+wopjtEdZAX
|
||||||
|
pbHwcAZCOVciWhbKo3zKme1Jq6XQE8Of+w0mBoMeeVr+f54s+1DRE6vy2hH5QDBK
|
||||||
|
1oWRtWpoFrTKGO/KwN5QsehgP6FqZVaWiAMubAR17k2WGzlTQvIWoCxlpv+Mu7eN
|
||||||
|
tsqbLyEmMvmc1NoN06N2CP31KP1Z9bwpxPmiz9Ph8ZfzL9Qw68zJx+dFjrAJIEuo
|
||||||
|
T1KOuWkfPg6llE5Hs+1WqR4Kj0+uH7irNjRGCv6ruWVoYQXP/7dpnwcHBX/Is5IN
|
||||||
|
2gR4Btn4t+nBNCfVcvOq0CUdFGrOr/O0sUDX7Ob0Gqu7fY3nrZpTwGQ5okPFSpJE
|
||||||
|
1/OkWIUgAEHO1Y3X61nc2Iu5eI+jYmSaF12xjiHdKGwmkLfryt4taQBmxPJSN7ym
|
||||||
|
0uiXf0d8SRuqHbz8keBCjp85RV/y1XGX08yltgPXpU2fmv1k5dKErBtNeAIudD/S
|
||||||
|
UQERFu1HIYfCPzAxwI3Z+WbTFo+euO0dZ1Uaw8CVMGcaMTufNQg7H99d+td2pM+D
|
||||||
|
/W8QfZAIGSYDjYWn6YffgRvDwsNZeMpGRo57XNvwZiIu7g==
|
||||||
|
=xRwC
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA
|
||||||
|
- created_at: "2022-11-27T00:27:03Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcBMA/Z87ylQaotQAQf/ceQh3zHJqWDRP2Q1l5rz69DfEweCJkuCxewVICRKYVie
|
||||||
|
p4LzKUjnZp+8KB3LjHzSEuQXc0eqNXNmGu908uwbwG9Z+xiFj+CIe7KMZWW42gY+
|
||||||
|
I1/nOA0WRzOYevO3vlZSzfZgsN5tfFkQkrU4hMf6YFhuM1m3HOrz5P9pc7uJGETh
|
||||||
|
wHX7k0BSrUjmg8RYcJ+WIc2SPUqv/g0zceLSTE0Btpxg3XmrcHnvs/ThQ6afxHYN
|
||||||
|
K0QEAgIqWwzNU+1+1QkB+yFeAflY10Zbhv0K+WdTn7JzlJZrxyvY32x7lTfCH5c1
|
||||||
|
ycZy/AvGfk5ohkLtSx9f1DxpRCUlOS5TvP7I5X47p9JRAZAaCM9HCG4uMKZwkmEF
|
||||||
|
/Yf7fTJHnIPPY7neR+2qUUg/Y3Th1mNbijBtV0A8XLFpNtWpn8Qzylmak2amYIql
|
||||||
|
l6cwBxhl5N3vg7LGxUQQJfEO
|
||||||
|
=dfLg
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 9EA68B7F21204979645182E4287B083353C3241C
|
||||||
|
- created_at: "2022-11-27T00:27:03Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA9qJIVK2WMV7AQ/+JXfpbLEUdY8fSAmKo/MyaZi9K9cHDs7c4CnEU3Mi8enh
|
||||||
|
9j1/0KTzs99zb6gZKQ/z4MMCiNQ70jK5XcTOgrKtUKeZ0sH969TDamsxxD1Ocfxh
|
||||||
|
Ts+MGTE9C+odIBFvQDOAazkWbPGQ8EheCDauFk8FFZDBj8oK3Vw7hKUxYFMBTM/z
|
||||||
|
UBLAHkbO6Sv38AHmqsHwzsP0+YZgA9pployt28arYXlwX+I7tYAK1V74SkxIWSD1
|
||||||
|
4YHSJvHpos25/MS/PNR4SEQFSceQGfDuFCdwfkC6bKi7tdp3Af34q4v6OqA/iFnx
|
||||||
|
hErcjrXPmlHm/YR2gd7AcLPb7WolB8/j/txl1TAxkSwCRodqcQH8L3bYoA9XxkHP
|
||||||
|
7Yd5gfvivkQy0sjKF3dwpetu4bOdZUEwj+jY/54iHPECKTLK7TFGJ48A3v51Juw3
|
||||||
|
4uU4pPVCTkQnRnkknbhicvs2IzvgS/OfAJTUBKW8+3yPkWenQQfeje0VHSUfT9hO
|
||||||
|
KQ3zafhwGShqXPxbM0J9beigvL3iDE3U7YZYOfrryuHCveSkXobwQZY0Ylok52BX
|
||||||
|
9t12lOldOKBLy127V0sQeZ4eWRiKjoyHC46DFByWN03dn6yRXrcE/8QGOyUgu2PR
|
||||||
|
3SOEm1pnujVa5dhq0MVAxwgHH/+avI+HM0VHRsykYVVOR5O9ywpCAurgB0/wKJrS
|
||||||
|
UQEUAPEm/YDfg7no9GnD/tXCwIgjO1m+H8+Z8e3Mama4hPZV9fuSc4M8GQGhWqFY
|
||||||
|
jYvNgfR7UG/RsqAxoEA1hCoh0Jfu6uLX5/P9X0DQdM8WHA==
|
||||||
|
=KHuT
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 53B26AEDC08246715E15504B236B6291555E8401
|
||||||
|
- created_at: "2022-11-27T00:27:03Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA/YLzOYaRIJJARAAs33yYShXtNdy9N+7D0fs5EU7gWYmJfL/lETxkcmQjQg9
|
||||||
|
baX2Zqc2z96jg9TcqFuwbvV6xb/JrSGOs/Qusq1lGPhGaSNHo1KWY8EyDM/6v04x
|
||||||
|
bE9poMb3D0HzIpm+fpDkKZyU15f3Mye5rauQm8a6qgHfd0Aus1HNs9R7RjBeU6pc
|
||||||
|
esEOFOAvbKhg5FcY+E7BVa6nHAHACaK0jiTKNEWU3qfTAqYqarGXhALhujywHMxh
|
||||||
|
YBtu1EQBGimAT6orZCaBMaLbH4LL6ozFk50jHQSgDxti/J4GHDtN4GVzIzySwfkS
|
||||||
|
1S/8PYiM7UglxmdezxopOijzQD36DU0Sh6m44KWIWFPeN2P/Zkau16sfDQ49/K1w
|
||||||
|
sEoZK9RZlFXI+O0PsPHmUkewvUhHMbLF8oa4By8jS0I6rcR+zNPlXQ3Y44v5bEtk
|
||||||
|
y+9CaeJWg0mPf+rtqa5cwkbJhNgpMJM2k6sl5reczVzruYRkMcMO9QlIUF1Apxxa
|
||||||
|
Z6hkFS7TlY7GQ0mpeg7DgKzCOHzHxVPRetit5uH25zxluHzwxYF16G6K2fF+V71v
|
||||||
|
ERlryh/cJDuwAl64aXgIw1DBWMOwixJjO+qfyEUrb4taOXyv5wJ0p+ew6F6AeWue
|
||||||
|
RC1aHcfXN3QJsqXCRRqdI8ceu/Tfo5xTOOAqbNlDzM/kcEXj4rE8WS1cKNknLZHS
|
||||||
|
UQH9XIbJ70Nc5gWR35V7z2Lqos2TRp4WaeTbmr7z902wMDAl2GrjRoyo8EA7k2gG
|
||||||
|
13XKgeObbkdmE7dTwOZbhzrBDFn2pcyI1NsC85iX154pKQ==
|
||||||
|
=wWjU
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 91EBE87016391323642A6803B966009D57E69CC6
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
|
@ -65,7 +65,7 @@
|
||||||
"autotopia.c3d2.de"
|
"autotopia.c3d2.de"
|
||||||
"c3d2-web.serv.zentralwerk.org"
|
"c3d2-web.serv.zentralwerk.org"
|
||||||
];
|
];
|
||||||
proxyTo.host = config.c3d2.hosts.c3d2-web.ip4;
|
proxyTo.host = zentralwerk.lib.config.site.net.flpk.hosts4.c3d2-web;
|
||||||
} {
|
} {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"codimd.c3d2.de"
|
"codimd.c3d2.de"
|
||||||
|
@ -133,6 +133,12 @@
|
||||||
} {
|
} {
|
||||||
hostNames = [ "zengel.datenspuren.de" ];
|
hostNames = [ "zengel.datenspuren.de" ];
|
||||||
proxyTo.host = config.c3d2.hosts.zengel.ip4;
|
proxyTo.host = config.c3d2.hosts.zengel.ip4;
|
||||||
|
} {
|
||||||
|
hostNames = [ "owncast.c3d2.de" ];
|
||||||
|
proxyTo.host = config.c3d2.hosts.owncast.ip4;
|
||||||
|
} {
|
||||||
|
hostNames = [ "c3d2.social" ];
|
||||||
|
proxyTo.host = config.c3d2.hosts.mastodon.ip4;
|
||||||
} ];
|
} ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -149,7 +155,7 @@
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = with pkgs; [ socat ];
|
path = with pkgs; [ socat ];
|
||||||
script = ''
|
script = ''
|
||||||
socat tcp6-listen:1965,fork "tcp6:[${zentralwerk.lib.config.site.net.serv.hosts6.dn42.c3d2-web}]:1965"
|
socat tcp6-listen:1965,fork "tcp6:[${zentralwerk.lib.config.site.net.flpk.hosts6.flpk.c3d2-web}]:1965"
|
||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ProtectSystem = "strict";
|
ProtectSystem = "strict";
|
||||||
|
|
|
@ -1,50 +1,48 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
with lib;
|
let
|
||||||
let cfg = config.services.proxy;
|
cfg = config.services.proxy;
|
||||||
|
canonicalize = builtins.replaceStrings [ "*" "." ":" "[" "]" ] [ "all" "_" "_" "" "" ];
|
||||||
canonicalize = builtins.replaceStrings ["*" "." ":" "[" "]"] ["all" "_" "_" "" ""];
|
in
|
||||||
|
{
|
||||||
in {
|
|
||||||
|
|
||||||
options.services.proxy = {
|
options.services.proxy = {
|
||||||
|
enable = lib.mkOption {
|
||||||
enable = mkOption {
|
|
||||||
default = false;
|
default = false;
|
||||||
description = "whether to enable proxy";
|
description = "whether to enable proxy";
|
||||||
type = types.bool;
|
type = lib.types.bool;
|
||||||
};
|
};
|
||||||
|
|
||||||
proxyHosts = mkOption {
|
proxyHosts = lib.mkOption {
|
||||||
type = types.listOf (types.submodule {
|
type = lib.types.listOf (lib.types.submodule {
|
||||||
options = {
|
options = {
|
||||||
hostNames = mkOption {
|
hostNames = lib.mkOption {
|
||||||
type = types.listOf types.str;
|
type = with lib.types; listOf str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
description = ''
|
description = ''
|
||||||
Proxy these hostNames.
|
Proxy these hostNames.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
proxyTo = mkOption {
|
proxyTo = lib.mkOption {
|
||||||
type = types.submodule {
|
type = lib.types.submodule {
|
||||||
options = {
|
options = {
|
||||||
host = mkOption {
|
host = lib.mkOption {
|
||||||
type = types.nullOr types.string;
|
type = with lib.types; nullOr string;
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
Host to forward traffic to.
|
Host to forward traffic to.
|
||||||
Any hostname may only be used once
|
Any hostname may only be used once
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
httpPort = mkOption {
|
httpPort = lib.mkOption {
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
default = 80;
|
default = 80;
|
||||||
description = ''
|
description = ''
|
||||||
Port to forward http to.
|
Port to forward http to.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
httpsPort = mkOption {
|
httpsPort = lib.mkOption {
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
default = 443;
|
default = 443;
|
||||||
description = ''
|
description = ''
|
||||||
Port to forward http to.
|
Port to forward http to.
|
||||||
|
@ -57,8 +55,8 @@ in {
|
||||||
'';
|
'';
|
||||||
default = { };
|
default = { };
|
||||||
};
|
};
|
||||||
matchArg = mkOption {
|
matchArg = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = "";
|
default = "";
|
||||||
description = "Optional argument to HAProxy `req.ssl_sni -i`";
|
description = "Optional argument to HAProxy `req.ssl_sni -i`";
|
||||||
};
|
};
|
||||||
|
@ -76,11 +74,9 @@ in {
|
||||||
};
|
};
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
services.haproxy = {
|
services.haproxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
|
@ -101,10 +97,9 @@ in {
|
||||||
option forwardfor
|
option forwardfor
|
||||||
http-request set-header X-Forwarded-Proto http
|
http-request set-header X-Forwarded-Proto http
|
||||||
http-request set-header X-Forwarded-Port 80
|
http-request set-header X-Forwarded-Port 80
|
||||||
${
|
${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }:
|
||||||
concatMapStrings ({ proxyTo, hostNames, matchArg }:
|
lib.optionalString (hostNames != [ ] && proxyTo.host != null) (
|
||||||
optionalString (hostNames != [ ] && proxyTo.host != null) (
|
lib.concatMapStrings (hostname: ''
|
||||||
concatMapStrings (hostname: ''
|
|
||||||
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
|
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
|
||||||
server ${canonicalize hostname}-http ${proxyTo.host}:${
|
server ${canonicalize hostname}-http ${proxyTo.host}:${
|
||||||
toString proxyTo.httpPort
|
toString proxyTo.httpPort
|
||||||
|
@ -118,13 +113,13 @@ in {
|
||||||
bind :::443 v4v6
|
bind :::443 v4v6
|
||||||
tcp-request inspect-delay 5s
|
tcp-request inspect-delay 5s
|
||||||
tcp-request content accept if { req.ssl_hello_type 1 }
|
tcp-request content accept if { req.ssl_hello_type 1 }
|
||||||
${concatMapStrings ({ proxyTo, hostNames, matchArg }:
|
${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }:
|
||||||
concatMapStrings (hostname: ''
|
lib.concatMapStrings (hostname: ''
|
||||||
use_backend ${canonicalize proxyTo.host}-https if { req.ssl_sni -i ${matchArg} ${hostname} }
|
use_backend ${canonicalize proxyTo.host}-https if { req.ssl_sni -i ${matchArg} ${hostname} }
|
||||||
'') hostNames
|
'') hostNames
|
||||||
) cfg.proxyHosts}
|
) cfg.proxyHosts}
|
||||||
|
|
||||||
${concatMapStrings ({ proxyTo, hostNames, matchArg }: ''
|
${lib.concatMapStrings ({ proxyTo, ... }: ''
|
||||||
backend ${canonicalize proxyTo.host}-https
|
backend ${canonicalize proxyTo.host}-https
|
||||||
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
|
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
|
||||||
toString proxyTo.httpsPort
|
toString proxyTo.httpsPort
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
c3d2.hq.statistics.enable = true;
|
c3d2.hq.statistics.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
#imports =
|
#imports =
|
||||||
|
|
|
@ -26,14 +26,13 @@
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
loader = {
|
||||||
|
# generates entry for u-boot
|
||||||
|
generic-extlinux-compatible.enable = true;
|
||||||
grub.enable = false;
|
grub.enable = false;
|
||||||
raspberryPi = {
|
raspberryPi = {
|
||||||
enable = true;
|
# don't use rpi bootloader shit
|
||||||
|
enable = false;
|
||||||
version = 4;
|
version = 4;
|
||||||
# TODO: this machine actually has u-boot setup but that's no
|
|
||||||
# longer working with nixos-22.05. DO NOT REBOOT! :-)
|
|
||||||
# https://github.com/NixOS/nixpkgs/pull/112677
|
|
||||||
# uboot.enable = true;
|
|
||||||
firmwareConfig = ''
|
firmwareConfig = ''
|
||||||
gpu_mem=192
|
gpu_mem=192
|
||||||
dtparam=audio=on
|
dtparam=audio=on
|
||||||
|
@ -86,9 +85,9 @@
|
||||||
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = {
|
nix.settings = {
|
||||||
buildCores = 4;
|
cores = 4;
|
||||||
maxJobs = 2;
|
max-jobs = 2;
|
||||||
};
|
};
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
|
@ -131,5 +130,14 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.extraConfig = ''
|
||||||
|
# Keep cores 2-3 exclusive for SDR processing
|
||||||
|
CPUAffinity=0-1
|
||||||
|
'';
|
||||||
|
systemd.services = {
|
||||||
|
soapysdr-server.serviceConfig.CPUAffinity = "2-2";
|
||||||
|
readsdb.serviceConfig.CPUAffinity = "3-3";
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,14 +54,14 @@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
buildCores = 2;
|
|
||||||
maxJobs = 1;
|
|
||||||
# trustedUsers = [ "client" ];
|
|
||||||
extraOptions = ''
|
|
||||||
builders-use-substitutes = true
|
|
||||||
'';
|
|
||||||
daemonCPUSchedPolicy = "idle";
|
daemonCPUSchedPolicy = "idle";
|
||||||
daemonIOSchedClass = "idle";
|
daemonIOSchedClass = "idle";
|
||||||
|
settings = {
|
||||||
|
builders-use-substitutes = true;
|
||||||
|
cores = 2;
|
||||||
|
max-jobs = 1;
|
||||||
|
# trusted-users = [ "client" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostRegistry, nixpkgs, config, lib, pkgs, modulesPath, ... }:
|
{ hostRegistry, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ zentralwerk, pkgs, config, scrapers, ... }:
|
{ pkgs, config, scrapers, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
freifunkNodes = {
|
freifunkNodes = {
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
{ zentralwerk, config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
deployment = {
|
deployment = {
|
||||||
# needs to keep just its ssh key for sops-nix
|
# needs to keep just its ssh key for sops-nix
|
||||||
persistedShares = [ "/home" "/etc" "/var" ];
|
persistedShares = [ "/home" "/etc" "/var" ];
|
||||||
mem = 4096;
|
mem = 4096;
|
||||||
|
vcpu = 16;
|
||||||
|
needForSpeed = true;
|
||||||
};
|
};
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = false;
|
isInHq = false;
|
||||||
|
@ -86,7 +88,4 @@
|
||||||
inherit (pkgs.mucbot) password;
|
inherit (pkgs.mucbot) password;
|
||||||
muc = "luftraum@chat.c3d2.de/Hubschraubereinsatz";
|
muc = "luftraum@chat.c3d2.de/Hubschraubereinsatz";
|
||||||
};
|
};
|
||||||
|
|
||||||
# noXlibs breaks cairo:
|
|
||||||
environment.noXlibs = false;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -9,9 +9,10 @@
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
deployment.microvmBaseZfsDataset = "server10/vm";
|
deployment.microvmBaseZfsDataset = "server10/vm";
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
|
simd.arch = "ivybridge";
|
||||||
};
|
};
|
||||||
|
|
||||||
boot= {
|
boot = {
|
||||||
loader.grub = {
|
loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
version = 2;
|
version = 2;
|
||||||
|
@ -49,6 +50,7 @@
|
||||||
"data-hoarder"
|
"data-hoarder"
|
||||||
"staging-data-hoarder"
|
"staging-data-hoarder"
|
||||||
];
|
];
|
||||||
|
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "4";
|
||||||
|
|
||||||
system.stateVersion = "21.11"; # Did you read the comment?
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
microvms = {
|
microvms = {
|
||||||
staging-data-hoarder = {
|
staging-data-hoarder.flakeref = "git+file:///tmp/dvb-nix-config";
|
||||||
flakeref = "git+file:///tmp/dvb-nix-config";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
realizeFlake = with pkgs; "${writeScriptBin "realize-flake" ''
|
realizeFlake = with pkgs; "${writeScriptBin "realize-flake" ''
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
c3d2 = {
|
||||||
|
# deployment.microvmBaseZfsDataset = "tank/storage";
|
||||||
|
hq.statistics.enable = true;
|
||||||
|
simd.arch = "westmere";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
version = 2;
|
||||||
|
# Define on which hard drive you want to install Grub.
|
||||||
|
device = "/dev/disk/by-id/scsi-3600300570140a6102b0acad9825149f2"; # or "nodev" for efi only
|
||||||
|
};
|
||||||
|
|
||||||
|
# kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
|
kernelParams = [
|
||||||
|
"preempt=none"
|
||||||
|
# No server/router runs any untrusted user code
|
||||||
|
"mitigations=off"
|
||||||
|
];
|
||||||
|
tmpOnTmpfs = true;
|
||||||
|
tmpOnTmpfsSize = "80%";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "server8";
|
||||||
|
hostId = "08080808";
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
openssh.enable = true;
|
||||||
|
smartd.enable = true;
|
||||||
|
zfs.autoScrub.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";
|
||||||
|
|
||||||
|
system.stateVersion = "22.11";
|
||||||
|
}
|
|
@ -0,0 +1,61 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "megaraid_sas" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "server8_root/nixos";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var" =
|
||||||
|
{ device = "server8_root/nixos/var";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" =
|
||||||
|
{ device = "server8_root/nixos/nix";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix/store" =
|
||||||
|
{ device = "server8_root/nixos/nix/store";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix/var" =
|
||||||
|
{ device = "server8_root/nixos/nix/var";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/984ea997-9591-4efb-8212-8381ad829d0b";
|
||||||
|
fsType = "ext2";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp5s0f0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp5s0f1.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp5s0f2.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp5s0f3.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp8s0f0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp8s0f1.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -1,10 +1,17 @@
|
||||||
{ config, pkgs, ... }:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
boot= {
|
|
||||||
|
c3d2 = {
|
||||||
|
deployment.microvmBaseZfsDataset = "tank/storage";
|
||||||
|
hq.statistics.enable = true;
|
||||||
|
simd.arch = "westmere";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
loader.grub = {
|
loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
version = 2;
|
version = 2;
|
||||||
|
@ -25,22 +32,24 @@
|
||||||
hostName = "server9";
|
hostName = "server9";
|
||||||
hostId = "09090909";
|
hostId = "09090909";
|
||||||
};
|
};
|
||||||
system.stateVersion = "21.11";
|
|
||||||
services.openssh.enable = true;
|
|
||||||
|
|
||||||
services.zfs.autoScrub.enable = true;
|
# required by libvirtd
|
||||||
services.smartd.enable = true;
|
security.polkit.enable = true;
|
||||||
|
|
||||||
c3d2 = {
|
services = {
|
||||||
deployment.microvmBaseZfsDataset = "tank/storage";
|
openssh.enable = true;
|
||||||
hq.statistics.enable = true;
|
smartd.enable = true;
|
||||||
|
zfs.autoScrub.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3";
|
||||||
|
|
||||||
|
system.stateVersion = "21.11";
|
||||||
|
|
||||||
# XXX: enable for zw-ev and poelzi-ha until we find a better solution
|
# XXX: enable for zw-ev and poelzi-ha until we find a better solution
|
||||||
virtualisation.libvirtd = {
|
virtualisation.libvirtd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
onShutdown = "shutdown";
|
onShutdown = "shutdown";
|
||||||
};
|
};
|
||||||
# required by libvirtd
|
|
||||||
security.polkit.enable = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ zentralwerk, ... }:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
server = "server10";
|
server = "server10";
|
||||||
|
|
|
@ -1,13 +1,12 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
|
deployment = {
|
||||||
|
persistedShares = [ "/etc" "/home" "/var" ];
|
||||||
|
mem = 512;
|
||||||
|
};
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = false;
|
isInHq = false;
|
||||||
hq.statistics.enable = true;
|
hq.statistics.enable = true;
|
||||||
deployment = {
|
|
||||||
server = "server9";
|
|
||||||
mounts = [ "etc" "home" "var" ];
|
|
||||||
mountBase = "/tank/storage/${config.networking.hostName}";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
@ -1,36 +1,16 @@
|
||||||
{ zentralwerk, config, pkgs, ... }:
|
{ zentralwerk, config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||||
mac = {
|
|
||||||
pub = "DE:91:C7:51:D1:C5";
|
|
||||||
serv = "C6:40:E0:21:9B:A4";
|
|
||||||
};
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
networking.hostName = "stream";
|
networking.hostName = "stream";
|
||||||
c3d2.hq.statistics.enable = true;
|
c3d2.hq.statistics.enable = true;
|
||||||
c3d2.deployment = {
|
deployment = {
|
||||||
server = "server9";
|
persistedShares = [ "/etc" "/home" "/var" ];
|
||||||
autoNetSetup = false;
|
storage = "big";
|
||||||
mounts = [];
|
mem = 4096;
|
||||||
|
networks = lib.mkForce [ "pub" "serv" ];
|
||||||
};
|
};
|
||||||
microvm.mem = 2048;
|
|
||||||
microvm.interfaces = [ {
|
|
||||||
type = "tap";
|
|
||||||
id = "pub-stream";
|
|
||||||
mac = mac.pub;
|
|
||||||
} {
|
|
||||||
type = "tap";
|
|
||||||
id = "serv-stream";
|
|
||||||
mac = mac.serv;
|
|
||||||
} ];
|
|
||||||
microvm.shares = map (name: {
|
|
||||||
source = "/tank/storage/stream/${name}";
|
|
||||||
mountPoint = "/${name}";
|
|
||||||
tag = name;
|
|
||||||
proto = "virtiofs";
|
|
||||||
socket = "${name}.socket";
|
|
||||||
}) [ "etc" "home" "var" ];
|
|
||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -39,19 +19,14 @@ in
|
||||||
# rest of the network so that I am reachable by
|
# rest of the network so that I am reachable by
|
||||||
# public-access-proxy.
|
# public-access-proxy.
|
||||||
|
|
||||||
links."00-serv" = {
|
networks."30-serv" = {
|
||||||
matchConfig.MACAddress = mac.serv;
|
|
||||||
linkConfig.Name = "serv";
|
|
||||||
};
|
|
||||||
|
|
||||||
networks."00-serv" = {
|
|
||||||
matchConfig.MACAddress = mac.serv;
|
|
||||||
networkConfig.IPv6AcceptRA = false;
|
networkConfig.IPv6AcceptRA = false;
|
||||||
# try harder disabling global ipv6
|
# try harder disabling global ipv6
|
||||||
networkConfig.LinkLocalAddressing = "no";
|
networkConfig.LinkLocalAddressing = "no";
|
||||||
addresses = [ {
|
addresses = [ {
|
||||||
addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
|
addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
|
||||||
} ];
|
} ];
|
||||||
|
gateway = lib.mkForce [];
|
||||||
routes = [ {
|
routes = [ {
|
||||||
routeConfig = {
|
routeConfig = {
|
||||||
Destination = "172.20.0.0/14";
|
Destination = "172.20.0.0/14";
|
||||||
|
@ -61,15 +36,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
# On the pub network I am a normal client.
|
# On the pub network I am a normal client.
|
||||||
|
networks."30-pub" = {
|
||||||
links."00-pub" = {
|
|
||||||
matchConfig.MACAddress = mac.pub;
|
|
||||||
linkConfig.Name = "pub";
|
|
||||||
};
|
|
||||||
|
|
||||||
networks."01-pub" = {
|
|
||||||
matchConfig.MACAddress = mac.pub;
|
|
||||||
networkConfig.DHCP = "ipv4";
|
networkConfig.DHCP = "ipv4";
|
||||||
|
gateway = lib.mkForce [];
|
||||||
networkConfig.IPv6AcceptRA = true;
|
networkConfig.IPv6AcceptRA = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
{ zentralwerk, config, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
{
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
|
||||||
domain = "zengel.datenspuren.de";
|
{
|
||||||
in {
|
|
||||||
networking.hostName = "zengel";
|
networking.hostName = "zengel";
|
||||||
microvm.mem = 1024;
|
microvm.mem = 1024;
|
||||||
c3d2.deployment = {
|
c3d2.deployment = {
|
||||||
|
@ -13,7 +12,7 @@ in {
|
||||||
|
|
||||||
services.engelsystem = {
|
services.engelsystem = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = domain;
|
domain = "zengel.datenspuren.de";
|
||||||
createDatabase = true;
|
createDatabase = true;
|
||||||
package = pkgs.engelsystem.override { php = pkgs.php74; };
|
package = pkgs.engelsystem.override { php = pkgs.php74; };
|
||||||
config = {
|
config = {
|
||||||
|
@ -50,7 +49,7 @@ in {
|
||||||
services.phpfpm.phpPackage = pkgs.php74;
|
services.phpfpm.phpPackage = pkgs.php74;
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${domain}" = {
|
virtualHosts."${config.services.engelsystem.domain}" = {
|
||||||
default = true;
|
default = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
bluetoothSupport = true;
|
bluetoothSupport = true;
|
||||||
advancedBluetoothCodecs = true;
|
advancedBluetoothCodecs = true;
|
||||||
zeroconfSupport = true;
|
zeroconfSupport = true;
|
||||||
}).overrideAttrs (oldAttrs: {
|
}).overrideAttrs (_: {
|
||||||
# one test times out
|
# one test times out
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
});
|
});
|
||||||
|
|
|
@ -2,10 +2,10 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
config.services.postgresqlBackup = {
|
config.services.postgresqlBackup = {
|
||||||
enable = config.services.postgresql.enable;
|
inherit (config.services.postgresql) enable;
|
||||||
backupAll = true;
|
backupAll = true;
|
||||||
compression = "zstd";
|
compression = "zstd";
|
||||||
# compressionLevel = 9; # TODO: only available with 21.11
|
compressionLevel = 9;
|
||||||
pgdumpOptions = "--create --clean";
|
pgdumpOptions = "--create --clean";
|
||||||
startAt = "*-*-* 06:00:00";
|
startAt = "*-*-* 06:00:00";
|
||||||
};
|
};
|
||||||
|
|
|
@ -157,6 +157,18 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
simd = {
|
||||||
|
enable = lib.mkEnableOption "optimized builds with simd instructions";
|
||||||
|
arch = lib.mkOption {
|
||||||
|
type = with lib.types; nullOr str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Microarchitecture string for nixpkgs.hostPlatform.gcc.march and to generate system-features.
|
||||||
|
Can be determined with: gcc -march=native -Q --help=target | grep march
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
users = mkOption {
|
users = mkOption {
|
||||||
type = types.attrsOf (types.submodule {
|
type = types.attrsOf (types.submodule {
|
||||||
options.sshKeys = mkOption {
|
options.sshKeys = mkOption {
|
||||||
|
@ -169,21 +181,21 @@ in
|
||||||
|
|
||||||
config =
|
config =
|
||||||
let
|
let
|
||||||
adminKeys = (with builtins; lib.lists.flatten (
|
adminKeys = with builtins; lib.lists.flatten (
|
||||||
map
|
map
|
||||||
(getAttr "sshKeys")
|
(getAttr "sshKeys")
|
||||||
(attrValues cfg.users)
|
(attrValues cfg.users)
|
||||||
));
|
);
|
||||||
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
networking.hosts = lib.mkIf cfg.mergeHostsFile
|
networking.hosts = lib.mkIf cfg.mergeHostsFile
|
||||||
((
|
((
|
||||||
lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; })
|
lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; })
|
||||||
(lib.attrsets.filterAttrs (n: v: v.ip4 != null) cfg.hosts)
|
(lib.attrsets.filterAttrs (_: v: v.ip4 != null) cfg.hosts)
|
||||||
) // (
|
) // (
|
||||||
lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; })
|
lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; })
|
||||||
(lib.attrsets.filterAttrs (n: v: v.ip6 != null) cfg.hosts)
|
(lib.attrsets.filterAttrs (_: v: v.ip6 != null) cfg.hosts)
|
||||||
));
|
));
|
||||||
|
|
||||||
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
|
||||||
|
@ -383,9 +395,13 @@ in
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
auto-optimise-store = true;
|
builders-use-substitutes = true;
|
||||||
|
connect-timeout = 20;
|
||||||
|
experimental-features = "nix-command flakes";
|
||||||
|
fallback = true;
|
||||||
|
# don't self feed hydra
|
||||||
trusted-public-keys = lib.mkIf (config.networking.hostName != "hydra") [
|
trusted-public-keys = lib.mkIf (config.networking.hostName != "hydra") [
|
||||||
(builtins.readFile ../hosts/hydra/cache-pub.key)
|
"nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
|
||||||
];
|
];
|
||||||
substituters = lib.mkIf (config.networking.hostName != "hydra") (
|
substituters = lib.mkIf (config.networking.hostName != "hydra") (
|
||||||
lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
|
lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
|
||||||
|
@ -407,10 +423,6 @@ in
|
||||||
url = "https://gitea.c3d2.de/C3D2/nix-config.git";
|
url = "https://gitea.c3d2.de/C3D2/nix-config.git";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
builders-use-substitutes = true
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
@ -423,32 +435,22 @@ in
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
# Network fetchers
|
bmon
|
||||||
curl
|
curl
|
||||||
wget
|
ethtool
|
||||||
git
|
git
|
||||||
# System monitors
|
|
||||||
htop
|
htop
|
||||||
iotop
|
iotop
|
||||||
bmon
|
|
||||||
ripgrep
|
|
||||||
# Terminal managers
|
|
||||||
tmux
|
|
||||||
screen
|
|
||||||
# Editors
|
|
||||||
vim
|
|
||||||
# Pipeview
|
|
||||||
pv
|
|
||||||
# Network debugging
|
|
||||||
tcpdump
|
|
||||||
ethtool
|
|
||||||
mtr
|
mtr
|
||||||
|
pv
|
||||||
|
ripgrep
|
||||||
|
screen
|
||||||
|
tcpdump
|
||||||
|
tmux
|
||||||
|
tree
|
||||||
|
vim
|
||||||
|
wget
|
||||||
];
|
];
|
||||||
variables = {
|
|
||||||
# TERM = "xterm-256color";
|
|
||||||
};
|
|
||||||
# breaks various package builds
|
|
||||||
noXlibs = lib.mkForce false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
{ zentralwerk, hostRegistry, config, lib, pkgs, ... }:
|
{ zentralwerk, hostRegistry, config, lib, ... }:
|
||||||
let
|
let
|
||||||
inherit (config.networking) hostName;
|
inherit (config.networking) hostName;
|
||||||
|
|
||||||
# hydra does *not* use this module because it only runs a nomad
|
# hydra does *not* use this module because it only runs a nomad
|
||||||
# server but no client and no microvms
|
# server but no client and no microvms
|
||||||
servers = [ "server9" "server10" "hydra" ];
|
servers = [ "server8" "server9" "server10" "hydra" ];
|
||||||
microvmServers = [ "server9" "server10" ];
|
microvmServers = [ "server8" "server9" "server10" ];
|
||||||
|
storageServers = [ "server8" "server9" ];
|
||||||
|
|
||||||
serverNet = server:
|
serverNet = server:
|
||||||
builtins.foldl' (result: net:
|
builtins.foldl' (result: net:
|
||||||
|
@ -14,8 +15,6 @@ let
|
||||||
then net
|
then net
|
||||||
else result
|
else result
|
||||||
) null [ "cluster" "serv" ];
|
) null [ "cluster" "serv" ];
|
||||||
|
|
||||||
ipv4Addr = zentralwerk.lib.config.site.net.${serverNet hostName}.hosts4.${hostName};
|
|
||||||
in {
|
in {
|
||||||
# Open firewall between cluster members
|
# Open firewall between cluster members
|
||||||
networking.firewall.extraCommands = lib.concatMapStrings (server:
|
networking.firewall.extraCommands = lib.concatMapStrings (server:
|
||||||
|
@ -31,21 +30,35 @@ in {
|
||||||
|
|
||||||
# Cluster configuration
|
# Cluster configuration
|
||||||
skyflake = {
|
skyflake = {
|
||||||
|
# debug = true;
|
||||||
nodes = builtins.listToAttrs (
|
nodes = builtins.listToAttrs (
|
||||||
map (name: {
|
map (name: {
|
||||||
inherit name;
|
inherit name;
|
||||||
value.address = builtins.trace name hostRegistry.hosts.${name}.ip4;
|
value.address = hostRegistry.hosts.${name}.ip4;
|
||||||
}) servers
|
}) servers
|
||||||
);
|
);
|
||||||
nomad = {
|
nomad = {
|
||||||
datacenter = "c3d2";
|
datacenter = "c3d2";
|
||||||
servers = servers;
|
inherit servers;
|
||||||
# run tasks only on these:
|
# run tasks only on these:
|
||||||
client.enable = builtins.elem hostName microvmServers;
|
client.enable = builtins.elem hostName microvmServers;
|
||||||
|
client.meta =
|
||||||
|
lib.optionalAttrs (builtins.elem hostName storageServers) {
|
||||||
|
"c3d2.storage" = "big";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
microvmUid = 997;
|
microvmUid = 997;
|
||||||
|
|
||||||
users.c3d2.sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
users.c3d2 = {
|
||||||
|
uid = 1001;
|
||||||
|
sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
|
};
|
||||||
|
users.leon = {
|
||||||
|
uid = 1002;
|
||||||
|
sshKeys = with import ../../users.nix;
|
||||||
|
leon.sshKeys ++
|
||||||
|
astro.sshKeys;
|
||||||
|
};
|
||||||
deploy.customizationModule = ./deployment.nix;
|
deploy.customizationModule = ./deployment.nix;
|
||||||
|
|
||||||
storage.glusterfs = {
|
storage.glusterfs = {
|
||||||
|
@ -53,7 +66,16 @@ in {
|
||||||
servers = microvmServers;
|
servers = microvmServers;
|
||||||
mountPoint = "/glusterfs/fast";
|
mountPoint = "/glusterfs/fast";
|
||||||
source = "/var/glusterfs-fast";
|
source = "/var/glusterfs-fast";
|
||||||
|
} {
|
||||||
|
servers = storageServers;
|
||||||
|
mountPoint = "/glusterfs/big";
|
||||||
|
source = "/var/glusterfs-big";
|
||||||
} ];
|
} ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
# additional gcroots
|
||||||
|
"L+ /nix/var/nix/gcroots/skyflake-microvms-big - - - - /glusterfs/big/gcroots"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,22 +1,79 @@
|
||||||
{ lib, ... }:
|
{ zentralwerk, config, lib, ... }:
|
||||||
# our custom options
|
# our custom options
|
||||||
{
|
{
|
||||||
options.deployment = with lib; {
|
options.deployment = with lib; {
|
||||||
vcpu = mkOption {
|
vcpu = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 2;
|
default = 4;
|
||||||
};
|
};
|
||||||
mem = mkOption {
|
mem = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 512;
|
default = 512;
|
||||||
};
|
};
|
||||||
|
hypervisor = mkOption {
|
||||||
|
type = types.enum [
|
||||||
|
"qemu"
|
||||||
|
"cloud-hypervisor"
|
||||||
|
"firecracker"
|
||||||
|
"crosvm"
|
||||||
|
"kvmtool"
|
||||||
|
];
|
||||||
|
default = "cloud-hypervisor";
|
||||||
|
};
|
||||||
networks = mkOption {
|
networks = mkOption {
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
default = [ "serv" ];
|
default = builtins.attrNames (
|
||||||
|
lib.filterAttrs (_: { hosts4, hosts6, ... }:
|
||||||
|
hosts4 ? ${config.networking.hostName} ||
|
||||||
|
lib.filterAttrs (_: hosts6:
|
||||||
|
hosts6 ? ${config.networking.hostName}
|
||||||
|
) hosts6 != {}
|
||||||
|
) zentralwerk.lib.config.site.net
|
||||||
|
);
|
||||||
};
|
};
|
||||||
persistedShares = mkOption {
|
persistedShares = mkOption {
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
default = [ "/etc" "/home" "/var" ];
|
default = [ "/etc" "/home" "/var" ];
|
||||||
};
|
};
|
||||||
|
storage = mkOption {
|
||||||
|
type = types.enum [ "fast" "big" ];
|
||||||
|
default = "fast";
|
||||||
|
description = ''
|
||||||
|
Which glusterfs volume to use for persistedShares
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
extraShares = mkOption {
|
||||||
|
type = with types; listOf (submodule {
|
||||||
|
options = {
|
||||||
|
source = mkOption {
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
mountPoint = mkOption {
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
default = [];
|
||||||
|
description = ''
|
||||||
|
Extra shares. THESE MUST BE AVAILABLE ON ALL MICROVM HOSTS!
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
needForSpeed = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Prefer deployment on Nomad clients with a higher c3d2.cpuSpeed
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
# HACK: Avoid conflicts when building a NixOS configuration on Hydra
|
||||||
|
boot.loader.grub.enable = false;
|
||||||
|
fileSystems."/" = lib.mkDefault {
|
||||||
|
device = "rootfs";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = [ "size=50%,mode=0755" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,17 +8,9 @@ let
|
||||||
flpk = "flpk-gw";
|
flpk = "flpk-gw";
|
||||||
};
|
};
|
||||||
|
|
||||||
nets = builtins.attrNames (
|
|
||||||
lib.filterAttrs (net: { hosts4, hosts6, ... }:
|
|
||||||
hosts4 ? ${hostName} ||
|
|
||||||
lib.filterAttrs (ctx: hosts6:
|
|
||||||
hosts6 ? ${hostName}
|
|
||||||
) hosts6 != {}
|
|
||||||
) zentralwerk.lib.config.site.net
|
|
||||||
);
|
|
||||||
|
|
||||||
inherit (config.networking) hostName;
|
inherit (config.networking) hostName;
|
||||||
inherit (config.system.build.skyflake-deployment) user repo vmName;
|
inherit (config.system.build.skyflake-deployment) user repo vmName;
|
||||||
|
inherit (config.deployment) networks;
|
||||||
|
|
||||||
generateMacAddress = net:
|
generateMacAddress = net:
|
||||||
let
|
let
|
||||||
|
@ -33,32 +25,48 @@ let
|
||||||
then s
|
then s
|
||||||
else withoutLeadingSlash s';
|
else withoutLeadingSlash s';
|
||||||
|
|
||||||
|
writableStoreOverlayImage = "/var/tmp/${user}-${repo}-${vmName}-overlay.img";
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
microvm = {
|
microvm = {
|
||||||
hypervisor = "cloud-hypervisor";
|
inherit (config.deployment) mem vcpu hypervisor;
|
||||||
vcpu = config.deployment.vcpu;
|
|
||||||
mem = config.deployment.mem;
|
|
||||||
|
|
||||||
shares = [ {
|
preStart = ''
|
||||||
proto = "virtiofs";
|
# Discard old writable store overlay
|
||||||
tag = "ro-store";
|
rm -f "${writableStoreOverlayImage}"
|
||||||
source = "/nix/store";
|
'';
|
||||||
mountPoint = "/nix/.ro-store";
|
|
||||||
} ] ++ map (mountPoint: {
|
shares =
|
||||||
proto = "virtiofs";
|
[ {
|
||||||
tag = builtins.replaceStrings [ "/" ] [ "-" ] (
|
proto = "virtiofs";
|
||||||
withoutLeadingSlash mountPoint
|
tag = "ro-store";
|
||||||
);
|
source = "/nix/store";
|
||||||
source = "/storage/glusterfs/microvms/${user}/${repo}/${vmName}/${withoutLeadingSlash mountPoint}";
|
mountPoint = "/nix/.ro-store";
|
||||||
inherit mountPoint;
|
} ]
|
||||||
}) config.deployment.persistedShares;
|
++
|
||||||
# volumes = [ {
|
map (mountPoint: {
|
||||||
# image = "/storage/glusterfs/microvms/${user}/${repo}/${vmName}/overlay.img";
|
proto = "virtiofs";
|
||||||
# mountPoint = "/";
|
tag = builtins.replaceStrings [ "/" ] [ "-" ] (
|
||||||
# size = 8 * 1024;
|
withoutLeadingSlash mountPoint
|
||||||
# } ];
|
);
|
||||||
# writableStoreOverlay = "/nix/.rw-store";
|
source = "/glusterfs/${config.deployment.storage}/microvms/${user}/${repo}/${vmName}/${withoutLeadingSlash mountPoint}";
|
||||||
|
inherit mountPoint;
|
||||||
|
}) config.deployment.persistedShares
|
||||||
|
++
|
||||||
|
map ({ source, mountPoint }: {
|
||||||
|
proto = "virtiofs";
|
||||||
|
tag = builtins.replaceStrings [ "/" ] [ "-" ] (
|
||||||
|
withoutLeadingSlash mountPoint
|
||||||
|
);
|
||||||
|
inherit mountPoint source;
|
||||||
|
}) config.deployment.extraShares;
|
||||||
|
volumes = [ {
|
||||||
|
image = writableStoreOverlayImage;
|
||||||
|
mountPoint = config.microvm.writableStoreOverlay;
|
||||||
|
size = 8 * 1024;
|
||||||
|
} ];
|
||||||
|
writableStoreOverlay = "/nix/.rw-store";
|
||||||
|
|
||||||
interfaces = map (net: {
|
interfaces = map (net: {
|
||||||
type = "tap";
|
type = "tap";
|
||||||
|
@ -67,6 +75,21 @@ in
|
||||||
}) config.deployment.networks;
|
}) config.deployment.networks;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
skyflake = {
|
||||||
|
nomadJob = {
|
||||||
|
constraints = lib.optionals (config.deployment.storage == "big") [ {
|
||||||
|
attribute = "\${meta.c3d2.storage}";
|
||||||
|
value = "big";
|
||||||
|
} ];
|
||||||
|
affinities = lib.optionals config.deployment.needForSpeed (builtins.genList (i: {
|
||||||
|
attribute = "\${meta.c3d2.cpuSpeed}";
|
||||||
|
operator = ">=";
|
||||||
|
value = toString (i + 1);
|
||||||
|
weight = 10 + i;
|
||||||
|
}) 10);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
dhcpcd.enable = false;
|
dhcpcd.enable = false;
|
||||||
|
@ -81,7 +104,7 @@ in
|
||||||
# rename interface to net name
|
# rename interface to net name
|
||||||
linkConfig.Name = net;
|
linkConfig.Name = net;
|
||||||
};
|
};
|
||||||
}) {} nets;
|
}) {} networks;
|
||||||
|
|
||||||
networks = builtins.foldl' (networks: net: networks // {
|
networks = builtins.foldl' (networks: net: networks // {
|
||||||
"30-${net}" =
|
"30-${net}" =
|
||||||
|
@ -112,6 +135,10 @@ builtins.filter (hosts6: hosts6 ? ${hostName}) (
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
}) {} nets;
|
}) {} networks;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# nix-gc breaks writable store overlays, devastating running
|
||||||
|
# MicroVMs
|
||||||
|
nix.gc.automatic = false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,127 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
# TODO: move to flake
|
|
||||||
nixcloud-webservices = pkgs.fetchFromGitHub {
|
|
||||||
owner = "nixcloud";
|
|
||||||
repo = "nixcloud-webservices";
|
|
||||||
rev = "3a0767f0536fac811065eb87e6342f27eac085aa";
|
|
||||||
sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8=";
|
|
||||||
};
|
|
||||||
inherit (import "${nixcloud-webservices}/pkgs" { inherit pkgs; }) nixcloud;
|
|
||||||
|
|
||||||
profilesDir = "/nix/var/nix/profiles/lxc";
|
|
||||||
inherit (config.lxc) containers;
|
|
||||||
inherit (config.nix) nixPath;
|
|
||||||
|
|
||||||
toLxcConfig' = path: a:
|
|
||||||
if builtins.isString a then ''
|
|
||||||
${path} = ${a}
|
|
||||||
'' else if builtins.isInt a then ''
|
|
||||||
${path} = ${toString a}
|
|
||||||
'' else if builtins.isAttrs a then
|
|
||||||
lib.concatMapStrings (name:
|
|
||||||
let path' = if path == "" then name else "${path}.${name}";
|
|
||||||
in toLxcConfig' path' (builtins.getAttr name a)) (builtins.attrNames a)
|
|
||||||
else if builtins.isList a then
|
|
||||||
lib.concatMapStrings (toLxcConfig' path) a
|
|
||||||
else
|
|
||||||
throw "Invalid LXC config value";
|
|
||||||
toLxcConfig = toLxcConfig' "";
|
|
||||||
|
|
||||||
lxc-rootfs = pkgs.runCommand "lxc-rootfs" { } ''
|
|
||||||
mkdir -p $out/share/lxc/rootfs/{dev,nix/store,proc,run,sys,tmp}
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
options = with types; {
|
|
||||||
lxc.containers = mkOption {
|
|
||||||
type = attrs;
|
|
||||||
default = { };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf (containers != { }) {
|
|
||||||
virtualisation.lxc.enable = true;
|
|
||||||
environment.systemPackages = [ nixcloud.container ];
|
|
||||||
|
|
||||||
virtualisation.lxc.defaultConfig = ''
|
|
||||||
lxc.id_map = u 0 100000 65536
|
|
||||||
lxc.id_map = g 0 100000 65536
|
|
||||||
'';
|
|
||||||
users.users.root.subGidRanges = [{
|
|
||||||
count = 65536;
|
|
||||||
startGid = 100000;
|
|
||||||
}];
|
|
||||||
users.users.root.subUidRanges = [{
|
|
||||||
count = 65536;
|
|
||||||
startUid = 100000;
|
|
||||||
}];
|
|
||||||
|
|
||||||
systemd.services = if true then
|
|
||||||
{ }
|
|
||||||
else
|
|
||||||
builtins.foldl' (services: name:
|
|
||||||
let
|
|
||||||
systemDir = "/${profilesDir}/${name}/system";
|
|
||||||
lxcDefaults = {
|
|
||||||
lxc = {
|
|
||||||
uts.name = name;
|
|
||||||
rootfs.path = "/run/current-system/sw/share/lxc/rootfs";
|
|
||||||
mount.entry = [
|
|
||||||
"${systemDir}/init /init none bind,ro 0 0"
|
|
||||||
"/nix/store /nix/store none bind,ro 0 0"
|
|
||||||
];
|
|
||||||
autodev = 1;
|
|
||||||
include = "/run/current-system/sw/share/lxc/config/common.conf";
|
|
||||||
apparmor.profile = "generated";
|
|
||||||
environment = "TERM=linux";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = builtins.getAttr name containers;
|
|
||||||
lxcConfig = builtins.toFile "lxc-container-${name}.conf"
|
|
||||||
# TODO: more intelligent merging?
|
|
||||||
(toLxcConfig (lxcDefaults // config.lxc));
|
|
||||||
|
|
||||||
builder = {
|
|
||||||
description = "Build NixOS for lxc container ${name}";
|
|
||||||
wants = [ "nix-daemon.socket" ];
|
|
||||||
after = [ "nix-daemon.service" ];
|
|
||||||
|
|
||||||
path = with pkgs; [ coreutils nix ];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
Environment = [ "NIX_PATH=${builtins.concatStringsSep ":" nixPath}" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
script = ''
|
|
||||||
mkdir -p ${profilesDir}/${name}
|
|
||||||
|
|
||||||
nix-env -p ${profilesDir}/${name}/system \
|
|
||||||
-I nixos-config=${config.nixos-config} \
|
|
||||||
-f '<nixpkgs/nixos>' \
|
|
||||||
--set -A system
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
starter = {
|
|
||||||
description = "LXC container ${name}";
|
|
||||||
requires = [ "lxc-container-${name}-builder.service" ];
|
|
||||||
after = [ "lxc-container-${name}-builder.service" ];
|
|
||||||
|
|
||||||
path = with pkgs; [ lxc apparmor-parser ];
|
|
||||||
|
|
||||||
script = ''
|
|
||||||
mkdir -p /var/lib/lxc/${name}
|
|
||||||
ln -fs ${lxcConfig} /var/lib/lxc/${name}/config
|
|
||||||
lxc-start -F -n ${name}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
in services // {
|
|
||||||
"lxc-container-${name}-builder" = builder;
|
|
||||||
"lxc-container-${name}" = starter;
|
|
||||||
}) { } (builtins.attrNames containers);
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,57 +0,0 @@
|
||||||
{ hostRegistry, config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
|
|
||||||
nginxGlobalLogging = ''
|
|
||||||
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
|
|
||||||
'"remote_addr": "$remote_addr", '
|
|
||||||
'"body_bytes_sent": $body_bytes_sent, '
|
|
||||||
'"request_time": $request_time, '
|
|
||||||
'"response_status": $status, '
|
|
||||||
'"request": "$request", '
|
|
||||||
'"request_method": "$request_method", '
|
|
||||||
'"host": "$host",'
|
|
||||||
'"upstream_cache_status": "$upstream_cache_status",'
|
|
||||||
'"upstream_addr": "$upstream_addr",'
|
|
||||||
'"http_x_forwarded_for": "$http_x_forwarded_for",'
|
|
||||||
'"http_referrer": "$http_referer", '
|
|
||||||
'"http_user_agent": "$http_user_agent" }';
|
|
||||||
|
|
||||||
# replace the hostnames with the IP or hostname of your Graylog2 server
|
|
||||||
access_log syslog:server=graylog.server.org:12301 graylog2_json;
|
|
||||||
error_log syslog:server=graylog.server.org:12302;
|
|
||||||
'';
|
|
||||||
|
|
||||||
in {
|
|
||||||
# add central logging
|
|
||||||
services.journalbeat = {
|
|
||||||
enable = false;
|
|
||||||
extraConfig = ''
|
|
||||||
journalbeat.inputs:
|
|
||||||
# Paths that should be crawled and fetched. Possible values files and directories.
|
|
||||||
# When setting a directory, all journals under it are merged.
|
|
||||||
# When empty starts to read from local journal.
|
|
||||||
- paths: []
|
|
||||||
|
|
||||||
journalbeat:
|
|
||||||
seek_position: cursor
|
|
||||||
cursor_seek_fallback: tail
|
|
||||||
write_cursor_state: true
|
|
||||||
cursor_flush_period: 5s
|
|
||||||
clean_field_names: true
|
|
||||||
convert_to_numbers: false
|
|
||||||
move_metadata_to_field: journal
|
|
||||||
default_type: journal
|
|
||||||
kernel: true
|
|
||||||
output.logstash:
|
|
||||||
# Boolean flag to enable or disable the output module.
|
|
||||||
enabled: true
|
|
||||||
hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.prometheus.exporters.node = lib.mkIf (pkgs.system != "riscv64-linux") {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,66 +0,0 @@
|
||||||
{ hostRegistry, config, pkgs, lib, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
(modulesPath + "/profiles/docker-container.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot = {
|
|
||||||
isContainer = true;
|
|
||||||
loader = {
|
|
||||||
grub.enable = false;
|
|
||||||
# /sbin/init
|
|
||||||
initScript.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.etc."resolv.conf".text = lib.concatMapStrings (ns: ''
|
|
||||||
nameserver ${ns}
|
|
||||||
'') config.networking.nameservers;
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
fsType = "rootfs";
|
|
||||||
device = "rootfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
useSandbox = false;
|
|
||||||
maxJobs = lib.mkDefault 1;
|
|
||||||
buildCores = lib.mkDefault 4;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
interfaces.eth0 = {
|
|
||||||
useDHCP = false;
|
|
||||||
tempAddress = "disabled";
|
|
||||||
};
|
|
||||||
nameservers = with hostRegistry.hosts.dnscache; [
|
|
||||||
ip4
|
|
||||||
ip6
|
|
||||||
"9.9.9.9"
|
|
||||||
];
|
|
||||||
networkmanager.dns = "unbound";
|
|
||||||
useDHCP = false;
|
|
||||||
useHostResolvConf = false;
|
|
||||||
useNetworkd = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
# Required for remote deployment
|
|
||||||
openssh.enable = true;
|
|
||||||
resolved.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Create a few files early before packing tarball for Proxmox architecture/OS detection.
|
|
||||||
system.extraSystemBuilderCmds = ''
|
|
||||||
mkdir -m 0755 -p $out/bin
|
|
||||||
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
|
||||||
mkdir -m 0755 -p $out/sbin
|
|
||||||
ln -s ../init $out/sbin/init
|
|
||||||
'';
|
|
||||||
|
|
||||||
systemd.network.networks."40-eth0".networkConfig = {
|
|
||||||
IPv6AcceptRA = true;
|
|
||||||
LinkLocalAddressing = "ipv6";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -59,13 +59,11 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
|
min-free = 128000000;
|
||||||
|
max-free = 1000000000;
|
||||||
# fetch github-prebuilt microvm-kernels
|
# fetch github-prebuilt microvm-kernels
|
||||||
substituters = [
|
substituters = [ "https://microvm.cachix.org" ];
|
||||||
"https://microvm.cachix.org"
|
trusted-public-keys = [ "microvm.cachix.org-1:oXnBc6hRE3eX5rSYdRyMYXnfzcCxC7yKPTbZXALsqys=" ];
|
||||||
];
|
|
||||||
trusted-public-keys = [
|
|
||||||
"microvm.cachix.org-1:oXnBc6hRE3eX5rSYdRyMYXnfzcCxC7yKPTbZXALsqys="
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ (
|
environment.systemPackages = [ (
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ zentralwerk, options, config, lib, pkgs, ... }:
|
{ zentralwerk, options, config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
defaultGateways = {
|
defaultGateways = {
|
||||||
serv = "serv-gw";
|
serv = "serv-gw";
|
||||||
|
@ -19,22 +20,27 @@ let
|
||||||
"${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}";
|
"${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}";
|
||||||
|
|
||||||
nets = builtins.attrNames (
|
nets = builtins.attrNames (
|
||||||
lib.filterAttrs (net: { hosts4, hosts6, ... }:
|
lib.filterAttrs (_: { hosts4, hosts6, ... }:
|
||||||
hosts4 ? ${hostName} ||
|
hosts4 ? ${hostName} ||
|
||||||
lib.filterAttrs (ctx: hosts6:
|
lib.filterAttrs (_: hosts6:
|
||||||
hosts6 ? ${hostName}
|
hosts6 ? ${hostName}
|
||||||
) hosts6 != {}
|
) hosts6 != {}
|
||||||
) zentralwerk.lib.config.site.net
|
) zentralwerk.lib.config.site.net
|
||||||
);
|
);
|
||||||
|
|
||||||
|
arch-to-host = rec {
|
||||||
|
server9 = "westmere";
|
||||||
|
server10 = "ivybridge";
|
||||||
|
nomad = server9;
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.c3d2.deployment = with lib; {
|
options.c3d2.deployment = with lib; {
|
||||||
server = mkOption {
|
server = mkOption {
|
||||||
type = types.enum [ "server9" "server10" "nomad" ];
|
type = types.enum [ "server9" "server10" ];
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
Server that is supposed to host this MicroVM,
|
Server that is supposed to host this MicroVM.
|
||||||
or \"nomad\" for HA clustering.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -62,21 +68,10 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config.system.build = with pkgs; {
|
|
||||||
copyToServer = writeScript "copy-to-${server}" ''
|
|
||||||
#! ${runtimeShell} -e
|
|
||||||
|
|
||||||
nix copy --no-check-sigs --to ssh-ng://root@${serverFQDN} $@
|
|
||||||
'';
|
|
||||||
|
|
||||||
runOnServer = writeScript "run-on-${server}" ''
|
|
||||||
#! ${runtimeShell} -e
|
|
||||||
|
|
||||||
ssh root@${serverFQDN} -- $@
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
# autoupdates do not make sense inside MicroVMs with read-only /nix/store
|
||||||
|
c3d2.autoUpdate = false;
|
||||||
|
|
||||||
boot.kernelParams = [
|
boot.kernelParams = [
|
||||||
"preempt=none"
|
"preempt=none"
|
||||||
# No server/router runs any untrusted user code
|
# No server/router runs any untrusted user code
|
||||||
|
@ -123,6 +118,9 @@ in
|
||||||
useNetworkd = true;
|
useNetworkd = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# nix store is mounted read only
|
||||||
|
nix.gc.automatic = false;
|
||||||
|
|
||||||
systemd.network = lib.mkIf config.c3d2.deployment.autoNetSetup {
|
systemd.network = lib.mkIf config.c3d2.deployment.autoNetSetup {
|
||||||
links = builtins.foldl' (links: net: links // {
|
links = builtins.foldl' (links: net: links // {
|
||||||
"30-${net}" = {
|
"30-${net}" = {
|
||||||
|
@ -165,10 +163,20 @@ in
|
||||||
}) {} nets;
|
}) {} nets;
|
||||||
};
|
};
|
||||||
|
|
||||||
# autoupdates do not make sense inside MicroVMs with read-only /nix/store
|
c3d2.simd.arch = arch-to-host.${config.c3d2.deployment.server};
|
||||||
c3d2.autoUpdate = false;
|
|
||||||
|
|
||||||
# nix store is mounted read only
|
system.build = with pkgs; {
|
||||||
nix.gc.automatic = false;
|
copyToServer = writeScript "copy-to-${server}" ''
|
||||||
|
#! ${runtimeShell} -e
|
||||||
|
|
||||||
|
nix copy --no-check-sigs --to ssh-ng://root@${serverFQDN} $@
|
||||||
|
'';
|
||||||
|
|
||||||
|
runOnServer = writeScript "run-on-${server}" ''
|
||||||
|
#! ${runtimeShell} -e
|
||||||
|
|
||||||
|
ssh root@${serverFQDN} -- $@
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.prometheus.exporters.node = lib.mkIf (pkgs.system != "riscv64-linux") {
|
||||||
|
enable = true;
|
||||||
|
enabledCollectors = [ "ethtool" "systemd" ];
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,13 +1,10 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, ... }:
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
nncpCfgFile = "/run/nncp.hjson";
|
nncpCfgFile = "/run/nncp.hjson";
|
||||||
programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp;
|
programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp;
|
||||||
callerCfg = config.services.nncp.caller;
|
callerCfg = config.services.nncp.caller;
|
||||||
daemonCfg = config.services.nncp.daemon;
|
daemonCfg = config.services.nncp.daemon;
|
||||||
settingsFormat = pkgs.formats.json { };
|
|
||||||
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
|
|
||||||
pkg = programCfg.package;
|
pkg = programCfg.package;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -15,13 +12,13 @@ in
|
||||||
|
|
||||||
services.nncp = {
|
services.nncp = {
|
||||||
caller = {
|
caller = {
|
||||||
enable = mkEnableOption ''
|
enable = lib.mkEnableOption ''
|
||||||
croned NNCP TCP daemon caller.
|
croned NNCP TCP daemon caller.
|
||||||
The daemon will take configuration from
|
The daemon will take configuration from
|
||||||
<xref linkend="opt-programs.nncp.settings"/>
|
<xref linkend="opt-programs.nncp.settings"/>
|
||||||
'';
|
'';
|
||||||
extraArgs = mkOption {
|
extraArgs = lib.mkOption {
|
||||||
type = with types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
description = "Extra command-line arguments to pass to caller.";
|
description = "Extra command-line arguments to pass to caller.";
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "-autotoss" ];
|
example = [ "-autotoss" ];
|
||||||
|
@ -29,18 +26,18 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
daemon = {
|
daemon = {
|
||||||
enable = mkEnableOption ''
|
enable = lib.mkEnableOption ''
|
||||||
NNCP TCP synronization daemon.
|
NNCP TCP synronization daemon.
|
||||||
The daemon will take configuration from
|
The daemon will take configuration from
|
||||||
<xref linkend="opt-programs.nncp.settings"/>
|
<xref linkend="opt-programs.nncp.settings"/>
|
||||||
'';
|
'';
|
||||||
|
|
||||||
socketActivation = {
|
socketActivation = {
|
||||||
enable = mkEnableOption ''
|
enable = lib.mkEnableOption ''
|
||||||
Whether to run nncp-daemon persistently or socket-activated.
|
Whether to run nncp-daemon persistently or socket-activated.
|
||||||
'';
|
'';
|
||||||
listenStreams = mkOption {
|
listenStreams = lib.mkOption {
|
||||||
type = with types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
description = ''
|
description = ''
|
||||||
TCP sockets to bind to.
|
TCP sockets to bind to.
|
||||||
See <xref linkend="opt-systemd.sockets._name_.listenStreams"/>.
|
See <xref linkend="opt-systemd.sockets._name_.listenStreams"/>.
|
||||||
|
@ -49,8 +46,8 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
extraArgs = mkOption {
|
extraArgs = lib.mkOption {
|
||||||
type = with types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
description = "Extra command-line arguments to pass to daemon.";
|
description = "Extra command-line arguments to pass to daemon.";
|
||||||
default = [ ];
|
default = [ ];
|
||||||
example = [ "-autotoss" ];
|
example = [ "-autotoss" ];
|
||||||
|
@ -60,15 +57,14 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) {
|
config = lib.mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) {
|
||||||
|
|
||||||
assertions = [{
|
assertions = [{
|
||||||
assertion = with builtins;
|
assertion =
|
||||||
let
|
let
|
||||||
callerCongfigured =
|
callerCongfigured =
|
||||||
let neigh = config.programs.nncp.settings.neigh or { };
|
let neigh = config.programs.nncp.settings.neigh or { };
|
||||||
in lib.lists.any (x: hasAttr "calls" x && x.calls != [ ])
|
in lib.lists.any (x: lib.hasAttr "calls" x && x.calls != [ ])
|
||||||
(attrValues neigh);
|
(lib.attrValues neigh);
|
||||||
in !callerCfg.enable || callerCongfigured;
|
in !callerCfg.enable || callerCongfigured;
|
||||||
message = "NNCP caller enabled but call configuration is missing";
|
message = "NNCP caller enabled but call configuration is missing";
|
||||||
}];
|
}];
|
||||||
|
@ -89,7 +85,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."nncp-daemon" = mkIf daemonCfg.enable {
|
systemd.services."nncp-daemon" = lib.mkIf daemonCfg.enable {
|
||||||
enable = !daemonCfg.socketActivation.enable;
|
enable = !daemonCfg.socketActivation.enable;
|
||||||
description = "NNCP TCP syncronization daemon.";
|
description = "NNCP TCP syncronization daemon.";
|
||||||
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
||||||
|
@ -106,7 +102,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."nncp-daemon@" = mkIf daemonCfg.socketActivation.enable {
|
systemd.services."nncp-daemon@" = lib.mkIf daemonCfg.socketActivation.enable {
|
||||||
description = "NNCP TCP syncronization daemon.";
|
description = "NNCP TCP syncronization daemon.";
|
||||||
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
@ -123,7 +119,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.sockets.nncp-daemon = mkIf daemonCfg.socketActivation.enable {
|
systemd.sockets.nncp-daemon = lib.mkIf daemonCfg.socketActivation.enable {
|
||||||
inherit (daemonCfg.socketActivation) listenStreams;
|
inherit (daemonCfg.socketActivation) listenStreams;
|
||||||
description = "socket for NNCP TCP syncronization.";
|
description = "socket for NNCP TCP syncronization.";
|
||||||
conflicts = [ "nncp-daemon.service" ];
|
conflicts = [ "nncp-daemon.service" ];
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
inherit (pkgs) plume;
|
|
||||||
cfg = config.services.plume;
|
cfg = config.services.plume;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -33,7 +32,7 @@ in
|
||||||
ids.uids.plume = 499;
|
ids.uids.plume = 499;
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
uid = config.ids.uids.plume;
|
uid = config.ids.uids.plume;
|
||||||
group = cfg.group;
|
inherit (cfg) group;
|
||||||
home = "/var/lib/plume";
|
home = "/var/lib/plume";
|
||||||
};
|
};
|
||||||
users.groups.${cfg.group} = {};
|
users.groups.${cfg.group} = {};
|
||||||
|
@ -52,11 +51,11 @@ in
|
||||||
after = [ "postgresql.service" ];
|
after = [ "postgresql.service" ];
|
||||||
requires = [ "postgresql.service" ];
|
requires = [ "postgresql.service" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = [ plume ];
|
path = [ pkgs.plume ];
|
||||||
script = ''
|
script = ''
|
||||||
ln -sf ${cfg.envFile} .env
|
ln -sf ${cfg.envFile} .env
|
||||||
mkdir -p static/media
|
mkdir -p static/media
|
||||||
for f in ${plume}/share/plume/static/*; do
|
for f in ${pkgs.plume}/share/plume/static/*; do
|
||||||
n=$(basename "$f")
|
n=$(basename "$f")
|
||||||
if [ "$n" != media ]; then
|
if [ "$n" != media ]; then
|
||||||
rm -f "static/$n"
|
rm -f "static/$n"
|
||||||
|
@ -79,7 +78,7 @@ in
|
||||||
#! ${pkgs.runtimeShell} -e
|
#! ${pkgs.runtimeShell} -e
|
||||||
|
|
||||||
plm() {
|
plm() {
|
||||||
sudo -u ${config.services.plume.user} -- ${plume}/bin/plm $@
|
sudo -u ${config.services.plume.user} -- ${pkgs.plume}/bin/plm $@
|
||||||
}
|
}
|
||||||
|
|
||||||
plm migration run
|
plm migration run
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ hostRegistry, config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
{
|
{
|
||||||
boot = {
|
boot = {
|
||||||
loader.generic-extlinux-compatible.enable = false;
|
loader.generic-extlinux-compatible.enable = false;
|
||||||
|
|
|
@ -1,146 +0,0 @@
|
||||||
{ nixos-unstable
|
|
||||||
, tracer
|
|
||||||
, bevy-julia
|
|
||||||
, bevy-mandelbrot
|
|
||||||
}:
|
|
||||||
|
|
||||||
final: prev:
|
|
||||||
|
|
||||||
let
|
|
||||||
pkgs-unstable = nixos-unstable.legacyPackages.${prev.system};
|
|
||||||
in
|
|
||||||
with final; {
|
|
||||||
allcolors = with final; rustPlatform.buildRustPackage rec {
|
|
||||||
pname = "allcolors";
|
|
||||||
version = "0.1.0";
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "polygon";
|
|
||||||
repo = "allcolors-rs";
|
|
||||||
rev = "023bd480245052357a7fd5f42181ff6e67d98b31";
|
|
||||||
sha256 = "sha256-whaV+k5xh01OQNOehwkEBUDpMWn47mvVihVwchBvWoE=";
|
|
||||||
};
|
|
||||||
cargoPatches = [ ./allcolors-cargo-update.patch ];
|
|
||||||
cargoSha256 = "sha256-RbfACA4hcyemGkw9bqjpIk393SBgBM939I95+grVI0c=";
|
|
||||||
nativeBuildInputs = [ copyDesktopItems ];
|
|
||||||
buildInputs = [
|
|
||||||
xorg.libX11
|
|
||||||
xorg.libXcursor
|
|
||||||
xorg.libXrandr
|
|
||||||
xorg.libXi
|
|
||||||
libGL
|
|
||||||
mesa
|
|
||||||
];
|
|
||||||
postFixup = ''
|
|
||||||
patchelf --set-rpath ${lib.makeLibraryPath buildInputs} $out/bin/allcolors-rs
|
|
||||||
'';
|
|
||||||
desktopItems = [ (makeDesktopItem {
|
|
||||||
name = "allcolors";
|
|
||||||
desktopName = "Polygon's allcolors-rs";
|
|
||||||
categories = [ "Game" ];
|
|
||||||
exec = "allcolors-rs";
|
|
||||||
}) ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# HACK: referenced by sdrweb
|
|
||||||
# TODO: remove with 22.11
|
|
||||||
alsaUtils = final.alsa-utils;
|
|
||||||
|
|
||||||
inherit (bevy-julia.packages.${system}) bevy_julia;
|
|
||||||
inherit (bevy-mandelbrot.packages.${system}) bevy_mandelbrot;
|
|
||||||
|
|
||||||
bmxd = callPackage ./bmxd.nix { };
|
|
||||||
|
|
||||||
dump1090-influxdb = callPackage ./dump1090-influxdb { };
|
|
||||||
|
|
||||||
dump1090_rs = callPackage ./dump1090_rs.nix { };
|
|
||||||
|
|
||||||
chromium = prev.chromium.override {
|
|
||||||
commandLineArgs = "--enable-features=VaapiVideoEncoder,VaapiVideoDecoder,CanvasOopRasterization --force-dark-mode";
|
|
||||||
};
|
|
||||||
|
|
||||||
# hydra flake
|
|
||||||
hydra = prev.hydra.overrideAttrs (oldAttrs: {
|
|
||||||
patches = oldAttrs.patches or [ ] ++ [
|
|
||||||
# gitea webhook support
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/NixOS/hydra/pull/1227/commits/750978a19232583e17620a1bd80435e957e7213a.patch";
|
|
||||||
sha256 = "sha256-86Li0YUSVUdnw6lt6kZ56ohDRKPD13SZzukqPU1np8U=";
|
|
||||||
})
|
|
||||||
# fix github webhook from orgs
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/NixOS/hydra/commit/4d664ecb0faaf51b21673f979b543ea4694c3f1b.patch";
|
|
||||||
sha256 = "sha256-lF5Rnz8r9ptyMLhcg/XnjiNhOK1KcLA7hi01ye4KgmI=";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
});
|
|
||||||
|
|
||||||
# hydra in nixpkgs
|
|
||||||
hydra_unstable = prev.hydra_unstable.overrideAttrs (oldAttrs: {
|
|
||||||
patches = oldAttrs.patches or [ ] ++ [
|
|
||||||
# gitea webhook support
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/NixOS/hydra/pull/1227/commits/750978a19232583e17620a1bd80435e957e7213a.patch";
|
|
||||||
sha256 = "sha256-86Li0YUSVUdnw6lt6kZ56ohDRKPD13SZzukqPU1np8U=";
|
|
||||||
})
|
|
||||||
# fix github webhook from orgs
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/NixOS/hydra/commit/4d664ecb0faaf51b21673f979b543ea4694c3f1b.patch";
|
|
||||||
sha256 = "sha256-lF5Rnz8r9ptyMLhcg/XnjiNhOK1KcLA7hi01ye4KgmI=";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
});
|
|
||||||
|
|
||||||
mlat-client = prev.python3Packages.callPackage ./mlat-client.nix { };
|
|
||||||
|
|
||||||
nixVersions =
|
|
||||||
prev.nixVersions // {
|
|
||||||
stable = prev.nixVersions.stable.overrideAttrs (oldAttrs: {
|
|
||||||
patches = oldAttrs.patches or [ ] ++ lib.optionals (lib.versionAtLeast prev.nixVersions.stable.version "2.9") [
|
|
||||||
# use github.com archive URL instead of api.github.com
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/NixOS/nix/pull/6997.patch";
|
|
||||||
sha256 = "sha256-JaQ6OY1RjxCYymkI/x0rmKH8XVXYs5psRwNJ4TPHPS0=";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
inherit (nixos-unstable.legacyPackages.${prev.targetPlatform.system}) nomad_1_3;
|
|
||||||
|
|
||||||
openssh = prev.openssh.overrideAttrs (oldAttrs: {
|
|
||||||
# takes 30 minutes
|
|
||||||
doCheck = false;
|
|
||||||
});
|
|
||||||
|
|
||||||
pile = prev.callPackage ./pile.nix { };
|
|
||||||
|
|
||||||
pi-sensors = prev.callPackage ./pi-sensors { };
|
|
||||||
|
|
||||||
plume = prev.callPackage ./plume { };
|
|
||||||
|
|
||||||
readsb = prev.callPackage ./readsb.nix { };
|
|
||||||
|
|
||||||
SimpleYggGen-CPP = prev.callPackage ./simpleygggen.nix { };
|
|
||||||
|
|
||||||
tracer-game =
|
|
||||||
let
|
|
||||||
broken = true;
|
|
||||||
reason = "haddock runs on affection for 10 hours and more";
|
|
||||||
in
|
|
||||||
if broken
|
|
||||||
then throw "tracer-game: ${reason}"
|
|
||||||
else tracer.packages.${system}.tracer-game;
|
|
||||||
|
|
||||||
# HACK: referenced by hydra-module.nix but removed from nixos-unstable in 2022-09
|
|
||||||
# TODO: remove with 22.11
|
|
||||||
utillinux = final.util-linux;
|
|
||||||
|
|
||||||
# vector-0.23 + mqtt-sink
|
|
||||||
vector = pkgs-unstable.callPackage ./vector {};
|
|
||||||
|
|
||||||
wander =
|
|
||||||
if prev ? wander
|
|
||||||
then builtins.trace "`wander` is now available on stable NixOS. Please remove from overlay!"
|
|
||||||
prev.wander
|
|
||||||
else pkgs-unstable.wander;
|
|
||||||
}
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
{ lib
|
||||||
|
, copyDesktopItems
|
||||||
|
, fetchFromGitHub
|
||||||
|
, rustPlatform
|
||||||
|
, libGL
|
||||||
|
, makeDesktopItem
|
||||||
|
, mesa
|
||||||
|
, xorg
|
||||||
|
}:
|
||||||
|
|
||||||
|
rustPlatform.buildRustPackage rec {
|
||||||
|
pname = "allcolors";
|
||||||
|
version = "0.1.0";
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "polygon";
|
||||||
|
repo = "allcolors-rs";
|
||||||
|
rev = "023bd480245052357a7fd5f42181ff6e67d98b31";
|
||||||
|
sha256 = "sha256-whaV+k5xh01OQNOehwkEBUDpMWn47mvVihVwchBvWoE=";
|
||||||
|
};
|
||||||
|
cargoPatches = [ ./allcolors-cargo-update.patch ];
|
||||||
|
cargoSha256 = "sha256-RbfACA4hcyemGkw9bqjpIk393SBgBM939I95+grVI0c=";
|
||||||
|
nativeBuildInputs = [ copyDesktopItems ];
|
||||||
|
buildInputs = [
|
||||||
|
xorg.libX11
|
||||||
|
xorg.libXcursor
|
||||||
|
xorg.libXrandr
|
||||||
|
xorg.libXi
|
||||||
|
libGL
|
||||||
|
mesa
|
||||||
|
];
|
||||||
|
postFixup = ''
|
||||||
|
patchelf --set-rpath ${lib.makeLibraryPath buildInputs} $out/bin/allcolors-rs
|
||||||
|
'';
|
||||||
|
desktopItems = [
|
||||||
|
(makeDesktopItem {
|
||||||
|
name = "allcolors";
|
||||||
|
desktopName = "Polygon's allcolors-rs";
|
||||||
|
categories = [ "Game" ];
|
||||||
|
exec = "allcolors-rs";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ stdenv, fetchgit, fetchpatch, }:
|
{ stdenv, fetchgit }:
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
pname = "bmxd";
|
pname = "bmxd";
|
|
@ -0,0 +1,84 @@
|
||||||
|
{ bevy-julia
|
||||||
|
, bevy-mandelbrot
|
||||||
|
, tracer
|
||||||
|
}:
|
||||||
|
|
||||||
|
final: prev:
|
||||||
|
|
||||||
|
with final; {
|
||||||
|
allcolors = callPackage ./allcolors.nix { };
|
||||||
|
|
||||||
|
inherit (bevy-julia.packages.${system}) bevy_julia;
|
||||||
|
inherit (bevy-mandelbrot.packages.${system}) bevy_mandelbrot;
|
||||||
|
|
||||||
|
bmxd = callPackage ./bmxd.nix { };
|
||||||
|
|
||||||
|
boehmgc = prev.boehmgc.overrideAttrs(_: {
|
||||||
|
# tests fail under emulation
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
|
||||||
|
dump1090-influxdb = callPackage ./dump1090-influxdb { };
|
||||||
|
|
||||||
|
dump1090_rs = callPackage ./dump1090_rs.nix { };
|
||||||
|
|
||||||
|
chromium = prev.chromium.override {
|
||||||
|
commandLineArgs = "--enable-features=VaapiVideoEncoder,VaapiVideoDecoder,CanvasOopRasterization --force-dark-mode";
|
||||||
|
};
|
||||||
|
|
||||||
|
# hydra flake
|
||||||
|
hydra = prev.hydra.overrideAttrs (oldAttrs: {
|
||||||
|
patches = oldAttrs.patches or [ ] ++ [
|
||||||
|
# gitea webhook support
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/NixOS/hydra/pull/1227/commits/750978a19232583e17620a1bd80435e957e7213a.patch";
|
||||||
|
sha256 = "sha256-86Li0YUSVUdnw6lt6kZ56ohDRKPD13SZzukqPU1np8U=";
|
||||||
|
})
|
||||||
|
# fix github webhook from orgs
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/NixOS/hydra/commit/4d664ecb0faaf51b21673f979b543ea4694c3f1b.patch";
|
||||||
|
sha256 = "sha256-lF5Rnz8r9ptyMLhcg/XnjiNhOK1KcLA7hi01ye4KgmI=";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
});
|
||||||
|
|
||||||
|
# hydra in nixpkgs
|
||||||
|
hydra_unstable = prev.hydra_unstable.overrideAttrs (oldAttrs: {
|
||||||
|
patches = oldAttrs.patches or [ ] ++ [
|
||||||
|
# gitea webhook support
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/NixOS/hydra/pull/1227/commits/750978a19232583e17620a1bd80435e957e7213a.patch";
|
||||||
|
sha256 = "sha256-86Li0YUSVUdnw6lt6kZ56ohDRKPD13SZzukqPU1np8U=";
|
||||||
|
})
|
||||||
|
# fix github webhook from orgs
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/NixOS/hydra/commit/4d664ecb0faaf51b21673f979b543ea4694c3f1b.patch";
|
||||||
|
sha256 = "sha256-lF5Rnz8r9ptyMLhcg/XnjiNhOK1KcLA7hi01ye4KgmI=";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
});
|
||||||
|
|
||||||
|
mlat-client = python3Packages.callPackage ./mlat-client.nix { };
|
||||||
|
|
||||||
|
openssh = prev.openssh.overrideAttrs (_: {
|
||||||
|
# takes 30 minutes
|
||||||
|
doCheck = false;
|
||||||
|
});
|
||||||
|
|
||||||
|
pile = callPackage ./pile.nix { };
|
||||||
|
|
||||||
|
pi-sensors = callPackage ./pi-sensors { };
|
||||||
|
|
||||||
|
plume = callPackage ./plume { };
|
||||||
|
|
||||||
|
readsb = callPackage ./readsb.nix { };
|
||||||
|
|
||||||
|
simpleygggen-cpp = callPackage ./simpleygggen.nix { };
|
||||||
|
|
||||||
|
telme10 = callPackage ./telme10.nix { };
|
||||||
|
|
||||||
|
tracer-game =
|
||||||
|
if true
|
||||||
|
then throw "tracer-game: haddock runs on affection for 10 hours and more"
|
||||||
|
else tracer.packages.${system}.tracer-game;
|
||||||
|
}
|
|
@ -1,19 +1,19 @@
|
||||||
{
|
{
|
||||||
gis-distance = {
|
gis-distance = {
|
||||||
groups = ["default"];
|
groups = [ "default" ];
|
||||||
platforms = [];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = ["https://rubygems.org"];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1kgv1scv25b65d9xfricj1ayd2iry7imgk7qw4mryd91mhriibaf";
|
sha256 = "1kgv1scv25b65d9xfricj1ayd2iry7imgk7qw4mryd91mhriibaf";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.1.0";
|
version = "1.1.0";
|
||||||
};
|
};
|
||||||
influxdb = {
|
influxdb = {
|
||||||
groups = ["default"];
|
groups = [ "default" ];
|
||||||
platforms = [];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = ["https://rubygems.org"];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1l2sjf8kaw3adjjg3l7zg1j735yxdfldf04gl9kjc3hbpdcd7d4w";
|
sha256 = "1l2sjf8kaw3adjjg3l7zg1j735yxdfldf04gl9kjc3hbpdcd7d4w";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
|
@ -1,5 +1,7 @@
|
||||||
{ fetchFromGitHub, rustPlatform
|
{ fetchFromGitHub
|
||||||
, pkg-config, llvmPackages
|
, rustPlatform
|
||||||
|
, pkg-config
|
||||||
|
, llvmPackages
|
||||||
, soapysdr-with-plugins
|
, soapysdr-with-plugins
|
||||||
}:
|
}:
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue