laalsaas/nix-config
laalsaas/nix-config
1
0
Fork 0
forked from c3d2/nix-config
Code Issues Pull Requests Projects Releases Wiki Activity
configurations of hq services
234 Commits 8 Branches 0 Tags 8.5 MiB
Nix 92.9%
HTML 2.6%
Ruby 2%
Rust 1.5%
Shell 0.5%
Other 0.5%
a203683694
Go to file
Emery Hemingway a203683694 Remove hydra cache, add enableBinaryCache to hq module 
The Hydra is dead, NixOS machines cannot rely on services hosted from the
Proxmox. Add a enableBinaryCache option to the hq module to enable caching
from Server7.
2020-01-26 14:10:02 +01:00
ansible update filebeat 2019-09-27 11:07:42 +02:00
hosts Server7: mount cephfs at /srv/ceph 2020-01-26 13:12:08 +01:00
kubernetes update deployer 2019-07-03 20:16:11 +02:00
lib Remove hydra cache, add enableBinaryCache to hq module 2020-01-26 14:10:02 +01:00
secrets@812dec2ee9 Merge common.nix and c3d2.nix to hq.nix 2019-11-09 13:59:47 +01:00
.gitignore Add "result" to .gitignore 2019-11-29 14:21:52 +01:00
.gitmodules Replace yggdrasil submodule with an input 2019-11-09 16:52:22 +01:00
host-registry.nix Add glotzbert to host registry, add static IPv6 address 2020-01-20 15:17:03 +01:00
hq.nixops hq.nixops: declaring inputs is actually unsupported 2019-11-02 22:08:04 +01:00
install-host.sh pulsebert: add home-manager home.nix 2019-02-19 23:30:27 +01:00
nix-maintenance.sh add nix-maintenance.sh 2019-02-18 19:56:44 +01:00
README.md Add Laptops / Desktops to README 2020-01-01 13:42:34 +01:00

README.md

Deployment

Beide failen bei Activation des neuen Profils. (TODO)

Mit NixOps

The official way for deployment is through deployer.serv.zentralwerk.org

Deploy changes

Use deployer system:

ssh k-ot@172.20.73.9
cd nix-config/
nixops deploy -d hq --check --include=[hostname]

Creating new Container

This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.

  1. log into any proxmox server
  2. pct create [num] cephfs-iso:vztmpl/nixos-system-x86_64-linux.tar.xz -ostype unmanaged -net0 name=eth0,bridge=vmbr0,tag=[vlantag] -storage vms -hostname [hostname]
  3. adjustments through ui if necessary
  4. Adjust hq.nixops, add [hostname]
  5. Run 
    ssh k-ot@172.20.73.16
cd nix-config/
nixops deploy -d hq --check --include=[hostname]

Mit nixos-switch rebuild

nixos-rebuild switch -I nixos-config=./hosts/containers/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"

Secrets

Add your gpg-id to the .gpg-id file in secrets and let somebody reencrypt it for you. Maybe this works for you, maybe not. I did it somehow:

PASSWORD_STORE_DIR=`pwd` tr '\n' ' ' < .gpg-id | xargs -I{} pass init {}

Your gpg key has to have the Authenticate flag set. If not update it and push it to a keyserver and wait. This is necessary, so you can login to any machine with your gpg key.

Laptops / Desktops

This repository contains a NixOS module that can be used with personal machines as well. This module appends /etc/ssh/ssh_known_hosts with the host keys of registered HQ hosts, and optionally appends /etc/hosts with static IPv6 addresses local to HQ. Simply import the lib directory to use the module. As an example:

# /etc/nixos/configuration.nix
{ config, pkgs, lib, ... }:
let
  c3d2Config =
    builtins.fetchGit { url = "https://gitea.c3d2.de/C3D2/nix-config.git"; };
in {
  imports = [
    # ...
    "${c3d2Config}/lib"
  ];

  c3d2 = {
    isInHq = false; # not in HQ, this is the default.
    mapHqHosts = true; # Make entries in /etc/hosts for *.hq internal addresses.
    enableMotd = true; # Set the login shell message to the <<</>> logo.
  };

  # ...
}