Update network configuration

master
Sven Slootweg 7 years ago
parent 57361fe86a
commit c6f0f1540e

1
.gitignore vendored

@ -1 +1,2 @@
credentials
secrets.nix

@ -4,12 +4,13 @@
];
boot = {
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sd_mod" "sr_mod" ];
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sd_mod" "sr_mod" "virtio_pci" "virtio_blk" ];
loader.grub = {
enable = true;
version = 2;
device = "/dev/sda";
/* Previously the below was /dev/sda; now it suddenly changed to /dev/vda? */
device = "/dev/vda";
};
};
}

@ -1,6 +1,148 @@
{
let
secrets = import ../secrets.nix;
in {
network.description = "Cryto";
workbot = {config, lib, pkgs, ...}@args:
{
config = {
services.nginx = let
hostRoot = pkgs.writeTextDir "index.html" "Hello world!";
reverseProxy = target: {
proxyPass = target;
extraConfig = ''
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
'';
};
requireTLS = {
enableACME = true;
forceSSL = true;
};
in {
enable = true;
virtualHosts = {
"_" = {
default = true;
root = hostRoot;
};
"hydra.cryto.net" = {
locations = {
"/" = reverseProxy "http://localhost:3333";
};
} // requireTLS;
"prometheus.cryto.net" = {
locations = {
"/" = reverseProxy "http://localhost:9090";
};
} // requireTLS;
"metrics.cryto.net" = {
locations = {
"/" = reverseProxy "http://localhost:8452";
};
} // requireTLS;
"nix-cache.cryto.net" = {
root = "/var/lib/hydra-builds";
} // requireTLS;
};
};
services.postgresql = {
enable = true;
};
services.hydra = {
enable = true;
port = 3333;
hydraURL = "http://hydra.cryto.net/";
notificationSender = "hydra@cryto.net";
useSubstitutes = false;
minimumDiskFree = 20;
minimumDiskFreeEvaluator = 20;
buildMachinesFiles = pkgs.lib.mkIf (config.nix.buildMachines == []) [];
extraConfig = ''
store_uri = file:///var/lib/hydra-builds?secret-key=/var/lib/hydra/binary-cache.key&write-nar-listing=1
binary_cache_public_uri = https://nix-cache.cryto.net
'';
};
/* FIXME: Declaratively define data sources; Grafana module for NixOS does not appear to support this yet? */
services.grafana = {
enable = true;
port = 8452;
rootUrl = "https://metrics.cryto.net/";
security = {
adminUser = secrets.grafana.username;
adminPassword = secrets.grafana.password;
};
auth = {
anonymous.enable = true;
};
};
services.prometheus = {
enable = true;
globalConfig = {
scrape_interval = "30s";
};
scrapeConfigs = let
nameInstance = address: name: {
source_labels = [ "__address__" ];
target_label = "instance";
regex = address;
replacement = name;
};
in [
{
job_name = "prometheus";
static_configs = [{
targets = [
"localhost:9090"
];
}];
relabel_configs = [
(nameInstance "localhost:9090" "workbot")
];
} {
job_name = "nodes";
scrape_interval = "10s";
static_configs = [{
targets = [
"localhost:9100"
"80.255.0.137:9100"
"64.187.233.73:9100"
];
}];
relabel_configs = [
(nameInstance "localhost:9100" "workbot")
(nameInstance "80.255.0.137:9100" "osmium")
(nameInstance "64.187.233.73:9100" "nijaxor")
];
}
];
exporters = {
node = {
enable = true;
enabledCollectors = [
"systemd"
];
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
};
osmium = { config, lib, pkgs, ... }@args:
let
pastebinStream = (import ../applications/pastebin-stream.nix) args;
@ -16,8 +158,8 @@
imports = [
(pastebinStream {
errorPath = "/var/lib/pastebin-stream/errors";
rev = "bed9fefc9cc5dcf2c8aaf32c20e48e5eb70b0920";
sha256 = "0glj8hmx820afv1bqdjmyff1gvr20p40nl4ksh6200pnbncsbxyh";
rev = "d7a09deda0916fa99920156e928d281a5bd3d97a";
sha256 = "08xjcwmbzdmkzbz1al3vkryiix1y2zqc8yv4lsrw21dz0c5zl726";
})
];
@ -47,11 +189,21 @@
networking.firewall.allowedTCPPorts = [
80
443
9100 # Prometheus node exporter
];
environment.systemPackages = with pkgs; [
htop
];
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [
"systemd"
];
};
};
};
options.systems.osmium = with lib; {
@ -65,4 +217,22 @@
};
};
};
nijaxor = { config, lib, pkgs, ... }@args:
{
config = {
networking.firewall.allowedTCPPorts = [
9100 # Prometheus node exporter
];
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [
"systemd"
];
};
};
};
};
}

@ -0,0 +1,37 @@
let
removeNewlines = (import ../lib/util/remove-newlines.nix);
presetRootSsh = (import ../lib/presets/root-ssh.nix);
in {
nijaxor = {config, pkgs, ...}@args: let
presetTools = (import ../lib/presets/tools.nix) args;
presetQemuGuest = (import ../lib/presets/qemu-guest.nix);
in
{
deployment.targetHost = "64.187.233.73";
/* Begin hardware configuration section */
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
swapDevices = [ ];
nix.maxJobs = pkgs.lib.mkDefault 2;
/* End hardware configuration section */
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/8750e892-eb14-4ff0-a07d-65995ebc65ea";
fsType = "ext4";
};
};
/* networking = {
hostName = "osmium";
defaultGateway6 = "2a01:4a0:4a::1";
interfaces.ens3 = {
ipv6.addresses = [{
address = "2a01:4a0:4a:5d::35c7";
prefixLength = 48;
}];
};
}; */
} // presetRootSsh // presetTools // presetQemuGuest;
}

@ -1,32 +1 @@
let
removeNewlines = (import ../lib/util/remove-newlines.nix);
presetRootSsh = (import ../lib/presets/root-ssh.nix);
in {
osmium = {config, pkgs, ...}@args: let
presetTools = (import ../lib/presets/tools.nix) args;
presetQemuGuest = (import ../lib/presets/qemu-guest.nix);
in
{
deployment.targetHost = "80.255.0.137";
systems.osmium = {
applications.pastebin-stream = {
hostname = "pastebin-stream.cryto.net";
};
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/cf472470-0b3d-414b-93f8-b5e4298fad05";
fsType = "ext4";
};
networking = {
hostName = "osmium";
defaultGateway6 = "2a01:4a0:4a::1";
interfaces.enp0s3 = {
ipv6Address = "2a01:4a0:4a:5d::35c7";
ipv6PrefixLength = 48;
};
};
} // presetRootSsh // presetTools // presetQemuGuest;
}
(import ./osmium_.nix) // (import ./workbot.nix) // (import ./nijaxor.nix)

@ -0,0 +1,43 @@
let
removeNewlines = (import ../lib/util/remove-newlines.nix);
presetRootSsh = (import ../lib/presets/root-ssh.nix);
in {
osmium = {config, pkgs, ...}@args: let
presetTools = (import ../lib/presets/tools.nix) args;
presetQemuGuest = (import ../lib/presets/qemu-guest.nix);
in
{
deployment.targetHost = "80.255.0.137";
/* Begin hardware configuration section */
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
swapDevices = [ ];
nix.maxJobs = pkgs.lib.mkDefault 2;
/* End hardware configuration section */
systems.osmium = {
applications.pastebin-stream = {
hostname = "pastebin-stream.cryto.net";
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/cf472470-0b3d-414b-93f8-b5e4298fad05";
fsType = "ext4";
};
};
networking = {
hostName = "osmium";
defaultGateway6 = "2a01:4a0:4a::1";
interfaces.ens3 = {
ipv6.addresses = [{
address = "2a01:4a0:4a:5d::35c7";
prefixLength = 48;
}];
};
};
} // presetRootSsh // presetTools // presetQemuGuest;
}

@ -0,0 +1,40 @@
let
removeNewlines = (import ../lib/util/remove-newlines.nix);
presetRootSsh = (import ../lib/presets/root-ssh.nix);
in {
workbot = {config, pkgs, ...}@args: let
presetTools = (import ../lib/presets/tools.nix) args;
in
{
deployment.targetHost = "148.251.195.23";
/* Begin hardware configuration section */
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
swapDevices = [ ];
nix.maxJobs = pkgs.lib.mkDefault 8;
powerManagement.cpuFreqGovernor = pkgs.lib.mkDefault "powersave";
hardware.enableRedistributableFirmware = true;
/* End hardware configuration section */
boot.loader.grub = {
enable = true;
version = 2;
device = "/dev/sda";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/nix";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "ext4";
};
};
system.stateVersion = "18.03";
} // presetRootSsh // presetTools;
}
Loading…
Cancel
Save