diff --git a/terranix/.gitignore b/terranix/.gitignore deleted file mode 100644 index a28903b..0000000 --- a/terranix/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.backup -.history -.terraform diff --git a/terranix/gitlab/.gitignore b/terranix/gitlab/.gitignore deleted file mode 100644 index e0e98f6..0000000 --- a/terranix/gitlab/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -.terraform* -terraform.tfstate* -config.tf.json diff --git a/terranix/gitlab/README.md b/terranix/gitlab/README.md deleted file mode 100644 index c4f2abe..0000000 --- a/terranix/gitlab/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# nix flake example - -This example shows how you could use terranix as flake. - -- `nix run` run `nix run ".#apply"` -- `nix run ".#apply"` run `terraform apply` -- `nix run ".#destroy"` run `terraform destroy` diff --git a/terranix/gitlab/config.nix b/terranix/gitlab/config.nix deleted file mode 100644 index 1e23633..0000000 --- a/terranix/gitlab/config.nix +++ /dev/null @@ -1,31 +0,0 @@ -# start with: -# export GITLAB_TOKEN="" -{ config, lib, ... }: -{ - terraform.required_providers.gitlab.source = "gitlabhq/gitlab"; - - provider.gitlab = { - base_url = "https://gitlab.ingolf-wagner.de/api/v4/"; - }; - - resource.gitlab_deploy_key = - let - ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNRzdW7SYizwrECoTJbL0peeTkaRfAT5Jjefgad+MmHFHsRRy/q2bDQLlhKGPC4I0gXsaYuZSeSpaCwa6JHwDXDUjeSwj/osKE7lDnRx0XmGKKwZPNU4KuI9CUH450p5M9w3KgSmKEXJKayUz1/8E4WlSjfSkqpGwkhCeHtuIVd6Wei+fU/7uzYrL6tg8ZZD3omvvD4AxCEzNvM3wuX915K0x52GySJLpQUt9xYZLb1qrQAkVAnOE2ZZLx5rVzDLJkPrPRQ5Og3Yi3mT469AbKM/XPPuVgluiMCLOq8avAOQGK2brKjdaw2m3bDKuH18WJfMwwu/0uzSe1CWBwNj8/gAQapevhoYwMLjK9eJvWBh2Wc7tgHO51uZM3mVTylWFlsundM2ASssVHueReNpnUtMvXdCPHb0ZmZNy/3NW0u+y7FnLRvnrRSF8TYPeUYTOoRd0nbvwb6R0mBvHFqjs6ILLL7+d+JHCBnGAxu3AwgWAsS8LP3G+VL7arb1pEVJK52Svjoi2tPXWaRixAB1KxMep44UtY+TCGs+5fx++y2sUGhcEJBxXywpFmAPjOZLRuiDcnsWxZfTSMkQowoG6PUtcplasY4+NzJ/ivBjfka111KRLURNIRkCGaBZKPAROkGd9iKdiSENdpXRwubFl5ISjEPR3tdZaTY97w+hj8OQ=="; - work_repositories = { - mindcurv = "palo/mindcurv_nix"; - timewarrior = "palo/timewarrior_mindcurv"; - }; - - repository = name: project_path: { - name = name; - value = { - project = project_path; - title = "Deployment key"; - key = ssh_key; - }; - }; - - in - lib.mapAttrs' repository work_repositories; - -} diff --git a/terranix/gitlab/flake.lock b/terranix/gitlab/flake.lock deleted file mode 100644 index 37d94c7..0000000 --- a/terranix/gitlab/flake.lock +++ /dev/null @@ -1,129 +0,0 @@ -{ - "nodes": { - "bats-assert": { - "flake": false, - "locked": { - "lastModified": 1636059754, - "narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=", - "owner": "bats-core", - "repo": "bats-assert", - "rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5", - "type": "github" - }, - "original": { - "owner": "bats-core", - "repo": "bats-assert", - "type": "github" - } - }, - "bats-support": { - "flake": false, - "locked": { - "lastModified": 1548869839, - "narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=", - "owner": "bats-core", - "repo": "bats-support", - "rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3", - "type": "github" - }, - "original": { - "owner": "bats-core", - "repo": "bats-support", - "type": "github" - } - }, - "flake-utils": { - "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "locked": { - "lastModified": 1634851050, - "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1633074215, - "narHash": "sha256-epmR1H1amgFWuU7xW9OXGjsAqltMqCSqkv1U2+9rOlM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "378d2c5dcec7fef958cca3760448c09a9be2b7a3", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", - "terranix": "terranix" - } - }, - "terranix": { - "inputs": { - "bats-assert": "bats-assert", - "bats-support": "bats-support", - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ], - "terranix-examples": "terranix-examples" - }, - "locked": { - "lastModified": 1636274003, - "narHash": "sha256-HDiyJGgyDUoLnpL8N+wDm3cM/vEfYYc/p4N1kKH/kLk=", - "owner": "terranix", - "repo": "terranix", - "rev": "87fe67a2c254e74c1c3f3206c504fe7ba76a3c59", - "type": "github" - }, - "original": { - "owner": "terranix", - "repo": "terranix", - "type": "github" - } - }, - "terranix-examples": { - "locked": { - "lastModified": 1633465925, - "narHash": "sha256-BfXRW1ZHpK5jh5CVcw7eFpGsWE1CyVxL8R+V7uXemaU=", - "owner": "terranix", - "repo": "terranix-examples", - "rev": "70bf5d5a1ad4eabef1e4e71c1eb101021decd5a4", - "type": "github" - }, - "original": { - "owner": "terranix", - "repo": "terranix-examples", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/terranix/gitlab/flake.nix b/terranix/gitlab/flake.nix deleted file mode 100644 index 0299b8c..0000000 --- a/terranix/gitlab/flake.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:nixos/nixpkgs"; - flake-utils.url = "github:numtide/flake-utils"; - terranix = { - url = "github:terranix/terranix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = { self, nixpkgs, flake-utils, terranix }: - flake-utils.lib.eachDefaultSystem (system: - let - pkgs = nixpkgs.legacyPackages.${system}; - terraform = pkgs.terraform_0_15; - terraformConfiguration = terranix.lib.terranixConfiguration { - inherit system; - modules = [ ./config.nix ]; - }; - in - { - defaultPackage = terraformConfiguration; - # nix develop - devShell = pkgs.mkShell { - buildInputs = [ - pkgs.terraform_0_15 - terranix.defaultPackage.${system} - ]; - }; - # nix run ".#apply" - apps.apply = { - type = "app"; - program = toString (pkgs.writers.writeBash "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform apply - ''); - }; - # nix run ".#destroy" - apps.destroy = { - type = "app"; - program = toString (pkgs.writers.writeBash "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform destroy - ''); - }; - # nix run - defaultApp = self.apps.${system}.apply; - }); -} diff --git a/terranix/graylog/MyDashboards.json b/terranix/graylog/MyDashboards.json deleted file mode 100644 index e4ea79a..0000000 --- a/terranix/graylog/MyDashboards.json +++ /dev/null @@ -1,674 +0,0 @@ -{ - "v": "1", - "id": "da023d7e-086a-4387-a5b1-02bd267d9c3f", - "rev": 2, - "name": "Dashboards", - "summary": "My Dashboards", - "description": "All my Dashboards focusing mainly on journald logs", - "vendor": "Ingolf Wagner", - "url": "", - "parameters": [], - "entities": [ - { - "v": "1", - "type": { - "name": "dashboard", - "version": "2" - }, - "id": "04d927ad-a217-43bf-aa9e-820777399cc3", - "data": { - "summary": { - "@type": "string", - "@value": "Overview on Graylog" - }, - "search": { - "queries": [ - { - "id": "bfb6a815-7213-484c-91ba-ebaeff542a66", - "timerange": { - "type": "relative", - "range": 300 - }, - "query": { - "type": "elasticsearch", - "query_string": "" - }, - "search_types": [ - { - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true AND syslog_facility:<4 AND (systemd_unit:elasticsearch.service OR systemd_unit:kibana.service OR systemd_unit:graylog.service)" - }, - "name": "chart", - "timerange": { - "type": "relative", - "range": 86400 - }, - "streams": [], - "series": [ - { - "type": "count", - "id": "count()", - "field": null - } - ], - "filter": null, - "rollup": false, - "row_groups": [ - { - "type": "time", - "field": "timestamp", - "interval": { - "type": "auto", - "scaling": 1 - } - } - ], - "type": "pivot", - "id": "8e1ed6ed-ff1f-4d86-8981-a987aaaa5eed", - "column_groups": [ - { - "type": "values", - "field": "systemd_unit", - "limit": 15 - } - ], - "sort": [] - }, - { - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true" - }, - "name": "chart", - "timerange": { - "type": "relative", - "range": 86400 - }, - "streams": [], - "series": [ - { - "type": "count", - "id": "count()", - "field": null - } - ], - "filter": null, - "rollup": false, - "row_groups": [ - { - "type": "time", - "field": "timestamp", - "interval": { - "type": "auto", - "scaling": 1 - } - } - ], - "type": "pivot", - "id": "d7e2a713-28fd-46d1-8c7a-29bd2867bebd", - "column_groups": [ - { - "type": "values", - "field": "source", - "limit": 15 - } - ], - "sort": [] - } - ] - } - ], - "parameters": [], - "requires": {}, - "owner": "admin", - "created_at": "2021-07-17T08:03:26.960Z" - }, - "created_at": "2021-07-17T05:53:41.503Z", - "requires": {}, - "state": { - "bfb6a815-7213-484c-91ba-ebaeff542a66": { - "selected_fields": null, - "static_message_list_id": null, - "titles": { - "widget": { - "b0d1972c-c917-4054-a946-d412859ee5f0": "Graylog Errors of last day", - "49928524-8949-42e2-b6a6-4f208e2febb5": "Graylog Input of last day", - "c535afa8-b27f-4cec-b117-483df2d439ec": "Graylog errors of last day", - "9a6682e0-8993-439a-bfff-62e4a3c99473": "Graylog errors of last day (copy)" - }, - "tab": { - "title": "Last Day" - } - }, - "widgets": [ - { - "id": "c535afa8-b27f-4cec-b117-483df2d439ec", - "type": "aggregation", - "filter": null, - "timerange": { - "type": "relative", - "range": 86400 - }, - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true AND syslog_facility:<4 AND (systemd_unit:elasticsearch.service OR systemd_unit:kibana.service OR systemd_unit:graylog.service)" - }, - "streams": [], - "config": { - "visualization": "line", - "event_annotation": false, - "row_pivots": [ - { - "field": "timestamp", - "type": "time", - "config": { - "interval": { - "type": "auto", - "scaling": null - } - } - } - ], - "series": [ - { - "config": { - "name": null - }, - "function": "count()" - } - ], - "rollup": false, - "column_pivots": [ - { - "field": "systemd_unit", - "type": "values", - "config": { - "limit": 15 - } - } - ], - "visualization_config": { - "interpolation": "spline" - }, - "formatting_settings": null, - "sort": [] - } - }, - { - "id": "49928524-8949-42e2-b6a6-4f208e2febb5", - "type": "aggregation", - "filter": null, - "timerange": { - "type": "relative", - "range": 86400 - }, - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true" - }, - "streams": [], - "config": { - "visualization": "line", - "event_annotation": false, - "row_pivots": [ - { - "field": "timestamp", - "type": "time", - "config": { - "interval": { - "type": "auto", - "scaling": null - } - } - } - ], - "series": [ - { - "config": { - "name": null - }, - "function": "count()" - } - ], - "rollup": false, - "column_pivots": [ - { - "field": "source", - "type": "values", - "config": { - "limit": 15 - } - } - ], - "visualization_config": { - "interpolation": "spline" - }, - "formatting_settings": null, - "sort": [] - } - } - ], - "widget_mapping": { - "49928524-8949-42e2-b6a6-4f208e2febb5": [ - "d7e2a713-28fd-46d1-8c7a-29bd2867bebd" - ], - "c535afa8-b27f-4cec-b117-483df2d439ec": [ - "8e1ed6ed-ff1f-4d86-8981-a987aaaa5eed" - ] - }, - "positions": { - "49928524-8949-42e2-b6a6-4f208e2febb5": { - "col": 1, - "row": 11, - "height": 3, - "width": "Infinity" - }, - "c535afa8-b27f-4cec-b117-483df2d439ec": { - "col": 1, - "row": 8, - "height": 3, - "width": "Infinity" - } - }, - "formatting": { - "highlighting": [] - }, - "display_mode_settings": { - "positions": {} - } - } - }, - "properties": [], - "owner": "admin", - "title": { - "@type": "string", - "@value": "Graylog" - }, - "type": "DASHBOARD", - "description": { - "@type": "string", - "@value": "" - } - }, - "constraints": [ - { - "type": "server-version", - "version": ">=3.3.9+abab7dc" - } - ] - }, - { - "v": "1", - "type": { - "name": "dashboard", - "version": "2" - }, - "id": "40d84ea8-3f72-47b8-9819-722b3f5dcbd3", - "data": { - "summary": { - "@type": "string", - "@value": "Overview on Graylog" - }, - "search": { - "queries": [ - { - "id": "bfb6a815-7213-484c-91ba-ebaeff542a66", - "timerange": { - "type": "relative", - "range": 300 - }, - "query": { - "type": "elasticsearch", - "query_string": "" - }, - "search_types": [ - { - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true AND systemd_unit:init.scope AND syslog_priority:4" - }, - "name": "chart", - "timerange": { - "type": "relative", - "range": 86400 - }, - "streams": [], - "series": [ - { - "type": "count", - "id": "count()", - "field": null - } - ], - "filter": null, - "rollup": true, - "row_groups": [ - { - "type": "values", - "field": "custom_unit", - "limit": 15 - } - ], - "type": "pivot", - "id": "d480b368-2968-442c-94b9-e1e4e1830db7", - "column_groups": [], - "sort": [] - }, - { - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true" - }, - "name": "chart", - "timerange": { - "type": "relative", - "range": 86400 - }, - "streams": [], - "series": [ - { - "type": "count", - "id": "count()", - "field": null - } - ], - "filter": null, - "rollup": false, - "row_groups": [ - { - "type": "time", - "field": "timestamp", - "interval": { - "type": "auto", - "scaling": 1 - } - } - ], - "type": "pivot", - "id": "148df0da-281a-4266-a363-9565c9b851b6", - "column_groups": [ - { - "type": "values", - "field": "source", - "limit": 15 - } - ], - "sort": [] - }, - { - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true AND syslog_facility:<4 AND (systemd_unit:elasticsearch.service OR systemd_unit:kibana.service OR systemd_unit:graylog.service)" - }, - "name": "chart", - "timerange": { - "type": "relative", - "range": 86400 - }, - "streams": [], - "series": [ - { - "type": "count", - "id": "count()", - "field": null - } - ], - "filter": null, - "rollup": false, - "row_groups": [ - { - "type": "time", - "field": "timestamp", - "interval": { - "type": "auto", - "scaling": 1 - } - } - ], - "type": "pivot", - "id": "fe958d96-6908-4516-848d-9490d810ed3e", - "column_groups": [ - { - "type": "values", - "field": "systemd_unit", - "limit": 15 - } - ], - "sort": [] - } - ] - } - ], - "parameters": [], - "requires": {}, - "owner": "admin", - "created_at": "2021-07-17T11:41:39.203Z" - }, - "created_at": "2021-07-17T05:53:41.503Z", - "requires": {}, - "state": { - "bfb6a815-7213-484c-91ba-ebaeff542a66": { - "selected_fields": null, - "static_message_list_id": null, - "titles": { - "widget": { - "b0d1972c-c917-4054-a946-d412859ee5f0": "Graylog Errors of last day", - "49928524-8949-42e2-b6a6-4f208e2febb5": "Graylog Input of last day", - "c535afa8-b27f-4cec-b117-483df2d439ec": "Graylog errors of last day", - "9a6682e0-8993-439a-bfff-62e4a3c99473": "Graylog errors of last day (copy)", - "ac9ffdfc-8f48-4ed8-af3b-62120dc86bfa": "init.scope warnings", - "221557b8-5b8b-4c57-9449-00a1aaf91388": "Messages for custom_unit:backup.mount" - }, - "tab": { - "title": "Last Day" - } - }, - "widgets": [ - { - "id": "c535afa8-b27f-4cec-b117-483df2d439ec", - "type": "aggregation", - "filter": null, - "timerange": { - "type": "relative", - "range": 86400 - }, - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true AND syslog_facility:<4 AND (systemd_unit:elasticsearch.service OR systemd_unit:kibana.service OR systemd_unit:graylog.service)" - }, - "streams": [], - "config": { - "visualization": "line", - "event_annotation": false, - "row_pivots": [ - { - "field": "timestamp", - "type": "time", - "config": { - "interval": { - "type": "auto", - "scaling": null - } - } - } - ], - "series": [ - { - "config": { - "name": null - }, - "function": "count()" - } - ], - "rollup": false, - "column_pivots": [ - { - "field": "systemd_unit", - "type": "values", - "config": { - "limit": 15 - } - } - ], - "visualization_config": { - "interpolation": "spline" - }, - "formatting_settings": null, - "sort": [] - } - }, - { - "id": "49928524-8949-42e2-b6a6-4f208e2febb5", - "type": "aggregation", - "filter": null, - "timerange": { - "type": "relative", - "range": 86400 - }, - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true" - }, - "streams": [], - "config": { - "visualization": "line", - "event_annotation": false, - "row_pivots": [ - { - "field": "timestamp", - "type": "time", - "config": { - "interval": { - "type": "auto", - "scaling": null - } - } - } - ], - "series": [ - { - "config": { - "name": null - }, - "function": "count()" - } - ], - "rollup": false, - "column_pivots": [ - { - "field": "source", - "type": "values", - "config": { - "limit": 15 - } - } - ], - "visualization_config": { - "interpolation": "spline" - }, - "formatting_settings": null, - "sort": [] - } - }, - { - "id": "ac9ffdfc-8f48-4ed8-af3b-62120dc86bfa", - "type": "aggregation", - "filter": null, - "timerange": { - "type": "relative", - "range": 86400 - }, - "query": { - "type": "elasticsearch", - "query_string": "from_journald:true AND systemd_unit:init.scope AND syslog_priority:4" - }, - "streams": [], - "config": { - "visualization": "table", - "event_annotation": false, - "row_pivots": [ - { - "field": "custom_unit", - "type": "values", - "config": { - "limit": 15 - } - } - ], - "series": [ - { - "config": { - "name": null - }, - "function": "count()" - } - ], - "rollup": true, - "column_pivots": [], - "visualization_config": null, - "formatting_settings": null, - "sort": [] - } - } - ], - "widget_mapping": { - "c535afa8-b27f-4cec-b117-483df2d439ec": [ - "fe958d96-6908-4516-848d-9490d810ed3e" - ], - "ac9ffdfc-8f48-4ed8-af3b-62120dc86bfa": [ - "d480b368-2968-442c-94b9-e1e4e1830db7" - ], - "49928524-8949-42e2-b6a6-4f208e2febb5": [ - "148df0da-281a-4266-a363-9565c9b851b6" - ] - }, - "positions": { - "ac9ffdfc-8f48-4ed8-af3b-62120dc86bfa": { - "col": 1, - "row": 6, - "height": 6, - "width": 4 - }, - "c535afa8-b27f-4cec-b117-483df2d439ec": { - "col": 5, - "row": 6, - "height": 3, - "width": 8 - }, - "49928524-8949-42e2-b6a6-4f208e2febb5": { - "col": 5, - "row": 9, - "height": 3, - "width": 8 - } - }, - "formatting": { - "highlighting": [] - }, - "display_mode_settings": { - "positions": {} - } - } - }, - "properties": [], - "owner": "admin", - "title": { - "@type": "string", - "@value": "Graylog" - }, - "type": "DASHBOARD", - "description": { - "@type": "string", - "@value": "" - } - }, - "constraints": [ - { - "type": "server-version", - "version": ">=3.3.9+abab7dc" - } - ] - } - ] -} diff --git a/terranix/graylog/config.nix b/terranix/graylog/config.nix deleted file mode 100644 index e08f541..0000000 --- a/terranix/graylog/config.nix +++ /dev/null @@ -1,47 +0,0 @@ -with builtins; { - - imports = [ ./provider.nix ./nginx.nix ./journald.nix ]; - - # create default index - resource.graylog_index_set.default = - let - maxIndexSize = 200; - maxIndexCount = 20; - isDefault = true; - in - { - title = "default"; - description = '' - This is the default index set, where everything ends up which is - not specifically send to another index. - - Be aware this index can only hold ${ - toString (maxIndexCount * maxIndexSize) - }MB of logs! - ''; - default = isDefault; - index_prefix = "graylog"; - rotation_strategy_class = - "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy"; - retention_strategy_class = - "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy"; - index_analyzer = "standard"; - index_optimization_disabled = false; - writable = true; - shards = 1; - replicas = 0; - index_optimization_max_num_segments = 1; - field_type_refresh_interval = 5000; - retention_strategy = toJSON ({ - max_number_of_indices = maxIndexCount; - type = - "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig"; - }); - rotation_strategy = toJSON ({ - #max_docs_per_index = 30000000; - max_size = maxIndexSize * 1024 * 1024; - type = - "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig"; - }); - }; -} diff --git a/terranix/graylog/journald.nix b/terranix/graylog/journald.nix deleted file mode 100644 index 5d6c872..0000000 --- a/terranix/graylog/journald.nix +++ /dev/null @@ -1,115 +0,0 @@ -with builtins; { - - imports = [ ./journald/nextcloud.nix ./journald/kibana.nix ]; - - resource = { - - graylog_input = { - journalbeat = { - title = "Journalbeat Logs"; - # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html - type = "org.graylog.plugins.beats.Beats2Input"; - global = true; - attributes = toJSON ({ - bind_address = "0.0.0.0"; - no_beats_prefix = true; - number_worker_threads = 4; - port = 5044; - recv_buffer_size = 1048576; - tcp_keepalive = false; - tls_cert_file = ""; - tls_client_auth = "disabled"; - tls_client_auth_cert_file = ""; - tls_enable = false; - tls_key_file = ""; - tls_key_password = ""; - }); - }; - }; - - graylog_input_static_fields.journalbeat = { - input_id = "\${graylog_input.journalbeat.id}"; - fields = { - from_journald = true; - journalbeat = true; - }; - }; - - graylog_stream.journald = { - title = "journald"; - description = "journald processing stream"; - index_set_id = "\${graylog_index_set.default.id}"; - disabled = false; - matching_type = "AND"; - }; - - graylog_stream_rule.journald = { - field = "from_journald"; - value = true; - stream_id = "\${graylog_stream.journald.id}"; - #description = ""; - type = 1; - inverted = false; - }; - - graylog_pipeline_connection = { - journald = { - stream_id = "\${graylog_stream.journald.id}"; - pipeline_ids = [ - #"\${graylog_pipeline.journald_fix_loglevel.id}" - "\${graylog_pipeline.journald_iptable_parse.id}" - #"\${graylog_pipeline.journald_loglevel_int_to_str.id}" - ]; - }; - }; - - graylog_pipeline = { - journald_iptable_parse.source = '' - pipeline "journald : ip table parse" - stage 0 match either - rule "journald : iptables split" - end - ''; - }; - - graylog_pipeline_rule = { - iptableSplit.source = '' - rule "journald : iptables split" - when - has_field("facility") && $message.facility == "kernel" - then - let result = regex( - "^refused connection:\\s*IN=(.*) OUT=(.*) MAC=(.*) SRC=(.*) DST=(.*) LEN=.* TOS=.* PREC=.* TTL=(.*) ID=(.*) PROTO=(.*) SPT=(.*) DPT=(.*) WINDOW=(.*) RES=.*", - to_string($message.message), - ["in_interface" - ,"out_interface" - ,"mac_addr" - ,"src_addr" - ,"dst_addr" - ,"ttl" - ,"iptables_id" - ,"protocol" - ,"src_port" - ,"dst_port" - ,"window"] - ); - - set_field("in_interface" ,result.in_interface); - set_field("out_interface" ,result.out_interface); - set_field("mac_addr" ,result.mac_addr); - set_field("src_addr" ,result.src_addr); - set_field("dst_addr" ,result.dst_addr); - set_field("ttl" ,result.ttl); - set_field("iptables_id" ,result.iptables_id); - set_field("protocol" ,result.protocol); - set_field("src_port" ,result.src_port); - set_field("dst_port" ,result.dst_port); - set_field("window" ,result.window); - - end - ''; - - }; - }; - -} diff --git a/terranix/graylog/journald/kibana.nix b/terranix/graylog/journald/kibana.nix deleted file mode 100644 index e6e856c..0000000 --- a/terranix/graylog/journald/kibana.nix +++ /dev/null @@ -1,59 +0,0 @@ -with builtins; { - - resource = { - - graylog_pipeline_connection = { - journald.pipeline_ids = [ "\${graylog_pipeline.kibana.id}" ]; - }; - - graylog_pipeline = { - kibana.source = '' - pipeline "kibana : parsing" - stage 10 match either - rule "kibana : parse level 1" - stage 11 match either - rule "kibana : parse message" - end - ''; - }; - - graylog_pipeline_rule = { - kibanaLevel1.source = '' - rule "kibana : parse level 1" - when - has_field("systemd_unit") && ($message.systemd_unit == "kibana.service") - then - let parsedJson = parse_json(to_string($message.message)); - set_fields(to_map(parsedJson),"kibana_"); - end - ''; - kibanaLevelRequest.source = '' - rule "kibana : parse request" - when - has_field("kibana_req") - then - let parsedJson = parse_json(to_string($message.kibana_req)); - set_fields(to_map(parsedJson),"kibana_req_"); - end - ''; - kibanaLevelResponse.source = '' - rule "kibana : parse response" - when - has_field("kibana_res") - then - let parsedJson = parse_json(to_string($message.kibana_res)); - set_fields(to_map(parsedJson),"kibana_res_"); - end - ''; - kibanaLevelMessage.source = '' - rule "kibana : parse message" - when - has_field("kibana_message") - then - set_field("message", $message.kibana_message); - end - ''; - }; - - }; -} diff --git a/terranix/graylog/journald/nextcloud.nix b/terranix/graylog/journald/nextcloud.nix deleted file mode 100644 index e3e56ce..0000000 --- a/terranix/graylog/journald/nextcloud.nix +++ /dev/null @@ -1,62 +0,0 @@ -with builtins; { - - resource = { - - graylog_pipeline_connection = { - journald.pipeline_ids = [ "\${graylog_pipeline.nextcloud.id}" ]; - }; - - graylog_pipeline = { - nextcloud.source = '' - pipeline "nextcloud : parsing" - stage 10 match either - rule "nextcloud : parse level 1" - stage 11 match either - rule "nextcloud : parse level 2" - stage 12 match either - rule "nextcloud : parse level 3" - end - ''; - }; - - graylog_pipeline_rule = { - nextcloudLevel1.source = '' - rule "nextcloud : parse level 1" - when - has_field("systemd_unit") && ($message.systemd_unit == "phpfpm-nextcloud.service" || $message.systemd_unit == "nextcloud-cron.service") && starts_with(to_string($message.message),"{") - then - let parsedJson = parse_json(to_string($message.message)); - set_fields(to_map(parsedJson),"nextcloud_"); - end - ''; - #nextcloudLevel2.source = '' - # rule "nextcloud : parse level 2" - # when - # has_field("nextcloud_message") - # then - # let parsedJson = parse_json(to_string($message.nextcloud_message)); - # set_field("message", $message.nextcloud_message); - # set_fields(to_map(parsedJson),"nextcloud_message_"); - # end - #''; - nextcloudLevel2.source = '' - rule "nextcloud : parse level 2" - when - has_field("nextcloud_message") - then - set_field("message", $message.nextcloud_message); - end - ''; - nextcloudLevel3.source = '' - rule "nextcloud : parse level 3" - when - has_field("nextcloud_message_Message") - then - remove_field("nextcloud_message"); - set_field("message", $message.nextcloud_message_Message); - end - ''; - }; - - }; -} diff --git a/terranix/graylog/nginx.nix b/terranix/graylog/nginx.nix deleted file mode 100644 index c47cc39..0000000 --- a/terranix/graylog/nginx.nix +++ /dev/null @@ -1,311 +0,0 @@ -/* # use this nginx configuration - # to send data to these inputs - - log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' - '"facility": "nginx", ' - '"src_addr": "$remote_addr", ' - '"body_bytes_sent": $body_bytes_sent, ' - '"request_time": $request_time, ' - '"response_status": $status, ' - '"request": "$request", ' - '"request_method": "$request_method", ' - '"host": "$host",' - '"upstream_cache_status": "$upstream_cache_status",' - '"upstream_addr": "$upstream_addr",' - '"http_x_forwarded_for": "$http_x_forwarded_for",' - '"http_referrer": "$http_referer", ' - '"http_user_agent": "$http_user_agent" }'; - - access_log syslog:server=${access_log_input} graylog2_json; - error_log syslog:server=${error_log_input}; -*/ - -with builtins; { - - resource = { - - graylog_input = { - - nginx_access_logs = { - title = "nginx access log"; - # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html - type = "org.graylog2.inputs.syslog.udp.SyslogUDPInput"; - global = true; - attributes = toJSON ({ - allow_override_date = true; - bind_address = "0.0.0.0"; - expand_structured_data = false; - force_rdns = false; - number_worker_threads = 4; - port = 12304; - recv_buffer_size = 1048576; - store_full_message = false; - }); - }; - - nginx_error_logs = { - title = "nginx error log"; - # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html - type = "org.graylog2.inputs.syslog.udp.SyslogUDPInput"; - global = true; - attributes = toJSON ({ - allow_override_date = true; - bind_address = "0.0.0.0"; - expand_structured_data = false; - force_rdns = false; - number_worker_threads = 4; - port = 12305; - recv_buffer_size = 1048576; - store_full_message = false; - }); - }; - - }; - - graylog_extractor = { - - # nginx error - nginx_error_timestamp = { - input_id = "\${graylog_input.nginx_error_logs.id}"; - order = 0; - title = "Timestamp"; - type = "regex"; - extractor_config = toJSON ({ - regex_value = - "^.*:\\s(\\d\\d\\d\\d/\\d\\d/\\d\\d\\s\\d\\d:\\d\\d:\\d\\d)\\s.*$"; - }); - target_field = "timestamp"; - source_field = "message"; - cursor_strategy = "copy"; - condition_type = "none"; - converters = { - config = toJSON ({ date_format = "yyyy/MM/dd HH:mm:ss "; }); - type = "date"; - }; - }; - nginx_error_server = { - input_id = "\${graylog_input.nginx_error_logs.id}"; - type = "regex"; - source_field = "message"; - cursor_strategy = "copy"; - condition_type = "string"; - condition_value = "server"; - extractor_config = toJSON ({ regex_value = "server:\\s(.+?)(,|$)"; }); - order = 1; - target_field = "server"; - title = "server"; - }; - nginx_error_remote_addr = { - input_id = "\${graylog_input.nginx_error_logs.id}"; - type = "regex"; - source_field = "message"; - cursor_strategy = "copy"; - condition_type = "string"; - condition_value = "client"; - extractor_config = toJSON ({ regex_value = "client:\\s(.+?)(,|$)"; }); - order = 2; - target_field = "remote_addr"; - title = "remote_addr/client"; - }; - nginx_error_host = { - input_id = "\${graylog_input.nginx_error_logs.id}"; - type = "regex"; - source_field = "message"; - cursor_strategy = "copy"; - condition_type = "string"; - condition_value = "host"; - extractor_config = toJSON ({ regex_value = ''host:\s"(.+?)"(,|$)''; }); - order = 3; - target_field = "host"; - title = "host"; - }; - nginx_error_request_path = { - input_id = "\${graylog_input.nginx_error_logs.id}"; - type = "regex"; - source_field = "message"; - cursor_strategy = "copy"; - condition_type = "string"; - condition_value = "request"; - extractor_config = - toJSON ({ regex_value = ''request:\s"(.+?)"(,|$)''; }); - order = 4; - target_field = "request_path"; - title = "request_path/request"; - }; - nginx_error_request_verb = { - input_id = "\${graylog_input.nginx_error_logs.id}"; - type = "regex"; - source_field = "message"; - cursor_strategy = "copy"; - condition_type = "string"; - condition_value = "request"; - extractor_config = toJSON ({ - regex_value = '' - request:\s"(GET|HEAD|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH).+"(,|$)''; - }); - order = 5; - target_field = "request_verb"; - title = "request_verb"; - }; - - # nginx access - nginx_access_json_from_syslog = { - input_id = "\${graylog_input.nginx_access_logs.id}"; - title = "Get JSON from syslog message"; - type = "regex"; - cursor_strategy = "copy"; - condition_type = "none"; - source_field = "message"; - target_field = "json"; - order = 0; - extractor_config = toJSON ({ regex_value = "nginx:\\s+(.*)"; }); - }; - nginx_access_extract_json = { - input_id = "\${graylog_input.nginx_access_logs.id}"; - title = "Extract JSON fields"; - order = 1; - source_field = "json"; - type = "json"; - cursor_strategy = "copy"; - condition_type = "none"; - extractor_config = toJSON ({ - flatten = true; - list_separator = ", "; - kv_separator = "="; - key_prefix = ""; - key_separator = "_"; - replace_key_whitespace = false; - key_whitespace_replacement = "_"; - }); - }; - nginx_access_empty_json = { - input_id = "\${graylog_input.nginx_access_logs.id}"; - order = 2; - title = "Empty JSON field"; - type = "regex_replace"; - extractor_config = toJSON ({ - regex = ".*"; - replacement = "-"; - }); - target_field = "json"; - source_field = "json"; - cursor_strategy = "copy"; - condition_type = "none"; - }; - nginx_access_reduce_message = { - input_id = "\${graylog_input.nginx_access_logs.id}"; - order = 3; - title = "Reduced message to path"; - type = "regex_replace"; - extractor_config = toJSON ({ - regex = ''.*request": "(.*?)".*''; - replacement = "$1"; - }); - target_field = "message"; - source_field = "message"; - cursor_strategy = "copy"; - condition_type = "none"; - }; - - }; - - graylog_input_static_fields = { - - nginx_access_logs = { - input_id = "\${graylog_input.nginx_access_logs.id}"; - fields = { - from_nginx = true; - nginx_error = false; - nginx_access = true; - }; - }; - - nginx_error_logs = { - input_id = "\${graylog_input.nginx_error_logs.id}"; - fields = { - from_nginx = true; - nginx_error = true; - nginx_access = false; - }; - }; - - }; - - graylog_stream = { - nginx5xx = { - title = "nginx 5xx"; - description = "all requests answered with a 5xx response"; - index_set_id = "\${graylog_index_set.default.id}"; - disabled = false; - matching_type = "AND"; - }; - nginx4xx = { - title = "nginx 4xx"; - description = "all requests answered with a 4xx response"; - index_set_id = "\${graylog_index_set.default.id}"; - disabled = false; - matching_type = "AND"; - }; - nginx2xx = { - title = "nginx 2xx"; - description = "all requests answered with a 2xx response"; - index_set_id = "\${graylog_index_set.default.id}"; - disabled = false; - matching_type = "AND"; - }; - nginx_access = { - title = "nginx access"; - description = "all requests"; - index_set_id = "\${graylog_index_set.default.id}"; - disabled = false; - matching_type = "AND"; - }; - nginx_error = { - title = "nginx error"; - description = "all errors"; - index_set_id = "\${graylog_index_set.default.id}"; - disabled = false; - matching_type = "AND"; - }; - }; - - graylog_stream_rule = - let - nq_stream_rule = field: value: stream_id: { - inherit field value stream_id; - type = 1; - inverted = true; - }; - eq_stream_rule = field: value: stream_id: { - inherit field value stream_id; - type = 1; - inverted = false; - }; - gt_stream_rule = field: value: stream_id: { - inherit field value stream_id; - type = 3; - inverted = false; - }; - lt_stream_rule = field: value: stream_id: { - inherit field value stream_id; - type = 4; - inverted = false; - }; - between = min: max: stream_id: { - "is_nginx_access_${min}_${max}" = - (eq_stream_rule "nginx_access" true stream_id); - "nginx_above${min}" = (gt_stream_rule "response_status" min stream_id); - "nginx_below${max}" = (lt_stream_rule "response_status" max stream_id); - }; - in - (between "499" "600" "\${graylog_stream.nginx5xx.id}") - // (between "399" "500" "\${graylog_stream.nginx4xx.id}") - // (between "199" "300" "\${graylog_stream.nginx2xx.id}") // { - is_nginx_access = (eq_stream_rule "nginx_access" true - "\${graylog_stream.nginx_access.id}"); - is_nginx_error = - (eq_stream_rule "nginx_error" true "\${graylog_stream.nginx_error.id}"); - }; - - }; -} diff --git a/terranix/graylog/provider.nix b/terranix/graylog/provider.nix deleted file mode 100644 index f5ccb44..0000000 --- a/terranix/graylog/provider.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - terraform.required_providers.graylog = { - source = "terraform-provider-graylog/graylog"; - version = "1.0.4"; - }; - - provider.graylog = { - web_endpoint_uri = "http://graylog.workhorse.private/api"; - api_version = "v3"; - #auth_name = "GRAYLOG_AUTH_NAME"; - auth_password = "token"; - }; -} diff --git a/terranix/graylog/shell.nix b/terranix/graylog/shell.nix deleted file mode 100644 index 0f9857f..0000000 --- a/terranix/graylog/shell.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs ? import { } }: -let pass_access_token_path = "development/graylog/access_token"; - -in pkgs.mkShell { - - buildInputs = with pkgs; [ - git-crypt - terranix - (writers.writeBashBin "terraform" '' - export GRAYLOG_AUTH_NAME=`${pkgs.pass}/bin/pass show ${pass_access_token_path}` - ${pkgs.terraform_0_15}/bin/terraform "$@" - '') - ]; - -} diff --git a/terranix/graylog/terraform.tfstate b/terranix/graylog/terraform.tfstate deleted file mode 100644 index 4b0218c..0000000 Binary files a/terranix/graylog/terraform.tfstate and /dev/null differ diff --git a/terranix/servers/config.nix b/terranix/servers/config.nix deleted file mode 100644 index 8c41130..0000000 --- a/terranix/servers/config.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, ... }: -let - - get = element: object: "\${ ${object."_ref"}.${element} }"; - - getVariable = name: "\${ var.${name} }"; - -in -{ - - hcloud = { - enable = true; - - resource.server."tinc_node" = { - name = "tinc-node-nurnberg"; - image = "ubuntu-18.04"; - server_type = "cx11"; - backups = false; - # datacenter = "nbg1-dc3"; - location = "nbg1"; - labels = { system = "nixos"; }; - }; - }; - - output = { - "${config.hcloud.resource.server."tinc_node".name}-ip4_address".value = - get "ipv4_address" config.hcloud.resource.server."tinc_node"; - "${config.hcloud.resource.server."tinc_node".name}-ip6_address".value = - get "ipv6_address" config.hcloud.resource.server."tinc_node"; - }; - -} diff --git a/terranix/servers/modules/nix-server.nix b/terranix/servers/modules/nix-server.nix deleted file mode 100644 index 5acc03f..0000000 --- a/terranix/servers/modules/nix-server.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.hcloud.nixserver; - -in -{ - - options.hcloud.nixserver = { - enable = mkEnableOption '' - create a nixos server on hetzner. - this module will take car of everything needed - to be done, to install stuff on it. - - wip - ''; - }; - - config = mkIf cfg.enable { - hcloud.resource = { - server."todo" = { - name = "todo-module-created-server"; - image = "ubuntu-18.04"; - iso = "nixos-graphical-18.09.1195.bf7930d582b-x86_64-linux.iso"; - server_type = "cx11"; - location = "nbg1"; - rescue = "linux64"; - labels = { system = "nixos"; }; - }; - }; - }; -} diff --git a/terranix/servers/shell.nix b/terranix/servers/shell.nix deleted file mode 100644 index 07400cf..0000000 --- a/terranix/servers/shell.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ pkgs ? import { } }: -let - - #terraform = terraform-current; - terraform = pkgs.terraform; - terraform-current = pkgs.terraform.overrideAttrs (old: rec { - version = "0.11.10"; - name = "terraform-${version}"; - src = pkgs.fetchFromGitHub { - owner = "hashicorp"; - repo = "terraform"; - rev = "v${version}"; - sha256 = "08mapla89g106bvqr41zfd7l4ki55by6207qlxq9caiha54nx4nb"; - }; - }); - -in -pkgs.mkShell { - - # needed pkgs - # ----------- - buildInputs = with pkgs; - [ - - (pkgs.writeShellScriptBin "terraform" '' - export TF_VAR_hcloud_api_token=`${pkgs.pass}/bin/pass development/hetzner.com/api-token` - ${terraform}/bin/terraform "$@" - '') - ]; - - # run this on start - # ----------------- - shellHook = '' - HISTFILE=${toString ./.}/.history - ''; -} diff --git a/terranix/servers/terraform.tfstate b/terranix/servers/terraform.tfstate deleted file mode 100644 index 91dff49..0000000 Binary files a/terranix/servers/terraform.tfstate and /dev/null differ diff --git a/terranix/space-left/.gitignore b/terranix/space-left/.gitignore deleted file mode 100644 index 6073c1a..0000000 --- a/terranix/space-left/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -plops/generated/ -sshkey* \ No newline at end of file diff --git a/terranix/space-left/README.md b/terranix/space-left/README.md deleted file mode 100644 index 9a50870..0000000 --- a/terranix/space-left/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# NixOS Server Example with plops - -This setup shows: - -- how to use a terranix module -- how to use 3rd party provision software after terraform. -- how to run terranix and terraform - -Setup containing opinionated modules to deploy -[NixOS servers](https://nixos.org/) -on -[hcloud](https://www.hetzner.com/cloud) -using -[nixos-infect](https://github.com/elitak/nixos-infect) -with my -[plops](https://github.com/mrVanDalo/plops) -provisioning tool for NixOS, -which is an overlay on -[krops](https://cgit.krebsco.de/krops/about/). - -After server creation, -the initial provisioning uploads the -nixos-infect -script and applys it. -After server creation and initialization -terranix/terraform generates -files used for the "real" provisioning -done by plops. - -Of course instead of plops you can use every provsioning tool you like -here (e.g. NixOps, Ansible, ... ) - -# How to Run - -## What you need - -- a setup [passwordstore](https://www.passwordstore.org/). -- a [hcloud token](https://docs.hetzner.cloud/#overview-getting-started) - stored under `development/hetzner.com/api-token` - -## Steps - -- `terraform-prepare`: to create ssh keys. -- `terraform-build`: to run terranix and terraform do create server. -- `terraform-destroy`: to delete server (don't forget that step, or else it gets costly) -- `terraform-cleanup`: to delete ssh keys and terraform data. - -## DNS - -define domains with your nameserver and update `jitsi.nix` and `workadventure.nix`. - -- `meet.${domain}` to given ip4 address -- `party.${domain}` to given ip4 address -- `*.party.${domain}` to given ip4 address diff --git a/terranix/space-left/config.nix b/terranix/space-left/config.nix deleted file mode 100644 index 7b9e8db..0000000 --- a/terranix/space-left/config.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: -let - hcloud-modules = pkgs.fetchgit { - url = "https://github.com/mrVanDalo/terranix-hcloud.git"; - rev = "5fa359a482892cd973dcc6ecfc607f4709f24495"; - sha256 = "0smgmdiklj98y71fmcdjsqjq8l41i66hs8msc7k4m9dpkphqk86p"; - }; -in -{ - - imports = [ "${hcloud-modules}/default.nix" ]; - - # configure temporary admin ssh keys - users.admins.palo.publicKey = "${lib.fileContents ./sshkey.pub}"; - - # configure provisioning private Key to be used when running provisioning on the machines - provisioner.privateKeyFile = toString ./sshkey; - - hcloud.nixserver = { - host = { - enable = true; - serverType = "cx31"; - configurationFile = pkgs.writeText "configuration.nix" '' - { pkgs, lib, config, ... }: - { - environment.systemPackages = [ pkgs.git ]; - } - ''; - }; - }; - - # todo : put this in the hcloud module - resource.hcloud_server.nixserver-host.location = "hel1"; - - hcloud.export.nix = toString ./plops/generated/nixos-machines.nix; - - resource.local_file.sshConfig = { - filename = "${toString ./plops/generated/ssh-configuration}"; - content = with lib; - let - configPart = name: '' - Host ''${ hcloud_server.nixserver-${name}.ipv4_address } - IdentityFile ${toString ./sshkey} - ServerAliveInterval 60 - ServerAliveCountMax 3 - ''; - in - concatStringsSep "\n" - (map configPart (attrNames config.hcloud.nixserver)); - }; - -} diff --git a/terranix/space-left/plops/configs/nixserver-host/codimd.nix b/terranix/space-left/plops/configs/nixserver-host/codimd.nix deleted file mode 100644 index fbcc958..0000000 --- a/terranix/space-left/plops/configs/nixserver-host/codimd.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: { - - services.nginx.enable = true; - services.nginx.virtualHosts.codimd = { - enableACME = true; - addSSL = true; - serverName = "codimd.ingolf-wagner.de"; - locations."/".extraConfig = '' - client_max_body_size 4G; - proxy_set_header Host $host; - proxy_pass http://localhost:3091; - ''; - }; - - services.codimd = { - enable = true; - configuration = { - allowFreeURL = true; - db = { - dialect = "sqlite"; - storage = "/var/lib/codimd/db.codimd.sqlite"; - useCDN = false; - }; - port = 3091; - }; - }; - -} - diff --git a/terranix/space-left/plops/configs/nixserver-host/configuration.nix b/terranix/space-left/plops/configs/nixserver-host/configuration.nix deleted file mode 100644 index 49ec152..0000000 --- a/terranix/space-left/plops/configs/nixserver-host/configuration.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, lib, ... }: { - imports = [ - # - #./codimd.nix - ./hardware-configuration.nix - #/jitsi.nix - #./netdata.nix - ./ssh.nix - #./workadventure.nix - ]; - - environment.systemPackages = [ pkgs.git pkgs.ag pkgs.htop ]; - - networking.hostName = "space-left"; - - security.acme.email = "contact@ingolf-wagner.de"; - security.acme.acceptTerms = true; - -} diff --git a/terranix/space-left/plops/configs/nixserver-host/gitlab.nix b/terranix/space-left/plops/configs/nixserver-host/gitlab.nix deleted file mode 100644 index 3786d2e..0000000 --- a/terranix/space-left/plops/configs/nixserver-host/gitlab.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, lib, ... }: -let domain = "gitlab.space-left.org"; -in { - - # setup gitlab - services.gitlab = { - enable = true; - host = domain; - databasePasswordFile = "path/todo"; - initialRootPasswordFile = "path/todo"; - - secrets = { - # Make sure the secret is at least 30 characters and all random, - # no regular words or you'll be exposed to dictionary attacks - dbFile = "path/todo"; - - # openssl genrsa 2048 - jwsFile = "path/todo"; - - # Make sure the secret is at least 30 characters and all random, - # no regular words or you'll be exposed to dictionary attacks - otpFile = "path/todo"; - - # Make sure the secret is at least 30 characters and all random, - # no regular words or you'll be exposed to dictionary attacks - secretFile = "path/todo"; - }; - - # smtp? - - # gitlab-runner? - }; - - # setup nginx for gitlab - services.nginx = { - enable = true; - recommendedProxySettings = true; - - virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.gitlab.port}"; - }; - }; - }; - -} - diff --git a/terranix/space-left/plops/configs/nixserver-host/hardware-configuration.nix b/terranix/space-left/plops/configs/nixserver-host/hardware-configuration.nix deleted file mode 100644 index ae82a10..0000000 --- a/terranix/space-left/plops/configs/nixserver-host/hardware-configuration.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: { - imports = [ ]; - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; -} diff --git a/terranix/space-left/plops/configs/nixserver-host/jitsi.nix b/terranix/space-left/plops/configs/nixserver-host/jitsi.nix deleted file mode 100644 index aaffea5..0000000 --- a/terranix/space-left/plops/configs/nixserver-host/jitsi.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - # + + - # | | - # | | - # v v - # 80, 443 TCP 443 TCP, 10000 UDP - # +--------------+ +---------------------+ - # | nginx | 5222, 5347 TCP | | - # | jitsi-meet |<-------------------+| jitsi-videobridge | - # | prosody | | | | - # | jicofo | | +---------------------+ - # +--------------+ | - # | +---------------------+ - # | | | - # +----------+| jitsi-videobridge | - # | | | - # | +---------------------+ - # | - # | +---------------------+ - # | | | - # +----------+| jitsi-videobridge | - # | | - # +---------------------+ - - # This is a one server setup - services.jitsi-meet = { - enable = true; - hostName = "meet.ingolf-wagner.de"; - - # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences. - # https://github.com/jitsi/jicofo - jicofo.enable = true; - - # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. - # Further nginx configuration can be done by adapting services.nginx.virtualHosts.. When this is enabled, ACME - # will be used to retrieve a TLS certificate by default. To disable this, set the - # services.nginx.virtualHosts..enableACME to false and if appropriate do the same for - # services.nginx.virtualHosts..forceSSL. - nginx.enable = true; - - # https://github.com/jitsi/jitsi-meet/blob/master/config.js - config = { - enableWelcomePage = false; - defaultLang = "en"; - - }; - - # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js - interfaceConfig = { - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - }; - - }; - - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 10000 ]; - }; - -} diff --git a/terranix/space-left/plops/configs/nixserver-host/netdata.nix b/terranix/space-left/plops/configs/nixserver-host/netdata.nix deleted file mode 100644 index a879b7f..0000000 --- a/terranix/space-left/plops/configs/nixserver-host/netdata.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - services.netdata = { - enable = true; - config = { - #"exporting:global" = { "enabled" = "yes"; }; - global = { - "memory mode" = "dbengine"; - "dbengine disk space" = 1024 * 10; # in MB - "debug log" = "none"; - "access log" = "none"; - "error log" = "syslog"; - }; - }; - }; -} diff --git a/terranix/space-left/plops/configs/nixserver-host/ssh.nix b/terranix/space-left/plops/configs/nixserver-host/ssh.nix deleted file mode 100644 index 93bfd18..0000000 --- a/terranix/space-left/plops/configs/nixserver-host/ssh.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - # ssh configuration - # ----------------- - services.sshd.enable = true; - services.openssh.passwordAuthentication = false; - services.openssh.banner = '' - [ Space Left Server ] - ''; - - # the public ssh key used at deployment - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==" - ]; -} diff --git a/terranix/space-left/plops/configs/nixserver-host/workadventure.nix b/terranix/space-left/plops/configs/nixserver-host/workadventure.nix deleted file mode 100644 index 2609101..0000000 --- a/terranix/space-left/plops/configs/nixserver-host/workadventure.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ config, pkgs, lib, ... }: -let - # If your Jitsi environment has authentication set up, - # you MUST set JITSI_PRIVATE_MODE to "true" and - # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret - jitsiPrivateMode = "false"; - - secretJitsiKey = ""; - - jitsiISS = ""; - - workadventureSecretKey = "YXNkZnNkZmxranNhZGxma2phc2RsZmtqYXNsa2Zkago="; - - jitsiURL = "meet.ingolf-wagner.de"; - - domain = "party.ingolf-wagner.de"; - # domain will redirect to this map. (not play.${domain}) - defaultMap = "mrvandalo.github.io/workadventure-worlds/main.json"; - - apiURL = "api.${domain}"; - apiPort = 9002; - - frontURL = "play.${domain}"; - frontPort = 9004; - - pusherURL = "push.${domain}"; - pusherPort = 9005; - - uploaderURL = "upload.${domain}"; - uploaderPort = 9006; - - frontImage = "thecodingmachine/workadventure-front:develop"; - pusherImage = "thecodingmachine/workadventure-pusher:develop"; - apiImage = "thecodingmachine/workadventure-back:develop"; - uploaderImage = "thecodingmachine/workadventure-uploader:develop"; - -in -{ - - virtualisation.docker.enable = true; - boot.kernel.sysctl."net.ipv4.ip_forward" = true; - - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 80 443 ]; - }; - - services.nginx.enable = true; - services.nginx.recommendedProxySettings = true; - - systemd.services.workadventure-network = { - enable = true; - wantedBy = [ "multi-user.target" ]; - script = '' - ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||: - ''; - after = [ "docker" ]; - before = [ - "docker-workadventure-back.service" - "docker-workadventure-pusher.service" - "docker-workadventure-uploader.service" - "docker-workadventure-website.service" - ]; - }; - - virtualisation.oci-containers.backend = "docker"; - - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - return = "302 $scheme://play.${domain}/_/global/${defaultMap}"; - }; - }; - - virtualisation.oci-containers.containers.workadventure-front = { - image = frontImage; - environment = { - API_URL = pusherURL; - JITSI_PRIVATE_MODE = jitsiPrivateMode; - JITSI_URL = jitsiURL; - SECRET_JITSI_KEY = secretJitsiKey; - UPLOADER_URL = uploaderURL; - }; - ports = [ "127.0.0.1:${toString frontPort}:80" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${frontURL}" = { - enableACME = true; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; - }; - - virtualisation.oci-containers.containers.workadventure-pusher = { - image = pusherImage; - environment = { - API_URL = "workadventure-back:50051"; - JITSI_ISS = jitsiISS; - JITSI_URL = jitsiURL; - SECRET_KEY = workadventureSecretKey; - }; - ports = [ "127.0.0.1:${toString pusherPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${pusherURL}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString pusherPort}"; - proxyWebsockets = true; - }; - locations."/room" = { - proxyPass = "http://127.0.0.1:${toString pusherPort}"; - proxyWebsockets = true; - }; - }; - - virtualisation.oci-containers.containers.workadventure-back = { - image = apiImage; - environment = { - #DEBUG = "*"; - JITSI_ISS = jitsiISS; - JITSI_URL = jitsiURL; - SECRET_KEY = workadventureSecretKey; - }; - ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${apiURL}" = { - enableACME = true; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; - }; - - virtualisation.oci-containers.containers.workadventure-uploader = { - image = uploaderImage; - ports = [ "127.0.0.1:${toString uploaderPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${uploaderURL}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString uploaderPort}"; - proxyWebsockets = true; - }; - }; - - systemd.services.docker-workadventure-front.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-uploader.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-pusher.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-back.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - -} diff --git a/terranix/space-left/plops/shell.nix b/terranix/space-left/plops/shell.nix deleted file mode 100644 index 16e7de6..0000000 --- a/terranix/space-left/plops/shell.nix +++ /dev/null @@ -1,74 +0,0 @@ -let - - # import plops with pkgs and lib - opsImport = import ((import { }).fetchgit { - url = "https://github.com/mrVanDalo/plops.git"; - rev = "9fabba016a3553ae6e13d5d17d279c4de2eb00ad"; - sha256 = "193pajq1gcd9jyd12nii06q1sf49xdhbjbfqk3lcq83s0miqfs63"; - }); - - ops = - let - overlay = self: super: { - # overwrite ssh to use the generated ssh configuration - openssh = super.writeShellScriptBin "ssh" '' - ${super.openssh}/bin/ssh -F ${ - toString ./generated/ssh-configuration - } "$@" - ''; - }; - in - opsImport { overlays = [ overlay ]; }; - - lib = ops.lib; - pkgs = ops.pkgs; - - # define all sources - source = { - - # nixpkgs (no need for channels anymore) - nixPkgs.nixpkgs.git = { - ref = "nixos-20.09"; - url = "https://github.com/NixOS/nixpkgs"; - }; - - # system configurations - system = name: { - configs.file = toString ./configs; - nixos-config.symlink = "configs/${name}/configuration.nix"; - }; - - # secrets which are hold and stored by pass - secrets = name: { - secrets.pass = { - dir = toString ./secrets; - name = name; - }; - }; - }; - - servers = import ./generated/nixos-machines.nix; - - deployServer = name: - { user ? "root", host, ... }: - with ops; - jobs "deploy-${name}" "${user}@${host.ipv4}" [ - # deploy secrets to /run/plops-secrets/secrets - # (populateTmpfs (source.secrets name)) - # deploy system to /var/src/system - (populate (source.system name)) - # deploy nixpkgs to /var/src/nixpkgs - (populate source.nixPkgs) - switch - ]; - -in -pkgs.mkShell { - - buildInputs = lib.mapAttrsToList deployServer servers; - - shellHook = '' - export PASSWORD_STORE_DIR=./secrets - ''; - -} diff --git a/terranix/space-left/shell.nix b/terranix/space-left/shell.nix deleted file mode 100644 index b334a45..0000000 --- a/terranix/space-left/shell.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs ? import { } }: -let - - #terranix = pkgs.callPackage (pkgs.fetchgit { - # url = "https://github.com/mrVanDalo/terranix.git"; - # rev = "2.3.0"; - # sha256 = "030067h3gjc02llaa7rx5iml0ikvw6szadm0nrss2sqzshsfimm4"; - #}) { }; - terranix = pkgs.terranix; - - terraform = pkgs.writers.writeBashBin "terraform" '' - export TF_VAR_hcloud_api_token=`${pkgs.pass}/bin/pass development/hetzner.com/api-token` - ${pkgs.terraform_0_12}/bin/terraform "$@" - ''; - -in -pkgs.mkShell { - - buildInputs = [ - - terranix - terraform - - (pkgs.writers.writeBashBin "terraform-prepare" '' - ${pkgs.openssh}/bin/ssh-keygen -P "" -f ${toString ./.}/sshkey - '') - - (pkgs.writers.writeBashBin "terraform-build" '' - set -e - set -o pipefail - ${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > config.tf.json - ${terraform}/bin/terraform init - ${terraform}/bin/terraform apply - '') - - (pkgs.writers.writeBashBin "terraform-destroy" '' - ${terraform}/bin/terraform destroy - rm ${toString ./.}/config.tf.json - '') - - (pkgs.writers.writeBashBin "terraform-cleanup" '' - rm ${toString ./.}/sshkey - rm ${toString ./.}/sshkey.pub - rm ${toString ./.}/terraform.tfstate* - '') - - ]; -} - diff --git a/terranix/space-left/terraform.tfstate b/terranix/space-left/terraform.tfstate deleted file mode 100644 index 29860b0..0000000 Binary files a/terranix/space-left/terraform.tfstate and /dev/null differ diff --git a/terranix/tinc-test/.gitignore b/terranix/tinc-test/.gitignore deleted file mode 100644 index bd14e35..0000000 --- a/terranix/tinc-test/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -.terraform -*.tf.json -*.swp - -02-build/generated/** -!02-build/generated/.keep - -terraform.tfstate -terraform.tfstate.backup -.terraform.tfstate.lock.info diff --git a/terranix/tinc-test/01-terranix/config.nix b/terranix/tinc-test/01-terranix/config.nix deleted file mode 100644 index 1ceb636..0000000 --- a/terranix/tinc-test/01-terranix/config.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, ... }: -let - - #hcloud-modules = pkgs.fetchgit { - # #url = "https://github.com/mrVanDalo/terranix-hcloud.git"; - # url = "https://git.ingolf-wagner.de/terranix/hcloud.git"; - # rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b"; - # sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85"; - #}; - - hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11; - -in -{ - - imports = [ (toString hcloud-modules) ./config/ssh-setup.nix ]; - - hcloud.export.nix = "${toString ../02-build/generated}/nixos-machines.nix"; - - hcloud.nixserver.server = { - configurationFile = pkgs.writeText "configuration.nix" '' - { pkgs, lib, ... }: - { - environment.systemPackages = with pkgs; [ - htop git vim mosh - ]; - networking.firewall.allowedUDPPorts = [ 60001 ]; - } - ''; - }; - -} diff --git a/terranix/tinc-test/01-terranix/config/file-generation.nix b/terranix/tinc-test/01-terranix/config/file-generation.nix deleted file mode 100644 index 2c5bf50..0000000 --- a/terranix/tinc-test/01-terranix/config/file-generation.nix +++ /dev/null @@ -1,31 +0,0 @@ -# -------------------------------------------------------------------------------- -# -# collect all server information and generate files which get picked up -# by 02-build to deploy the machines properly. -# -# This makes it possible to deploy VPNs like tinc and wireguard. -# -# -------------------------------------------------------------------------------- - -{ config, lib, pkgs, ... }: { - resource.local_file = { - nixosMachines = { - content = with lib; - let - serverPart = name: '' - ${name} = { - host = "''${ hcloud_server.${name}.ipv4_address }"; - user = "root"; - }; - ''; - allServerParts = map serverPart (attrNames config.hcloud.server); - in - '' - { - ${concatStringsSep "\n" allServerParts} - } - ''; - filename = "${toString ../../02-build/generated/nixos-machines.nix}"; - }; - }; -} diff --git a/terranix/tinc-test/01-terranix/config/ssh-setup.nix b/terranix/tinc-test/01-terranix/config/ssh-setup.nix deleted file mode 100644 index 83dd167..0000000 --- a/terranix/tinc-test/01-terranix/config/ssh-setup.nix +++ /dev/null @@ -1,46 +0,0 @@ -# -------------------------------------------------------------------------------- -# -# configure ssh setup -# -# -------------------------------------------------------------------------------- - -{ config, lib, pkgs, ... }: -let - ssh = { - privateKeyFile = ../../sshkey; - publicKeyFile = ../../sshkey.pub; - }; - target = file: "${toString ../../02-build/generated}/${file}"; -in -{ - # configure admin ssh keys - users.admins.palo.publicKey = lib.fileContents ssh.publicKeyFile; - - # configure provisioning private Key to be used when running provisioning on the machines - provisioner.privateKeyFile = toString ssh.privateKeyFile; - - resource.local_file = { - - # provide ssh key for the server - sshKey = { - content = lib.fileContents ssh.publicKeyFile; - filename = target "sshkey.pub"; - }; - - sshConfig = { - filename = target "ssh-configuration"; - content = with lib; - let - configPart = name: '' - Host ''${ hcloud_server.${name}.ipv4_address } - IdentityFile ${toString ssh.privateKeyFile} - ServerAliveInterval 60 - ServerAliveCountMax 3 - ''; - in - concatStringsSep "\n" - (map configPart (attrNames config.hcloud.server)); - }; - }; -} - diff --git a/terranix/tinc-test/01-terranix/shell.nix b/terranix/tinc-test/01-terranix/shell.nix deleted file mode 100644 index c1c8fcf..0000000 --- a/terranix/tinc-test/01-terranix/shell.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs ? import { } }: - -let - - terranix = pkgs.callPackage - (pkgs.fetchgit { - url = "https://github.com/mrVanDalo/terranix.git"; - rev = "6097722f3a94972a92d810f3a707351cd425a4be"; - sha256 = "1d8w82mvgflmscvq133pz9ynr79cgd5qjggng85byk8axj6fg6jw"; - }) - { }; - - terraform = pkgs.writers.writeDashBin "terraform" '' - export TF_VAR_hcloud_api_token=`${pkgs.pass}/bin/pass development/hetzner.com/api-token` - ${pkgs.terraform_0_11}/bin/terraform "$@" - ''; - - create = pkgs.writers.writeDashBin "create" '' - ${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > ${ - toString ./. - }/config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform apply - ''; - - destroy = pkgs.writers.writeBashBin "destroy" '' - ${terraform}/bin/terraform destroy - rm ${toString ./.}/config.tf.json - rm ${toString ./.}/terraform.tfstate* - ''; - -in -pkgs.mkShell { - - buildInputs = with pkgs; [ terranix terraform create destroy ]; - -} diff --git a/terranix/tinc-test/02-build/assets/tinc/client/ed25519_key.priv b/terranix/tinc-test/02-build/assets/tinc/client/ed25519_key.priv deleted file mode 100644 index ea89506..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/client/ed25519_key.priv +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN ED25519 PRIVATE KEY----- -gTFtvOMvD5KTUZeGNcTh5ngY/BktUd0OW/37jT8w+61eLP0ntMkaBB8yovTbJvXR -vReDUb/hjIi7nhGgy2EzP6An4QtXWvTHWJSDefglGVlcFqPDbhRkJ8CpWbCGoIYt ------END ED25519 PRIVATE KEY----- diff --git a/terranix/tinc-test/02-build/assets/tinc/client/host_file b/terranix/tinc-test/02-build/assets/tinc/client/host_file deleted file mode 100644 index eba689a..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/client/host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = OwJOU7l170hVi0g3HYpRVJXh6zwWYEZCvQq1mgBKCWL ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAwNR4EbAffxezhbmTIoetrUPPpo66rR9kPJkLCl/fTJbVE1ryjXNQ -Cq0lefDURLT4L3Iw/XgBUIy1xpH8InolnYlL2DRadOvbA0nCUzoekwshcV1N6tCe -HsxrVP5XSxGJ6Es7L0zzvqXCoYP4tic+N4ztZBknn9RRMY497qHPxLoejqPZndmj -9VPciWtiZMhLPka/r0mS/Y7h2t3IQg3J2QCXjQoojTpGym9wPlBXcE2Hv5hYKM8X -359/arLKlAi91I2SH1o6+rBoGaMB50goEnDvWqdha95CR9K/I7+eJm8/AiJCxus0 -2KKCK7K5GvBPifEgMX4AVF8bqgTF9VZi0peG3dUEsg2L/6XqfH6IeFziWfuzuR9k -Ud0fzu235ssshMz/WHtTZiwTUc/xzs29PrF8ThieN/nt6tdBS3A0wdqeNfKjoD3k -zgqcc+ODUUR4gaq/46W0lU8aiP1w32YmKLnrBmFYjZXHqXNgYOZctoW/SjblvpCK -pYUxowFOXA8BU/eRiNZfa+b0ONe0XQOj8Q78st5XsCTlqHLkytdjwauZvM4jVuE9 -7lhvvr1ft/QO3RdBMXAXgDN0F2eDnzqdRE/rrvqNJCeheS9rmHE6Aa0e5yTcJMMK -qCkys4lQn4y9RnfH3MpzRtRnpSKid31WcmCI+JYHLe4ZhFWXju4fKPECAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/terranix/tinc-test/02-build/assets/tinc/client/rsa_key.priv b/terranix/tinc-test/02-build/assets/tinc/client/rsa_key.priv deleted file mode 100644 index 9267f93..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/client/rsa_key.priv +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAwNR4EbAffxezhbmTIoetrUPPpo66rR9kPJkLCl/fTJbVE1ry -jXNQCq0lefDURLT4L3Iw/XgBUIy1xpH8InolnYlL2DRadOvbA0nCUzoekwshcV1N -6tCeHsxrVP5XSxGJ6Es7L0zzvqXCoYP4tic+N4ztZBknn9RRMY497qHPxLoejqPZ -ndmj9VPciWtiZMhLPka/r0mS/Y7h2t3IQg3J2QCXjQoojTpGym9wPlBXcE2Hv5hY -KM8X359/arLKlAi91I2SH1o6+rBoGaMB50goEnDvWqdha95CR9K/I7+eJm8/AiJC -xus02KKCK7K5GvBPifEgMX4AVF8bqgTF9VZi0peG3dUEsg2L/6XqfH6IeFziWfuz -uR9kUd0fzu235ssshMz/WHtTZiwTUc/xzs29PrF8ThieN/nt6tdBS3A0wdqeNfKj -oD3kzgqcc+ODUUR4gaq/46W0lU8aiP1w32YmKLnrBmFYjZXHqXNgYOZctoW/Sjbl -vpCKpYUxowFOXA8BU/eRiNZfa+b0ONe0XQOj8Q78st5XsCTlqHLkytdjwauZvM4j -VuE97lhvvr1ft/QO3RdBMXAXgDN0F2eDnzqdRE/rrvqNJCeheS9rmHE6Aa0e5yTc -JMMKqCkys4lQn4y9RnfH3MpzRtRnpSKid31WcmCI+JYHLe4ZhFWXju4fKPECAwEA -AQKCAgBp1PLlOlW/CkIUVcqkO/UdUEdqcZGRLNZ1z8VYd0/2GB5v1g2jhrNaeLdF -2uCVqQFCARlUNAX8sI2fo0XPolx8vvrqealf3IbCojvOM+rN52D+eCgohUETRDxw -VHuSjtiyrn+YMVLhwtY0kVrylk02bdlog8nUldHOMfRZwWNn5IKa5OCuGuI65kD3 -BwHksG1ji67uxKGxGjdpSSn83tZ2jDWhSf8BrAdoWYswGCY1U8f6ZuGT3D2NFVv4 -MpKudrHBM8YMARi3uBQaZfXIezjLDkK/7XexnTWhd9BCDYv+KjZZtHYT+MlzUJXC -5/9iApyU58s0fqQtqlljkeUYBsaLOyMDvBzuZE36PM7dC988Wtr8B/4qwkCaveN1 -6Qz2i0iyNbtWJuGFqvorr+bNrvV8f/kinguWkpbE3uM3h43OAS2QIEGu9LAMsYic -dJz7AKUw2nTifBTqrUkWO9Vx2fBaUnU3FCW5SnkayKewIZ2Fgc0xKCIS68jlM6uD -p8z/FcKe9EEjb40lEcXMKmyEnMG7Qc/pAZa3M7t7UAmHSSLfG7zaECUxhQytHBPD -xa08L6DRMmzvI4Ezdrt7KawydDTGM9bcH5fe2qgfK48jx2T9aIV2Vs/tgcIim8WF -IK53oeJXMB8eXliGiPrwQkwFi3WoErsYkXF0Cn19IRayYNTOpQKCAQEA93l9mfCw -pkCb/gbdkARsbmOxjGzAUfOvRdEt+MmAjzovG3HG9oUQT4M5xGWDpxLPP0uMMGVF -XadUq1ZuSPK/mQaNHY5Tp/OBy3XC2YyiB1zYHrrbxmq54ikF+NwfaV2lVSeHt+TU -tu3ZHDs7wXG7UsgL9MrD2aaBC/Sk2/3BKo9xUPOu54YlZsBCB+2NiZugdQUVwHDl -Snj/dY1YhIEnRphY7CPj36vjDsSL1EqxKLTKKPJTJVU9cTQwCMGbR1OPoB8FjVVr -51pz9dWS6P9iHZitoqv+uf8fe2AkUs5t6U2yFcHQYqvlKyIFsZSTOcWFM5oAZChj -IBqsmbK7rUoHFwKCAQEAx3kPhwkkF1uvFCfnl+69UjDNovuJvCgf7eMNlzZbhzA5 -BbQPLeDbj/8q/3Anqoo2WvvWKVf+7du0KK+Cn6o4+xXCtkCvMUMWIVIUDWe+nykw -STKfzAw5OrYr8ja4HsJu6y0Pm+qczksXCaRhqsRl120OHzyD8WOa758PE0+Lntjz -v1HkJgDSTFcx4+gKZCikKTxwUT17W4phorY3qnYxCnP8e8relNxBIaY/EEbXUPMU -5L3X60Hdscfde7N8/Yj9SQpRmL8qLEkHWSCeziLcN5zzc5wty5yQ/+0SZX4K1S2u -Orv50afYiXC3TAOfYxDKf2DdVJwAJhbCZHIQQitVNwKCAQEAl3O2tnti4Jwx22kA -N589bOF+S15S5NSps6Ss6dEH6J/HLJiZF02gCclZlSQ7Sghs5WOqzANuTD6XxrQC -kopdT51+x1PPRr3z9TyAnvs+PhtH+KaK0geG8y4ABalRX/57rH2gxZ45wCoX8Psf -OugLqEHdb1aYPZ904og6TJgjm5Rl2REJPZAPW67VulxbfpfLv1H5Wei9qrIaRSrX -vV/9VWrvILVmRADB2MvYd3eurCbYge6ri/F6xMkXjIRQL3qoL2pMz44zl0b4KL8o -RYfl2A8UVLXGErZb4fmYwUSsZ1exYTdX/MsOWTNdIKy43WZQeqAJFULSR1eLwhRs -X0UqyQKCAQB4cB3x+JD0EYWKc/WfhKSGxbTDnYCyPL/akGcaT9W/sFwdl3Q6zTOE -pBrAFGW+0Ki1Eq1iVSE1WJxUnHQQF2VEJQVlqXSeF9V61OYKmgM8clAXQhu9xfuf -+XJbUrKkz9zM3m44Q9XdsPT9+2SFCQQ8qDoIni9ERlG8MJuXm0W/6Vpyv+0zDPfs -5BDZfLcZdnh39WgThT3ALbN53O+LWsWNfC6MSBdQZhRlTs1w9HT5CWwqGH4QK7rB -pt2R3POw2U+lFDfkNDgweP+YzttTtzSj134e5cO41pWuEOQ0p3++60/xYqIZ9nAF -vCrQGLfZxr+dXU0F0xM77C3/G+e5LBTNAoIBAAf/z1zNTwc8v/dbkK9Esd/3VYUs -HEmVn7RguwbqmZcMFHLmyaWZxw3qu16bR7ktHm3NfVL5hyHJ58/UFwGvS/kVlIsz -+iAEoqjwpkNyCvT8ZdaB6grvCSV1Ac2m5YkQ9RxNCDtekLvBmw8izX/o0ESwwvkw -eb/119fSOWB60/QQQzFREUL6KpKc+OMCLV5XfbAxTeaDahAhSTWMJxCfWqYYhFU0 -46bwiq+fo+DFHRo+BDJv7Wc8x/B/gzlSMFsxFZ0hUzXBk7Pqz3Rm/UK2cpn1DQ1/ -zQNglB1DM4IwzoQ/DGVzYeneRLEBfU1wVlxUUatBC9oXY6zz85FbzSdyl74= ------END RSA PRIVATE KEY----- diff --git a/terranix/tinc-test/02-build/assets/tinc/client_host_file b/terranix/tinc-test/02-build/assets/tinc/client_host_file deleted file mode 120000 index a10ede8..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/client_host_file +++ /dev/null @@ -1 +0,0 @@ -client/host_file \ No newline at end of file diff --git a/terranix/tinc-test/02-build/assets/tinc/ed25519_key b/terranix/tinc-test/02-build/assets/tinc/ed25519_key deleted file mode 120000 index bf79954..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/ed25519_key +++ /dev/null @@ -1 +0,0 @@ -server/ed25519_key \ No newline at end of file diff --git a/terranix/tinc-test/02-build/assets/tinc/rsa_key b/terranix/tinc-test/02-build/assets/tinc/rsa_key deleted file mode 120000 index 246733d..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/rsa_key +++ /dev/null @@ -1 +0,0 @@ -server/rsa_key \ No newline at end of file diff --git a/terranix/tinc-test/02-build/assets/tinc/server/ed25519_key b/terranix/tinc-test/02-build/assets/tinc/server/ed25519_key deleted file mode 100644 index 07c16ef..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/server/ed25519_key +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN ED25519 PRIVATE KEY----- -wNkj/HdU70l7X5XC5YVlWp3FBa8cBaDRy1LbJCjkh83CYYieSQ2IUWgHQ4Vhx253 -7bXVLSOnVIKMifAnBwSOSX7lTGI6gUP2aZCwa142WdxPDPiYv3sEMqK037VyfHVl ------END ED25519 PRIVATE KEY----- diff --git a/terranix/tinc-test/02-build/assets/tinc/server/host_file b/terranix/tinc-test/02-build/assets/tinc/server/host_file deleted file mode 100644 index 924e735..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/server/host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = 1e5kBiOI1jtWmAsWNutVX8zwjI27NLBjqC99el83RVJ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA1qFa0YFVefm3kVXGG5j26TF4JNJtBpZo1Jtd9XB6cErMG80vrdvb -RWNwCoY8SM21zN5ew9p7W/P8aClZShx7WRyIzPsTnc69N7zIosAIeXURgo8Ot2Yd -1us5RquPxc6NZ0JhDkz50EgQiJ4fRaCmaBb68hP36U8XdO7VTn93+l0YlmvbhAny -gB7iMOsXiDXxbzxOO+XC3ygaeO45ioEDduEv9Ny9KptXN08eOkxKL7dN4om2Nux0 -2EurWqTBYTrWki+XxovfvsmiM5AELHtTaUM8FwwEX0e7dV1cDYYqz3hWPmYgZ4Bj -dp258VDa/sbUCiRVQfcxzHqbvd3UCoNG76YsGJ6s7TqoxvCCvB4ziH+d6/Uu+h5h -DtjccwVQmW22A5DQHix4T/DmXs1GB5qzOa8eEd6cHTpqp/qzGmvC0un5BezY+CVR -ZphzFoYGF6Q3T7JwC6LCMCNBOqby+bhZNYmkztRzhXvFFrBmj6E17+8Z5fgLgl6u -+1QhxQTjg3uvjZXmQh2+jjTwa3vO1pZR6k9yyLMo9zPpr7i7QY4tqPR8u4j0fkHj -aXtOOj2wl0gDCnVX3mWeUKCJusCDdJ2hPpuz11pPQt67mxtUXO31aMM9J3mHjj0y -PKl7NGKA7ozI9e4HV09KiozM6yrLrvLyoRTn8AgwVoMiEw91CHhDNRkCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/terranix/tinc-test/02-build/assets/tinc/server/rsa_key b/terranix/tinc-test/02-build/assets/tinc/server/rsa_key deleted file mode 100644 index 7319895..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/server/rsa_key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEA1qFa0YFVefm3kVXGG5j26TF4JNJtBpZo1Jtd9XB6cErMG80v -rdvbRWNwCoY8SM21zN5ew9p7W/P8aClZShx7WRyIzPsTnc69N7zIosAIeXURgo8O -t2Yd1us5RquPxc6NZ0JhDkz50EgQiJ4fRaCmaBb68hP36U8XdO7VTn93+l0Ylmvb -hAnygB7iMOsXiDXxbzxOO+XC3ygaeO45ioEDduEv9Ny9KptXN08eOkxKL7dN4om2 -Nux02EurWqTBYTrWki+XxovfvsmiM5AELHtTaUM8FwwEX0e7dV1cDYYqz3hWPmYg -Z4Bjdp258VDa/sbUCiRVQfcxzHqbvd3UCoNG76YsGJ6s7TqoxvCCvB4ziH+d6/Uu -+h5hDtjccwVQmW22A5DQHix4T/DmXs1GB5qzOa8eEd6cHTpqp/qzGmvC0un5BezY -+CVRZphzFoYGF6Q3T7JwC6LCMCNBOqby+bhZNYmkztRzhXvFFrBmj6E17+8Z5fgL -gl6u+1QhxQTjg3uvjZXmQh2+jjTwa3vO1pZR6k9yyLMo9zPpr7i7QY4tqPR8u4j0 -fkHjaXtOOj2wl0gDCnVX3mWeUKCJusCDdJ2hPpuz11pPQt67mxtUXO31aMM9J3mH -jj0yPKl7NGKA7ozI9e4HV09KiozM6yrLrvLyoRTn8AgwVoMiEw91CHhDNRkCAwEA -AQKCAgBSwt9ZP+zs3tzo/tEoXSCApSG12SpPSvpbWRmvBdNAr6bq5YEIImn35LMU -a9SdIi2DNRAHp5y/xWJD7AXRLRBnOTiLChnzVP/jmTkogLID25+H35AGKitBb2yj -ko4a8V3XPmJceFQv+0nc1FQsrhjctFfJtud2oJfj8CByZ3alJPbRMf/wd0F6I+6G -fHCThnF1uiRUtnEhSb6DeSDZBoyGb6jlW6TZ5BKKckiupDJLGfy/aOjJXv5jVTJa -/oLO8jhBIHb/CXqaf/e6uELTwC5WvaVTIcAh2XAwfnJ7iIvDepyO7SR7pKc12vYT -VmFLsvGag44YpLAgL/sUCJC2CQ71rtx79SNHegDkunqI+GZTSL1uuBHMXpSA75xm -t6m6hcn3E0rL6wSZ+mgpyL1+AULWOSbU4XybsXjORzTsJfn91s7k5dyySQSRDy30 -z10fQzLPJI8kSmGtzUFpDMvOYpfmq5p0aMI58fvTqLgNc1wnJrj2SKfEQI0MnhKU -BESIh63yjPQuPkeqpO1zf8OgmvZ/PU7Egbb8YAHzC11KBh2zKem6zL0Q/bLBcur1 -bcKT0VRq/5jpwLG1dpXf7KovatTjg44cjb+LFP6YnBhM1pc620Hc4G+TPJs3y56c -OdmX6UCCvl1c4pZJ4Mmg7I1LvZcPFIYFFOTmLLixfWWH4n7vrQKCAQEA+PjO4I8Z -RMMui1cpfoj3go4y/IY3bWF2Dgg6QgddagXxdFMVtFKD0LMlpbt3MUmGOjj7zepG -1zeRnvgkAk6ZX/nibMkDWnyVMoews1WJC3YpOZdavjzJ2j3517rvomhSQWzbyOAt -T1oR9dz2EYEFchYgJ+N5pmCvrhQd1nENpT9usxiVT+ecTE8sObJqY6a1otK969yO -urIckDx8SqKY6V5iuTjcsdrSfzIlFKKZ5S9XPqg98lqWekYA9R5WMzolQGFVoDMI -343HdE/oEExBR7X39E+D2YGwoepw6lVBHkmFd1px5Oc5kysAbvB1QiSoU1Oi85mN -uBmrzxmYkQ/d7wKCAQEA3LBgoWzoez81rDh+i9vXweI7vKHy1htJnRPgYuxWtlvu -RzgGK/FvOMOthVqpOR0fO1g+7/LupgNjBgGys+jTOeZiKwYEWuy0RCpjKmhc6j2y -jwdXjzHf0Ve3MFF23qhaXhQHEgg9W1VQJwt8xv28mY96YznYB/JC0vLG2ZdQ5ASJ -JHrrZNIk3h+32yBRq8312+cWRXmg27MSSfOrRAMSeoV0c7YvDakce9ZNaok/gbi9 -hA+yqxZc0SrkOXLA0plHzyzH492sonsdLjIQNApJv36NqD6ZHzcPy2iHK3ymhj+z -QM/kt5QHFbK3OFBJbyHxtbSpMfJMvh5AgzyJhaildwKCAQAHe+MsGOEXkg5qHdqf -dRqLkB60PIyZ+x4DWff2WCZUs40IhB7Y5soTke8FxlbU4nLoeSIIlIxAl+kGsErU -zuwJWIeX4Yr6Q1hwxmdnXKDb+VdP5d7SbR1cNBS4iWP+q8gdM1p/9U0nX3u+uj+j -Uw+I2GVrDYlwmONvBifHdGqGlxuKwqhqWHn4SUD5EwXjrPU0ycTvvBeGQShepZLO -44hZK38oNi9cIUnGjQlUT3b0zrF+rqv+Bv8S+du5gonwzESmZMagJCiWH7rpIiXF -p6UmtK+ZZnJ+LUnT9CokwR9N+8PJTKyzxseSRu6iZxP/Qv7UUmVJkUoTSKJDfW96 -nNF9AoIBAAOnU+I4SF0J/dx9DvNHz3mhQjXsRHXw+7YDBzr8CK96NCavscJ2e83n -x26mwph0d/jmjBwy3GqZMcF+s7OwzhZuTv/BWL8cnhtmzD9+fNNP9C3UBEoVnEv9 -9MVzA9HJ3b0i/b75rfJeJjaPRSCSQNYV/wO3iHERPLP7WvltPOSZgp+8/TqtE/kt -c0DIdzGt9j0OxVqfGd+pRks9In+8wUiP/w6PXJYQT61pLdzuqsN+CH0wOVgFxcGc -wSyGTtTtvreaWTDXka0a9q+2GniSFwh5kuTPLH/MzJEkiOBabvNYCKKxDmtPoxJj -5A6lnaGeYT8N36M5DLY1EAJcNTamRR8CggEBAPgc5Wr2YM9rmAB/15H+xk8H/tsI -1hxgGtfdHdo9ZwIyowakuqQaIjbgFX64bE9cX9C62mJ12rP6YoTAz5zRBm4J1Eld -U2PlnCwLJbtrdF83tTSi8n9Yo/y3wMFB0C+z2apEqOkLTUaz3REM+1N8CWVKMtaW -CtEqfx2sIbwy/Y3i8kSyR8mZPiMlpGULLBPvcKSgZZnUzzo5gZh2mP9zwb0q669K -71k3LzM8EY/1by8xrhhg5Iyanoeq2PwecUR4XD8pvpYRdUk+bERUSPyJenWa1JQ/ -df25AfKqmpoVp+LeICbZf4vNLxR1rs44fXPkMpu4SoQkSLuNYkoqpOngjjY= ------END RSA PRIVATE KEY----- diff --git a/terranix/tinc-test/02-build/assets/tinc/server_host_file b/terranix/tinc-test/02-build/assets/tinc/server_host_file deleted file mode 120000 index 539b85c..0000000 --- a/terranix/tinc-test/02-build/assets/tinc/server_host_file +++ /dev/null @@ -1 +0,0 @@ -server/host_file \ No newline at end of file diff --git a/terranix/tinc-test/02-build/configs/nixserver-server/configuration.nix b/terranix/tinc-test/02-build/configs/nixserver-server/configuration.nix deleted file mode 100644 index bcb1cda..0000000 --- a/terranix/tinc-test/02-build/configs/nixserver-server/configuration.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, lib, ... }: { - imports = [ ./hardware-configuration.nix ./tinc-server.nix ]; - - networking.hostName = "server"; - - # ssh - environment.systemPackages = with pkgs; [ htop git vim mosh tmux ]; - networking.firewall.allowedUDPPortRanges = [{ - from = 60000; - to = 60100; - }]; - services.sshd.enable = true; - users.users.root.openssh.authorizedKeys.keyFiles = - [ ]; - - # wireshark - programs.wireshark.enable = true; - -} diff --git a/terranix/tinc-test/02-build/configs/nixserver-server/hardware-configuration.nix b/terranix/tinc-test/02-build/configs/nixserver-server/hardware-configuration.nix deleted file mode 100644 index 5f34b82..0000000 --- a/terranix/tinc-test/02-build/configs/nixserver-server/hardware-configuration.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: { - imports = [ ]; - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; -} diff --git a/terranix/tinc-test/02-build/configs/nixserver-server/tinc-server.nix b/terranix/tinc-test/02-build/configs/nixserver-server/tinc-server.nix deleted file mode 100644 index 4c5002f..0000000 --- a/terranix/tinc-test/02-build/configs/nixserver-server/tinc-server.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - imports = [ ./tinc.nix ]; - - module.cluster.services.tinc = { - "test" = { - debugLevel = 5; - enable = true; - openPort = true; - }; - }; -} diff --git a/terranix/tinc-test/02-build/configs/nixserver-server/tinc.nix b/terranix/tinc-test/02-build/configs/nixserver-server/tinc.nix deleted file mode 100644 index 77a7679..0000000 --- a/terranix/tinc-test/02-build/configs/nixserver-server/tinc.nix +++ /dev/null @@ -1,33 +0,0 @@ -# shared tinc file between client and server -{ config, pkgs, lib, ... }: -let nixosMachines = import ; -in { - - imports = [ ]; - - networking.firewall.trustedInterfaces = [ "tinc.private" ]; - - # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" - module.cluster.services.tinc = { - "test" = { - networkSubnet = "10.123.142.0/24"; - extraConfig = '' - LocalDiscovery = yes - ''; - privateEd25519KeyFile = toString ; - privateRsaKeyFile = toString ; - hosts = { - server = { - tincIp = "10.123.142.1"; - realAddress = [ nixosMachines.nixserver-server.host.ipv4 ]; - publicKey = lib.fileContents ; - }; - sterni = { - tincIp = "10.123.142.100"; - publicKey = lib.fileContents ; - }; - }; - }; - }; -} - diff --git a/terranix/tinc-test/02-build/generated/.keep b/terranix/tinc-test/02-build/generated/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/tinc-test/02-build/shell.nix b/terranix/tinc-test/02-build/shell.nix deleted file mode 100644 index c702b95..0000000 --- a/terranix/tinc-test/02-build/shell.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ pkgs ? import { } }: - -with pkgs.lib; - -let - - ops = - let - opsImport = import ((import { }).fetchgit { - url = "https://github.com/mrVanDalo/plops.git"; - rev = "9fabba016a3553ae6e13d5d17d279c4de2eb00ad"; - sha256 = "193pajq1gcd9jyd12nii06q1sf49xdhbjbfqk3lcq83s0miqfs63"; - }); - overlay = self: super: { - # overwrite ssh to use the generated ssh configuration - openssh = super.writers.writeBashBin "ssh" '' - ${super.openssh}/bin/ssh -F ${ - toString ./generated/ssh-configuration - } "$@" - ''; - }; - in - opsImport { overlays = [ overlay ]; }; - - lib = ops.lib; - pkgs = ops.pkgs; - - source = { - - nixPkgs.nixpkgs.git = { - ref = "nixos-19.09"; - url = "https://github.com/NixOS/nixpkgs-channels"; - }; - - system = name: { - configs.file = toString ./configs; - test-assets.file = toString ./assets; - test-generated.file = toString ./generated; - nixos-config.symlink = "configs/${name}/configuration.nix"; - }; - - modules.cluster-module.git = { - url = "https://git.ingolf-wagner.de/nix-modules/cluster.git"; - ref = "1.2.0"; - }; - - }; - - servers = import ./generated/nixos-machines.nix; - - deployServer = name: - { user ? "root", host, ... }: - with ops; - jobs "deploy-${name}" "${user}@${host.ipv4}" [ - (populate (source.system name)) - (populate source.nixPkgs) - (populate source.modules) - switch - ]; - - moshServer = name: - { user ? "root", host, ... }: - pkgs.writers.writeDashBin "mosh-${name}" '' - ${pkgs.mosh}/bin/mosh \ - --ssh="${pkgs.openssh}/bin/ssh -F ${ - toString ./generated/ssh-configuration - }" \ - "${user}@${host.ipv4}" - ''; - -in -pkgs.mkShell { - buildInputs = lib.mapAttrsToList deployServer servers - ++ mapAttrsToList moshServer servers; - -} diff --git a/terranix/tinc-test/README.md b/terranix/tinc-test/README.md deleted file mode 100644 index 074f2fd..0000000 --- a/terranix/tinc-test/README.md +++ /dev/null @@ -1,73 +0,0 @@ -A setup to test tinc on a hetzner box - -# steps - -## OPTIONAL: generate fresh ssh keys - -```sh -ssh-keygen -P "" -f sshkey -``` - -## OPTIONAL: generate new tinc keys - -``` -nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" -cat *.pub host_file -rm *.pub -``` - -## generate machine - -```sh -cd ./01-terranix -nix-shell --run "create" -``` - -## provision machine - -```sh -cd ./02-build -nix-shell --run deploy-server -``` - -## tracking and collecting - -``` -dumpcap \ - -i ens3 \ - -w /root/hardware-device_working.dcap -dumpcap \ - -i tinc.test \ - -w /root/tinc-device_working.dcap -``` - -and for the not working experiment - -``` -dumpcap \ - -i ens3 \ - -w /root/hardware-device_not-working.dcap -dumpcap \ - -i tinc.test \ - -w /root/tinc-device_not-working.dcap -``` - -logs - -``` -systemctl --from "2020-01-04 15:00" --until "2020-01-04 16:00" -o json > working-logs.json -systemctl --from "2020-01-04 17:00" --until "2020-01-04 18:00" -o json > nog-working-logs.json -``` - -and setup - -``` -tar cvzf etc.tgz /etc/tinc -``` - -## cleanup - -```sh -cd ./01-terranix -nix-shell --run "clean" -``` diff --git a/terranix/tinc-test/sshkey b/terranix/tinc-test/sshkey deleted file mode 100755 index 245d3cf..0000000 --- a/terranix/tinc-test/sshkey +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn -NhAAAAAwEAAQAAAQEAqD70wK7MGSV6uBaP/IWxgr/eWm/LXsVu0rLOF8/VQdcPZgVw8eo6 -ZyDnfJpSvaYMknP9JlaiawMTpwrON8A5y8i2prQDhdO8Uz1pK+VXfZgY6hEOcs1UJmacsV -82oyaYAHg8gYUsRp8FOYQUCyZPrVlQMJN4F854sCugVr9Zfgc8B3Q+zoLX13jO+QLCTefI -BRkKwBDHK3lGrNYyJ6qSTV/gA6LruwglPlK5BQsyB7djoLRgi7eNmJRyFqH7SotY40TzZR -w3BF7ssW4DFfqCXw/OtuOKls7+uivQgfUkAKvhGVbFbGRdEzRKTmgMzUNVXILZ5CYoTjEJ -FGzrB6APwQAAA8A3cOj/N3Do/wAAAAdzc2gtcnNhAAABAQCoPvTArswZJXq4Fo/8hbGCv9 -5ab8texW7Sss4Xz9VB1w9mBXDx6jpnIOd8mlK9pgySc/0mVqJrAxOnCs43wDnLyLamtAOF -07xTPWkr5Vd9mBjqEQ5yzVQmZpyxXzajJpgAeDyBhSxGnwU5hBQLJk+tWVAwk3gXzniwK6 -BWv1l+BzwHdD7OgtfXeM75AsJN58gFGQrAEMcreUas1jInqpJNX+ADouu7CCU+UrkFCzIH -t2OgtGCLt42YlHIWoftKi1jjRPNlHDcEXuyxbgMV+oJfD86244qWzv66K9CB9SQAq+EZVs -VsZF0TNEpOaAzNQ1VcgtnkJihOMQkUbOsHoA/BAAAAAwEAAQAAAQBwNZTNEYeD2fBP6JRd -adkrB8ZHcLolWe4AzkoPrYhgogteEpDydzI+Z76b5tz6KU3HO16B/FPUpTetN9KzchvZ4u -KWqgaTcdTve0yyfwHr/M3ZBkkpnfHarqMg1Qy+oVXNMmPASk5uR06XvpQTn5iSV7fYvfHh -hs4NSPtl/7azCxFK6PnQSKoUz1FSSdV/JT1Iptw5pSASMv6qCPWK04tIpfV9kVnxJMDRuD -f8DZqxhruien6YjIKaP2UOvVIj2cog5siELmkRN56naPEXdEKs2heSnQ1NtjexmKkzEJM7 -vAbZJ1EBT2c4UbmLlCJ/M+3wgjTdDIzjUK7WHVRD1Mh1AAAAgBfcHhwEwStAZ2DUgrOFYE -kBUWZzBUmnFIK/HB0SX7CGk7V1I3PhpG8TF2PhC85dcC44i/wYdrEC/R+zA/iOf/94tO3l -T0pksYewfk+1uUPWxJtBLzDpYJk/RfskA+K5aLw1UI+4kGdtaoia/Y1qbHmwrBfNUYUZx6 -NDo7X5teQKAAAAgQDTBDReUialFX046Qq6CXinMpvprgwKNaWgdUfnZ6ihKye3IoLkVqYk -IkIJDcDzyPiekJc2Xwi2uFVo//2T02aeisYgkOmFYYNXM4eHQfsEQyt6SqtpvlsoZ6BF7z -sB4QQsYnuwxsO6vbQSKItlX5qrodbnldNqjqwU9Eiz6S+5XwAAAIEAzByjPznLIcsYAk/u -bZ8TyX2Iigd8WAmuauvhfHJ9o65AQM1D5kYytD8c3Zn64iZxPaZX1UK9T5gkSQETJz/Ix8 -EEulFiWyS1GtGImykJ1E32zM06xS+nMDKrbvQbAsUPDD0u52eMMLwex1GG8YWxcRKZyDL2 -jz63bvm/l1vcKt8AAAALcGFsb0BzdGVybmk= ------END OPENSSH PRIVATE KEY----- diff --git a/terranix/tinc-test/sshkey.pub b/terranix/tinc-test/sshkey.pub deleted file mode 100644 index dfd4b46..0000000 --- a/terranix/tinc-test/sshkey.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoPvTArswZJXq4Fo/8hbGCv95ab8texW7Sss4Xz9VB1w9mBXDx6jpnIOd8mlK9pgySc/0mVqJrAxOnCs43wDnLyLamtAOF07xTPWkr5Vd9mBjqEQ5yzVQmZpyxXzajJpgAeDyBhSxGnwU5hBQLJk+tWVAwk3gXzniwK6BWv1l+BzwHdD7OgtfXeM75AsJN58gFGQrAEMcreUas1jInqpJNX+ADouu7CCU+UrkFCzIHt2OgtGCLt42YlHIWoftKi1jjRPNlHDcEXuyxbgMV+oJfD86244qWzv66K9CB9SQAq+EZVsVsZF0TNEpOaAzNQ1VcgtnkJihOMQkUbOsHoA/B palo@sterni diff --git a/terranix/workadventure-jitsi-setup/.gitignore b/terranix/workadventure-jitsi-setup/.gitignore deleted file mode 100644 index 6073c1a..0000000 --- a/terranix/workadventure-jitsi-setup/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -plops/generated/ -sshkey* \ No newline at end of file diff --git a/terranix/workadventure-jitsi-setup/README.md b/terranix/workadventure-jitsi-setup/README.md deleted file mode 100644 index 9a50870..0000000 --- a/terranix/workadventure-jitsi-setup/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# NixOS Server Example with plops - -This setup shows: - -- how to use a terranix module -- how to use 3rd party provision software after terraform. -- how to run terranix and terraform - -Setup containing opinionated modules to deploy -[NixOS servers](https://nixos.org/) -on -[hcloud](https://www.hetzner.com/cloud) -using -[nixos-infect](https://github.com/elitak/nixos-infect) -with my -[plops](https://github.com/mrVanDalo/plops) -provisioning tool for NixOS, -which is an overlay on -[krops](https://cgit.krebsco.de/krops/about/). - -After server creation, -the initial provisioning uploads the -nixos-infect -script and applys it. -After server creation and initialization -terranix/terraform generates -files used for the "real" provisioning -done by plops. - -Of course instead of plops you can use every provsioning tool you like -here (e.g. NixOps, Ansible, ... ) - -# How to Run - -## What you need - -- a setup [passwordstore](https://www.passwordstore.org/). -- a [hcloud token](https://docs.hetzner.cloud/#overview-getting-started) - stored under `development/hetzner.com/api-token` - -## Steps - -- `terraform-prepare`: to create ssh keys. -- `terraform-build`: to run terranix and terraform do create server. -- `terraform-destroy`: to delete server (don't forget that step, or else it gets costly) -- `terraform-cleanup`: to delete ssh keys and terraform data. - -## DNS - -define domains with your nameserver and update `jitsi.nix` and `workadventure.nix`. - -- `meet.${domain}` to given ip4 address -- `party.${domain}` to given ip4 address -- `*.party.${domain}` to given ip4 address diff --git a/terranix/workadventure-jitsi-setup/config.nix b/terranix/workadventure-jitsi-setup/config.nix deleted file mode 100644 index 6b9dbc0..0000000 --- a/terranix/workadventure-jitsi-setup/config.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: -let - hcloud-modules = pkgs.fetchgit { - url = "https://github.com/mrVanDalo/terranix-hcloud.git"; - rev = "5fa359a482892cd973dcc6ecfc607f4709f24495"; - sha256 = "0smgmdiklj98y71fmcdjsqjq8l41i66hs8msc7k4m9dpkphqk86p"; - }; -in -{ - - imports = [ "${hcloud-modules}/default.nix" ]; - - # configure temporary admin ssh keys - users.admins.palo.publicKey = "${lib.fileContents ./sshkey.pub}"; - - # configure provisioning private Key to be used when running provisioning on the machines - provisioner.privateKeyFile = toString ./sshkey; - - hcloud.nixserver = { - host = { - enable = true; - serverType = "cx51"; # 35€/month - configurationFile = pkgs.writeText "configuration.nix" '' - { pkgs, lib, config, ... }: - { - environment.systemPackages = [ pkgs.git ]; - } - ''; - }; - }; - - hcloud.export.nix = toString ./plops/generated/nixos-machines.nix; - - resource.local_file.sshConfig = { - filename = "${toString ./plops/generated/ssh-configuration}"; - content = with lib; - let - configPart = name: '' - Host ''${ hcloud_server.nixserver-${name}.ipv4_address } - IdentityFile ${toString ./sshkey} - ServerAliveInterval 60 - ServerAliveCountMax 3 - ''; - in - concatStringsSep "\n" - (map configPart (attrNames config.hcloud.nixserver)); - }; - -} diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/codimd.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/codimd.nix deleted file mode 100644 index 92cf135..0000000 --- a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/codimd.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: { - - services.nginx.enable = true; - services.nginx.virtualHosts.codimd = { - enableACME = true; - addSSL = true; - serverName = "codimd.${config.workadventure.domain}"; - locations."/".extraConfig = '' - client_max_body_size 4G; - proxy_set_header Host $host; - proxy_pass http://localhost:3091; - ''; - }; - - services.codimd = { - enable = true; - configuration = { - allowFreeURL = true; - db = { - dialect = "sqlite"; - storage = "/var/lib/codimd/db.codimd.sqlite"; - useCDN = false; - }; - port = 3091; - }; - }; - -} - diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/configuration.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/configuration.nix deleted file mode 100644 index 88115b6..0000000 --- a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, pkgs, lib, ... }: { - imports = [ - ./options.nix - # codimd.${hostName} - ./codimd.nix - ./hardware-configuration.nix - # meet.${hostName} - ./jitsi.nix - # netdata.${hostName} - #./netdata.nix - ./ssh.nix - # party.${hostName} - # api.party.${hostName} - # push.party.${hostName} - # play.party.${hostName} - # upload.party.${hostName} - ./workadventure.nix - ]; - - environment.systemPackages = - [ pkgs.git pkgs.docker-compose pkgs.ag pkgs.htop ]; - - # party.${hostName} - # api.party.${hostName} - # push.party.${hostName} - # play.party.${hostName} - # upload.party.${hostName} - - networking.hostName = "host"; - workadventure.domain = "palovandalo.com"; - security.acme.email = "contact@ingolf-wagner.de"; - security.acme.acceptTerms = true; - -} diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/hardware-configuration.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/hardware-configuration.nix deleted file mode 100644 index ae82a10..0000000 --- a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/hardware-configuration.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: { - imports = [ ]; - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; -} diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/jitsi.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/jitsi.nix deleted file mode 100644 index 89849e4..0000000 --- a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/jitsi.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, ... }: { - # + + - # | | - # | | - # v v - # 80, 443 TCP 443 TCP, 10000 UDP - # +--------------+ +---------------------+ - # | nginx | 5222, 5347 TCP | | - # | jitsi-meet |<-------------------+| jitsi-videobridge | - # | prosody | | | | - # | jicofo | | +---------------------+ - # +--------------+ | - # | +---------------------+ - # | | | - # +----------+| jitsi-videobridge | - # | | | - # | +---------------------+ - # | - # | +---------------------+ - # | | | - # +----------+| jitsi-videobridge | - # | | - # +---------------------+ - - # This is a one server setup - services.jitsi-meet = { - enable = true; - hostName = "meet.${config.workadventure.domain}"; - - # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences. - # https://github.com/jitsi/jicofo - jicofo.enable = true; - - # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. - # Further nginx configuration can be done by adapting services.nginx.virtualHosts.. When this is enabled, ACME - # will be used to retrieve a TLS certificate by default. To disable this, set the - # services.nginx.virtualHosts..enableACME to false and if appropriate do the same for - # services.nginx.virtualHosts..forceSSL. - nginx.enable = true; - - # https://github.com/jitsi/jitsi-meet/blob/master/config.js - config = { - enableWelcomePage = false; - defaultLang = "en"; - }; - - # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js - interfaceConfig = { - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - }; - - }; - - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 10000 ]; - }; - -} diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/netdata.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/netdata.nix deleted file mode 100644 index 667b550..0000000 --- a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/netdata.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, ... }: { - services.netdata = { - enable = true; - config = { - #"exporting:global" = { "enabled" = "yes"; }; - global = { - "memory mode" = "dbengine"; - "dbengine disk space" = 1024 * 10; # in MB - "debug log" = "none"; - "access log" = "none"; - "error log" = "syslog"; - }; - }; - }; - - services.nginx.enable = true; - services.nginx.virtualHosts."netdata.${config.workadventure.domain}" = { - enableACME = true; - forceSSL = true; - basicAuth.admin = "NYsXfBKRwkkS60WIeZONtFTv3nz4tPy52uqLkzJzuc"; - locations."/" = { - proxyPass = "http://localhost:19999"; - proxyWebsockets = true; - }; - }; -} diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/options.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/options.nix deleted file mode 100644 index c246b82..0000000 --- a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/options.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let cfg = config.workadventure; -in { - - options.workadventure = { - domain = mkOption { - type = with types; str; - description = '' - domain of the server - ''; - }; - }; - -} diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/ssh.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/ssh.nix deleted file mode 100644 index c794884..0000000 --- a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/ssh.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - # ssh configuration - # ----------------- - services.sshd.enable = true; - services.openssh.passwordAuthentication = false; - services.openssh.banner = '' - [ JITSI Server ] - ''; - - # the public ssh key used at deployment - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==" - ]; -} diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/workadventure.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/workadventure.nix deleted file mode 100644 index af1c6af..0000000 --- a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/workadventure.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ config, pkgs, lib, ... }: -let - # If your Jitsi environment has authentication set up, - # you MUST set JITSI_PRIVATE_MODE to "true" and - # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret - jitsiPrivateMode = "false"; - - secretJitsiKey = ""; - - jitsiISS = ""; - - workadventureSecretKey = ""; - - jitsiURL = "meet.${config.workadventure.domain}"; - - domain = "party.${config.workadventure.domain}"; - # domain will redirect to this map. (not play.${domain}) - defaultMap = "mrvandalo.github.io/workadventure-worlds/main.json"; - - apiURL = "api.${domain}"; - apiPort = 9002; - - frontURL = "play.${domain}"; - frontPort = 9004; - - pusherURL = "push.${domain}"; - pusherPort = 9005; - - uploaderURL = "upload.${domain}"; - uploaderPort = 9006; - - version = "v1.1.0"; - frontImage = "thecodingmachine/workadventure-front:${version}"; - pusherImage = "thecodingmachine/workadventure-pusher:${version}"; - apiImage = "thecodingmachine/workadventure-back:${version}"; - uploaderImage = "thecodingmachine/workadventure-uploader:${version}"; - -in -{ - - virtualisation.docker.enable = true; - boot.kernel.sysctl."net.ipv4.ip_forward" = true; - - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 80 443 ]; - }; - - services.nginx.enable = true; - services.nginx.recommendedProxySettings = true; - - systemd.services.workadventure-network = { - enable = true; - wantedBy = [ "multi-user.target" ]; - script = '' - ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||: - ''; - after = [ "docker" ]; - before = [ - "docker-workadventure-back.service" - "docker-workadventure-pusher.service" - "docker-workadventure-uploader.service" - "docker-workadventure-website.service" - ]; - }; - - virtualisation.oci-containers.backend = "docker"; - - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - return = "302 $scheme://play.${domain}/_/global/${defaultMap}"; - }; - }; - - virtualisation.oci-containers.containers.workadventure-front = { - image = frontImage; - environment = { - API_URL = pusherURL; - JITSI_PRIVATE_MODE = jitsiPrivateMode; - JITSI_URL = jitsiURL; - SECRET_JITSI_KEY = secretJitsiKey; - UPLOADER_URL = uploaderURL; - }; - ports = [ "127.0.0.1:${toString frontPort}:80" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${frontURL}" = { - enableACME = true; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; - }; - - virtualisation.oci-containers.containers.workadventure-pusher = { - image = pusherImage; - environment = { - API_URL = "workadventure-back:50051"; - JITSI_ISS = jitsiISS; - JITSI_URL = jitsiURL; - SECRET_KEY = workadventureSecretKey; - }; - ports = [ "127.0.0.1:${toString pusherPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${pusherURL}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString pusherPort}"; - proxyWebsockets = true; - }; - locations."/room" = { - proxyPass = "http://127.0.0.1:${toString pusherPort}"; - proxyWebsockets = true; - }; - }; - - virtualisation.oci-containers.containers.workadventure-back = { - image = apiImage; - environment = { - #DEBUG = "*"; - JITSI_ISS = jitsiISS; - JITSI_URL = jitsiURL; - SECRET_KEY = workadventureSecretKey; - }; - ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${apiURL}" = { - enableACME = true; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; - }; - - virtualisation.oci-containers.containers.workadventure-uploader = { - image = uploaderImage; - ports = [ "127.0.0.1:${toString uploaderPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - services.nginx.virtualHosts."${uploaderURL}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString uploaderPort}"; - proxyWebsockets = true; - }; - }; - - systemd.services.docker-workadventure-front.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-uploader.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-pusher.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - systemd.services.docker-workadventure-back.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - -} diff --git a/terranix/workadventure-jitsi-setup/plops/shell.nix b/terranix/workadventure-jitsi-setup/plops/shell.nix deleted file mode 100644 index 16e7de6..0000000 --- a/terranix/workadventure-jitsi-setup/plops/shell.nix +++ /dev/null @@ -1,74 +0,0 @@ -let - - # import plops with pkgs and lib - opsImport = import ((import { }).fetchgit { - url = "https://github.com/mrVanDalo/plops.git"; - rev = "9fabba016a3553ae6e13d5d17d279c4de2eb00ad"; - sha256 = "193pajq1gcd9jyd12nii06q1sf49xdhbjbfqk3lcq83s0miqfs63"; - }); - - ops = - let - overlay = self: super: { - # overwrite ssh to use the generated ssh configuration - openssh = super.writeShellScriptBin "ssh" '' - ${super.openssh}/bin/ssh -F ${ - toString ./generated/ssh-configuration - } "$@" - ''; - }; - in - opsImport { overlays = [ overlay ]; }; - - lib = ops.lib; - pkgs = ops.pkgs; - - # define all sources - source = { - - # nixpkgs (no need for channels anymore) - nixPkgs.nixpkgs.git = { - ref = "nixos-20.09"; - url = "https://github.com/NixOS/nixpkgs"; - }; - - # system configurations - system = name: { - configs.file = toString ./configs; - nixos-config.symlink = "configs/${name}/configuration.nix"; - }; - - # secrets which are hold and stored by pass - secrets = name: { - secrets.pass = { - dir = toString ./secrets; - name = name; - }; - }; - }; - - servers = import ./generated/nixos-machines.nix; - - deployServer = name: - { user ? "root", host, ... }: - with ops; - jobs "deploy-${name}" "${user}@${host.ipv4}" [ - # deploy secrets to /run/plops-secrets/secrets - # (populateTmpfs (source.secrets name)) - # deploy system to /var/src/system - (populate (source.system name)) - # deploy nixpkgs to /var/src/nixpkgs - (populate source.nixPkgs) - switch - ]; - -in -pkgs.mkShell { - - buildInputs = lib.mapAttrsToList deployServer servers; - - shellHook = '' - export PASSWORD_STORE_DIR=./secrets - ''; - -} diff --git a/terranix/workadventure-jitsi-setup/shell.nix b/terranix/workadventure-jitsi-setup/shell.nix deleted file mode 100644 index 6648cc3..0000000 --- a/terranix/workadventure-jitsi-setup/shell.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ pkgs ? import { } }: -let - - terranix = pkgs.callPackage - (pkgs.fetchgit { - url = "https://github.com/mrVanDalo/terranix.git"; - rev = "2.3.0"; - sha256 = "030067h3gjc02llaa7rx5iml0ikvw6szadm0nrss2sqzshsfimm4"; - }) - { }; - - terraform = pkgs.writers.writeBashBin "terraform" '' - export TF_VAR_hcloud_api_token=`${pkgs.pass}/bin/pass development/hetzner.com/api-token` - ${pkgs.terraform_0_12}/bin/terraform "$@" - ''; - -in -pkgs.mkShell { - - buildInputs = [ - - terranix - terraform - - (pkgs.writers.writeBashBin "terraform-prepare" '' - ${pkgs.openssh}/bin/ssh-keygen -P "" -f ${toString ./.}/sshkey - '') - - (pkgs.writers.writeBashBin "terraform-build" '' - set -e - set -o pipefail - ${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > config.tf.json - ${terraform}/bin/terraform init - ${terraform}/bin/terraform apply - '') - - (pkgs.writers.writeBashBin "terraform-destroy" '' - ${terraform}/bin/terraform destroy - rm ${toString ./.}/config.tf.json - '') - - (pkgs.writers.writeBashBin "terraform-cleanup" '' - rm ${toString ./.}/sshkey - rm ${toString ./.}/sshkey.pub - rm ${toString ./.}/terraform.tfstate* - '') - - ]; -} -