diff --git a/nixos/configs/mobi/tinc.nix b/nixos/configs/mobi/tinc.nix index 111c720..c1713c3 100644 --- a/nixos/configs/mobi/tinc.nix +++ b/nixos/configs/mobi/tinc.nix @@ -7,7 +7,7 @@ with lib; "private" = { enable = true; openPort = true; - connectTo = [ "sputnik" ]; + connectTo = [ "robi" ]; }; }; diff --git a/nixos/configs/pepe/tinc.nix b/nixos/configs/pepe/tinc.nix index 4229928..fb0ee96 100644 --- a/nixos/configs/pepe/tinc.nix +++ b/nixos/configs/pepe/tinc.nix @@ -7,7 +7,7 @@ with lib; "private" = { enable = true; openPort = true; - connectTo = [ "sputnik" "robi" ]; + connectTo = [ "robi" ]; }; "retiolum" = { enable = true; diff --git a/nixos/configs/robi/configuration.nix b/nixos/configs/robi/configuration.nix index 8b0a46c..96a09cd 100644 --- a/nixos/configs/robi/configuration.nix +++ b/nixos/configs/robi/configuration.nix @@ -33,7 +33,6 @@ #./finance.nix #./grafana.nix #./graylog.nix - #./jenkins.nix #./kibana.nix #./mysql.nix #./prometheus.nix diff --git a/nixos/configs/robi/jenkins.nix b/nixos/configs/robi/jenkins.nix deleted file mode 100644 index 1f277d6..0000000 --- a/nixos/configs/robi/jenkins.nix +++ /dev/null @@ -1,203 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - library = import ../../library { inherit pkgs lib; }; - - sync-repo = library.jenkins.syncJob; - job = library.jenkins.job; - -in -{ - - environment.systemPackages = [ pkgs.cabal-install ]; - - services.nginx = { - enable = true; - virtualHosts = { - "jenkins.${config.networking.hostName}.private" = { - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.jenkins.port}"; - extraConfig = '' - proxy_set_header Host $host:$server_port; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_read_timeout 90; - proxy_redirect http://localhost:${ - toString config.services.jenkins.port - } https://jenkins.${config.networking.hostName}.private/; - ''; - }; - }; - }; - }; - - sops.secrets.jenkins_token = { - owner = "jenkins"; - }; - - services.jenkins = { - enable = true; - home = "/home/jenkins"; - port = 10420; - - # Plugins to Install: - # - all the plugins recommended at the setup - # - Build pipeline - # - SSH Agent - # - mattermost plugin - jobBuilder = { - enable = true; - # create an access token in the admin users panel - accessTokenFile = config.sops.secrets.jenkins_token.path; - accessUser = "admin"; - - # https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules - nixJobs = - let - # ssh username + key - gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; - # ssh username + key - github-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; - # ssh username + key - sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7"; - - sync-to-github = name: source: target: - sync-repo name - { - url = source; - credentialsId = gogs-id; - } - { - url = target; - credentialsId = github-id; - }; - - in - [ - - (job "sync-retiolum" - { - url = "git@github.com:krebs/retiolum.git"; - credentialsId = github-id; - triggers = [{ timed = "H/30 * * * *"; }]; - } [ - { - "Download Files" = [ - "chmod 755 hosts" - "chmod 755 -R hosts" - '' - nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"'' - "chmod 755 -R etc.hosts" - '' - nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"'' - ]; - } - { - "update repo" = [ - ''nix-shell -p git --run "git add ."'' - '' - nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"'' - ]; - } - { - Push = [{ - script = ''nix-shell -p git --run "git push origin master"''; - credentialsId = github-id; - }]; - } - ]) - - (job "test-taskninja" - { - url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git"; - credentialsId = gogs-id; - } [ - { - "Create Shell" = [ - '' - nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"'' - ]; - } - { Update = [ ''nix-shell ./jenkins.nix --run "cabal update"'' ]; } - { - Configure = [ - ''nix-shell ./jenkins.nix --run "cabal configure --enable-tests"'' - '' - nix-shell ./jenkins.nix --run "cabal install --only-dependencies"'' - ]; - } - { Build = [ ''nix-shell ./jenkins.nix --run "cabal build"'' ]; } - { Test = [ ''nix-shell ./jenkins.nix --run "cabal test"'' ]; } - ]) - - # sync to github - # -------------- - (sync-to-github "sync-radiodj" - "ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj2.git" - "git@github.com:crashburn-radio/radio-dj.git") - (sync-to-github "sync-radiodj-tracks" - "ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj-tracks.git" - "git@github.com:crashburn-radio/radio-dj-tracks.git") - - (sync-to-github "sync-krops-module" - "ssh://gogs@workhorse.private:2222/nix-modules/krops.git" - "git@github.com:mrVanDalo/module.krops.git") - - (sync-to-github "sync-cluster-module" - "ssh://gogs@workhorse.private:2222/nix-modules/cluster.git" - "git@github.com:mrVanDalo/module.cluster.git") - - (sync-to-github "sync-backup-module" - "ssh://gogs@workhorse.private:2222/nix-modules/backup.git" - "git@github.com:mrVanDalo/module.backup.git") - - (sync-to-github "sync-module-tinc" - "ssh://gogs@workhorse.private:2222/palo/nixos-tinc.git" - "git@github.com:mrVanDalo/nixos-tinc.git") - - (sync-to-github "sync-memo" - "ssh://gogs@workhorse.private:2222/palo/memo.git" - "git@github.com:mrVanDalo/memo.git") - - (sync-to-github "sync-diagrams-template" - "ssh://gogs@workhorse.private:2222/palo/diagrams-template.git" - "git@github.com:mrVanDalo/diagrams.git") - - (sync-to-github "sync-plops" - "ssh://gogs@workhorse.private:2222/palo/plops.git" - "git@github.com:mrVanDalo/plops.git") - - (sync-to-github "sync-image-generator" - "ssh://gogs@workhorse.private:2222/palo/image-generator2.git" - "git@github.com:mrVanDalo/image-generator.git") - - (sync-to-github "sync-image-generator-lib" - "ssh://gogs@workhorse.private:2222/palo/image-generator-lib.git" - "git@github.com:mrVanDalo/image-generator-examples.git") - - (sync-to-github "sync-tech.ingolf-wagner.de" - "ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git" - "git@github.com:mrVanDalo/tech.ingolf-wagner.de.git") - - (sync-to-github "sync-LineageOS-build" - "ssh://gogs@git.ingolf-wagner.de:2222/palo/LineagoOS-build.git" - "git@github.com:mrVanDalo/LineagoOS-build.git") - - (sync-to-github "sync-http-errors" - "ssh://gogs@git.ingolf-wagner.de:2222/palo/http-errors.git" - "git@github.com:mrVanDalo/http-errors.git") - (sync-to-github "sync-light-control" - "ssh://gogs@git.ingolf-wagner.de:2222/palo/light-control.git" - "git@github.com:mrVanDalo/light-control.git") - - ]; - }; - }; - -} diff --git a/nixos/configs/robi/jupyter.nix b/nixos/configs/robi/jupyter.nix deleted file mode 100644 index 63bdf7c..0000000 --- a/nixos/configs/robi/jupyter.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ pkgs, lib, config, ... }: { - - services.jupyter = { - enable = true; - ip = "0.0.0.0"; - #In [1]: from notebook.auth import passwd - #In [2]: passwd('test') - #Out[2]: 'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba' - #NOTE: you need to keep the single quote inside nix string. - password = "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'"; - kernels = { - python3 = - let - env = (pkgs.python3.withPackages (pythonPackages: - with pythonPackages; [ - ipykernel - pandas - - # database stuff - mysqlclient - databases - asyncpg - psycopg2 - aiomysql - pymysql - aiosqlite - #aiopg - sqlalchemy - - # pdf export - nbconvert - ])); - in - { - displayName = "Python 3"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - }; - }; - }; - - # to generate pdfs and such - environment.systemPackages = [ pkgs.pandoc ]; - - backup.dirs = [ "/var/lib/jupyter" ]; - backup.exclude = - [ "/var/lib/jupyter/.local" "/var/lib/jupyter/.ipynb_checkpoints" ]; - - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "python.${config.networking.hostName}.private" = { - serverAliases = [ "jupyter.${config.networking.hostName}.private" ]; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.jupyter.port - }"; - }; - }; - }; - }; - -} diff --git a/nixos/configs/robi/prometheus.nix b/nixos/configs/robi/prometheus.nix index 6888571..311c830 100644 --- a/nixos/configs/robi/prometheus.nix +++ b/nixos/configs/robi/prometheus.nix @@ -19,25 +19,10 @@ job_name = "nginx"; scrape_interval = "8s"; static_configs = [ - { - targets = [ "sputnik.private:9113" ]; - labels = { - service = "nginx"; - server = "sputnik"; - }; - } - { - targets = [ "sputnik.private:9113" ]; - labels = { - service = "nginx"; - server = "sputnik"; - }; - } { targets = [ "workhorse.private:9113" ]; labels = { service = "nginx"; - server = "sputnik"; }; } ]; @@ -55,13 +40,6 @@ server = "pepe"; }; } - { - targets = [ "sputnik.private:19999" ]; - labels = { - service = "netdata"; - server = "sputnik"; - }; - } { targets = [ "workhorse.private:19999" ]; labels = { diff --git a/nixos/configs/sternchen/tinc.nix b/nixos/configs/sternchen/tinc.nix index fd45db0..8cba6a2 100644 --- a/nixos/configs/sternchen/tinc.nix +++ b/nixos/configs/sternchen/tinc.nix @@ -8,7 +8,7 @@ with lib; "secret" = { enable = true; openPort = true; - connectTo = [ "sputnik" "robi" ]; + connectTo = [ "robi" ]; }; }; diff --git a/nixos/configs/sterni/tinc.nix b/nixos/configs/sterni/tinc.nix index 6e78491..8f6c5f4 100644 --- a/nixos/configs/sterni/tinc.nix +++ b/nixos/configs/sterni/tinc.nix @@ -8,7 +8,7 @@ with lib; "private" = { enable = true; openPort = true; - connectTo = [ "sputnik" "robi" ]; + connectTo = [ "robi" ]; }; "retiolum" = { enable = true; @@ -17,7 +17,7 @@ with lib; "secret" = { enable = true; openPort = true; - connectTo = [ "sputnik" "robi" ]; + connectTo = [ "robi" ]; }; }; diff --git a/nixos/system/all/nginx-landingpage.nix b/nixos/system/all/nginx-landingpage.nix index 762b698..e95f1a0 100644 --- a/nixos/system/all/nginx-landingpage.nix +++ b/nixos/system/all/nginx-landingpage.nix @@ -248,9 +248,7 @@ }) (map (name: { inherit name; }) [ "workhorse" - "porani" "pepe" - "sputnik" ] #(lib.attrNames config.module.cluster.services.tinc."private".hosts) ); diff --git a/nixos/system/all/sshd-known-hosts-private.nix b/nixos/system/all/sshd-known-hosts-private.nix index d452ea3..73635e6 100644 --- a/nixos/system/all/sshd-known-hosts-private.nix +++ b/nixos/system/all/sshd-known-hosts-private.nix @@ -38,15 +38,6 @@ ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt"; }; - "sputnik.private" = { - hostNames = [ - "sputnik.private" - "sputnik.secret" - config.module.cluster.services.tinc.private.hosts.sputnik.tincIp - config.module.cluster.services.tinc.secret.hosts.sputnik.tincIp - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8"; - }; "workhorse.private" = { hostNames = [ "workhorse.private" diff --git a/nixos/system/all/tinc.nix b/nixos/system/all/tinc.nix index 117a2c2..c8aeb35 100644 --- a/nixos/system/all/tinc.nix +++ b/nixos/system/all/tinc.nix @@ -78,11 +78,6 @@ in tincIp = "10.123.42.21"; publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file; }; - sputnik = { - realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ]; - tincIp = "10.123.42.122"; - publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file; - }; robi = { realAddress = [ "144.76.13.147" ]; tincIp = "10.123.42.123"; @@ -128,16 +123,6 @@ in tincIp = "10.23.42.111"; publicKey = lib.fileContents ../../assets/tinc/robi_host_file; }; - sputnik = { - realAddress = [ - "195.201.134.247" - "195.201.134.247:443" - "static.247.134.201.195.clients.your-server.de" - "static.247.134.201.195.clients.your-server.de:443" - ]; - tincIp = "10.23.42.122"; - publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file; - }; }; }; };