palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

get rid of sputnik

Browse source
This commit is contained in:
Ingolf Wagner 2022-06-26 17:50:32 +02:00
parent aa05ffeb30
commit a777b473c6
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
11 changed files with 5 additions and 328 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/configs/mobi/tinc.nix
View file

@ -7,7 +7,7 @@ with lib;
"private" = { "private" = {
enable = true; enable = true;
openPort = true; openPort = true;
connectTo = [ "sputnik" ]; connectTo = [ "robi" ];
}; };
}; };

2
nixos/configs/pepe/tinc.nix
View file

@ -7,7 +7,7 @@ with lib;
"private" = { "private" = {
enable = true; enable = true;
openPort = true; openPort = true;
connectTo = [ "sputnik" "robi" ]; connectTo = [ "robi" ];
}; };
"retiolum" = { "retiolum" = {
enable = true; enable = true;

1
nixos/configs/robi/configuration.nix
View file

@ -33,7 +33,6 @@
#./finance.nix #./finance.nix
#./grafana.nix #./grafana.nix
#./graylog.nix #./graylog.nix
#./jenkins.nix
#./kibana.nix #./kibana.nix
#./mysql.nix #./mysql.nix
#./prometheus.nix #./prometheus.nix

203
nixos/configs/robi/jenkins.nix
View file

@ -1,203 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
library = import ../../library { inherit pkgs lib; };
sync-repo = library.jenkins.syncJob;
job = library.jenkins.job;
in
{
environment.systemPackages = [ pkgs.cabal-install ];
services.nginx = {
enable = true;
virtualHosts = {
"jenkins.${config.networking.hostName}.private" = {
locations."/" = {
proxyPass =
"http://localhost:${toString config.services.jenkins.port}";
extraConfig = ''
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_redirect http://localhost:${
toString config.services.jenkins.port
} https://jenkins.${config.networking.hostName}.private/;
'';
};
};
};
};
sops.secrets.jenkins_token = {
owner = "jenkins";
};
services.jenkins = {
enable = true;
home = "/home/jenkins";
port = 10420;
# Plugins to Install:
# - all the plugins recommended at the setup
# - Build pipeline
# - SSH Agent
# - mattermost plugin
jobBuilder = {
enable = true;
# create an access token in the admin users panel
accessTokenFile = config.sops.secrets.jenkins_token.path;
accessUser = "admin";
# https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules
nixJobs =
let
# ssh username + key
gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2";
# ssh username + key
github-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2";
# ssh username + key
sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7";
sync-to-github = name: source: target:
sync-repo name
{
url = source;
credentialsId = gogs-id;
}
{
url = target;
credentialsId = github-id;
};
in
[
(job "sync-retiolum"
{
url = "git@github.com:krebs/retiolum.git";
credentialsId = github-id;
triggers = [{ timed = "H/30 * * * *"; }];
} [
{
"Download Files" = [
"chmod 755 hosts"
"chmod 755 -R hosts"
''
nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"''
"chmod 755 -R etc.hosts"
''
nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"''
];
}
{
"update repo" = [
''nix-shell -p git --run "git add ."''
''
nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"''
];
}
{
Push = [{
script = ''nix-shell -p git --run "git push origin master"'';
credentialsId = github-id;
}];
}
])
(job "test-taskninja"
{
url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git";
credentialsId = gogs-id;
} [
{
"Create Shell" = [
''
nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"''
];
}
{ Update = [ ''nix-shell ./jenkins.nix --run "cabal update"'' ]; }
{
Configure = [
''nix-shell ./jenkins.nix --run "cabal configure --enable-tests"''
''
nix-shell ./jenkins.nix --run "cabal install --only-dependencies"''
];
}
{ Build = [ ''nix-shell ./jenkins.nix --run "cabal build"'' ]; }
{ Test = [ ''nix-shell ./jenkins.nix --run "cabal test"'' ]; }
])
# sync to github
# --------------
(sync-to-github "sync-radiodj"
"ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj2.git"
"git@github.com:crashburn-radio/radio-dj.git")
(sync-to-github "sync-radiodj-tracks"
"ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj-tracks.git"
"git@github.com:crashburn-radio/radio-dj-tracks.git")
(sync-to-github "sync-krops-module"
"ssh://gogs@workhorse.private:2222/nix-modules/krops.git"
"git@github.com:mrVanDalo/module.krops.git")
(sync-to-github "sync-cluster-module"
"ssh://gogs@workhorse.private:2222/nix-modules/cluster.git"
"git@github.com:mrVanDalo/module.cluster.git")
(sync-to-github "sync-backup-module"
"ssh://gogs@workhorse.private:2222/nix-modules/backup.git"
"git@github.com:mrVanDalo/module.backup.git")
(sync-to-github "sync-module-tinc"
"ssh://gogs@workhorse.private:2222/palo/nixos-tinc.git"
"git@github.com:mrVanDalo/nixos-tinc.git")
(sync-to-github "sync-memo"
"ssh://gogs@workhorse.private:2222/palo/memo.git"
"git@github.com:mrVanDalo/memo.git")
(sync-to-github "sync-diagrams-template"
"ssh://gogs@workhorse.private:2222/palo/diagrams-template.git"
"git@github.com:mrVanDalo/diagrams.git")
(sync-to-github "sync-plops"
"ssh://gogs@workhorse.private:2222/palo/plops.git"
"git@github.com:mrVanDalo/plops.git")
(sync-to-github "sync-image-generator"
"ssh://gogs@workhorse.private:2222/palo/image-generator2.git"
"git@github.com:mrVanDalo/image-generator.git")
(sync-to-github "sync-image-generator-lib"
"ssh://gogs@workhorse.private:2222/palo/image-generator-lib.git"
"git@github.com:mrVanDalo/image-generator-examples.git")
(sync-to-github "sync-tech.ingolf-wagner.de"
"ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git"
"git@github.com:mrVanDalo/tech.ingolf-wagner.de.git")
(sync-to-github "sync-LineageOS-build"
"ssh://gogs@git.ingolf-wagner.de:2222/palo/LineagoOS-build.git"
"git@github.com:mrVanDalo/LineagoOS-build.git")
(sync-to-github "sync-http-errors"
"ssh://gogs@git.ingolf-wagner.de:2222/palo/http-errors.git"
"git@github.com:mrVanDalo/http-errors.git")
(sync-to-github "sync-light-control"
"ssh://gogs@git.ingolf-wagner.de:2222/palo/light-control.git"
"git@github.com:mrVanDalo/light-control.git")
];
};
};
}

71
nixos/configs/robi/jupyter.nix
View file

@ -1,71 +0,0 @@
{ pkgs, lib, config, ... }: {
services.jupyter = {
enable = true;
ip = "0.0.0.0";
#In [1]: from notebook.auth import passwd
#In [2]: passwd('test')
#Out[2]: 'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'
#NOTE: you need to keep the single quote inside nix string.
password = "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'";
kernels = {
python3 =
let
env = (pkgs.python3.withPackages (pythonPackages:
with pythonPackages; [
ipykernel
pandas
# database stuff
mysqlclient
databases
asyncpg
psycopg2
aiomysql
pymysql
aiosqlite
#aiopg
sqlalchemy
# pdf export
nbconvert
]));
in
{
displayName = "Python 3";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
};
};
};
# to generate pdfs and such
environment.systemPackages = [ pkgs.pandoc ];
backup.dirs = [ "/var/lib/jupyter" ];
backup.exclude =
[ "/var/lib/jupyter/.local" "/var/lib/jupyter/.ipynb_checkpoints" ];
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"python.${config.networking.hostName}.private" = {
serverAliases = [ "jupyter.${config.networking.hostName}.private" ];
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.jupyter.port
}";
};
};
};
};
}

22
nixos/configs/robi/prometheus.nix
View file

@ -19,25 +19,10 @@
job_name = "nginx"; job_name = "nginx";
scrape_interval = "8s"; scrape_interval = "8s";
static_configs = [ static_configs = [
{
targets = [ "sputnik.private:9113" ];
labels = {
service = "nginx";
server = "sputnik";
};
}
{
targets = [ "sputnik.private:9113" ];
labels = {
service = "nginx";
server = "sputnik";
};
}
{ {
targets = [ "workhorse.private:9113" ]; targets = [ "workhorse.private:9113" ];
labels = { labels = {
service = "nginx"; service = "nginx";
server = "sputnik";
}; };
} }
]; ];
@ -55,13 +40,6 @@
server = "pepe"; server = "pepe";
}; };
} }
{
targets = [ "sputnik.private:19999" ];
labels = {
service = "netdata";
server = "sputnik";
};
}
{ {
targets = [ "workhorse.private:19999" ]; targets = [ "workhorse.private:19999" ];
labels = { labels = {

2
nixos/configs/sternchen/tinc.nix
View file

@ -8,7 +8,7 @@ with lib;
"secret" = { "secret" = {
enable = true; enable = true;
openPort = true; openPort = true;
connectTo = [ "sputnik" "robi" ]; connectTo = [ "robi" ];
}; };
}; };

4
nixos/configs/sterni/tinc.nix
View file

@ -8,7 +8,7 @@ with lib;
"private" = { "private" = {
enable = true; enable = true;
openPort = true; openPort = true;
connectTo = [ "sputnik" "robi" ]; connectTo = [ "robi" ];
}; };
"retiolum" = { "retiolum" = {
enable = true; enable = true;
@ -17,7 +17,7 @@ with lib;
"secret" = { "secret" = {
enable = true; enable = true;
openPort = true; openPort = true;
connectTo = [ "sputnik" "robi" ]; connectTo = [ "robi" ];
}; };
}; };

2
nixos/system/all/nginx-landingpage.nix
View file

@ -248,9 +248,7 @@
}) })
(map (name: { inherit name; }) [ (map (name: { inherit name; }) [
"workhorse" "workhorse"
"porani"
"pepe" "pepe"
"sputnik"
] ]
#(lib.attrNames config.module.cluster.services.tinc."private".hosts) #(lib.attrNames config.module.cluster.services.tinc."private".hosts)
); );

9
nixos/system/all/sshd-known-hosts-private.nix
View file

@ -38,15 +38,6 @@
]; ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
}; };
"sputnik.private" = {
hostNames = [
"sputnik.private"
"sputnik.secret"
config.module.cluster.services.tinc.private.hosts.sputnik.tincIp
config.module.cluster.services.tinc.secret.hosts.sputnik.tincIp
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
};
"workhorse.private" = { "workhorse.private" = {
hostNames = [ hostNames = [
"workhorse.private" "workhorse.private"

15
nixos/system/all/tinc.nix
View file

@ -78,11 +78,6 @@ in
tincIp = "10.123.42.21"; tincIp = "10.123.42.21";
publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file; publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
}; };
sputnik = {
realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ];
tincIp = "10.123.42.122";
publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
};
robi = { robi = {
realAddress = [ "144.76.13.147" ]; realAddress = [ "144.76.13.147" ];
tincIp = "10.123.42.123"; tincIp = "10.123.42.123";
@ -128,16 +123,6 @@ in
tincIp = "10.23.42.111"; tincIp = "10.23.42.111";
publicKey = lib.fileContents ../../assets/tinc/robi_host_file; publicKey = lib.fileContents ../../assets/tinc/robi_host_file;
}; };
sputnik = {
realAddress = [
"195.201.134.247"
"195.201.134.247:443"
"static.247.134.201.195.clients.your-server.de"
"static.247.134.201.195.clients.your-server.de:443"
];
tincIp = "10.23.42.122";
publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
};
}; };
}; };
}; };