Merge branch 'jokum_logs' of Drift/pvv-nixos-config into main
This commit is contained in:
commit
4a82d22a56
@ -16,7 +16,7 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
|
||||
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
|
||||
|
||||
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
|
||||
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
|
||||
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
|
||||
|
||||
som root på maskinen.
|
||||
|
||||
|
5
base.nix
5
base.nix
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, inputs, ... }:
|
||||
{ config, lib, pkgs, inputs, values, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
@ -8,6 +8,9 @@
|
||||
networking.domain = "pvv.ntnu.no";
|
||||
networking.useDHCP = false;
|
||||
networking.search = [ "pvv.ntnu.no" "pvv.org" ];
|
||||
networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
|
||||
networking.tempAddresses = lib.mkDefault "disabled";
|
||||
networking.defaultGateway = values.gateway;
|
||||
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
|
31
flake.lock
generated
31
flake.lock
generated
@ -2,27 +2,26 @@
|
||||
"nodes": {
|
||||
"matrix-next": {
|
||||
"locked": {
|
||||
"lastModified": 1671009204,
|
||||
"narHash": "sha256-gqA9po/KmHyh44XYqv/LfFJ1+MGufhaaD6DhDqBeaF8=",
|
||||
"lastModified": 1671663871,
|
||||
"narHash": "sha256-06G6xYTFPVuvmN/k2QDeBk9XIp4LDxEKWRL3aLAFFNo=",
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"rev": "43dbc17526576cb8e0980cef51c48b6598f97550",
|
||||
"rev": "b6f0a026a78200c0e526aa73279c228e08673437",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "dali99",
|
||||
"ref": "flake-experiments",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1670946965,
|
||||
"narHash": "sha256-PDJfKgK/aSV3ISnD1TbKpLPW85LO/AQI73yQjbwribA=",
|
||||
"lastModified": 1673785634,
|
||||
"narHash": "sha256-4SPGYVNutklnlpSMaqL+GA2x5DJ+QL85T+hOF6MHAZE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "265caf30fa0a5148395b62777389b57eb0a537fd",
|
||||
"rev": "54d5d59cb19728a0321efbcd22c539109489965b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -34,11 +33,11 @@
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1670146390,
|
||||
"narHash": "sha256-XrEoDpuloRHHbUkbPnhF2bQ0uwHllXq3NHxtuVe/QK4=",
|
||||
"lastModified": 1673740915,
|
||||
"narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "86370507cb20c905800527539fc049a2bf09c667",
|
||||
"rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -64,11 +63,11 @@
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1670149631,
|
||||
"narHash": "sha256-rwmtlxx45PvOeZNP51wql/cWjY3rqzIR3Oj2Y+V7jM0=",
|
||||
"lastModified": 1673752321,
|
||||
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "da98a111623101c64474a14983d83dad8f09f93d",
|
||||
"rev": "e18eefd2b133a58309475298052c341c08470717",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -79,11 +78,11 @@
|
||||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1670918062,
|
||||
"narHash": "sha256-iOhkyBYUU9Jfkk0lvI4ahpjyrTsLXj9uyJWwmjKg+gg=",
|
||||
"lastModified": 1673855649,
|
||||
"narHash": "sha256-Pc1VumquuFMDR1Ers1QOVDDabL/trVwfqWXeKJPXLQg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "84575b0bd882be979516f4fecfe4d7c8de8f6a92",
|
||||
"rev": "c85d08692966cf022b0a741a794cb1650602d8af",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -8,7 +8,7 @@
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
matrix-next.url = "github:dali99/nixos-matrix-modules/flake-experiments";
|
||||
matrix-next.url = "github:dali99/nixos-matrix-modules";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
|
||||
@ -22,7 +22,7 @@
|
||||
nixosConfigurations = {
|
||||
jokum = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit unstable inputs; };
|
||||
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
|
||||
modules = [
|
||||
./hosts/jokum/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
@ -32,7 +32,7 @@
|
||||
};
|
||||
ildkule = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit unstable inputs; };
|
||||
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
|
||||
modules = [
|
||||
./hosts/ildkule/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
|
@ -22,7 +22,6 @@
|
||||
|
||||
networking.interfaces.ens18.useDHCP = false;
|
||||
|
||||
networking.defaultGateway = "129.241.210.129";
|
||||
networking.interfaces.ens18.ipv4 = {
|
||||
addresses = [
|
||||
{
|
||||
@ -39,7 +38,6 @@
|
||||
}
|
||||
];
|
||||
};
|
||||
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
|
||||
|
||||
# List packages installed in system profile
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -20,6 +20,7 @@ in {
|
||||
"knakelibrak.pvv.ntnu.no:9100"
|
||||
"hildring.pvv.ntnu.no:9100"
|
||||
"bicep.pvv.ntnu.no:9100"
|
||||
"jokum.pvv.ntnu.no:9100"
|
||||
];
|
||||
}
|
||||
];
|
||||
|
@ -1,12 +1,11 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, values, ... }:
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
|
||||
../../base.nix
|
||||
# Users can just import any configuration they want even for non-user things. Improve the users/default.nix to just load some specific attributes if this isn't wanted
|
||||
|
||||
../../misc/metrics-exporters.nix
|
||||
../../misc/rust-motd.nix
|
||||
|
||||
./services/matrix
|
||||
@ -27,16 +26,14 @@
|
||||
networking.hostName = "jokum"; # Define your hostname.
|
||||
|
||||
networking.interfaces.ens18.useDHCP = false;
|
||||
|
||||
networking.defaultGateway = "129.241.210.129";
|
||||
networking.interfaces.ens18.ipv4 = {
|
||||
addresses = [
|
||||
{
|
||||
address = "129.241.210.169";
|
||||
address = values.jokum.ipv4;
|
||||
prefixLength = 25;
|
||||
}
|
||||
{
|
||||
address = "129.241.210.213";
|
||||
address = values.turn.ipv4;
|
||||
prefixLength = 25;
|
||||
}
|
||||
];
|
||||
@ -44,16 +41,15 @@
|
||||
networking.interfaces.ens18.ipv6 = {
|
||||
addresses = [
|
||||
{
|
||||
address = "2001:700:300:1900::169";
|
||||
address = values.jokum.ipv6;
|
||||
prefixLength = 64;
|
||||
}
|
||||
{
|
||||
address = "2001:700:300:1900::213";
|
||||
address = values.turn.ipv6;
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
};
|
||||
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
|
||||
|
||||
# List packages installed in system profile
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, values, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.matrix-synapse-next;
|
||||
@ -184,12 +184,25 @@ in {
|
||||
|
||||
metricsPath = w: "/metrics/${w.type}/${toString w.index}";
|
||||
proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
|
||||
in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; }))
|
||||
in lib.mapAttrs' (n: v: lib.nameValuePair
|
||||
(metricsPath v) ({
|
||||
proxyPass = proxyPath v;
|
||||
extraConfig = ''
|
||||
allow ${values.ildkule.ipv4};
|
||||
allow ${values.ildkule.ipv6};
|
||||
deny all;
|
||||
'';
|
||||
}))
|
||||
cfg.workers.instances;
|
||||
})
|
||||
({
|
||||
locations."/metrics/master/1" = {
|
||||
proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
|
||||
extraConfig = ''
|
||||
allow ${values.ildkule.ipv4};
|
||||
allow ${values.ildkule.ipv6};
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/metrics/" = let
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, values, ... }:
|
||||
|
||||
{
|
||||
services.prometheus.exporters.node = {
|
||||
@ -7,6 +7,14 @@
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
|
||||
systemd.services.prometheus-node-exporter.serviceConfig = {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = [
|
||||
values.ildkule.ipv4
|
||||
values.ildkule.ipv6
|
||||
];
|
||||
};
|
||||
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
|
25
values.nix
Normal file
25
values.nix
Normal file
@ -0,0 +1,25 @@
|
||||
# Feel free to change the structure of this file
|
||||
|
||||
rec {
|
||||
gateway = "129.241.210.129";
|
||||
|
||||
|
||||
jokum = {
|
||||
ipv4 = "129.241.210.169";
|
||||
ipv6 = "2001:700:300:1900::169";
|
||||
};
|
||||
matrix = {
|
||||
ipv4 = jokum.ipv4;
|
||||
ipv6 = jokum.ipv6;
|
||||
};
|
||||
# Also on jokum
|
||||
turn = {
|
||||
ipv4 = "129.241.210.213";
|
||||
ipv6 = "2001:700:300:1900::213";
|
||||
};
|
||||
|
||||
ildkule = {
|
||||
ipv4 = "129.241.210.187";
|
||||
ipv6 = "2001:700:300:1900::187";
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user