Drift/pvv-nixos-config
Drift/pvv-nixos-config
16
4
Fork 1
Code Issues Pull Requests11 Actions Wiki Activity

Merge branch 'jokum_logs' of Drift/pvv-nixos-config into main

Browse Source
This commit is contained in:
Daniel Lovbrotte Olsen 2023-01-17 18:50:41 +01:00 committed by Gogs
commit 4a82d22a56
10 changed files with 79 additions and 36 deletions

2
README.MD

@ -16,7 +16,7 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
som root på maskinen.

5
base.nix

@ -1,4 +1,4 @@
{ config, pkgs, inputs, ... }:
{ config, lib, pkgs, inputs, values, ... }:
{
imports = [
@ -8,6 +8,9 @@
networking.domain = "pvv.ntnu.no";
networking.useDHCP = false;
networking.search = [ "pvv.ntnu.no" "pvv.org" ];
networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
networking.tempAddresses = lib.mkDefault "disabled";
networking.defaultGateway = values.gateway;
services.resolved = {
enable = true;

31
flake.lock generated

@ -2,27 +2,26 @@
"nodes": {
"matrix-next": {
"locked": {
"lastModified": 1671009204,
"narHash": "sha256-gqA9po/KmHyh44XYqv/LfFJ1+MGufhaaD6DhDqBeaF8=",
"lastModified": 1671663871,
"narHash": "sha256-06G6xYTFPVuvmN/k2QDeBk9XIp4LDxEKWRL3aLAFFNo=",
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "43dbc17526576cb8e0980cef51c48b6598f97550",
"rev": "b6f0a026a78200c0e526aa73279c228e08673437",
"type": "github"
},
"original": {
"owner": "dali99",
"ref": "flake-experiments",
"repo": "nixos-matrix-modules",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1670946965,
"narHash": "sha256-PDJfKgK/aSV3ISnD1TbKpLPW85LO/AQI73yQjbwribA=",
"lastModified": 1673785634,
"narHash": "sha256-4SPGYVNutklnlpSMaqL+GA2x5DJ+QL85T+hOF6MHAZE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "265caf30fa0a5148395b62777389b57eb0a537fd",
"rev": "54d5d59cb19728a0321efbcd22c539109489965b",
"type": "github"
},
"original": {
@ -34,11 +33,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1670146390,
"narHash": "sha256-XrEoDpuloRHHbUkbPnhF2bQ0uwHllXq3NHxtuVe/QK4=",
"lastModified": 1673740915,
"narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "86370507cb20c905800527539fc049a2bf09c667",
"rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2",
"type": "github"
},
"original": {
@ -64,11 +63,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1670149631,
"narHash": "sha256-rwmtlxx45PvOeZNP51wql/cWjY3rqzIR3Oj2Y+V7jM0=",
"lastModified": 1673752321,
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "da98a111623101c64474a14983d83dad8f09f93d",
"rev": "e18eefd2b133a58309475298052c341c08470717",
"type": "github"
},
"original": {
@ -79,11 +78,11 @@
},
"unstable": {
"locked": {
"lastModified": 1670918062,
"narHash": "sha256-iOhkyBYUU9Jfkk0lvI4ahpjyrTsLXj9uyJWwmjKg+gg=",
"lastModified": 1673855649,
"narHash": "sha256-Pc1VumquuFMDR1Ers1QOVDDabL/trVwfqWXeKJPXLQg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "84575b0bd882be979516f4fecfe4d7c8de8f6a92",
"rev": "c85d08692966cf022b0a741a794cb1650602d8af",
"type": "github"
},
"original": {

6
flake.nix

@ -8,7 +8,7 @@
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/flake-experiments";
matrix-next.url = "github:dali99/nixos-matrix-modules";
};
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
@ -22,7 +22,7 @@
nixosConfigurations = {
jokum = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit unstable inputs; };
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
modules = [
./hosts/jokum/configuration.nix
sops-nix.nixosModules.sops
@ -32,7 +32,7 @@
};
ildkule = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit unstable inputs; };
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
modules = [
./hosts/ildkule/configuration.nix
sops-nix.nixosModules.sops

2
hosts/ildkule/configuration.nix

@ -22,7 +22,6 @@
networking.interfaces.ens18.useDHCP = false;
networking.defaultGateway = "129.241.210.129";
networking.interfaces.ens18.ipv4 = {
addresses = [
{
@ -39,7 +38,6 @@
}
];
};
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
# List packages installed in system profile
environment.systemPackages = with pkgs; [

1
hosts/ildkule/services/metrics/prometheus.nix

@ -20,6 +20,7 @@ in {
"knakelibrak.pvv.ntnu.no:9100"
"hildring.pvv.ntnu.no:9100"
"bicep.pvv.ntnu.no:9100"
"jokum.pvv.ntnu.no:9100"
];
}
];

16
hosts/jokum/configuration.nix

@ -1,12 +1,11 @@
{ config, pkgs, ... }:
{ config, pkgs, values, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../base.nix
# Users can just import any configuration they want even for non-user things. Improve the users/default.nix to just load some specific attributes if this isn't wanted
../../misc/metrics-exporters.nix
../../misc/rust-motd.nix
./services/matrix
@ -27,16 +26,14 @@
networking.hostName = "jokum"; # Define your hostname.
networking.interfaces.ens18.useDHCP = false;
networking.defaultGateway = "129.241.210.129";
networking.interfaces.ens18.ipv4 = {
addresses = [
{
address = "129.241.210.169";
address = values.jokum.ipv4;
prefixLength = 25;
}
{
address = "129.241.210.213";
address = values.turn.ipv4;
prefixLength = 25;
}
];
@ -44,16 +41,15 @@
networking.interfaces.ens18.ipv6 = {
addresses = [
{
address = "2001:700:300:1900::169";
address = values.jokum.ipv6;
prefixLength = 64;
}
{
address = "2001:700:300:1900::213";
address = values.turn.ipv6;
prefixLength = 64;
}
];
};
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
# List packages installed in system profile
environment.systemPackages = with pkgs; [

17
hosts/jokum/services/matrix/synapse.nix

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, values, ... }:
let
cfg = config.services.matrix-synapse-next;
@ -184,12 +184,25 @@ in {
metricsPath = w: "/metrics/${w.type}/${toString w.index}";
proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; }))
in lib.mapAttrs' (n: v: lib.nameValuePair
(metricsPath v) ({
proxyPass = proxyPath v;
extraConfig = ''
allow ${values.ildkule.ipv4};
allow ${values.ildkule.ipv6};
deny all;
'';
}))
cfg.workers.instances;
})
({
locations."/metrics/master/1" = {
proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
extraConfig = ''
allow ${values.ildkule.ipv4};
allow ${values.ildkule.ipv6};
deny all;
'';
};
locations."/metrics/" = let

10
misc/metrics-exporters.nix

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, values, ... }:
{
services.prometheus.exporters.node = {
@ -7,6 +7,14 @@
enabledCollectors = [ "systemd" ];
};
systemd.services.prometheus-node-exporter.serviceConfig = {
IPAddressDeny = "any";
IPAddressAllow = [
values.ildkule.ipv4
values.ildkule.ipv6
];
};
services.promtail = {
enable = true;
configuration = {

25
values.nix Normal file

@ -0,0 +1,25 @@
# Feel free to change the structure of this file
rec {
gateway = "129.241.210.129";
jokum = {
ipv4 = "129.241.210.169";
ipv6 = "2001:700:300:1900::169";
};
matrix = {
ipv4 = jokum.ipv4;
ipv6 = jokum.ipv6;
};
# Also on jokum
turn = {
ipv4 = "129.241.210.213";
ipv6 = "2001:700:300:1900::213";
};
ildkule = {
ipv4 = "129.241.210.187";
ipv6 = "2001:700:300:1900::187";
};
}