Drift/pvv-nixos-config
Drift
/
pvv-nixos-config
13
3
Fork 1
Code Issues Pull Requests 3 Activity

Merge branch 'jokum_logs' of Drift/pvv-nixos-config into main

This commit is contained in:
Daniel Lovbrotte Olsen 2023-01-17 18:50:41 +01:00 committed by Gogs
parent 524bbdb78b 64d0253aa0
commit 4a82d22a56
10 changed files with 79 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.MD
View File

@ -16,7 +16,7 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
som root på maskinen.

5
base.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, inputs, ... }:
{ config, lib, pkgs, inputs, values, ... }:
{
imports = [
@ -8,6 +8,9 @@
networking.domain = "pvv.ntnu.no";
networking.useDHCP = false;
networking.search = [ "pvv.ntnu.no" "pvv.org" ];
networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
networking.tempAddresses = lib.mkDefault "disabled";
networking.defaultGateway = values.gateway;
services.resolved = {
enable = true;

31
flake.lock
View File

@ -2,27 +2,26 @@
"nodes": {
"matrix-next": {
"locked": {
"lastModified": 1671009204,
"narHash": "sha256-gqA9po/KmHyh44XYqv/LfFJ1+MGufhaaD6DhDqBeaF8=",
"lastModified": 1671663871,
"narHash": "sha256-06G6xYTFPVuvmN/k2QDeBk9XIp4LDxEKWRL3aLAFFNo=",
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "43dbc17526576cb8e0980cef51c48b6598f97550",
"rev": "b6f0a026a78200c0e526aa73279c228e08673437",
"type": "github"
},
"original": {
"owner": "dali99",
"ref": "flake-experiments",
"repo": "nixos-matrix-modules",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1670946965,
"narHash": "sha256-PDJfKgK/aSV3ISnD1TbKpLPW85LO/AQI73yQjbwribA=",
"lastModified": 1673785634,
"narHash": "sha256-4SPGYVNutklnlpSMaqL+GA2x5DJ+QL85T+hOF6MHAZE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "265caf30fa0a5148395b62777389b57eb0a537fd",
"rev": "54d5d59cb19728a0321efbcd22c539109489965b",
"type": "github"
},
"original": {
@ -34,11 +33,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1670146390,
"narHash": "sha256-XrEoDpuloRHHbUkbPnhF2bQ0uwHllXq3NHxtuVe/QK4=",
"lastModified": 1673740915,
"narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "86370507cb20c905800527539fc049a2bf09c667",
"rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2",
"type": "github"
},
"original": {
@ -64,11 +63,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1670149631,
"narHash": "sha256-rwmtlxx45PvOeZNP51wql/cWjY3rqzIR3Oj2Y+V7jM0=",
"lastModified": 1673752321,
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "da98a111623101c64474a14983d83dad8f09f93d",
"rev": "e18eefd2b133a58309475298052c341c08470717",
"type": "github"
},
"original": {
@ -79,11 +78,11 @@
},
"unstable": {
"locked": {
"lastModified": 1670918062,
"narHash": "sha256-iOhkyBYUU9Jfkk0lvI4ahpjyrTsLXj9uyJWwmjKg+gg=",
"lastModified": 1673855649,
"narHash": "sha256-Pc1VumquuFMDR1Ers1QOVDDabL/trVwfqWXeKJPXLQg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "84575b0bd882be979516f4fecfe4d7c8de8f6a92",
"rev": "c85d08692966cf022b0a741a794cb1650602d8af",
"type": "github"
},
"original": {

6
flake.nix
View File

@ -8,7 +8,7 @@
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/flake-experiments";
matrix-next.url = "github:dali99/nixos-matrix-modules";
};
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
@ -22,7 +22,7 @@
nixosConfigurations = {
jokum = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit unstable inputs; };
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
modules = [
./hosts/jokum/configuration.nix
sops-nix.nixosModules.sops
@ -32,7 +32,7 @@
};
ildkule = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit unstable inputs; };
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
modules = [
./hosts/ildkule/configuration.nix
sops-nix.nixosModules.sops

2
hosts/ildkule/configuration.nix
View File

@ -22,7 +22,6 @@
networking.interfaces.ens18.useDHCP = false;
networking.defaultGateway = "129.241.210.129";
networking.interfaces.ens18.ipv4 = {
addresses = [
{
@ -39,7 +38,6 @@
}
];
};
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
# List packages installed in system profile
environment.systemPackages = with pkgs; [

1
hosts/ildkule/services/metrics/prometheus.nix
View File

@ -20,6 +20,7 @@ in {
"knakelibrak.pvv.ntnu.no:9100"
"hildring.pvv.ntnu.no:9100"
"bicep.pvv.ntnu.no:9100"
"jokum.pvv.ntnu.no:9100"
];
}
];

16
hosts/jokum/configuration.nix
View File

@ -1,12 +1,11 @@
{ config, pkgs, ... }:
{ config, pkgs, values, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../base.nix
# Users can just import any configuration they want even for non-user things. Improve the users/default.nix to just load some specific attributes if this isn't wanted
../../misc/metrics-exporters.nix
../../misc/rust-motd.nix
./services/matrix
@ -27,16 +26,14 @@
networking.hostName = "jokum"; # Define your hostname.
networking.interfaces.ens18.useDHCP = false;
networking.defaultGateway = "129.241.210.129";
networking.interfaces.ens18.ipv4 = {
addresses = [
{
address = "129.241.210.169";
address = values.jokum.ipv4;
prefixLength = 25;
}
{
address = "129.241.210.213";
address = values.turn.ipv4;
prefixLength = 25;
}
];
@ -44,16 +41,15 @@
networking.interfaces.ens18.ipv6 = {
addresses = [
{
address = "2001:700:300:1900::169";
address = values.jokum.ipv6;
prefixLength = 64;
}
{
address = "2001:700:300:1900::213";
address = values.turn.ipv6;
prefixLength = 64;
}
];
};
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
# List packages installed in system profile
environment.systemPackages = with pkgs; [

17
hosts/jokum/services/matrix/synapse.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, values, ... }:
let
cfg = config.services.matrix-synapse-next;
@ -184,12 +184,25 @@ in {
metricsPath = w: "/metrics/${w.type}/${toString w.index}";
proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; }))
in lib.mapAttrs' (n: v: lib.nameValuePair
(metricsPath v) ({
proxyPass = proxyPath v;
extraConfig = ''
allow ${values.ildkule.ipv4};
allow ${values.ildkule.ipv6};
deny all;
'';
}))
cfg.workers.instances;
})
({
locations."/metrics/master/1" = {
proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
extraConfig = ''
allow ${values.ildkule.ipv4};
allow ${values.ildkule.ipv6};
deny all;
'';
};
locations."/metrics/" = let

10
misc/metrics-exporters.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, values, ... }:
{
services.prometheus.exporters.node = {
@ -7,6 +7,14 @@
enabledCollectors = [ "systemd" ];
};
systemd.services.prometheus-node-exporter.serviceConfig = {
IPAddressDeny = "any";
IPAddressAllow = [
values.ildkule.ipv4
values.ildkule.ipv6
];
};
services.promtail = {
enable = true;
configuration = {

25
values.nix Normal file
View File

@ -0,0 +1,25 @@
# Feel free to change the structure of this file
rec {
gateway = "129.241.210.129";
jokum = {
ipv4 = "129.241.210.169";
ipv6 = "2001:700:300:1900::169";
};
matrix = {
ipv4 = jokum.ipv4;
ipv6 = jokum.ipv6;
};
# Also on jokum
turn = {
ipv4 = "129.241.210.213";
ipv6 = "2001:700:300:1900::213";
};
ildkule = {
ipv4 = "129.241.210.187";
ipv6 = "2001:700:300:1900::187";
};
}