Merge branch 'jokum_logs' of Drift/pvv-nixos-config into main

2023-01-17 18:50:41 +01:00 · 2023-01-17 18:50:41 +01:00 · 4a82d22a56
parent 524bbdb78b 64d0253aa0
commit 4a82d22a56
10 changed files with 79 additions and 36 deletions
--- a/README.MD
+++ b/README.MD
@ -16,7 +16,7 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
 Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
 Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
-`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
+`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
 som root på maskinen.
--- a/base.nix
+++ b/base.nix
@ -1,4 +1,4 @@
-{ config, pkgs, inputs, ... }:
+{ config, lib, pkgs, inputs, values, ... }:
 {
  imports = [
@ -8,6 +8,9 @@
  networking.domain = "pvv.ntnu.no";
  networking.useDHCP = false;
  networking.search = [ "pvv.ntnu.no" "pvv.org" ];
  networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
  networking.tempAddresses = lib.mkDefault "disabled";
  networking.defaultGateway = values.gateway;
  services.resolved = {
    enable = true;
--- a/flake.lock
+++ b/flake.lock
@ -2,27 +2,26 @@
  "nodes": {
    "matrix-next": {
      "locked": {
-        "lastModified": 1671009204,
+        "lastModified": 1671663871,
-        "narHash": "sha256-gqA9po/KmHyh44XYqv/LfFJ1+MGufhaaD6DhDqBeaF8=",
+        "narHash": "sha256-06G6xYTFPVuvmN/k2QDeBk9XIp4LDxEKWRL3aLAFFNo=",
        "owner": "dali99",
        "repo": "nixos-matrix-modules",
-        "rev": "43dbc17526576cb8e0980cef51c48b6598f97550",
+        "rev": "b6f0a026a78200c0e526aa73279c228e08673437",
        "type": "github"
      },
      "original": {
        "owner": "dali99",
        "ref": "flake-experiments",
        "repo": "nixos-matrix-modules",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1670946965,
+        "lastModified": 1673785634,
-        "narHash": "sha256-PDJfKgK/aSV3ISnD1TbKpLPW85LO/AQI73yQjbwribA=",
+        "narHash": "sha256-4SPGYVNutklnlpSMaqL+GA2x5DJ+QL85T+hOF6MHAZE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "265caf30fa0a5148395b62777389b57eb0a537fd",
+        "rev": "54d5d59cb19728a0321efbcd22c539109489965b",
        "type": "github"
      },
      "original": {
@ -34,11 +33,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1670146390,
+        "lastModified": 1673740915,
-        "narHash": "sha256-XrEoDpuloRHHbUkbPnhF2bQ0uwHllXq3NHxtuVe/QK4=",
+        "narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "86370507cb20c905800527539fc049a2bf09c667",
+        "rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2",
        "type": "github"
      },
      "original": {
@ -64,11 +63,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1670149631,
+        "lastModified": 1673752321,
-        "narHash": "sha256-rwmtlxx45PvOeZNP51wql/cWjY3rqzIR3Oj2Y+V7jM0=",
+        "narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "da98a111623101c64474a14983d83dad8f09f93d",
+        "rev": "e18eefd2b133a58309475298052c341c08470717",
        "type": "github"
      },
      "original": {
@ -79,11 +78,11 @@
    },
    "unstable": {
      "locked": {
-        "lastModified": 1670918062,
+        "lastModified": 1673855649,
-        "narHash": "sha256-iOhkyBYUU9Jfkk0lvI4ahpjyrTsLXj9uyJWwmjKg+gg=",
+        "narHash": "sha256-Pc1VumquuFMDR1Ers1QOVDDabL/trVwfqWXeKJPXLQg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "84575b0bd882be979516f4fecfe4d7c8de8f6a92",
+        "rev": "c85d08692966cf022b0a741a794cb1650602d8af",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -8,7 +8,7 @@
    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
-    matrix-next.url = "github:dali99/nixos-matrix-modules/flake-experiments";
+    matrix-next.url = "github:dali99/nixos-matrix-modules";
  };
  outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs: 
@ -22,7 +22,7 @@
    nixosConfigurations = {
      jokum = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
-        specialArgs = { inherit unstable inputs; };
+        specialArgs = { inherit unstable inputs; values = import ./values.nix; };
        modules = [
          ./hosts/jokum/configuration.nix
          sops-nix.nixosModules.sops
@ -32,7 +32,7 @@
      };
      ildkule = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
-        specialArgs = { inherit unstable inputs; };
+        specialArgs = { inherit unstable inputs; values = import ./values.nix; };
        modules = [
          ./hosts/ildkule/configuration.nix
          sops-nix.nixosModules.sops
--- a/hosts/ildkule/configuration.nix
+++ b/hosts/ildkule/configuration.nix
@ -22,7 +22,6 @@
  networking.interfaces.ens18.useDHCP = false;
  networking.defaultGateway = "129.241.210.129";
  networking.interfaces.ens18.ipv4 = {
    addresses = [
      {
@ -39,7 +38,6 @@
      }
    ];
  };
  networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
  # List packages installed in system profile
  environment.systemPackages = with pkgs; [
--- a/hosts/ildkule/services/metrics/prometheus.nix
+++ b/hosts/ildkule/services/metrics/prometheus.nix
@ -20,6 +20,7 @@ in {
              "knakelibrak.pvv.ntnu.no:9100"
              "hildring.pvv.ntnu.no:9100"
              "bicep.pvv.ntnu.no:9100"
              "jokum.pvv.ntnu.no:9100"
            ];
          }
        ];
--- a/hosts/jokum/configuration.nix
+++ b/hosts/jokum/configuration.nix
@ -1,12 +1,11 @@
-{ config, pkgs, ... }:
+{ config, pkgs, values, ... }:
 {
  imports = [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ../../base.nix
-      # Users can just import any configuration they want even for non-user things. Improve the users/default.nix to just load some specific attributes if this isn't wanted
+      ../../misc/metrics-exporters.nix
      ../../misc/rust-motd.nix
      ./services/matrix
@ -27,16 +26,14 @@
  networking.hostName = "jokum"; # Define your hostname.
  networking.interfaces.ens18.useDHCP = false;
  networking.defaultGateway = "129.241.210.129";
  networking.interfaces.ens18.ipv4 = {
    addresses = [
      {
-        address = "129.241.210.169";
+        address = values.jokum.ipv4;
        prefixLength = 25;
      }
      {
-        address = "129.241.210.213";
+        address = values.turn.ipv4;
        prefixLength = 25;
      }
    ];
@ -44,16 +41,15 @@
  networking.interfaces.ens18.ipv6 = {
    addresses = [
      {
-        address = "2001:700:300:1900::169";
+        address = values.jokum.ipv6;
        prefixLength = 64;
      }
      {
-        address = "2001:700:300:1900::213";
+        address = values.turn.ipv6;
        prefixLength = 64;
      }
    ];
  };
  networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
  # List packages installed in system profile
  environment.systemPackages = with pkgs; [
--- a/hosts/jokum/services/matrix/synapse.nix
+++ b/hosts/jokum/services/matrix/synapse.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, values, ... }:
 let
  cfg = config.services.matrix-synapse-next;
@ -184,12 +184,25 @@ in {
      metricsPath = w: "/metrics/${w.type}/${toString w.index}";
      proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
-    in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; }))
+    in lib.mapAttrs' (n: v: lib.nameValuePair
      (metricsPath v) ({
        proxyPass = proxyPath v;
        extraConfig = ''
          allow ${values.ildkule.ipv4};
          allow ${values.ildkule.ipv6};
          deny all;
        '';
      }))
      cfg.workers.instances;
  })
  ({
    locations."/metrics/master/1" = {
      proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
      extraConfig = ''
        allow ${values.ildkule.ipv4};
        allow ${values.ildkule.ipv6};
        deny all;
      '';
    };
    locations."/metrics/" = let
--- a/misc/metrics-exporters.nix
+++ b/misc/metrics-exporters.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, values, ... }:
 {
  services.prometheus.exporters.node = {
@ -7,6 +7,14 @@
    enabledCollectors = [ "systemd" ];
  };
  systemd.services.prometheus-node-exporter.serviceConfig = {
    IPAddressDeny = "any";
    IPAddressAllow = [
      values.ildkule.ipv4
      values.ildkule.ipv6
    ];
  };
  services.promtail = {
    enable = true;
    configuration = {
--- a/values.nix
+++ b/values.nix
@ -0,0 +1,25 @@
 # Feel free to change the structure of this file
 rec {
  gateway = "129.241.210.129";
  jokum = {
    ipv4 = "129.241.210.169";
    ipv6 = "2001:700:300:1900::169";
  };
  matrix = {
    ipv4 = jokum.ipv4;
    ipv6 = jokum.ipv6;
  };
  # Also on jokum
  turn = {
    ipv4 = "129.241.210.213";
    ipv6 = "2001:700:300:1900::213";
  };
  ildkule = {
    ipv4 = "129.241.210.187";
    ipv6 = "2001:700:300:1900::187";
  };
 }