forked from Drift/pvv-nixos-config
Merge branch 'jokum_logs' of Drift/pvv-nixos-config into main
This commit is contained in:
commit
4a82d22a56
|
@ -16,7 +16,7 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
|
||||||
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
|
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
|
||||||
|
|
||||||
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
|
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
|
||||||
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
|
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
|
||||||
|
|
||||||
som root på maskinen.
|
som root på maskinen.
|
||||||
|
|
||||||
|
|
5
base.nix
5
base.nix
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, inputs, ... }:
|
{ config, lib, pkgs, inputs, values, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -8,6 +8,9 @@
|
||||||
networking.domain = "pvv.ntnu.no";
|
networking.domain = "pvv.ntnu.no";
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
networking.search = [ "pvv.ntnu.no" "pvv.org" ];
|
networking.search = [ "pvv.ntnu.no" "pvv.org" ];
|
||||||
|
networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
|
||||||
|
networking.tempAddresses = lib.mkDefault "disabled";
|
||||||
|
networking.defaultGateway = values.gateway;
|
||||||
|
|
||||||
services.resolved = {
|
services.resolved = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
31
flake.lock
31
flake.lock
|
@ -2,27 +2,26 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"matrix-next": {
|
"matrix-next": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1671009204,
|
"lastModified": 1671663871,
|
||||||
"narHash": "sha256-gqA9po/KmHyh44XYqv/LfFJ1+MGufhaaD6DhDqBeaF8=",
|
"narHash": "sha256-06G6xYTFPVuvmN/k2QDeBk9XIp4LDxEKWRL3aLAFFNo=",
|
||||||
"owner": "dali99",
|
"owner": "dali99",
|
||||||
"repo": "nixos-matrix-modules",
|
"repo": "nixos-matrix-modules",
|
||||||
"rev": "43dbc17526576cb8e0980cef51c48b6598f97550",
|
"rev": "b6f0a026a78200c0e526aa73279c228e08673437",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "dali99",
|
"owner": "dali99",
|
||||||
"ref": "flake-experiments",
|
|
||||||
"repo": "nixos-matrix-modules",
|
"repo": "nixos-matrix-modules",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1670946965,
|
"lastModified": 1673785634,
|
||||||
"narHash": "sha256-PDJfKgK/aSV3ISnD1TbKpLPW85LO/AQI73yQjbwribA=",
|
"narHash": "sha256-4SPGYVNutklnlpSMaqL+GA2x5DJ+QL85T+hOF6MHAZE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "265caf30fa0a5148395b62777389b57eb0a537fd",
|
"rev": "54d5d59cb19728a0321efbcd22c539109489965b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -34,11 +33,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1670146390,
|
"lastModified": 1673740915,
|
||||||
"narHash": "sha256-XrEoDpuloRHHbUkbPnhF2bQ0uwHllXq3NHxtuVe/QK4=",
|
"narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "86370507cb20c905800527539fc049a2bf09c667",
|
"rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -64,11 +63,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1670149631,
|
"lastModified": 1673752321,
|
||||||
"narHash": "sha256-rwmtlxx45PvOeZNP51wql/cWjY3rqzIR3Oj2Y+V7jM0=",
|
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "da98a111623101c64474a14983d83dad8f09f93d",
|
"rev": "e18eefd2b133a58309475298052c341c08470717",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -79,11 +78,11 @@
|
||||||
},
|
},
|
||||||
"unstable": {
|
"unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1670918062,
|
"lastModified": 1673855649,
|
||||||
"narHash": "sha256-iOhkyBYUU9Jfkk0lvI4ahpjyrTsLXj9uyJWwmjKg+gg=",
|
"narHash": "sha256-Pc1VumquuFMDR1Ers1QOVDDabL/trVwfqWXeKJPXLQg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "84575b0bd882be979516f4fecfe4d7c8de8f6a92",
|
"rev": "c85d08692966cf022b0a741a794cb1650602d8af",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
matrix-next.url = "github:dali99/nixos-matrix-modules/flake-experiments";
|
matrix-next.url = "github:dali99/nixos-matrix-modules";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
|
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
jokum = nixpkgs.lib.nixosSystem {
|
jokum = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = { inherit unstable inputs; };
|
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/jokum/configuration.nix
|
./hosts/jokum/configuration.nix
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
};
|
};
|
||||||
ildkule = nixpkgs.lib.nixosSystem {
|
ildkule = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = { inherit unstable inputs; };
|
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/ildkule/configuration.nix
|
./hosts/ildkule/configuration.nix
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
|
|
|
@ -22,7 +22,6 @@
|
||||||
|
|
||||||
networking.interfaces.ens18.useDHCP = false;
|
networking.interfaces.ens18.useDHCP = false;
|
||||||
|
|
||||||
networking.defaultGateway = "129.241.210.129";
|
|
||||||
networking.interfaces.ens18.ipv4 = {
|
networking.interfaces.ens18.ipv4 = {
|
||||||
addresses = [
|
addresses = [
|
||||||
{
|
{
|
||||||
|
@ -39,7 +38,6 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
|
|
||||||
|
|
||||||
# List packages installed in system profile
|
# List packages installed in system profile
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -20,6 +20,7 @@ in {
|
||||||
"knakelibrak.pvv.ntnu.no:9100"
|
"knakelibrak.pvv.ntnu.no:9100"
|
||||||
"hildring.pvv.ntnu.no:9100"
|
"hildring.pvv.ntnu.no:9100"
|
||||||
"bicep.pvv.ntnu.no:9100"
|
"bicep.pvv.ntnu.no:9100"
|
||||||
|
"jokum.pvv.ntnu.no:9100"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,12 +1,11 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, values, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
../../base.nix
|
../../base.nix
|
||||||
# Users can just import any configuration they want even for non-user things. Improve the users/default.nix to just load some specific attributes if this isn't wanted
|
../../misc/metrics-exporters.nix
|
||||||
|
|
||||||
../../misc/rust-motd.nix
|
../../misc/rust-motd.nix
|
||||||
|
|
||||||
./services/matrix
|
./services/matrix
|
||||||
|
@ -27,16 +26,14 @@
|
||||||
networking.hostName = "jokum"; # Define your hostname.
|
networking.hostName = "jokum"; # Define your hostname.
|
||||||
|
|
||||||
networking.interfaces.ens18.useDHCP = false;
|
networking.interfaces.ens18.useDHCP = false;
|
||||||
|
|
||||||
networking.defaultGateway = "129.241.210.129";
|
|
||||||
networking.interfaces.ens18.ipv4 = {
|
networking.interfaces.ens18.ipv4 = {
|
||||||
addresses = [
|
addresses = [
|
||||||
{
|
{
|
||||||
address = "129.241.210.169";
|
address = values.jokum.ipv4;
|
||||||
prefixLength = 25;
|
prefixLength = 25;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
address = "129.241.210.213";
|
address = values.turn.ipv4;
|
||||||
prefixLength = 25;
|
prefixLength = 25;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -44,16 +41,15 @@
|
||||||
networking.interfaces.ens18.ipv6 = {
|
networking.interfaces.ens18.ipv6 = {
|
||||||
addresses = [
|
addresses = [
|
||||||
{
|
{
|
||||||
address = "2001:700:300:1900::169";
|
address = values.jokum.ipv6;
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
address = "2001:700:300:1900::213";
|
address = values.turn.ipv6;
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
|
|
||||||
|
|
||||||
# List packages installed in system profile
|
# List packages installed in system profile
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, values, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.matrix-synapse-next;
|
cfg = config.services.matrix-synapse-next;
|
||||||
|
@ -184,12 +184,25 @@ in {
|
||||||
|
|
||||||
metricsPath = w: "/metrics/${w.type}/${toString w.index}";
|
metricsPath = w: "/metrics/${w.type}/${toString w.index}";
|
||||||
proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
|
proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
|
||||||
in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; }))
|
in lib.mapAttrs' (n: v: lib.nameValuePair
|
||||||
|
(metricsPath v) ({
|
||||||
|
proxyPass = proxyPath v;
|
||||||
|
extraConfig = ''
|
||||||
|
allow ${values.ildkule.ipv4};
|
||||||
|
allow ${values.ildkule.ipv6};
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
|
}))
|
||||||
cfg.workers.instances;
|
cfg.workers.instances;
|
||||||
})
|
})
|
||||||
({
|
({
|
||||||
locations."/metrics/master/1" = {
|
locations."/metrics/master/1" = {
|
||||||
proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
|
proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
|
||||||
|
extraConfig = ''
|
||||||
|
allow ${values.ildkule.ipv4};
|
||||||
|
allow ${values.ildkule.ipv6};
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
locations."/metrics/" = let
|
locations."/metrics/" = let
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, values, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.prometheus.exporters.node = {
|
services.prometheus.exporters.node = {
|
||||||
|
@ -7,6 +7,14 @@
|
||||||
enabledCollectors = [ "systemd" ];
|
enabledCollectors = [ "systemd" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.prometheus-node-exporter.serviceConfig = {
|
||||||
|
IPAddressDeny = "any";
|
||||||
|
IPAddressAllow = [
|
||||||
|
values.ildkule.ipv4
|
||||||
|
values.ildkule.ipv6
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
services.promtail = {
|
services.promtail = {
|
||||||
enable = true;
|
enable = true;
|
||||||
configuration = {
|
configuration = {
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Feel free to change the structure of this file
|
||||||
|
|
||||||
|
rec {
|
||||||
|
gateway = "129.241.210.129";
|
||||||
|
|
||||||
|
|
||||||
|
jokum = {
|
||||||
|
ipv4 = "129.241.210.169";
|
||||||
|
ipv6 = "2001:700:300:1900::169";
|
||||||
|
};
|
||||||
|
matrix = {
|
||||||
|
ipv4 = jokum.ipv4;
|
||||||
|
ipv6 = jokum.ipv6;
|
||||||
|
};
|
||||||
|
# Also on jokum
|
||||||
|
turn = {
|
||||||
|
ipv4 = "129.241.210.213";
|
||||||
|
ipv6 = "2001:700:300:1900::213";
|
||||||
|
};
|
||||||
|
|
||||||
|
ildkule = {
|
||||||
|
ipv4 = "129.241.210.187";
|
||||||
|
ipv6 = "2001:700:300:1900::187";
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue