From 6ab12dcad5dedb362ecd7529975d7ac934e49a65 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Thu, 6 Jan 2022 15:55:21 +0000 Subject: [PATCH] ops/nixos: rm marukuru --- ops/nixos/default.nix | 1 - ops/nixos/lib/coredns/zones/db.as205479.net | 6 +- ops/nixos/lib/home-manager/common.nix | 1 - ops/nixos/marukuru/default.nix | 183 -------------------- ops/nixos/totoro/default.nix | 2 +- 5 files changed, 2 insertions(+), 191 deletions(-) delete mode 100644 ops/nixos/marukuru/default.nix diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index b4ad8f9027..fbff63d3c8 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -18,7 +18,6 @@ let systems = [ "porcorosso" "howl" - "marukuru" "clouvider-fra01" "totoro" "swann" diff --git a/ops/nixos/lib/coredns/zones/db.as205479.net b/ops/nixos/lib/coredns/zones/db.as205479.net index cf0bc15964..3d61ac6fe4 100644 --- a/ops/nixos/lib/coredns/zones/db.as205479.net +++ b/ops/nixos/lib/coredns/zones/db.as205479.net @@ -3,7 +3,7 @@ ; SPDX-License-Identifier: Apache-2.0 ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL -@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 42 600 450 3600 300 +@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 43 600 450 3600 300 ; NB: this are also glue records in Google Domains. $INCLUDE tmpl.ns @@ -54,10 +54,6 @@ etheroute-lon01 3600 IN A 83.97.19.68 etheroute-lon01 3600 IN AAAA 2a07:242:800:64::68 etheroute-lon01.int 3600 IN A 100.111.191.21 -marukuru 3600 IN A 103.105.48.15 -marukuru 3600 IN AAAA 2402:28c0:4:104e::1 -marukuru.int 3600 IN A 100.98.193.46 - kusakabe 3600 IN A 188.165.197.49 kusakabe 3600 IN AAAA 2001:41d0:2:8e31::1 kusakabe.int 3600 IN A 100.101.38.52 diff --git a/ops/nixos/lib/home-manager/common.nix b/ops/nixos/lib/home-manager/common.nix index 9a1f8721f4..b1768de426 100644 --- a/ops/nixos/lib/home-manager/common.nix +++ b/ops/nixos/lib/home-manager/common.nix @@ -44,7 +44,6 @@ in extraOptions.setEnv = "TERM=xterm-256color"; }; in ({ - marukuru.port = 20022; sar1 = { hostname = "81.131.50.219"; extraOptions.setEnv = "TERM=xterm-256color"; diff --git a/ops/nixos/marukuru/default.nix b/ops/nixos/marukuru/default.nix deleted file mode 100644 index 3d4a37ee6a..0000000000 --- a/ops/nixos/marukuru/default.nix +++ /dev/null @@ -1,183 +0,0 @@ -# SPDX-FileCopyrightText: 2020 Luke Granger-Brown -# -# SPDX-License-Identifier: Apache-2.0 - -{ depot, lib, pkgs, rebuilder, config, ... }: -let - inherit (depot.ops) secrets; -in { - imports = [ - ../../../third_party/nixpkgs/nixos/modules/profiles/qemu-guest.nix - ../lib/low-space.nix - ]; - boot.kernelModules = [ "tcp_bbr" ]; - boot.kernel.sysctl = { - "net.ipv6.conf.default.accept_ra" = 2; - "net.ipv6.conf.all.accept_ra" = 2; - "net.ipv6.conf.eth0.accept_ra" = 2; - }; - - fileSystems = { - "/" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - }; - - nix.maxJobs = lib.mkDefault 2; - hardware.enableRedistributableFirmware = true; - - nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; - - # Use GRUB2. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - # Networking! - networking = { - hostName = "marukuru"; # Define your hostname. - domain = "lukegb.xyz"; - nameservers = ["2001:4860:4860::8888" "8.8.8.8"]; - useDHCP = false; - defaultGateway = { - address = "103.105.48.1"; interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = true; - interfaces = { - eth0 = { - ipv4.addresses = [ - { address="103.105.48.15"; prefixLength=24; } - ]; - ipv6.addresses = [ - { address="2402:28c0:4:104e::1"; prefixLength=64; } - ]; - }; - }; - }; - my.ip.tailscale = "100.98.193.46"; - services.udev.extraRules = '' - ATTR{address}=="52:54:00:84:e2:2a", NAME="eth0" - ''; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; []; - - services.openssh.ports = [ 20022 ]; - my.deploy.args = "-p 20022"; - my.rundeck.hostname = "${config.networking.fqdn}:20022"; - - networking.firewall = { - interfaces.docker0.allowedTCPPorts = [ 25 ]; - allowedTCPPorts = [ 22 80 443 20022 ]; - # allowedUDPPorts = []; - allowPing = true; - }; - - # Define a user account. - users.mutableUsers = false; - users.users = { - root.hashedPassword = secrets.passwordHashes.root; - lukegb = { - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" ]; - hashedPassword = secrets.passwordHashes.root; - }; - postfix = { - extraGroups = [ "opendkim" ]; - }; - }; - - services.postfix = { - enable = true; - domain = "hg.lukegb.com"; - hostname = "hg.lukegb.com"; - extraConfig = '' - milter_protocol = 2 - milter_default_action = accept - smtpd_milters = ${config.services.opendkim.socket} - non_smtpd_milters = ${config.services.opendkim.socket} - ''; - networks = [ "172.17.0.0/16" ]; - }; - services.opendkim = { - enable = true; - domains = "csl:hg.lukegb.com"; - selector = "marukuru"; - }; - - virtualisation.docker.extraOptions = "--experimental --ipv6 --ip6tables --fixed-cidr-v6 2402:28c0:4:104e:d000::/68"; - - # Container networking. - networking.nat = { - enable = true; - internalInterfaces = [ "ve-+" ]; - externalInterface = "eth0"; - }; - networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; - - containers.deployer = { - config = { config, pkgs, ... }: { - imports = [ - ../lib/low-space.nix - ]; - networking.hosts = depot.ops.nixos.tailscaleIPs; - nix = { - binaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; - trustedBinaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; - envVars = { - AWS_ACCESS_KEY_ID = "${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"; - AWS_SECRET_ACCESS_KEY = "${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"; - }; - }; - environment.etc."secrets/gitlab-runner-registration" = { - text = '' - CI_SERVER_URL=https://hg.lukegb.com - REGISTRATION_TOKEN=${depot.ops.secrets.deployer.registrationToken} - ''; - mode = "0600"; - }; - services.gitlab-runner = { - enable = true; - concurrent = 4; - services = { - deployer = { - registrationConfigFile = "/etc/secrets/gitlab-runner-registration"; - executor = "shell"; - tagList = [ "deployer" ]; - }; - }; - gracefulTermination = true; - gracefulTimeout = "4min"; - package = depot.nix.pkgs.heptapod-runner; - }; - users.users.gitlab-runner = { - isNormalUser = true; - group = "nogroup"; - createHome = true; - home = "/srv/gitlab-runner"; - }; - system.activationScripts.deployer-key = lib.stringAfter [ "users" "groups" ] '' - mkdir -p /srv/gitlab-runner/.ssh - chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh - chmod -R u=rwX,go= /srv/gitlab-runner/.ssh - cp "${pkgs.writeTextFile { - name = "gitlab-runner-key"; - destination = "/private/id_ed25519"; - text = depot.ops.secrets.deployer.privateKey; - }}/private/id_ed25519" /srv/gitlab-runner/.ssh/id_ed25519 - chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh - chmod -R u=rwX,go= /srv/gitlab-runner/.ssh - ''; - environment.systemPackages = with pkgs; [ - vim rxvt_unicode.terminfo rsync jq - depot.nix.pkgs.heptapod-runner-mercurial - ]; - }; - }; - - system.stateVersion = "20.03"; -} diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix index 106cd2f48f..4d1565d864 100644 --- a/ops/nixos/totoro/default.nix +++ b/ops/nixos/totoro/default.nix @@ -298,7 +298,7 @@ in { # Systems - alert: NodeExporterDown - expr: up{exporter="node", system=~"(blade-(tuvok|paris|janeway|torres)|kusakabe|marukuru|swann|totoro|clouvider-.*|etheroute-.*)"} < 1 + expr: up{exporter="node", system=~"(blade-(tuvok|paris|janeway|torres)|kusakabe|swann|totoro|clouvider-.*|etheroute-.*)"} < 1 for: 30m labels: severity: page