lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

ops/nixos: rm marukuru

Browse source
This commit is contained in:
Luke Granger-Brown 2022-01-06 15:55:21 +00:00
parent 2495e3f88b
commit 6ab12dcad5
5 changed files with 2 additions and 191 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ops/nixos/default.nix
View file

@ -18,7 +18,6 @@ let
systems = [ systems = [
"porcorosso" "porcorosso"
"howl" "howl"
"marukuru"
"clouvider-fra01" "clouvider-fra01"
"totoro" "totoro"
"swann" "swann"

6
ops/nixos/lib/coredns/zones/db.as205479.net
View file

@ -3,7 +3,7 @@
; SPDX-License-Identifier: Apache-2.0 ; SPDX-License-Identifier: Apache-2.0
; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL
@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 42 600 450 3600 300 @ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 43 600 450 3600 300
; NB: this are also glue records in Google Domains. ; NB: this are also glue records in Google Domains.
$INCLUDE tmpl.ns $INCLUDE tmpl.ns
@ -54,10 +54,6 @@ etheroute-lon01 3600 IN A 83.97.19.68
etheroute-lon01 3600 IN AAAA 2a07:242:800:64::68 etheroute-lon01 3600 IN AAAA 2a07:242:800:64::68
etheroute-lon01.int 3600 IN A 100.111.191.21 etheroute-lon01.int 3600 IN A 100.111.191.21
marukuru 3600 IN A 103.105.48.15
marukuru 3600 IN AAAA 2402:28c0:4:104e::1
marukuru.int 3600 IN A 100.98.193.46
kusakabe 3600 IN A 188.165.197.49 kusakabe 3600 IN A 188.165.197.49
kusakabe 3600 IN AAAA 2001:41d0:2:8e31::1 kusakabe 3600 IN AAAA 2001:41d0:2:8e31::1
kusakabe.int 3600 IN A 100.101.38.52 kusakabe.int 3600 IN A 100.101.38.52

1
ops/nixos/lib/home-manager/common.nix
View file

@ -44,7 +44,6 @@ in
extraOptions.setEnv = "TERM=xterm-256color"; extraOptions.setEnv = "TERM=xterm-256color";
}; };
in ({ in ({
marukuru.port = 20022;
sar1 = { sar1 = {
hostname = "81.131.50.219"; hostname = "81.131.50.219";
extraOptions.setEnv = "TERM=xterm-256color"; extraOptions.setEnv = "TERM=xterm-256color";

183
ops/nixos/marukuru/default.nix
View file

@ -1,183 +0,0 @@
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, rebuilder, config, ... }:
let
inherit (depot.ops) secrets;
in {
imports = [
../../../third_party/nixpkgs/nixos/modules/profiles/qemu-guest.nix
../lib/low-space.nix
];
boot.kernelModules = [ "tcp_bbr" ];
boot.kernel.sysctl = {
"net.ipv6.conf.default.accept_ra" = 2;
"net.ipv6.conf.all.accept_ra" = 2;
"net.ipv6.conf.eth0.accept_ra" = 2;
};
fileSystems = {
"/" = {
device = "/dev/vda1";
fsType = "ext4";
};
};
nix.maxJobs = lib.mkDefault 2;
hardware.enableRedistributableFirmware = true;
nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ];
# Use GRUB2.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
# Networking!
networking = {
hostName = "marukuru"; # Define your hostname.
domain = "lukegb.xyz";
nameservers = ["2001:4860:4860::8888" "8.8.8.8"];
useDHCP = false;
defaultGateway = {
address = "103.105.48.1"; interface = "eth0";
};
dhcpcd.enable = false;
usePredictableInterfaceNames = true;
interfaces = {
eth0 = {
ipv4.addresses = [
{ address="103.105.48.15"; prefixLength=24; }
];
ipv6.addresses = [
{ address="2402:28c0:4:104e::1"; prefixLength=64; }
];
};
};
};
my.ip.tailscale = "100.98.193.46";
services.udev.extraRules = ''
ATTR{address}=="52:54:00:84:e2:2a", NAME="eth0"
'';
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [];
services.openssh.ports = [ 20022 ];
my.deploy.args = "-p 20022";
my.rundeck.hostname = "${config.networking.fqdn}:20022";
networking.firewall = {
interfaces.docker0.allowedTCPPorts = [ 25 ];
allowedTCPPorts = [ 22 80 443 20022 ];
# allowedUDPPorts = [];
allowPing = true;
};
# Define a user account.
users.mutableUsers = false;
users.users = {
root.hashedPassword = secrets.passwordHashes.root;
lukegb = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
hashedPassword = secrets.passwordHashes.root;
};
postfix = {
extraGroups = [ "opendkim" ];
};
};
services.postfix = {
enable = true;
domain = "hg.lukegb.com";
hostname = "hg.lukegb.com";
extraConfig = ''
milter_protocol = 2
milter_default_action = accept
smtpd_milters = ${config.services.opendkim.socket}
non_smtpd_milters = ${config.services.opendkim.socket}
'';
networks = [ "172.17.0.0/16" ];
};
services.opendkim = {
enable = true;
domains = "csl:hg.lukegb.com";
selector = "marukuru";
};
virtualisation.docker.extraOptions = "--experimental --ipv6 --ip6tables --fixed-cidr-v6 2402:28c0:4:104e:d000::/68";
# Container networking.
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "eth0";
};
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
containers.deployer = {
config = { config, pkgs, ... }: {
imports = [
../lib/low-space.nix
];
networking.hosts = depot.ops.nixos.tailscaleIPs;
nix = {
binaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
trustedBinaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
envVars = {
AWS_ACCESS_KEY_ID = "${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}";
AWS_SECRET_ACCESS_KEY = "${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}";
};
};
environment.etc."secrets/gitlab-runner-registration" = {
text = ''
CI_SERVER_URL=https://hg.lukegb.com
REGISTRATION_TOKEN=${depot.ops.secrets.deployer.registrationToken}
'';
mode = "0600";
};
services.gitlab-runner = {
enable = true;
concurrent = 4;
services = {
deployer = {
registrationConfigFile = "/etc/secrets/gitlab-runner-registration";
executor = "shell";
tagList = [ "deployer" ];
};
};
gracefulTermination = true;
gracefulTimeout = "4min";
package = depot.nix.pkgs.heptapod-runner;
};
users.users.gitlab-runner = {
isNormalUser = true;
group = "nogroup";
createHome = true;
home = "/srv/gitlab-runner";
};
system.activationScripts.deployer-key = lib.stringAfter [ "users" "groups" ] ''
mkdir -p /srv/gitlab-runner/.ssh
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
cp "${pkgs.writeTextFile {
name = "gitlab-runner-key";
destination = "/private/id_ed25519";
text = depot.ops.secrets.deployer.privateKey;
}}/private/id_ed25519" /srv/gitlab-runner/.ssh/id_ed25519
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
'';
environment.systemPackages = with pkgs; [
vim rxvt_unicode.terminfo rsync jq
depot.nix.pkgs.heptapod-runner-mercurial
];
};
};
system.stateVersion = "20.03";
}

2
ops/nixos/totoro/default.nix
View file

@ -298,7 +298,7 @@ in {
# Systems # Systems
- alert: NodeExporterDown - alert: NodeExporterDown
expr: up{exporter="node", system=~"(blade-(tuvok|paris|janeway|torres)|kusakabe|marukuru|swann|totoro|clouvider-.*|etheroute-.*)"} < 1 expr: up{exporter="node", system=~"(blade-(tuvok|paris|janeway|torres)|kusakabe|swann|totoro|clouvider-.*|etheroute-.*)"} < 1
for: 30m for: 30m
labels: labels:
severity: page severity: page