Compare commits
2 commits
b328bd569d
...
eb21cb6916
Author | SHA1 | Date | |
---|---|---|---|
Yureka | eb21cb6916 | ||
Yureka | 62af42fc97 |
|
@ -4,6 +4,19 @@
|
|||
meta01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5t9gYorOWgpCFDJgb24pyCKIabGpeI2H/UfdvXODcT";
|
||||
gerrit01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+eSZu+u9sCynrMlsmFzQHLIELQAuVg0Cs1pBvwb4+A";
|
||||
fodwatch = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRyTNfvKl5FcSyzGzw+h+bNFNOxdhvI67WdUZ2iIJ1L";
|
||||
builder-0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHSNcDGctvlG6BHcJuYIzW9WsBJsts2vpwSketsbXoL";
|
||||
builder-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQOGUjERK7Mx8UPM/rbOdMqVyn1sbWqYOG6CbOzH2wm";
|
||||
builder-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKzXIqCoYElEKIYgjbSpqEcDeOvV+Wo3Agq3jba83cB";
|
||||
builder-3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGq0A5233XGt34T097KaEKBUqFvaa7a6nYZRsSO0166l";
|
||||
builder-4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9dVo2xZhgIMDgB1rUj5ApmppL39BtYu/+OFHeduvXr";
|
||||
builder-5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7vZTBxrVHmHpv7slQ8A8XwjjbfN+ZJA0V5C3k0wNBD";
|
||||
builder-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOt1qR/2BRtc6PABuSBulowwJVO6wBNDyEFzh0qsTeOF";
|
||||
builder-7 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFinAAw1v8TJB8/wcmTVBbHHc4LCYh6z4TO6ViwUPkoh";
|
||||
builder-8 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGSWHNeqT0kF/e4yVy2ieW98X5QMyCYIYZh9WTmQDs1";
|
||||
builder-9 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhws9zGgocVY36dMtOL+CXadpvRMffxoWMkfEcTBJm7";
|
||||
builder-10 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7sgIuTSqZiZhp8TvObSbIEhcHHsL5hcmYA22uzwxth";
|
||||
builder-11 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEAqFo1qJY7MSUkfB+zxXB8Lpt/Iqz/RR5A+zwhpRWhr";
|
||||
|
||||
};
|
||||
|
||||
users = {
|
||||
|
|
280
flake.lock
280
flake.lock
|
@ -23,29 +23,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"attic": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711742460,
|
||||
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"ref": "main",
|
||||
"repo": "attic",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"bats-assert": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -101,50 +78,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"grapevine",
|
||||
"attic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1702918879,
|
||||
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"grapevine",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716569590,
|
||||
"narHash": "sha256-5eDbq8TuXFGGO3mqJFzhUbt5zHVTf5zilQoyW5jnJwo=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "109987da061a1bf452f435f1653c47511587d919",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"ref": "master",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -167,29 +100,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fenix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"grapevine",
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716359173,
|
||||
"narHash": "sha256-pYcjP6Gy7i6jPWrjiWAVV0BCQp+DdmGaI/k65lBb/kM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "b6fc5035b28e36a98370d0eac44f4ef3fd323df6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "main",
|
||||
"repo": "fenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -207,39 +117,6 @@
|
|||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"ref": "master",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_4": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
|
@ -271,40 +148,6 @@
|
|||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"ref": "main",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"locked": {
|
||||
"lastModified": 1634851050,
|
||||
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
||||
|
@ -319,34 +162,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"grapevine": {
|
||||
"inputs": {
|
||||
"attic": "attic",
|
||||
"crane": "crane_2",
|
||||
"fenix": "fenix",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nix-filter": "nix-filter",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"host": "gitlab.computer.surgery",
|
||||
"lastModified": 1719530301,
|
||||
"narHash": "sha256-jteW09FEGmI0scXvs8naqbORoEo8TlzY1QjOZt3rdKY=",
|
||||
"owner": "matrix",
|
||||
"repo": "grapevine-fork",
|
||||
"rev": "b05c91b13e215816da1d7b45862952c2c73b8d55",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"host": "gitlab.computer.surgery",
|
||||
"owner": "matrix",
|
||||
"repo": "grapevine-fork",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -391,7 +206,7 @@
|
|||
},
|
||||
"nix": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_4",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nix2container": "nix2container",
|
||||
"nixpkgs": [
|
||||
"hydra",
|
||||
|
@ -414,22 +229,6 @@
|
|||
"url": "https://git@git.lix.systems/lix-project/lix"
|
||||
}
|
||||
},
|
||||
"nix-filter": {
|
||||
"locked": {
|
||||
"lastModified": 1710156097,
|
||||
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
|
||||
"owner": "numtide",
|
||||
"repo": "nix-filter",
|
||||
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"ref": "main",
|
||||
"repo": "nix-filter",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-gerrit": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -468,11 +267,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1711401922,
|
||||
"narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
|
||||
"lastModified": 1719082008,
|
||||
"narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
|
||||
"rev": "9693852a2070b398ee123a329e68f0dab5526681",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -498,39 +297,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1711460390,
|
||||
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1719082008,
|
||||
"narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9693852a2070b398ee123a329e68f0dab5526681",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1636823747,
|
||||
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
|
||||
|
@ -565,34 +332,16 @@
|
|||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"colmena": "colmena",
|
||||
"grapevine": "grapevine",
|
||||
"hydra": "hydra",
|
||||
"lix": [
|
||||
"hydra",
|
||||
"nix"
|
||||
],
|
||||
"nix-gerrit": "nix-gerrit",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"terranix": "terranix"
|
||||
}
|
||||
},
|
||||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1716107283,
|
||||
"narHash": "sha256-NJgrwLiLGHDrCia5AeIvZUHUY7xYGVryee0/9D3Ir1I=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "21ec8f523812b88418b2bfc64240c62b3dd967bd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rust-lang",
|
||||
"ref": "nightly",
|
||||
"repo": "rust-analyzer",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"stable": {
|
||||
"locked": {
|
||||
"lastModified": 1696039360,
|
||||
|
@ -624,27 +373,12 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"terranix": {
|
||||
"inputs": {
|
||||
"bats-assert": "bats-assert",
|
||||
"bats-support": "bats-support",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"terranix-examples": "terranix-examples"
|
||||
},
|
||||
"locked": {
|
||||
|
|
31
flake.nix
31
flake.nix
|
@ -18,14 +18,6 @@
|
|||
nix-gerrit.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
lix.follows = "hydra/nix";
|
||||
|
||||
grapevine = {
|
||||
type = "gitlab";
|
||||
host = "gitlab.computer.surgery";
|
||||
owner = "matrix";
|
||||
repo = "grapevine-fork";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, terranix, colmena, ... } @ inputs:
|
||||
|
@ -131,6 +123,29 @@
|
|||
./hosts/fodwatch.forkos.org
|
||||
];
|
||||
};
|
||||
|
||||
wob-vpn-gw = {
|
||||
imports = [
|
||||
inputs.agenix.nixosModules.default
|
||||
inputs.hydra.nixosModules.hydra
|
||||
|
||||
./services
|
||||
./common
|
||||
./hosts/wob-vpn-gw.forkos.org
|
||||
];
|
||||
};
|
||||
|
||||
} // (lib.listToAttrs (lib.genList (i: lib.nameValuePair "builder-${toString i}" {
|
||||
|
||||
imports = [
|
||||
inputs.agenix.nixosModules.default
|
||||
inputs.hydra.nixosModules.hydra
|
||||
./services
|
||||
./common
|
||||
{
|
||||
bagel.baremetal.builders = { enable = true; num = i; };
|
||||
}
|
||||
];
|
||||
}) 12));
|
||||
};
|
||||
}
|
||||
|
|
|
@ -24,13 +24,6 @@
|
|||
bagel.services.prometheus.enable = true;
|
||||
bagel.services.loki.enable = true;
|
||||
bagel.services.grafana.enable = true;
|
||||
bagel.services.grapevine.enable = true;
|
||||
bagel.services.hookshot = {
|
||||
enable = true;
|
||||
admins = [
|
||||
"@k900:0upti.me"
|
||||
];
|
||||
};
|
||||
|
||||
i18n.defaultLocale = "fr_FR.UTF-8";
|
||||
|
||||
|
|
112
hosts/wob-vpn-gw.forkos.org/default.nix
Normal file
112
hosts/wob-vpn-gw.forkos.org/default.nix
Normal file
|
@ -0,0 +1,112 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
###### Hardware ######
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "sd_mod" "sdhci_pci" ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/58688a5c-e3ce-4868-804b-4e34d1370f36";
|
||||
fsType = "f2fs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/38caa628-3b6d-4fb4-8767-beee09a196a6";
|
||||
fsType = "ext2";
|
||||
};
|
||||
|
||||
nixpkgs.hostPlatform = "x86_64-linux";
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
# Enable serial output
|
||||
boot.loader.grub.extraConfig = ''
|
||||
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
|
||||
terminal_input serial
|
||||
terminal_output serial
|
||||
'';
|
||||
boot.kernelParams = [
|
||||
"console=ttyS0,115200"
|
||||
"console=tty1"
|
||||
];
|
||||
|
||||
###### Config #######
|
||||
|
||||
boot.initrd.systemd.enable = true;
|
||||
|
||||
networking.useNetworkd = true;
|
||||
|
||||
systemd.network = {
|
||||
netdevs = {
|
||||
"40-uplink" = {
|
||||
netdevConfig = {
|
||||
Kind = "bond";
|
||||
Name = "uplink";
|
||||
};
|
||||
bondConfig = {
|
||||
Mode = "802.3ad";
|
||||
TransmitHashPolicy = "layer3+4";
|
||||
};
|
||||
};
|
||||
"40-oob" = {
|
||||
netdevConfig = {
|
||||
Kind = "bond";
|
||||
Name = "oob";
|
||||
};
|
||||
bondConfig = {
|
||||
Mode = "802.3ad";
|
||||
TransmitHashPolicy = "layer3+4";
|
||||
};
|
||||
};
|
||||
};
|
||||
networks = {
|
||||
"40-enp1s0" = {
|
||||
name = "enp1s0";
|
||||
bond = [ "uplink" ];
|
||||
};
|
||||
"40-enp2s0" = {
|
||||
name = "enp2s0";
|
||||
bond = [ "uplink" ];
|
||||
};
|
||||
"40-enp3s0" = {
|
||||
name = "enp3s0";
|
||||
bond = [ "oob" ];
|
||||
};
|
||||
"40-enp4s0" = {
|
||||
name = "enp4s0";
|
||||
bond = [ "oob" ];
|
||||
};
|
||||
} // lib.listToAttrs (map (x: lib.nameValuePair "40-bmc${toString x}" {
|
||||
name = "bmc${toString x}";
|
||||
address = [ "192.168.1.${toString (x*4 + 1)}/30" ];
|
||||
#address = [ "192.168.${toString x}.1/24" ];
|
||||
networkConfig.DHCPServer = true;
|
||||
}) (lib.genList lib.id 12));
|
||||
};
|
||||
|
||||
networking.vlans = lib.listToAttrs (map (x: lib.nameValuePair "bmc${toString x}" {
|
||||
interface = "oob";
|
||||
id = 101 + x;
|
||||
}) (lib.genList lib.id 12));
|
||||
|
||||
networking.interfaces = {
|
||||
uplink = {
|
||||
ipv6.addresses = [
|
||||
{
|
||||
address = "2a01:584:11::2";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.defaultGateway6 = { interface = "uplink"; address = "2a01:584:11::1"; };
|
||||
|
||||
deployment.targetHost = "2a01:584:11::2";
|
||||
|
||||
bagel.sysadmin.enable = true;
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
|
@ -8,7 +8,6 @@ let
|
|||
hydra-ssh-key-priv = [ machines.bagel-box ];
|
||||
netbox-environment = [ machines.meta01 ];
|
||||
mimir-environment = [ machines.meta01 ];
|
||||
mimir-webhook-url = [ machines.meta01 ];
|
||||
grafana-oauth-secret = [ machines.meta01 ];
|
||||
loki-environment = [ machines.meta01 ];
|
||||
|
||||
|
|
Binary file not shown.
85
services/baremetal-builder/default.nix
Normal file
85
services/baremetal-builder/default.nix
Normal file
|
@ -0,0 +1,85 @@
|
|||
{ lib, config, ... }:
|
||||
let
|
||||
cfg = config.bagel.baremetal.builders;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
||||
bagel.baremetal.builders = {
|
||||
enable = lib.mkEnableOption "baremetal bagel oven";
|
||||
num = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
|
||||
nixpkgs.hostPlatform = "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.initrd.systemd.enable = true;
|
||||
|
||||
boot.initrd.services.lvm.enable = true;
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/root";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-label/BOOT";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
boot.kernelParams = [
|
||||
"console=ttyS0,115200"
|
||||
"console=tty1"
|
||||
];
|
||||
|
||||
networking.useNetworkd = true;
|
||||
networking.hostName = "builder-${toString cfg.num}";
|
||||
|
||||
systemd.network = {
|
||||
netdevs = {
|
||||
"40-uplink" = {
|
||||
netdevConfig = {
|
||||
Kind = "bond";
|
||||
Name = "uplink";
|
||||
};
|
||||
bondConfig = {
|
||||
Mode = "802.3ad";
|
||||
TransmitHashPolicy = "layer3+4";
|
||||
};
|
||||
};
|
||||
};
|
||||
networks = {
|
||||
"40-eno1" = {
|
||||
name = "eno1";
|
||||
bond = [ "uplink" ];
|
||||
};
|
||||
"40-eno2" = {
|
||||
name = "eno2";
|
||||
bond = [ "uplink" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.interfaces.uplink.ipv6.addresses = [
|
||||
{ address = "2a01:584:11::1:${toString cfg.num}"; prefixLength = 64; }
|
||||
];
|
||||
networking.defaultGateway6 = { interface = "uplink"; address = "2a01:584:11::1"; };
|
||||
deployment.targetHost = "2a01:584:11::1:${toString cfg.num}";
|
||||
|
||||
networking.nameservers = lib.mkForce ["2001:4860:4860::6464"]; # todo: other dns64
|
||||
|
||||
bagel.sysadmin.enable = true;
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
};
|
||||
}
|
|
@ -2,10 +2,10 @@
|
|||
imports = [
|
||||
./gerrit
|
||||
./hydra
|
||||
./matrix
|
||||
./monitoring
|
||||
./netbox
|
||||
./ofborg
|
||||
./postgres
|
||||
./baremetal-builder
|
||||
];
|
||||
}
|
||||
|
|
|
@ -123,10 +123,5 @@ in {
|
|||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
bagel.monitoring.grafana-agent.exporters = {
|
||||
hydra.port = port;
|
||||
hydra-queue-runner.port = 9198;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,68 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.bagel.services.grapevine;
|
||||
inherit (lib) mkEnableOption mkIf;
|
||||
in
|
||||
|
||||
{
|
||||
imports = [
|
||||
inputs.grapevine.nixosModules.default
|
||||
./hookshot.nix
|
||||
];
|
||||
|
||||
options.bagel.services.grapevine.enable = mkEnableOption "Grapevine";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
grapevine = {
|
||||
enable = true;
|
||||
settings = {
|
||||
listen = [
|
||||
{
|
||||
type = "tcp";
|
||||
address = "127.0.0.1";
|
||||
port = 6167;
|
||||
}
|
||||
];
|
||||
server_name = "forkos.org";
|
||||
database.backend = "rocksdb";
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
upstreams.grapevine.servers."127.0.0.1:6167" = { };
|
||||
|
||||
virtualHosts = {
|
||||
"matrix.forkos.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://grapevine";
|
||||
};
|
||||
|
||||
"forkos.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"= /.well-known/matrix/server".extraConfig = ''
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '{"m.server": "matrix.forkos.org:443"}';
|
||||
'';
|
||||
"= /.well-known/matrix/client".extraConfig = ''
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.forkos.org/"}, "m.identity_server": {"base_url": "https://matrix.org/"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.forkos.org"}}';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,77 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.bagel.services.hookshot;
|
||||
inherit (lib) mkEnableOption mkIf mkOption types;
|
||||
keyPath = "/var/lib/matrix-hookshot/key.pem";
|
||||
in
|
||||
{
|
||||
options.bagel.services.hookshot = {
|
||||
enable = mkEnableOption "matrix-hookshot";
|
||||
settings = mkOption {
|
||||
description = "Settings";
|
||||
type = (pkgs.formats.yaml { }).type;
|
||||
};
|
||||
admins = mkOption {
|
||||
description = "List of admin MXIDs";
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.matrix-hookshot = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
wants = ["network-online.target"];
|
||||
after = ["network-online.target"];
|
||||
serviceConfig = {
|
||||
ExecStart = "${lib.getExe pkgs.matrix-hookshot} ${pkgs.writers.writeYAML "config.yaml" cfg.settings}";
|
||||
ExecStartPre = pkgs.writeShellScript "hookshot-generate-key" ''
|
||||
if [ ! -f ${keyPath} ]; then
|
||||
mkdir -p $(dirname ${keyPath})
|
||||
${lib.getExe pkgs.openssl} genpkey -out ${keyPath} -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096
|
||||
fi
|
||||
'';
|
||||
DynamicUser = true;
|
||||
StateDirectory = "matrix-hookshot";
|
||||
WorkingDirectory = "/var/lib/matrix-hookshot";
|
||||
};
|
||||
};
|
||||
|
||||
bagel.services.hookshot.settings = {
|
||||
bridge = {
|
||||
domain = "forkos.org";
|
||||
url = "https://matrix.forkos.org";
|
||||
mediaUrl = "https://forkos.org";
|
||||
port = 9993;
|
||||
bindAddress = "127.0.0.1";
|
||||
};
|
||||
passFile = keyPath;
|
||||
listeners = [{
|
||||
port = 9994;
|
||||
bindAddress = "127.0.0.1";
|
||||
resources = [ "webhooks" ];
|
||||
}];
|
||||
generic = {
|
||||
enabled = true;
|
||||
urlPrefix = "https://alerts.forkos.org/webhook";
|
||||
};
|
||||
permissions = map (mxid: {
|
||||
actor = mxid;
|
||||
services = [{
|
||||
service = "*";
|
||||
level = "admin";
|
||||
}];
|
||||
}) cfg.admins;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."alerts.forkos.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:9994";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,6 +3,5 @@
|
|||
./exporters
|
||||
./lgtm
|
||||
./agent.nix
|
||||
./hookshot-adapter
|
||||
];
|
||||
}
|
|
@ -1,30 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.bagel.services.alertmanager-hookshot-adapter;
|
||||
inherit (lib) mkEnableOption mkIf;
|
||||
package = pkgs.callPackage ./package.nix {};
|
||||
in
|
||||
{
|
||||
options.bagel.services.alertmanager-hookshot-adapter.enable = mkEnableOption "alertmanager to matrix-hookshot adapter";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.alertmanager-hookshot-adapter = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
wants = ["network-online.target"];
|
||||
after = ["network-online.target"];
|
||||
environment = {
|
||||
PORT = "9100";
|
||||
UPSTREAM = "https://alerts.forkos.org/webhook";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = lib.getExe package;
|
||||
DynamicUser = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,23 +0,0 @@
|
|||
{
|
||||
"name": "alertmanager-hookshot-adapter",
|
||||
"version": "1.0.0",
|
||||
"description": "Adapter between alertmanager webhooks and the Matrix Hookshot Apapter",
|
||||
"main": "index.ts",
|
||||
"license": "Apache-2.0",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/hm-edu/alertmanager-hookshot-adapter"
|
||||
},
|
||||
"dependencies": {
|
||||
"@types/express": "^4.17.21",
|
||||
"@types/node": "^20.11.20",
|
||||
"dotenv": "^16.4.5",
|
||||
"express": "^4.18.2",
|
||||
"node-fetch": "^3.3.2",
|
||||
"typescript": "^5.3.3",
|
||||
"winston": "^3.13.0"
|
||||
},
|
||||
"scripts": {
|
||||
"build": "npx tsc"
|
||||
}
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
mkYarnPackage,
|
||||
fetchFromGitHub,
|
||||
fetchYarnDeps,
|
||||
makeWrapper,
|
||||
nodejs,
|
||||
}:
|
||||
|
||||
mkYarnPackage rec {
|
||||
pname = "alertmanager-hookshot-adapter";
|
||||
version = "1.9.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "hm-edu";
|
||||
repo = "alertmanager-hookshot-adapter";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-KTk70zFA1tymmR8AYrAl2XIyA+SPs5Uksd6Z3kvUb+o=";
|
||||
};
|
||||
|
||||
packageJSON = ./package.json;
|
||||
|
||||
offlineCache = fetchYarnDeps {
|
||||
yarnLock = "${src}/yarn.lock";
|
||||
hash = "sha256-LU25cXB+0DdcHRzKQ1hjQIVntarqPOUXZTgcw6lvLRM=";
|
||||
};
|
||||
|
||||
buildPhase = ''
|
||||
yarn build
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
postInstall = ''
|
||||
makeWrapper ${lib.getExe nodejs} $out/bin/alertmanager-hookshot-adapter \
|
||||
--add-flags $out/libexec/alertmanager-hookshot-adapter/deps/alertmanager-hookshot-adapter/dist/index.js
|
||||
'';
|
||||
|
||||
meta.mainProgram = "alertmanager-hookshot-adapter";
|
||||
}
|
|
@ -20,7 +20,6 @@ in
|
|||
owner = "nginx";
|
||||
};
|
||||
mimir-environment.file = ../../../secrets/mimir-environment.age;
|
||||
mimir-webhook-url.file = ../../../secrets/mimir-webhook-url.age;
|
||||
};
|
||||
|
||||
services.mimir = {
|
||||
|
@ -69,11 +68,6 @@ in
|
|||
receivers = [
|
||||
{
|
||||
name = "matrix";
|
||||
webhook_configs = [{
|
||||
# Mimir can't expand environment variables in external config files,
|
||||
# so work around it.
|
||||
url_file = "/run/credentials/mimir.service/webhook-url";
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
@ -84,10 +78,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.mimir.serviceConfig = {
|
||||
EnvironmentFile = [ config.age.secrets.mimir-environment.path ];
|
||||
LoadCredential = [ "webhook-url:${config.age.secrets.mimir-webhook-url.path}" ];
|
||||
};
|
||||
systemd.services.mimir.serviceConfig.EnvironmentFile = [ config.age.secrets.mimir-environment.path ];
|
||||
|
||||
services.nginx.virtualHosts."mimir.forkos.org" = {
|
||||
enableACME = true;
|
||||
|
@ -99,6 +90,5 @@ in
|
|||
};
|
||||
|
||||
bagel.monitoring.grafana-agent.exporters.mimir.port = 9009;
|
||||
bagel.services.alertmanager-hookshot-adapter.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -67,7 +67,6 @@ in
|
|||
(record "loki" 3600 "CNAME" ["meta01.infra"])
|
||||
(record "mimir" 3600 "CNAME" ["meta01.infra"])
|
||||
(record "matrix" 3600 "CNAME" ["meta01.infra"])
|
||||
(record "alerts" 3600 "CNAME" ["meta01.infra"])
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue