Upload voyager host

This commit is contained in:
Felix Albrigtsen 2023-04-15 20:44:47 +02:00
parent 16f7a6939e
commit b9ada673f4
14 changed files with 37786 additions and 24 deletions

View File

@ -32,22 +32,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1673606088,
"narHash": "sha256-wdYD41UwNwPhTdMaG0AIe7fE1bAdyHe6bB4HLUqUvck=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "37b97ae3dd714de9a17923d004a2c5b5543dfa6d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
@ -57,20 +41,23 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2", "nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1673752321, "lastModified": 1681209176,
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=", "narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "e18eefd2b133a58309475298052c341c08470717", "rev": "00d5fd73756d424de5263b92235563bc06f2c6e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "sops-nix", "owner": "Mic92",
"type": "indirect" "repo": "sops-nix",
"type": "github"
} }
}, },
"unstable": { "unstable": {

View File

@ -5,8 +5,8 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
# sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
# sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs: outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
@ -15,6 +15,16 @@
in in
{ {
nixosConfigurations = { nixosConfigurations = {
voyager = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/voyager/configuration.nix
sops-nix.nixosModules.sops
];
};
chapel = nixpkgs.lib.nixosSystem { chapel = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
@ -22,6 +32,7 @@
}; };
modules = [ modules = [
./hosts/chapel/configuration.nix ./hosts/chapel/configuration.nix
sops-nix.nixosModules.sops
]; ];
}; };
redshirt = nixpkgs.lib.nixosSystem { redshirt = nixpkgs.lib.nixosSystem {

View File

@ -0,0 +1,96 @@
{ config, pkgs, ... }:
{
imports =
[
../../base.nix
../../common/metrics-exporters.nix
./hardware-configuration.nix
./containers.nix
./services/metrics
# TODO:
# - Boots
# - Transmission
# - Jellyfin
# - NFS exports
# x Monitoring server
# - Kali VM
# - Kerberos / IPA
];
boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = [ "nohibernate" ]; # No swap, no hibernate
supportedFilesystems = [ "zfs" ];
};
# filesystems."/tank" = {
# device = "tank";
# fsType = "zfs";
# };
networking = {
hostName = "voyager";
defaultGateway = "192.168.10.1";
nameservers = [ "192.168.10.1" "1.1.1.1" ];
interfaces.eth0.ipv4 = {
addresses = [
{ address = "192.168.10.165"; prefixLength = 24; }
];
};
hostId = "8e84b235";
};
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
((vim_configurable.override { }).customize{
name = "vim";
vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
start = [ vim-nix vim-lastplace ];
opt = [];
};
vimrcConfig.customRC = ''
" your custom vimrc
set number
set relativenumber
set nu rnu
set signcolumn=number
set hlsearch
set smartcase
set incsearch
set autoindent
set expandtab
set shiftwidth=2
set tabstop=2
set smartindent
set smarttab
set ruler
set undolevels=1000
set nocompatible
set backspace=indent,eol,start
" Turn on syntax highlighting by default
syntax on
" ...
'';
}
)
wget
git
tree
rsync
bottom
];
networking.firewall.allowedTCPPorts = [ 22 ];
system.stateVersion = "22.11";
}

View File

@ -0,0 +1,13 @@
{ config, pkgs, values, ... }:
{
config.virtualisation.oci-containers.containers = {
flame = {
image = "pawelmalak/flame";
ports = [ "5005:5005" ];
volumes = [
"/var/lib/flame/data:/app/data/"
];
};
};
}

View File

@ -0,0 +1,92 @@
DISK='/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101b10101c61e14737f7ba5d4debafb705fb5bb1082a0be6e8a84f5eb4ae02393df000000000000000000009940bff9ff01740081558107b5ad5d4a-0:0 /dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101aa2faa7599e5f2afc0dde60a5f61a62999cc479fbf61706afe2f115d19735f550000000000000000000026304b1f0094160081558107b5ac9a2a-0:0'
for i in ${DISK} do
# sgdisk --zap-all $i
# # EFI partition
# sgdisk -n2:1M:+1G -t1:EF00 $i
# # Root partition, remaining size
# sgdisk -n1:0:0 -t3:BF00 $i
#
parted "$i" -- mklabel gpt
parted "$i" -- mkpart primary ext2 1MB 513MB
parted "$i" -- mkpart primary ext2 513MB 100%
done
# # Boot partition for GRUB, limited features
# zpool create \
# -o compatibility=grub2 \
# -o ashift=12 \
# -o autotrim=on \
# -O acltype=posixacl \
# -O canmount=off \
# -O compression=lz4 \
# -O devices=off \
# -O normalization=formD \
# -O relatime=on \
# -O xattr=sa \
# -O mountpoint=/boot \
# -R /mnt \
# bpool \
# mirror \
# $(for i in ${DISK}; do
# printf "$i-part2 ";
# done)
# Root partition
zpool create \
-f
-o ashift=12 \
-o autotrim=on \
-R /mnt \
-O acltype=posixacl \
-O canmount=off \
-O compression=zstd \
-O dnodesize=auto \
-O normalization=formD \
# -O relatime=on \
-O atime=off \
-O xattr=sa \
-O mountpoint=/ \
rpool \
mirror \
$(for i in ${DISK}; do
printf "$i-part1 ";
done)
zfs create \
-o canmount=off \
-o mountpoint=none \
rpool/nixos
# Create system datasets, let NixOS declaritvely manage mountpoints with mountpoint=legacy
zfs create -o mountpoint=legacy rpool/nixos/root
mount -t zfs rpool/nixos/root /mnt/
zfs create -o mountpoint=legacy rpool/nixos/home
mkdir /mnt/home
mount -t zfs rpool/nixos/home /mnt/home
zfs create -o mountpoint=legacy rpool/nixos/var
zfs create -o mountpoint=legacy rpool/nixos/var/lib
# zfs create -o mountpoint=legacy rpool/nixos/var/log
# zfs create -o mountpoint=none bpool/nixos
# zfs create -o mountpoint=legacy bpool/nixos/root
# mkdir /mnt/boot
# mount -t zfs bpool/nixos/root /mnt/boot
# mkdir -p /mnt/var/log
mkdir -p /mnt/var/lib
mount -t zfs rpool/nixos/var/lib /mnt/var/lib
# mount -t zfs rpool/nixos/var/log /mnt/var/log
zfs create -o mountpoint=legacy rpool/nixos/empty
zfs snapshot rpool/nixos/empty@start
# Format and mount ESP:
for i in ${DISK}; do
mkfs.vfat -n EFI ${i}-part2
mkdir -p /mnt/boot/efis/${i##*/}-part2
mount -t vfat ${i}-part2 /mnt/boot/efis/${i##*/}-part2
done

View File

@ -0,0 +1,54 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/nixos/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/nixos/home";
fsType = "zfs";
};
fileSystems."/var/lib" =
{ device = "rpool/nixos/var/lib";
fsType = "zfs";
};
fileSystems."/boot/efis/usb-USB_SanDisk_3.2Gen1_0101b10101c61e14737f7ba5d4debafb705fb5bb1082a0be6e8a84f5eb4ae02393df000000000000000000009940bff9ff01740081558107b5ad5d4a-0:0-part1" =
{ device = "/dev/sdb1";
fsType = "vfat";
};
fileSystems."/boot/efis/usb-USB_SanDisk_3.2Gen1_0101aa2faa7599e5f2afc0dde60a5f61a62999cc479fbf61706afe2f115d19735f550000000000000000000026304b1f0094160081558107b5ac9a2a-0:0-part1" =
{ device = "/dev/sdc1";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.idrac.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
imports = [
./prometheus.nix
./grafana.nix
./loki.nix
./snmp-exporter.nix
];
}

View File

@ -0,0 +1,64 @@
{ config, pkgs, ... }:
let
cfg = config.services.grafana;
in {
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.feal.no";
http_port = 2342;
http_addr = "127.0.0.1";
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = ("http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}");
isDefault = true;
}
{
name = "Loki";
type = "loki";
url = ("http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}");
}
];
dashboards.settings.providers = [
{
name = "Node Exporter Full";
type = "file";
url = "https://grafana.com/api/dashboards/1860/revisions/29/download";
options.path = dashboards/node-exporter-full.json;
}
{
name = "Synology NAS Details";
type = "file";
url = "https://grafana.com/api/dashboards/14284/revisions/9/download";
options.path = dashboards/synology-nas-details.json;
}
{
name = "OpenWRT";
type = "file";
url = "https://grafana.com/api/dashboards/11147/revisions/1/download";
options.path = dashboards/openwrt.json;
}
];
};
};
services.nginx.virtualHosts.${cfg.settings.server.domain} = {
locations = {
"/" = {
proxyPass = "http://127.0.0.1:${toString cfg.settings.server.http_port}";
proxyWebsockets = true;
extraConfig = ''
proxy_buffers 8 1024k;
proxy_buffer_size 1024k;
'';
};
};
};
}

View File

@ -0,0 +1,75 @@
{ config, pkgs, ... }:
let
cfg = config.services.loki;
in {
services.loki = {
enable = true;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
http_listen_address = "0.0.0.0";
grpc_listen_port = 9096;
};
ingester = {
wal = {
enabled = true;
dir = "/var/lib/loki/wal";
};
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
final_sleep = "0s";
};
chunk_idle_period = "1h";
};
schema_config = {
configs = [
{
from = "2022-12-01";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-index";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
shared_store = "filesystem";
cache_ttl = "24h";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
enforce_metric_name = false;
reject_old_samples = true;
reject_old_samples_max_age = "72h";
};
compactor = {
working_directory = "/var/lib/loki/compactor";
shared_store = "filesystem";
};
};
};
networking.firewall.allowedTCPPorts = [ cfg.configuration.server.http_listen_port ];
}

View File

@ -0,0 +1,60 @@
{ config, pkgs, ... }:
let
cfg = config.services.prometheus;
in {
services.prometheus = {
enable = true;
listenAddress = "127.0.0.1";
port = 9001;
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"voyager.home.feal.no:${toString cfg.exporters.node.port}"
"sulu.home.feal.no:9100"
"mccoy.home.feal.no:9100"
"borg.home.feal.no:9100"
"troi.home.feal.no:9100"
"dlink-feal.home.feal.no:9100"
];
}
];
}
{
job_name = "openwrt";
static_configs = [
{ targets = ["dlink-feal.home.feal.no:9100"]; }
];
}
{
job_name = "snmp";
static_configs = [{
targets = [
"feal-syn1.home.feal.no"
"feal-syn2.home.feal.no"
];
}];
metrics_path = "/snmp";
params.module = ["synology"];
relabel_configs = [
{
source_labels = ["__address__"];
target_label = "__param_target";
}
{
source_labels = ["__param_target"];
target_label = "instance";
}
{
target_label = "__address__";
replacement = "127.0.0.1:9116";
}
];
}
];
};
}

View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [
pkgs.prometheus-snmp-exporter
];
systemd.services.prometheus-snmp-exporter = {
enable = true;
description = "Gather data from SNMP devices and expose them as Prometheus metrics";
unitConfig = {
Type = "simple";
};
serviceConfig = {
ExecStart = "${pkgs.prometheus-snmp-exporter}/bin/snmp_exporter --config.file='/var/prometheus/snmp.yml'";
# TODO: Fix this conf file!
};
wantedBy = [ "multi-user.target" ];
};
}