Merge branch 'jokum_logs' of Drift/pvv-nixos-config into main

This commit is contained in:
danio 2023-01-17 18:50:41 +01:00 committed by Gogs
commit 4a82d22a56
10 changed files with 79 additions and 36 deletions

View File

@ -16,7 +16,7 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
som root på maskinen.

View File

@ -1,4 +1,4 @@
{ config, pkgs, inputs, ... }:
{ config, lib, pkgs, inputs, values, ... }:
{
imports = [
@ -8,6 +8,9 @@
networking.domain = "pvv.ntnu.no";
networking.useDHCP = false;
networking.search = [ "pvv.ntnu.no" "pvv.org" ];
networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
networking.tempAddresses = lib.mkDefault "disabled";
networking.defaultGateway = values.gateway;
services.resolved = {
enable = true;

View File

@ -2,27 +2,26 @@
"nodes": {
"matrix-next": {
"locked": {
"lastModified": 1671009204,
"narHash": "sha256-gqA9po/KmHyh44XYqv/LfFJ1+MGufhaaD6DhDqBeaF8=",
"lastModified": 1671663871,
"narHash": "sha256-06G6xYTFPVuvmN/k2QDeBk9XIp4LDxEKWRL3aLAFFNo=",
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "43dbc17526576cb8e0980cef51c48b6598f97550",
"rev": "b6f0a026a78200c0e526aa73279c228e08673437",
"type": "github"
},
"original": {
"owner": "dali99",
"ref": "flake-experiments",
"repo": "nixos-matrix-modules",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1670946965,
"narHash": "sha256-PDJfKgK/aSV3ISnD1TbKpLPW85LO/AQI73yQjbwribA=",
"lastModified": 1673785634,
"narHash": "sha256-4SPGYVNutklnlpSMaqL+GA2x5DJ+QL85T+hOF6MHAZE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "265caf30fa0a5148395b62777389b57eb0a537fd",
"rev": "54d5d59cb19728a0321efbcd22c539109489965b",
"type": "github"
},
"original": {
@ -34,11 +33,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1670146390,
"narHash": "sha256-XrEoDpuloRHHbUkbPnhF2bQ0uwHllXq3NHxtuVe/QK4=",
"lastModified": 1673740915,
"narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "86370507cb20c905800527539fc049a2bf09c667",
"rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2",
"type": "github"
},
"original": {
@ -64,11 +63,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1670149631,
"narHash": "sha256-rwmtlxx45PvOeZNP51wql/cWjY3rqzIR3Oj2Y+V7jM0=",
"lastModified": 1673752321,
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "da98a111623101c64474a14983d83dad8f09f93d",
"rev": "e18eefd2b133a58309475298052c341c08470717",
"type": "github"
},
"original": {
@ -79,11 +78,11 @@
},
"unstable": {
"locked": {
"lastModified": 1670918062,
"narHash": "sha256-iOhkyBYUU9Jfkk0lvI4ahpjyrTsLXj9uyJWwmjKg+gg=",
"lastModified": 1673855649,
"narHash": "sha256-Pc1VumquuFMDR1Ers1QOVDDabL/trVwfqWXeKJPXLQg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "84575b0bd882be979516f4fecfe4d7c8de8f6a92",
"rev": "c85d08692966cf022b0a741a794cb1650602d8af",
"type": "github"
},
"original": {

View File

@ -8,7 +8,7 @@
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/flake-experiments";
matrix-next.url = "github:dali99/nixos-matrix-modules";
};
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
@ -22,7 +22,7 @@
nixosConfigurations = {
jokum = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit unstable inputs; };
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
modules = [
./hosts/jokum/configuration.nix
sops-nix.nixosModules.sops
@ -32,7 +32,7 @@
};
ildkule = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit unstable inputs; };
specialArgs = { inherit unstable inputs; values = import ./values.nix; };
modules = [
./hosts/ildkule/configuration.nix
sops-nix.nixosModules.sops

View File

@ -22,7 +22,6 @@
networking.interfaces.ens18.useDHCP = false;
networking.defaultGateway = "129.241.210.129";
networking.interfaces.ens18.ipv4 = {
addresses = [
{
@ -39,7 +38,6 @@
}
];
};
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
# List packages installed in system profile
environment.systemPackages = with pkgs; [

View File

@ -20,6 +20,7 @@ in {
"knakelibrak.pvv.ntnu.no:9100"
"hildring.pvv.ntnu.no:9100"
"bicep.pvv.ntnu.no:9100"
"jokum.pvv.ntnu.no:9100"
];
}
];

View File

@ -1,12 +1,11 @@
{ config, pkgs, ... }:
{ config, pkgs, values, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../base.nix
# Users can just import any configuration they want even for non-user things. Improve the users/default.nix to just load some specific attributes if this isn't wanted
../../misc/metrics-exporters.nix
../../misc/rust-motd.nix
./services/matrix
@ -27,16 +26,14 @@
networking.hostName = "jokum"; # Define your hostname.
networking.interfaces.ens18.useDHCP = false;
networking.defaultGateway = "129.241.210.129";
networking.interfaces.ens18.ipv4 = {
addresses = [
{
address = "129.241.210.169";
address = values.jokum.ipv4;
prefixLength = 25;
}
{
address = "129.241.210.213";
address = values.turn.ipv4;
prefixLength = 25;
}
];
@ -44,16 +41,15 @@
networking.interfaces.ens18.ipv6 = {
addresses = [
{
address = "2001:700:300:1900::169";
address = values.jokum.ipv6;
prefixLength = 64;
}
{
address = "2001:700:300:1900::213";
address = values.turn.ipv6;
prefixLength = 64;
}
];
};
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
# List packages installed in system profile
environment.systemPackages = with pkgs; [

View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, values, ... }:
let
cfg = config.services.matrix-synapse-next;
@ -184,12 +184,25 @@ in {
metricsPath = w: "/metrics/${w.type}/${toString w.index}";
proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; }))
in lib.mapAttrs' (n: v: lib.nameValuePair
(metricsPath v) ({
proxyPass = proxyPath v;
extraConfig = ''
allow ${values.ildkule.ipv4};
allow ${values.ildkule.ipv6};
deny all;
'';
}))
cfg.workers.instances;
})
({
locations."/metrics/master/1" = {
proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
extraConfig = ''
allow ${values.ildkule.ipv4};
allow ${values.ildkule.ipv6};
deny all;
'';
};
locations."/metrics/" = let

View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, values, ... }:
{
services.prometheus.exporters.node = {
@ -7,6 +7,14 @@
enabledCollectors = [ "systemd" ];
};
systemd.services.prometheus-node-exporter.serviceConfig = {
IPAddressDeny = "any";
IPAddressAllow = [
values.ildkule.ipv4
values.ildkule.ipv6
];
};
services.promtail = {
enable = true;
configuration = {

25
values.nix Normal file
View File

@ -0,0 +1,25 @@
# Feel free to change the structure of this file
rec {
gateway = "129.241.210.129";
jokum = {
ipv4 = "129.241.210.169";
ipv6 = "2001:700:300:1900::169";
};
matrix = {
ipv4 = jokum.ipv4;
ipv6 = jokum.ipv6;
};
# Also on jokum
turn = {
ipv4 = "129.241.210.213";
ipv6 = "2001:700:300:1900::213";
};
ildkule = {
ipv4 = "129.241.210.187";
ipv6 = "2001:700:300:1900::187";
};
}