diff --git a/clusters/fs1/default.nix b/clusters/fs1/default.nix index 7613c23..15ef022 100644 --- a/clusters/fs1/default.nix +++ b/clusters/fs1/default.nix @@ -1,44 +1,49 @@ with import {}; let - setup = import ../../modules { - inherit pkgs cluster customize extraConfig lib config; - }; + name = "fs1-0"; + address = "10.1.30.10"; +in { + fs1-0 = { + deployment.targetHost = address; - hosts = [ - { name = "fs1-0"; address = "10.1.30.10"; } - ]; + features = { + os = { + boot.uefi = false; + externalInterface = "ens3"; + docker.enable = true; + adminAuthorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" + ]; + }; - customize = { - boot.uefi = false; - }; - - cluster = { - clusterName = "fs1"; - initca = ./ca; - - domain = "itpartner.intern"; - externalInterface = "ens3"; - defaultGateway = "10.1.30.1"; - nameservers = [ "8.8.8.8" ]; - searchDomains = [ "itpartner.intern" "itpartner.no" ]; - - extraHosts = import ../hosts.nix; - - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - - fs = { - enable = true; - nfs.enable = true; - nfs.exports = '' - /vol/brick0/nfs0 10.1.30.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) - ''; + fs = { + enable = true; + nfs.enable = true; + nfs.exports = '' + /vol/brick0/nfs0 10.1.30.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) + ''; + initca = ./ca; + }; }; - }; - extraConfig = {}; -in - setup.fs.mkDeployment ./. hosts + networking = { + hostName = name; + domain = "itpartner.intern"; + defaultGateway = "10.1.30.1"; + nameservers = [ "8.8.8.8" ]; + search = [ "itpartner.intern" "itpartner.no" ]; + extraHosts = import ../hosts.nix; + interfaces.ens3 = { + useDHCP = false; + ipv4.addresses = [ { + address = address; + prefixLength = 24; + } ]; + }; + }; + + imports = [ ../../nixos ../../modules ./fs1-0.nix ]; + }; +} diff --git a/clusters/fs2/default.nix b/clusters/fs2/default.nix index 282c332..025ca2c 100644 --- a/clusters/fs2/default.nix +++ b/clusters/fs2/default.nix @@ -1,44 +1,48 @@ with import {}; let - setup = import ../../modules { - inherit pkgs cluster customize extraConfig lib config; - }; + name = "fs2-0"; + address = "10.1.8.10"; +in { + fs2-0 = { + deployment.targetHost = address; - hosts = [ - { name = "fs2-0"; address = "10.1.8.10"; } - ]; - - customize = { - boot.uefi = true; - }; - - cluster = { - clusterName = "fs2"; - initca = ./ca; - - domain = "itpartner.intern"; - externalInterface = "eth0"; - defaultGateway = "10.1.8.1"; - nameservers = [ "8.8.8.8" ]; - searchDomains = [ "itpartner.no" ]; - - extraHosts = import ../hosts.nix; - - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - - fs = { - enable = true; - nfs.enable = true; - nfs.exports = '' - /vol/export 10.1.8.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) - ''; + features = { + os = { + boot.uefi = true; + externalInterface = "eth0"; + docker.enable = true; + adminAuthorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" + ]; + }; + fs = { + enable = true; + nfs.enable = true; + nfs.exports = '' + /vol/export 10.1.8.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) + ''; + initca = ./ca; + }; }; - }; - extraConfig = {}; -in - setup.fs.mkDeployment ./. hosts + networking = { + hostName = name; + domain = "itpartner.intern"; + defaultGateway = "10.1.8.1"; + nameservers = [ "8.8.8.8" ]; + search = [ "itpartner.intern" "itpartner.no" ]; + extraHosts = import ../hosts.nix; + interfaces.eth0 = { + useDHCP = false; + ipv4.addresses = [ { + address = address; + prefixLength = 24; + } ]; + }; + }; + + imports = [ ../../nixos ../../modules ./fs2-0.nix ]; + }; +} diff --git a/clusters/k0/default.nix b/clusters/k0/default.nix index e1d724b..24fdbc7 100644 --- a/clusters/k0/default.nix +++ b/clusters/k0/default.nix @@ -21,4 +21,7 @@ let }; }; -in builtins.foldl' (a: x: a // mkNode x) { k0-0 = master; } nodes +in + builtins.foldl' (a: x: a // mkNode x) { + "${master.node.name}" = master; + } nodes diff --git a/clusters/k1/cluster.nix b/clusters/k1/cluster.nix new file mode 100644 index 0000000..c72c839 --- /dev/null +++ b/clusters/k1/cluster.nix @@ -0,0 +1,94 @@ +{ pkgs, lib, config, ... }: +with lib; +let + cfg = config.node; + + mkSANs = host: [ + host.name + host.address + "127.0.0.1" + ]; + + configuration = { + deployment.targetHost = cfg.address; + + features = { + os = { + boot.uefi = false; + externalInterface = "ens3"; + docker.enable = true; + adminAuthorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" + ]; + }; + + k8s = { + enable = true; + node.enable = true; + clusterName = "k1"; + initca = ./ca; + cidr = "10.11.0.0/16"; + master = { + name = "k1-0"; + address = "10.1.30.100"; + extraSANs = [ "k1.itpartner.no" ]; + }; + ingressNodes = [ + "k1-0.itpartner.intern" + "k1-1.itpartner.intern" + "k1-2.itpartner.intern" + ]; + fileserver = "fs1-0"; + charts = { + acme_email = "innovasjon@itpartner.no"; + grafana_smtp_user = "utvikling"; + grafana_smtp_password = "S0m3rp0m@de#21!"; + }; + }; + }; + + networking = { + hostName = cfg.name; + domain = "itpartner.intern"; + nameservers = [ "8.8.8.8" ]; + search = [ "itpartner.no" ]; + defaultGateway = "10.1.30.1"; + extraHosts = import ../hosts.nix; + interfaces.ens3 = { + useDHCP = false; + ipv4.addresses = [ { + address = cfg.address; + prefixLength = 24; + } ]; + }; + }; + + services.kubernetes.kubelet.extraSANs = mkSANs { + name = cfg.name; + address = cfg.address; + }; + + }; +in { + options.node = { + address = mkOption { + type = types.str; + default = null; + }; + + name = mkOption { + type = types.str; + default = null; + }; + + }; + + config = configuration; + + imports = [ + ../../modules + ../../nixos + ]; +} diff --git a/clusters/k1/default.nix b/clusters/k1/default.nix index 2a754c5..a7e0c5c 100644 --- a/clusters/k1/default.nix +++ b/clusters/k1/default.nix @@ -1,53 +1,28 @@ with import {}; let - setup = import ../../modules { - inherit pkgs cluster customize extraConfig lib config; + master = { + node.name = "k1-0"; + node.address = "10.1.30.100"; + features.k8s.master.enable = true; + imports = [ ./cluster.nix ./hw/k1-0.nix ]; }; - hosts = [ - { name = "k1-0"; address = "10.1.30.100"; } + nodes = [ { name = "k1-1"; address = "10.1.30.101"; } { name = "k1-2"; address = "10.1.30.102"; } { name = "k1-3"; address = "10.1.30.103"; } ]; - customize = { - boot.uefi = false; - }; - - cluster = { - clusterName = "k1"; - initca = ./ca; - - domain = "itpartner.intern"; - externalInterface = "ens3"; - defaultGateway = "10.1.30.1"; - nameservers = [ "8.8.8.8" ]; - searchDomains = [ "itpartner.intern" "itpartner.no" ]; - - extraHosts = import ../hosts.nix; - - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - - k8s = { - enable = true; - cidr = "10.11.0.0/16"; - master = builtins.head hosts // { extraSANs = [ "k1.itpartner.no" ]; }; - nodes = builtins.tail hosts; - ingressNodes = [ "k1-0.itpartner.intern" "k1-1.itpartner.intern" "k1-2.itpartner.intern" ]; - fileserver = "fs1-0"; - charts = { - acme_email = "innovasjon@itpartner.no"; - grafana_smtp_user = "utvikling"; - grafana_smtp_password = "S0m3rp0m@de#21!"; - }; + mkNode = x: { + "${x.name}" = { + node.name = x.name; + node.address = x.address; + imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; }; }; - extraConfig = {}; in - setup.k8s.mkDeployment ./. + builtins.foldl' (a: x: a // mkNode x) { + "${master.node.name}" = master; + } nodes + diff --git a/clusters/k1/k1-0.nix b/clusters/k1/hw/k1-0.nix similarity index 100% rename from clusters/k1/k1-0.nix rename to clusters/k1/hw/k1-0.nix diff --git a/clusters/k1/k1-1.nix b/clusters/k1/hw/k1-1.nix similarity index 100% rename from clusters/k1/k1-1.nix rename to clusters/k1/hw/k1-1.nix diff --git a/clusters/k1/k1-2.nix b/clusters/k1/hw/k1-2.nix similarity index 100% rename from clusters/k1/k1-2.nix rename to clusters/k1/hw/k1-2.nix diff --git a/clusters/k1/k1-3.nix b/clusters/k1/hw/k1-3.nix similarity index 100% rename from clusters/k1/k1-3.nix rename to clusters/k1/hw/k1-3.nix diff --git a/clusters/k1/k1-4.nix b/clusters/k1/hw/k1-4.nix similarity index 100% rename from clusters/k1/k1-4.nix rename to clusters/k1/hw/k1-4.nix diff --git a/clusters/k2/cluster.nix b/clusters/k2/cluster.nix new file mode 100644 index 0000000..7e89a67 --- /dev/null +++ b/clusters/k2/cluster.nix @@ -0,0 +1,95 @@ +{ pkgs, lib, config, ... }: +with lib; +let + cfg = config.node; + + mkSANs = host: [ + host.name + host.address + "127.0.0.1" + ]; + + configuration = { + deployment.targetHost = cfg.address; + + features = { + os = { + boot.uefi = true; + externalInterface = "eth0"; + docker.enable = true; + adminAuthorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" + ]; + }; + + k8s = { + enable = true; + node.enable = true; + clusterName = "k2"; + initca = ./ca; + cidr = "10.100.0.0/16"; + master = { + name = "k2-0"; + address = "10.1.8.60"; + extraSANs = [ "k2.itpartner.no" ]; + }; + ingressNodes = [ + "k2-0.itpartner.intern" + "k2-1.itpartner.intern" + "k2-2.itpartner.intern" + ]; + fileserver = "fs2-0"; + charts = { + acme_email = "innovasjon@itpartner.no"; + grafana_smtp_user = "utvikling"; + grafana_smtp_password = "S0m3rp0m@de#21!"; + }; + }; + }; + + networking = { + hostName = cfg.name; + domain = "itpartner.intern"; + nameservers = [ "8.8.8.8" ]; + search = [ "itpartner.no" ]; + defaultGateway = "10.1.8.1"; + extraHosts = import ../hosts.nix; + interfaces.eth0 = { + useDHCP = false; + ipv4.addresses = [ { + address = cfg.address; + prefixLength = 24; + } ]; + }; + }; + + services.kubernetes.kubelet.extraSANs = mkSANs { + name = cfg.name; + address = cfg.address; + }; + + }; +in { + options.node = { + address = mkOption { + type = types.str; + default = null; + }; + + name = mkOption { + type = types.str; + default = null; + }; + + }; + + config = configuration; + + imports = [ + ../../modules + ../../nixos + ]; +} + diff --git a/clusters/k2/default.nix b/clusters/k2/default.nix index e569e1b..2f16378 100644 --- a/clusters/k2/default.nix +++ b/clusters/k2/default.nix @@ -1,54 +1,28 @@ with import {}; let - setup = import ../../modules { - inherit pkgs cluster customize extraConfig lib config; + master = { + node.name = "k2-0"; + node.address = "10.1.8.60"; + features.k8s.master.enable = true; + imports = [ ./cluster.nix ./hw/k2-0.nix ]; }; - hosts = [ - { name = "k2-0"; address = "10.1.8.60"; } + nodes = [ { name = "k2-1"; address = "10.1.8.61"; } { name = "k2-2"; address = "10.1.8.62"; } { name = "k2-3"; address = "10.1.8.63"; } { name = "k2-4"; address = "10.1.8.64"; } ]; - customize = { - boot.uefi = true; - }; - - cluster = { - clusterName = "k2"; - initca = ./ca; - - domain = "itpartner.intern"; - externalInterface = "eth0"; - defaultGateway = "10.1.8.1"; - nameservers = [ "8.8.8.8" ]; - searchDomains = [ "itpartner.no" ]; - - extraHosts = import ../hosts.nix; - - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - - k8s = { - enable = true; - cidr = "10.100.0.0/16"; - master = builtins.head hosts // { extraSANs = [ "k2.itpartner.no" ]; }; - nodes = builtins.tail hosts; - ingressNodes = [ "k2-0.itpartner.intern" "k2-1.itpartner.intern" "k2-2.itpartner.intern" ]; - fileserver = "fs2-0"; - charts = { - acme_email = "innovasjon@itpartner.no"; - grafana_smtp_user = "utvikling"; - grafana_smtp_password = "S0m3rp0m@de#21!"; - }; + mkNode = x: { + "${x.name}" = { + node.name = x.name; + node.address = x.address; + imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; }; }; - extraConfig = {}; in - setup.k8s.mkDeployment ./. + builtins.foldl' (a: x: a // mkNode x) { + "${master.node.name}" = master; + } nodes diff --git a/clusters/k2/k2-0.nix b/clusters/k2/hw/k2-0.nix similarity index 100% rename from clusters/k2/k2-0.nix rename to clusters/k2/hw/k2-0.nix diff --git a/clusters/k2/k2-1.nix b/clusters/k2/hw/k2-1.nix similarity index 100% rename from clusters/k2/k2-1.nix rename to clusters/k2/hw/k2-1.nix diff --git a/clusters/k2/k2-2.nix b/clusters/k2/hw/k2-2.nix similarity index 100% rename from clusters/k2/k2-2.nix rename to clusters/k2/hw/k2-2.nix diff --git a/clusters/k2/k2-3.nix b/clusters/k2/hw/k2-3.nix similarity index 100% rename from clusters/k2/k2-3.nix rename to clusters/k2/hw/k2-3.nix diff --git a/clusters/k2/k2-4.nix b/clusters/k2/hw/k2-4.nix similarity index 100% rename from clusters/k2/k2-4.nix rename to clusters/k2/hw/k2-4.nix diff --git a/clusters/psql1/default.nix b/clusters/psql1/default.nix index 5a40ed2..67f386c 100644 --- a/clusters/psql1/default.nix +++ b/clusters/psql1/default.nix @@ -1,60 +1,63 @@ with import {}; let - setup = import ../../modules { - inherit pkgs cluster customize extraConfig lib config; - }; + name = "psql1-0"; + address = "10.1.30.80"; +in { + psql1-0 = { + deployment.targetHost = address; - hosts = [ - { name = "psql1-0"; address = "10.1.30.80"; } - ]; + features = { + os = { + boot.uefi = true; + externalInterface = "ens6"; + docker.enable = true; + adminAuthorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" + ]; + }; + }; - customize = { - boot.uefi = true; - }; - - cluster = { - clusterName = "psql1"; - initca = ./ca; - - domain = "itpartner.intern"; - externalInterface = "ens6"; - defaultGateway = "10.1.30.1"; - nameservers = [ "8.8.8.8" ]; - searchDomains = [ "itpartner.intern" "itpartner.no" ]; - - extraHosts = import ../hosts.nix; - - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - }; - - extraConfig = { + networking = { + hostName = name; + domain = "itpartner.intern"; + defaultGateway = "10.1.30.1"; + nameservers = [ "8.8.8.8" ]; + search = [ "itpartner.intern" "itpartner.no" ]; + extraHosts = import ../hosts.nix; + interfaces.ens6 = { + useDHCP = false; + ipv4.addresses = [ { + address = address; + prefixLength = 24; + } ]; + }; + }; services.postgresql = { enable = true; dataDir = "/data/postgresql"; enableTCPIP = true; identMap = '' - nixos root postgres - nixos admin postgres + nixos root postgres + nixos admin postgres ''; authentication = pkgs.lib.mkOverride 11 '' - local all all trust - host all all ::1/128 trust - host all all ::1/128 md5 - host all postgres 127.0.0.1/32 md5 - host all postgres ::1/128 md5 - host all postgres 10.1.8.0/24 md5 - host all postgres 10.1.30.0/24 md5 - host score consto 10.1.8.0/24 md5 - host score consto 10.1.30.0/24 md5 - host score consto all md5 - host mobilenews-provisioner mobilenews 10.1.8.0/24 md5 - host mobilenews-provisioner mobilenews 10.1.30.0/24 md5 + local all all trust + host all all ::1/128 trust + host all all ::1/128 md5 + host all postgres 127.0.0.1/32 md5 + host all postgres ::1/128 md5 + host all postgres 10.1.8.0/24 md5 + host all postgres 10.1.30.0/24 md5 + host score consto 10.1.8.0/24 md5 + host score consto 10.1.30.0/24 md5 + host score consto all md5 + host mobilenews-provisioner mobilenews 10.1.8.0/24 md5 + host mobilenews-provisioner mobilenews 10.1.30.0/24 md5 ''; }; + + imports = [ ../../nixos ./psql1-0.nix ]; }; -in - setup.host.mkDeployment ./. hosts +}