oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

initial configs for ekman

Browse Source
This commit is contained in:
Jonas Juselius
2022-08-19 18:47:52 +02:00
parent cf956c739e
commit 606b87851e
36 changed files with 346 additions and 816 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
configuration.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, ...}:
let
nodes = import ./nixops/stokes/nodes.nix;
nodes = import ./nixops/ekman/nodes.nix;
in
{
# deployment.tags = [ "frontend" ];
@@ -15,16 +15,16 @@ in
features = {
host = {
address = "10.1.62.2";
name = "c0-0";
address = "10.255.241.100";
name = "ekman";
};
os = {
externalInterface = "eno1";
externalInterface = "enp33s0f0np0";
nfs.enable = true;
nfs.exports = ''
/exports 10.1.61.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.1.63.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.241.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.243.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
'';
};
@@ -42,16 +42,16 @@ in
monitoring = {
server = {
enable = false;
scrapeHosts = [ "frontend" "mds0-0" ] ++ (builtins.map (x: x.name) nodes);
scrapeHosts = [ "frontend" "mds1-0" ] ++ (builtins.map (x: x.name) nodes);
defaultAlertReceiver = {
email_configs = [
{ to = "jonas.juselius@tromso.serit.no"; }
{ to = "jonas.juselius@oceanbox.io"; }
];
};
pageAlertReceiver = {
webhook_configs = [
{
url = "https://prometheus-msteams.k2.itpartner.no/stokes";
url = "https://prometheus-msteams.k2.itpartner.no/ekman";
http_config = {
tls_config = { insecure_skip_verify = true; };
};
@@ -69,16 +69,8 @@ in
infiniband-exporter = {
enable = true;
nameMap = ''
0x0c42a10300ddc4bc "frontend"
0x1c34da0300787798 "mds0-0"
0x0c42a10300dbe7f4 "c0-1"
0x0c42a10300dbe7d8 "c0-2"
0x0c42a10300dbe800 "c0-3"
0x0c42a10300dbec80 "c0-4"
0x0c42a10300dbea50 "c0-5"
0x0c42a10300dbeb2c "c0-6"
0x0c42a10300dbe7fc "c0-7"
0x0c42a10300dbe5a0 "c0-8"
0x0c42a10300ddc4bc "c0-2"
'';
};
slurm-exporter = {
@@ -88,47 +80,43 @@ in
};
};
# services.udev.extraRules = ''
# KERNEL=="ibp59s0", SUBSYSTEM=="net", ATTR{create_child}:="0x2222"
# '';
networking = {
hostName = "stokes";
useDHCP = false;
interfaces.eno1 = {
hostName = "ekman";
interfaces.enp33s0f0np0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.1.62.2";
address = "10.255.242.2";
prefixLength = 24;
} ];
};
interfaces.enp175s0f0 = {
interfaces.enp33s0f3np3 = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.1.61.100";
address = "10.255.241.100";
prefixLength = 24;
} ];
};
interfaces.ibp59s0 = {
interfaces.ibp65s0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.1.63.100";
address = "10.255.243.100";
prefixLength = 24;
} ];
};
defaultGateway = "10.1.62.1";
defaultGateway = "10.255.242.1";
firewall.extraCommands = ''
iptables -I INPUT -s 10.1.63.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.1.63.0/24 -j MASQUERADE
iptables -I INPUT -s 10.255.243.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE
'';
};
fileSystems ={
fileSystems = {
"/exports/home" = {
device = "/home";
options = [ "bind" ];
};
"/stokes" = {
"/frontend" = {
device = "/home";
options = [ "bind" ];
};
@@ -142,9 +130,9 @@ in
};
};
nix.extraOptions = ''
secret-key-files = /etc/nix/stokes.private
'';
# nix.extraOptions = ''
# secret-key-files = /etc/nix/ekman.key
# '';
services.xserver = {
enable = true;
@@ -163,29 +151,29 @@ in
smtp_smarthost = "smtpgw.itpartner.no:465";
smtp_auth_username = "utvikling";
smtp_auth_password = "S0m3rp0m@de#21!";
smtp_hello = "stokes.regnekraft.io";
smtp_from = "noreply@stokes.regnekraft.io";
smtp_hello = "ekman.oceanbox.io";
smtp_from = "noreply@ekman.oceanbox.io";
};
services.nginx = {
virtualHosts = {
"ds.matnoc.regnekraft.io" = {
forceSSL = true;
enableACME = true;
serverAliases = [];
locations."/" = {
proxyPass = "http://localhost:9088";
proxyWebsockets = false;
extraConfig = ''
allow 10.1.2.0/24;
allow 172.19.254.0/24;
allow 172.19.255.0/24;
deny all;
'';
};
};
};
};
# services.nginx = {
# virtualHosts = {
# "ds.matnoc.regnekraft.io" = {
# forceSSL = true;
# enableACME = true;
# serverAliases = [];
# locations."/" = {
# proxyPass = "http://localhost:9088";
# proxyWebsockets = false;
# extraConfig = ''
# allow 10.1.2.0/24;
# allow 172.19.254.0/24;
# allow 172.19.255.0/24;
# deny all;
# '';
# };
# };
# };
# };
# services.gitlab-runner = {
# enable = true;
@@ -197,7 +185,7 @@ in
# sif = {
# registrationConfigFile = "/var/lib/secrets/gitlab-runner-registration";
# executor = "shell";
# tagList = [ "stokes" "sif" ];
# tagList = [ "ekman" "sif" ];
# };
# };
# };
@@ -225,9 +213,10 @@ in
};
# ssh-rsa is deprecated, but putty/winscp users use it
services.openssh.extraConfig = ''
pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
'';
# services.openssh.extraConfig = ''
# pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
# '';
imports = [ ./nixops/stokes/cluster.nix ./hardware-configuration.nix ];
imports = [ ./nixops/ekman/cluster.nix ./hardware-configuration.nix ];
}