diff --git a/charts b/charts deleted file mode 160000 index 8c00fdd..0000000 --- a/charts +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8c00fddf6720aeef77cc56180992d259b7d47c5b diff --git a/clusters/ekman/cluster.nix b/clusters/ekman/cluster.nix deleted file mode 100644 index 4836042..0000000 --- a/clusters/ekman/cluster.nix +++ /dev/null @@ -1,285 +0,0 @@ -{ pkgs, lib, config, ... }: -with lib; -let - cfg = config.features.host; - - mkSANs = host: [ - host.name - host.address - "127.0.0.1" - ]; - - configuration = { - system.autoUpgrade.enable = lib.mkForce false; - - nixpkgs.overlays = [ - (import ./overlays.nix) - ]; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = pkgs.linuxPackages_5_4; - kernelModules = [ "ib_umad" "ib_ipoib" ]; - # kernelParams = [ - # "console=ttyS0,115200" - # "console=tty0" - # ]; - }; - - services.udev.extraRules = '' - KERNEL=="ibp1s0", SUBSYSTEM=="net", ATTR{create_child}:="0x3666" - ''; - - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_CTYPE="en_DK.UTF-8"; - LC_TIME="en_DK.UTF-8"; - LC_PAPER="en_DK.UTF-8"; - LC_NAME="en_DK.UTF-8"; - LC_ADDRESS="en_DK.UTF-8"; - LC_TELEPHONE="en_DK.UTF-8"; - LC_MEASUREMENT="en_DK.UTF-8"; - LC_IDENTIFICATION="en_DK.UTF-8"; - }; - }; - - time.timeZone = "Europe/Oslo"; - - programs.msmtp = { - enable = true; - accounts = { - default = { - auth = false; - tls = false; - tls_starttls = false; - port = 24; - from = "ekman@oceanbox.io"; - host = "smtpgw.itpartner.no"; - # user = "utvikling"; - # password = "S0m3rp0m@de#21!"; - }; - }; - defaults = { - aliases = "/etc/aliases"; - }; - }; - - environment.etc = { - "aliases" = { - text = '' - root: jonas.juselius@oceanbox.io - ''; - mode = "0644"; - }; - }; - - features = { - os = { - # boot.uefi = true; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - docker.enable = false; - }; - cachix.enable = false; - - monitoring.nodeExporter.enable = false; - - pki = { ca = ./ca; }; - - hpc = { - enable = true; - slurm = { - client = true; - mungeKey = ./munge.key; - controlMachine = "ekman"; - nodeName = [ - "c0-1 Sockets=2 CoresPerSocket=64 ThreadsPerCore=1 RealMemory=256000 TmpDisk=500000 State=UNKNOWN" - "ekman Sockets=2 CoresPerSocket=64 ThreadsPerCore=1 RealMemory=256000 TmpDisk=500000 State=UNKNOWN" - ]; - partitionName = [ - "batch Nodes=c0-1 Default=YES MaxTime=INFINITE State=UP" - "frontend Nodes=ekman MaxTime=1:00:00 State=UP" - ]; - }; - beegfs = { - enable = false; - beegfs = { - bee0-0 = { - mgmtdHost = "bee0-0"; - connAuthFile = "/etc/beegfs/connauthfile"; - client = { - enable = false; - mountPoint = "/work"; - }; - }; - }; - }; - }; - - k8s = { - enable = true; - node.enable = true; - clusterName = "ekman"; - initca = ./ca; - cidr = "10.100.0.0/16"; - master = { - name = "ekman"; - address = "10.255.241.8"; - extraSANs = [ "ekman.local" "ekman.oceanbox.io" ]; - }; - ingressNodes = [ - "ekman.oceanbox.io" - ]; - fileserver = "bee0-0"; - charts = { - acme_email = "innovasjon@itpartner.no"; - grafana_smtp_user = "utvikling"; - grafana_smtp_password = "S0m3rp0m@de#21!"; - }; - }; - }; - - services.kubernetes.kubelet.extraSANs = mkSANs { - name = cfg.name; - address = cfg.address; - }; - - networking = { - domain = mkDefault "cluster.local"; - defaultGateway = mkDefault "10.255.241.1"; - nameservers = mkDefault [ "8.8.8.8" ]; - search = mkDefault [ "local" ]; - extraHosts = import ./hosts.nix; - firewall.extraCommands = '' - iptables -I INPUT -s 10.255.241.0/24 -j ACCEPT - ''; - }; - - environment.variables = {}; - - systemd.services."serial-getty@ttyS0".enable = true; - - environment.etc."beegfs/connauthfile" = { - source = ./connauthfile; - mode = "0400"; - uid = 0; - gid = 0; - }; - - nix = { - maxJobs = 32; - trustedUsers = [ "@wheel" ]; - binaryCachePublicKeys = [ - "ekman:pka41J3q4j9ZC3dr4y+sDN9uMW0pAxoWeCkrzUlqcZs=" - ]; - }; - }; - - deployment = { - deployment.targetHost = cfg.address; - }; - - shosts = { - environment.etc."ssh/shosts.equiv" = { - mode = "0644"; - uid = 0; - gid = 0; - text = '' - 10.255.241.8 - 10.255.241.11 - ''; - }; - - programs.ssh.knownHosts = { - ekman = { - hostNames = [ - "ekman" "ekman.cluster.local" "ekman.oceanbox.io" "10.255.241.8" - ]; - publicKeyFile = ./pubkeys/ekman.pub; - }; - c0-1 = { hostNames = [ "c0-1" "c0-1.cluster.local" "10.255.241.11" "10.255.243.11" ]; publicKeyFile = ./pubkeys/c0-1.pub; }; - }; - - environment.systemPackages = [ openssh-shosts ]; - - security.wrappers = { - ssh-keysign = { - source = "${openssh-shosts}/libexec/ssh-keysign"; - owner = "root"; - group = "root"; - permissions = "u+rs,g+rx,o+rx"; - }; - }; - }; - - openssh-shosts = pkgs.openssh.overrideAttrs (attrs: { - buildFlags = [ "SSH_KEYSIGN=/run/wrappers/bin/ssh-keysign" ]; - doCheck = false; # the tests take hours - }); - - myvnc = - let - myvnc = pkgs.writeScriptBin "myvnc" '' - #!${pkgs.runtimeShell} - - uid=`id -u` - port=$((9000+$uid)) - shell=`getent passwd $(id -un) | awk -F : '{print $NF}'` - # vnc=${pkgs.tigervnc}/bin/vncserver - vnc=/nix/store/czp2b60dwk75widi8y287hr0xx1wgv2a-tigervnc-1.10.1/bin/vncserver - - case $1 in - -p|--port) shift; port=$1 ;; - kill|stop) - display=$($vnc -list | sed -n 's/^\(:[0-9]\+\).*/\1/p'| head -1) - $vnc -kill $display - exit 0 - ;; - esac - ps ax | sed '/grep/d' | grep "Xvnc.*-rfbport $port" >/dev/null 2>&1 - [ $? = 1 ] && $vnc -rfbport $port - echo "Xvnc server is running on port $port." - exec $shell -i - ''; - - buildCommand = '' - mkdir -p $out/bin - echo $src > $out/bin/myvnc - chmod 755 $out/bin/myvnc - ''; - in { - environment.systemPackages = [ myvnc ]; - }; - -in { - options.node = { - myvnc = mkEnableOption "Enable myvnc script"; - }; - - config = mkMerge [ - configuration - - deployment - - shosts - - (mkIf config.node.myvnc myvnc) - ]; - - imports = [ - ../../modules - ../../nixos - ./users.nix - ]; -} - diff --git a/clusters/ekman/connauthfile b/clusters/ekman/connauthfile deleted file mode 100644 index 37cd965..0000000 --- a/clusters/ekman/connauthfile +++ /dev/null @@ -1 +0,0 @@ -äˇq‹u \ No newline at end of file diff --git a/clusters/ekman/default.nix b/clusters/ekman/default.nix deleted file mode 100644 index c92b91f..0000000 --- a/clusters/ekman/default.nix +++ /dev/null @@ -1,343 +0,0 @@ -let - # Pin the deployment package-set to a specific version of nixpkgs - # pkgs = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/e6377ff35544226392b49fa2cf05590f9f0c4b43.tar.gz"; - # sha256 = "1fra9wwy5gvj5ibayqkzqpwdf715bggc0qbmrfch4fghwvl5m70l"; - # }) {}; - pkgs = import {}; - - etcdNodes = { - ekman = "10.255.241.8"; - nsf0-0 = "10.255.241.9"; - bee0-0 = "10.255.241.10"; - }; - - etcdCluster = { - enable = true; - existing = true; - nodes = etcdNodes; - }; - - nodes = - with builtins; - let nodes = genList (n: n + 1) 1; in - map (n: ({ name = "c0-${toString n}"; address = "10.255.241.${toString (n + 10)}"; })) nodes; - - ekman = { - # deployment.tags = [ "frontend" ]; - node.myvnc = true; - - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - features = { - host = { - address = "10.255.241.8"; - name = "ekman"; - }; - - os = { - externalInterface = "enp33s0f0np0"; - nfs.enable = true; - nfs.exports = '' - /exports 10.255.241.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) - /exports 10.255.243.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) - ''; - }; - - hpc = { - slurm.server = true; - frontend = true; - }; - - k8s = { - master.enable = true; - node.enable = true; - inherit nodes; - inherit etcdCluster; - }; - - monitoring = { - server = { - enable = false; - scrapeHosts = [ "frontend" "bee0-0" ] ++ (builtins.map (x: x.name) nodes); - defaultAlertReceiver = { - email_configs = [ - { to = "jonas.juselius@oceanbox.io"; } - ]; - }; - pageAlertReceiver = { - webhook_configs = [ - { - url = "https://prometheus-msteams.k2.itpartner.no/ekman"; - http_config = { - tls_config = { insecure_skip_verify = true; }; - }; - } - ]; - }; - }; - webUI.enable = false; - webUI.acmeEmail = "innovasjon@itpartner.no"; - webUI.allow = [ - "10.1.2.0/24" - "172.19.254.0/24" - "172.19.255.0/24" - ]; - infiniband-exporter = { - enable = true; - nameMap = '' - 0x0c42a10300ddc4bc "frontend" - 0x0c42a10300dbe7f4 "c0-1" - ''; - }; - slurm-exporter = { - enable = true; - port = 6080; - }; - }; - }; - - networking = { - useDHCP = false; - interfaces.enp33s0f0np0 = { - useDHCP = false; - ipv4.addresses = [ { - address = "10.255.241.8"; - prefixLength = 24; - } ]; - }; - interfaces.enp33s0f0np1 = { - useDHCP = false; - ipv4.addresses = [ { - address = "10.255.242.2"; - prefixLength = 24; - } ]; - }; - interfaces."ibp1s0.3666" = { - useDHCP = false; - ipv4.addresses = [ { - address = "10.255.243.8"; - prefixLength = 24; - } ]; - }; - defaultGateway = "10.255.241.1"; - firewall.extraCommands = '' - iptables -I INPUT -s 10.255.243.0/24 -j ACCEPT - iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE - ''; - }; - - fileSystems ={ - "/exports/home" = { - device = "/home"; - options = [ "bind" ]; - }; - "/frontend" = { - device = "/home"; - options = [ "bind" ]; - }; - # "/opt" = { - # device = "10.255.63.80:/opt"; - # fsType = "nfs"; - # options = [ "soft" "rdma" "defaults" ]; - # }; - # "/data" = { - # device = "10.255.63.80:/data"; - # fsType = "nfs"; - # options = [ "soft" "rdma" "defaults" ]; - # }; - # "/vol/local-storage/vol1" = { - # device = "/vol/vol1"; - # options = [ "bind" ]; - # }; - # "/vol/local-storage/vol2" = { - # device = "/vol/vol2"; - # options = [ "bind" ]; - # }; - }; - - nix.extraOptions = '' - secret-key-files = /etc/nix/ekman.key - ''; - - services.xserver = { - enable = true; - enableCtrlAltBackspace = true; - layout = "us"; - xkbVariant = "altgr-intl"; - xkbOptions = "eurosign:e"; - displayManager = { - gdm.enable = true; - job.logToFile = true; - }; - desktopManager.xfce.enable = true; - }; - - services.prometheus.alertmanager.configuration.global = { - smtp_smarthost = "smtpgw.itpartner.no:465"; - smtp_auth_username = "utvikling"; - smtp_auth_password = "S0m3rp0m@de#21!"; - smtp_hello = "ekman.oceanbox.io"; - smtp_from = "noreply@ekman.oceanbox.io"; - }; - - # services.nginx = { - # virtualHosts = { - # "ds.matnoc.regnekraft.io" = { - # forceSSL = true; - # enableACME = true; - # serverAliases = []; - # locations."/" = { - # proxyPass = "http://localhost:9088"; - # proxyWebsockets = false; - # extraConfig = '' - # allow 10.1.2.0/24; - # allow 172.19.254.0/24; - # allow 172.19.255.0/24; - # deny all; - # ''; - # }; - # }; - # }; - # }; - - # services.gitlab-runner = { - # enable = true; - # extraPackages = with pkgs; [ - # singularity - # ]; - # concurrent = 4; - # services = { - # sif = { - # registrationConfigFile = "/var/lib/secrets/gitlab-runner-registration"; - # executor = "shell"; - # tagList = [ "ekman" "sif" ]; - # }; - # }; - # }; - - # security.sudo.extraConfig = '' - # gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity - # ''; - - security.pam = { - services.sshd.googleAuthenticator.enable = true; - loginLimits = [ - { - domain = "@users"; - item = "rss"; - type = "hard"; - value = 16000000; - } - { - domain = "@users"; - item = "cpu"; - type = "hard"; - value = 180; - } - ]; - }; - - # ssh-rsa is deprecated, but putty/winscp users use it - # services.openssh.extraConfig = '' - # pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 - # ''; - - imports = [ ./cluster.nix ./hw/frontend.nix ]; - }; - - compute = { - # deployment.tags = [ "compute" ]; - - fileSystems = { - "/frontend" = { - device = "10.255.241.8:/home"; - fsType = "nfs"; - options = [ - "soft" - "defaults" - "noauto" - "x-systemd.automount" - ]; - }; - # "/opt" = { - # device = "10.1.63.80:/opt"; - # fsType = "nfs"; - # options = [ "soft" "rdma" "defaults" ]; - # }; - # "/data" = { - # device = "10.1.63.80:/data"; - # fsType = "nfs"; - # options = [ "soft" "rdma" "defaults" ]; - # }; - }; - - systemd.automounts = [ - { - where = "/frontend"; - wantedBy = [ "default.target" ]; - } - ]; - }; - - mkCompute = host: - let - ipoib = builtins.replaceStrings [".241."] [".243."] host.address; - hw = ./hw + "/${host.name}.nix"; - in { - "${host.name}" = { - features = { - inherit host; - os.externalInterface = "enp33s0f0np0"; - hpc.compute = true; - k8s = { inherit etcdCluster; }; - }; - - node = { - }; - - networking = { - useDHCP = false; - interfaces.enp33s0f0np0 = { - useDHCP = false; - ipv4.addresses = [ { - address = host.address; - prefixLength = 24; - } ]; - ipv4.routes = [ { - address = "10.255.242.2"; - prefixLength = 32; - via = "10.1.241.8"; - } ]; - - }; - interfaces."ibp1s0.3666" = { - useDHCP = false; - ipv4.addresses = [ { - address = ipoib; - prefixLength = 24; - } ]; - }; - }; - imports = [ ./cluster.nix hw ]; - } - // compute; -}; -in { - ## morph - # network = { - # inherit pkgs; - # description = "ekman"; - # ordering = { - # tags = [ "frontend" "compute" ]; - # }; - # }; - - inherit ekman; -} // builtins.foldl' (a: n: a // mkCompute n) {} nodes - diff --git a/clusters/ekman/hosts.nix b/clusters/ekman/hosts.nix deleted file mode 100644 index 7cbfbee..0000000 --- a/clusters/ekman/hosts.nix +++ /dev/null @@ -1,11 +0,0 @@ -'' - 10.255.240.200 ekman ekman.cluster.local - 10.255.240.200 etcd0 etcd0.cluster.local - 10.255.240.201 c0-1 c0-1.cluster.local - - # 10.1.61.80 bee0-0 bee0-0.cluster.local - - # 10.1.63.101 ib0-1 ib0-1.cluster.local - - # 10.1.63.80 ibmds0-0 ibmds0-0.cluster.local -'' diff --git a/clusters/ekman/hw/c0-1.nix b/clusters/ekman/hw/c0-1.nix deleted file mode 100644 index e1eceaf..0000000 --- a/clusters/ekman/hw/c0-1.nix +++ /dev/null @@ -1,39 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/102a2e89-1ffb-4f8b-810e-b742b6f9da98"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/54C4-7983"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/29ba5bab-0777-4ac1-96af-3952e28d570c"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp33s0f0np0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp33s0f1np1.useDHCP = lib.mkDefault true; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/clusters/ekman/hw/frontend.nix b/clusters/ekman/hw/frontend.nix deleted file mode 100644 index 08c97b3..0000000 --- a/clusters/ekman/hw/frontend.nix +++ /dev/null @@ -1,39 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/e19cbe18-e194-47f6-8eb5-c60b5be1bb7a"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/6A07-053A"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/2100e403-0dff-4314-b85a-cad99820aacf"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp33s0f0np0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp33s0f1np1.useDHCP = lib.mkDefault true; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/clusters/ekman/kernel.nix b/clusters/ekman/kernel.nix deleted file mode 100644 index f865667..0000000 --- a/clusters/ekman/kernel.nix +++ /dev/null @@ -1,46 +0,0 @@ -{pkgs, lib, stdenv, fetchurl, config, kernel ? pkgs.linux, ...}: -let - i40e = - stdenv.mkDerivation rec { - name = "i40e-${version}-${kernel.version}"; - version = "2.13.10"; - - src = pkgs.fetchFromGitHub { - owner = "dmarion"; - repo = "i40e"; - rev = "7228a7c3b362c3170baa2f9a9c6870a900e78dbd"; - sha256 = "087kvq9wrc1iw6vig8cqcx7cb6346wx8qxzb85c3n8638vq1vrxr"; - }; - - hardeningDisable = [ "pic" ]; - - configurePhase = '' - cd src - kernel_version=${kernel.modDirVersion} - sed -i -e 's|/lib/modules|${kernel.dev}/lib/modules|' Makefile - sed -i -e 's|/lib/modules|${kernel.dev}/lib/modules|' common.mk - export makeFlags="BUILD_KERNEL=$kernel_version" - ''; - - installPhase = '' - install -v -D -m 644 i40e.ko "$out/lib/modules/$kernel_version/kernel/drivers/net/i40e/i40e2.ko" - ''; - - dontStrip = true; - - enableParallelBuilding = true; - - meta = { - description = "Linux kernel drivers for Intel Ethernet adapters and LOMs (LAN On Motherboard)"; - homepage = https://github.com/dmarion/i40e; - license = lib.licenses.gpl2; - }; - }; -in -{ - i40e2 = i40e; - overlay = self: super: { - linuxPackages_5_4 = super.linuxPackages_5_4 // { inherit i40e; }; - }; -} - diff --git a/clusters/ekman/pubkeys/c0-1.pub b/clusters/ekman/pubkeys/c0-1.pub deleted file mode 100644 index 41e42c2..0000000 --- a/clusters/ekman/pubkeys/c0-1.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC11miL1X2hmZ+FZngDIMUECt8Mr7etEF1yXOXMBPwKSLhMaJnIo7+3C1oVlxf0MZjYMA0neIpSB/PpD1PZU89QBrL/HlnEHVChlNoPuTjN3SoMVSwClCf94VW4c5obK4b0EVbJujudreMC7q4sDOzcMVsBwWCZYmOroM1AqQ2dcZFWpj9hk7RWm3UlxnGG8ZPB9i6zzuKECp9W00RznxLaX0Ys6acXIrhg7N1CIZSWyQwQ6hb5bAz6rbTMgub3YZktckVgTlWnpyW6jfR4+xJW5fM5uVcW1kgSP/xQ+sAnAvH099ogBZSlv59oBL/jIGAVQwKptxkacues6drsohAocmstxVRyatBtEMBp5Grn+pzoDH6cIYTXy3qAgpUzQCnSsW6ttG2cVtPvw/3OSgYsJ1J0VHWfJ8AVBDpRahOa20A7hXR0RzbeRJ4xX4Fu4ndcaR+GTdLSBfb/WSyn1751WZmxqegFnjhuKNcxqKj2tjzm9/oKPtO0Ri8bIDVtLSjTJ4Vhed5I2X50Du9YBcbee1FtqHZV09OCfGRWKL39721b+gmC0JYKHCU6NpAnxa1jjrDJieYCKDsmQtXfWm1mtXeVir4I31ufWUJoGc0YTl/qWpcCVKPDmQHBRLvv7pqU2Fz/FkW+7mePf73Ympc1PRfxNoiP8oeQyPzsmN0liw== root@OBNODE01 diff --git a/clusters/ekman/pubkeys/ekman.pub b/clusters/ekman/pubkeys/ekman.pub deleted file mode 100644 index 0a83062..0000000 --- a/clusters/ekman/pubkeys/ekman.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCySwxKuwdqn+jaEi73BPSFslUoLW2St3FKZ1iojQa7H73SZDWQGCyyR9bwmMpjWUCXt/7aZmljF78MF9t/dE/ZJAQfxYv/rt6QCYDWLZBalyNQ2X3R7U2WNlZPF3KwnxnmOJOPCDKnHrbsGaUG7z6oERaCSgngY8haOVsHJIo55gpjBCkAT/WhvFQ4vcaECuJWVg619lebDVTAVNZDdI7I8KzezMOSX+dH1Z/nr90pq54ZunK5RmaMuYo7tb/PeD3T1/cbK8PUyZsx29iih8PtOwoIkeIaszvrk1BeJmFkhfUyuXZp3/a2BlZ01pIIf2RVpimsqCuk4vYw3OB8MQZDihBniYaNjvogsl7VGoVfGiJHb1az3P8NUYDl0kn7MaNJC5Mboaqj9DCDTAht6mTl3qLkDvpMnIAbxxRCNwqSxhfUvOZJRVe3qKWeKfggOeAWFwxy/Ij3EpiD5eiA/PnuZEA0iuJ+EPEbjJdlcUxy9ZjGgn3t0f5VygMV9E6v9fVF+79ocWqyuugwO/4WTWC/jqq5dfujNfsQ3QZ+wfsyuyZsDiCsqdk0GS3sE7ngy4aDs4G4qdkzB0USFaydv7R/Rbvsy2sLwivB+pLboVrnAVtDIlHuaKtMR1De/K9G4vvjEQ89T4Os3bMwkMY15HnEX5mO5vARnnz+VfGcKCbIIQ== root@OBNODE02 diff --git a/clusters/ekman/users.nix b/clusters/ekman/users.nix deleted file mode 100644 index df9fec6..0000000 --- a/clusters/ekman/users.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ pkgs, ... }: -{ - users.groups = { - jonas = { gid = 1000; }; - olean = { gid = 1001; }; - frankgaa = { gid = 1002; }; - bast = { gid = 1003; }; - stig = { gid = 1004; }; - - sif = { - gid = 11000; - members = [ - "jonas" - "olean" - "bast" - "frankgaa" - "stig" - ]; - }; - }; - - users.users = { - jonas = { - description = "Jonas Juselius"; - home = "/home/jonas"; - group = "jonas"; - extraGroups = [ - "users" - "wheel" - "root" - "adm" - "admin" - "cdrom" - "fuse" - "wireshark" - "libvirtd" - "networkmanager" - "tty" - "keys" - ]; - uid = 1000; - isNormalUser = true; - createHome = false; - useDefaultShell = false; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas-3" - ]; - }; - - olean = { - description = "Ole Anders Nøst"; - home = "/home/olean"; - group = "olean"; - extraGroups = [ - "users" - ]; - uid = 1001; - isNormalUser = true; - createHome = false; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlfc2r3mNkvmdta+H/5zfdFe6317zmCdhhPYbipaGVFPUZO2cCTgSso28oDvOpCDldo/wl3jUxYNDlwH8LYMqKT3aGaOZr8JbxYzd+L+5GM2KTD+4YRmPtpYS/LWcc3j+fiFXSgX6Mrrgf6ineCRuBxSooDVE+pBakM1U7d5NE25apaAvclzFTmZBg0Sf9e5sgHkR99r9DUeGEQWGNZVUGwti39dFVp+aC9dsA+1/OtNB/HMF5G1MMk9dqvN7n7i9o9Plef2DParn4QU1GhmUKeEiBe4OAmSP+WwD4YvK6iXSKZG6tuTEspw+mR3rK5gBHrEiaNlCtp7O9BnAw4Wjhw== rsa-key-20201218" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCp3QEG9uJq4EKMRWlBkqg/EQD6+2E90E6/1i+JLbiBYBSV6Yqac6KzyJezaVXzch+qm6FFXas3thaBScbA4cELkETaxyNzYG6sNcLyEhlQn51pEsq2mFiq8IiaMaDc55/2HTbXVrpNoTNQFt6lBwHziKQYuUI0H0cxze+ppp0ZJOu1MsayW8JOv75YSv6WFIDRR+KP6dOEBu1PsP6plTZwK94ogjQ+3KHGcMAnE3cf8VCEF8akNC6GRmCgXNZE4I9MmKTDr217OoFpnXAx5/KTvGo+USkXc6xn/vbQsni4ExwGlMTg97RK49wIHD1NfGxZ3sv7mZ+UQPqqmSxCG+zueJrR6BSBfbm7fw5KvRn69rOihapeo/6GoqqVDe4yn1imtojjHN6+9pgJ9E6o108qbXRw2X6t1KUuXrB+fTfUKvy0kWiJFIMDSUtKF/nhiES+aCI4b4WBwyg5hdKGvgJdjyUS7P/jYgqWRe+qmknAERtQKlFDA/C6ChsTXerFD5Ikvu3dajJUiDehszEON5F4JlxSf2VpUFCDLVNqV/GjJqOg90mXGDk82c+0ZHIUsPLsdqR+t/xnOSv1Ks9I5fId6g+3OlR1ifnb3Qm48QGKbi/CM8M/QXzv4VgeIkRTR0Oi4W0P1tpUSyPd1nyGaM/B/FqN52XIUjRqIfu0emwgiw== olean@navier" - ]; - }; - - frankgaa = { - description = "Frank Gaardsted"; - home = "/home/frankgaa"; - group = "frankgaa"; - extraGroups = [ - "users" - ]; - uid = 1002; - isNormalUser = true; - createHome = false; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTq/IAtLkvHaPKTsp5U9YnhBj7PLFflS9vWpm5e/bFXQkSShkqUOktff1GITIN+RTpUS8zF9UkJA8fj5K382DhIn4jVb9HvQzmHNBTxU5ClpOuKhfibrts5IKMLAiN1enwZYu0iUIVfDKTYmqgAnjN8B6OyzIAB8bsBUMdN29PEwJT4cCVRRySLRfoWiXiZKow71FzXIACgxMwGhj2fpslKQoat2LGny03XR7EZrv36u1OktT28Gxf4ZrGpT9+3SAyf7aW20xHALU/dHXVsfsuqnoqw1InZ5VhvIVtoIj+5Vc5dkTXkychL0Hb+WxiH5O/3T18YUqes08UPZX5G9kB fga@akvaplan.niva.no" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXv//iSTq5k1iYPZq9MKuF2OCE2UQPdR6TglWAeAnwL72UoKG068qDK3Ys+mFRY/S957hLn0FPFJPigcSaLzBq2v3G6kKySg68XWQfxBTSi5Wg81taNoJKQK+QAKfU2FiW9i1dLkvRKEXlY3tmF2mZLwqvrClRQMw8Nz0PQ5LnQfRgge07aXA3nDEf/nRuIaPG8zEki56lOONMWz4bGTjPn1y6y9gYAmskOc9w7uEOAy3VxkoR8fKvQM0ZTgt+6+68QxReyaDHH+12AqDxDy4wTCNX1LU902NDxyJZrUa2Xv9me2qN5O7hDOL/8S19MkJPBDEttMtA2rsFQlD9WYqycqgFhbOzLb7gixK1lrL3CYHsE9fXD2LuitSDXf79HFnCVHD5HJG7CbpIJLNNeTOCx94vspf9J8OENNdnNCgMFC1FKV/vdCiZ/RAOUCINrekvrX8FNjlXIhHOeK/gG6gP61oWpx3qbOExeMQTqWa9cGeHPtIdPiJVCza9Mg4X+0D9DCaP7KVLAxKioWqyd2WsyYeVhXA0OqnkEQk/jPZUjnxL1rnlH3I6QtVxHyqKcmmWEoRUnXId0ASUqx2hmsmI0TZD197PLFq53VO86v7jlAXLyzwmPh5VWdTOywklRpM29sZplVG/6gkHm/vM0DVSTEjVW+4mMFlzaiKgujH2fw== frankgaa@frankenstein" - ]; - }; - - bast = { - description = "Radovan Bast"; - home = "/home/bast"; - group = "bast"; - extraGroups = [ - "users" - "wheel" - "root" - ]; - uid = 1003; - isNormalUser = true; - createHome = false; - useDefaultShell = false; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbrEhm1acesXmbgfO5lN1gcTFXqusq61QyCZXunYJpl" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdcJteh9d/N1o8BbdEMRVxeMjm28saon/Oh2tV0+TYj" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEg6tHlB5xco85d4XJja71hz1nEe9wFF1+ht8oKULkwh" - ]; - }; - - stig = { - description = "Stig Rune Jensen"; - home = "/home/stig"; - group = "stig"; - extraGroups = [ - "users" - "wheel" - "root" - ]; - uid = 1004; - isNormalUser = true; - createHome = false; - useDefaultShell = false; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - ]; - }; - }; - -} diff --git a/clusters/fs1/default.nix b/clusters/fs1/default.nix deleted file mode 100644 index cd7480e..0000000 --- a/clusters/fs1/default.nix +++ /dev/null @@ -1,142 +0,0 @@ -let - # Pin the deployment package-set to a specific version of nixpkgs - # pkgs = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz"; - # sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36"; - # }) {}; - pkgs = import {}; - name = "fs1-0"; - address = "10.1.30.10"; -in { - fs1-0 = { config, pkgs, ... }: with pkgs; { - # deployment.tags = [ "fs" ]; - deployment.targetHost = address; - system.autoUpgrade.enable = lib.mkForce false; - - boot = { - loader.systemd-boot.enable = false; - loader.efi.canTouchEfiVariables = true; - loader.grub = { - enable = true; - version = 2; - device = "/dev/sda"; - }; - }; - - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n = { - defaultLocale = "en_DK.UTF-8"; - extraLocaleSettings = { - LC_TIME = "en_DK.UTF-8"; - }; - }; - - time.timeZone = "Europe/Oslo"; - - features = { - os = { - externalInterface = "ens3"; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5k0dXn60dZ3iORy99LVvgTldu9nYU1TJVL1wCJEqp kaih kubernetes" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4vSlN+vm9d5ZoDitR9b4zqx2Psqa6iH4dK5kN/NXy3 Steinar.Hansen@tromso.serit.no" - ]; - }; - - fs = { - enable = true; - nfs.enable = true; - nfs.exports = '' - /vol/brick0/nfs0 10.1.30.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) - ''; - initca = ./ca; - }; - - certs = { - enable = true; - caBundle = ./ca; - certs = [ - { - name = "fs1-0"; - SANs = [ "fs1-0.itpartner.intern" "10.1.30.10" ]; - owner = "nginx"; - group = "nginx"; - } - ]; - }; - }; - - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - }; - }; - - services.minio = { - enable = true; - region = "fs1"; - browser = true; - accessKey = "admin"; - secretKey = "en to tre fire"; - listenAddress = "0.0.0.0:9000"; - dataDir = [ "/vol/s3" ]; - }; - - networking = { - hostName = name; - domain = "itpartner.intern"; - defaultGateway = "10.1.30.1"; - nameservers = [ "8.8.8.8" ]; - search = [ "itpartner.intern" "itpartner.no" ]; - extraHosts = import ../hosts.nix; - interfaces.ens3 = { - useDHCP = false; - ipv4.addresses = [ { - address = address; - prefixLength = 24; - } ]; - }; - firewall = { - allowedTCPPorts = [ 443 9000 9001 ]; - allowedUDPPorts = []; - }; - }; - - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "fs1-0.itpartner.intern" = { - forceSSL = true; - enableACME = false; - sslTrustedCertificate = "/var/lib/secrets/ca.pem"; - sslCertificate = "/var/lib/secrets/fs1-0.pem"; - sslCertificateKey = "/var/lib/secrets/fs1-0-key.pem"; - serverAliases = []; - locations."/" = { - proxyPass = "http://127.0.0.1:9001"; - extraConfig = '' - allow all; - ''; - }; - }; - - }; - }; - - # nixos 21.11 will fix this properly - nixpkgs.overlays = [ (import ../../modules/overlays/minio.nix) ]; - systemd.services.minio.serviceConfig.ExecStart = lib.mkForce - "${pkgs.minio}/bin/minio server --json --address :9000 --console-address :9001 --config-dir=/var/lib/minio/config /vol/s3"; - - imports = [ ../../nixos ../../modules ./fs1-0.nix ]; - }; -} diff --git a/clusters/fs1/fs1-0.nix b/clusters/fs1/fs1-0.nix deleted file mode 100644 index 9ed7a96..0000000 --- a/clusters/fs1/fs1-0.nix +++ /dev/null @@ -1,28 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/6b3d4c49-9719-49b3-8210-d53374cd0eff"; - fsType = "ext4"; - }; - fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/c1e78683-4fde-4029-a9f3-7631df649b2f"; - fsType = "ext4"; - }; - fileSystems."/vol/brick0" = - { device = "/dev/gfs_vg/brick0"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - -} diff --git a/clusters/fs2/default.nix b/clusters/fs2/default.nix deleted file mode 100644 index 753b5dd..0000000 --- a/clusters/fs2/default.nix +++ /dev/null @@ -1,148 +0,0 @@ -let - # Pin the deployment package-set to a specific version of nixpkgs - # pkgs = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz"; - # sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36"; - # }) {}; - pkgs = import {}; - name = "fs2-0"; - address = "10.1.8.10"; -in { - fs2-0 = { config, pkgs, ... }: with pkgs; { - # deployment.tags = [ "fs" ]; - deployment.targetHost = address; - system.autoUpgrade.enable = lib.mkForce false; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n = { - defaultLocale = "en_DK.UTF-8"; - extraLocaleSettings = { - LC_TIME = "en_DK.UTF-8"; - }; - }; - - time.timeZone = "Europe/Oslo"; - - environment.etc = { - minio-rootcredentials = { - text = '' - accessKey="admin" - secretKey="en to tre fire" - ''; - mode = "640"; - }; - }; - - features = { - os = { - externalInterface = "eth0"; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5k0dXn60dZ3iORy99LVvgTldu9nYU1TJVL1wCJEqp kaih kubernetes" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4vSlN+vm9d5ZoDitR9b4zqx2Psqa6iH4dK5kN/NXy3 Steinar.Hansen@tromso.serit.no" - ]; - }; - - fs = { - enable = true; - nfs.enable = true; - nfs.exports = '' - /vol/export 10.1.8.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) - ''; - initca = ./ca; - }; - - certs = { - enable = true; - caBundle = ./ca; - certs = [ - { - name = "fs2-0"; - SANs = [ "fs2-0.itpartner.intern" "10.1.8.10" ]; - owner = "nginx"; - group = "nginx"; - } - ]; - }; - }; - - services.minio = { - enable = true; - region = "fs2"; - browser = true; - # accessKey = "admin"; - # secretKey = "en to tre fire"; DEPRECATED - listenAddress = "0.0.0.0:9000"; - rootCredentialsFile = "/etc/minio-rootcredentials"; - dataDir = [ "/vol/s3" ]; - }; - - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - }; - }; - - networking = { - hostName = name; - domain = "itpartner.intern"; - defaultGateway = "10.1.8.1"; - nameservers = [ "8.8.8.8" ]; - search = [ "itpartner.intern" "itpartner.no" ]; - extraHosts = import ../hosts.nix; - interfaces.eth0 = { - useDHCP = false; - ipv4.addresses = [ { - address = address; - prefixLength = 24; - } ]; - }; - firewall = { - allowedTCPPorts = [ 443 9000 9001 ]; - allowedUDPPorts = []; - }; - }; - - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "fs2-0.itpartner.intern" = { - forceSSL = true; - enableACME = false; - sslTrustedCertificate = "/var/lib/secrets/ca.pem"; - sslCertificate = "/var/lib/secrets/fs2-0.pem"; - sslCertificateKey = "/var/lib/secrets/fs2-0-key.pem"; - serverAliases = []; - locations."/" = { - proxyPass = "http://127.0.0.1:9001"; - extraConfig = '' - allow all; - ''; - }; - }; - - }; - }; - - # nixos 21.11 will fix this properly - nixpkgs.overlays = [ (import ../../modules/overlays/minio.nix) ]; - systemd.services.minio.serviceConfig.ExecStart = lib.mkForce - "${pkgs.minio}/bin/minio server --json --address :9000 --console-address :9001 --config-dir=/var/lib/minio/config /vol/s3"; - - imports = [ ../../nixos ../../modules ./fs2-0.nix ]; - }; -} diff --git a/clusters/fs2/fs2-0.nix b/clusters/fs2/fs2-0.nix deleted file mode 100644 index f6a47f8..0000000 --- a/clusters/fs2/fs2-0.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/92f12271-8191-4a81-9f9b-207484df78c3"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2D29-80C5"; - fsType = "vfat"; - }; - - fileSystems."/vol" = - { device = "/dev/disk/by-label/data0"; - fsType = "ext4"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/d5f024b4-0b94-4140-9a1e-2c8ed4415d3b"; } - ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k0/cluster.nix b/clusters/k0/cluster.nix deleted file mode 100644 index 1cdaad4..0000000 --- a/clusters/k0/cluster.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ pkgs, lib, config, ... }: -with lib; -let - cfg = config.features.host; - - mkSANs = host: [ - host.name - host.address - "127.0.0.1" - ]; - - configuration = { - deployment.targetHost = cfg.address; - system.autoUpgrade.enable = lib.mkForce false; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n = { - defaultLocale = "en_DK.UTF-8"; - extraLocaleSettings = { - LC_TIME = "en_DK.UTF-8"; - }; - }; - - time.timeZone = "Europe/Oslo"; - - features = { - os = { - externalInterface = "eth0"; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlHx2RWPvBhYzevQE+llnyDuInSsyhs6PFaoavtEB2VLr2gOFxDZW5VmDXlorAXtCpcPpJdYbnPuRWZd0m5950BatWy5UPgDIK2Qm5XABlq6/tXzHJme9PJHcXwo6WStaB31RiJs9nhdYIhPRjcbeFdx/7Fz3atVikE6YUtb8a7YGeKgZh6ashtYPpG3oSBLn1menjk6CxVRt16de3PoDlYav/J8WPbaGJqcPIU9rjzqJkI4aG1txSyJ8Vt2vawQKnzPZCuQAdWgquE3CbJkJbgoh2TKmHds71WMTg3ZXz2KfVjdN8IXCTxdySlgVVAN6x0usGVnA22XnMYQEgbcb3Q== kai.simen" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5k0dXn60dZ3iORy99LVvgTldu9nYU1TJVL1wCJEqp kaih kubernetes" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4vSlN+vm9d5ZoDitR9b4zqx2Psqa6iH4dK5kN/NXy3 Steinar.Hansen@tromso.serit.no" - ]; - }; - - k8s = { - enable = true; - node.enable = mkDefault true; - clusterName = "k0"; - initca = ./ca; - cidr = "10.100.0.0/16"; - master = { - name = "k0-0"; - address = "10.1.8.50"; - extraSANs = [ "k0.itpartner.no" ]; - }; - ingressNodes = [ - "k0-0.itpartner.intern" - "k0-1.itpartner.intern" - "k0-2.itpartner.intern" - ]; - fileserver = "fs2-0"; - charts = { - acme_email = "innovasjon@itpartner.no"; - grafana_smtp_user = "utvikling"; - grafana_smtp_password = "S0m3rp0m@de#21!"; - }; - }; - }; - - networking = { - hostName = cfg.name; - domain = "itpartner.intern"; - nameservers = [ "8.8.8.8" ]; - search = [ "itpartner.no" ]; - defaultGateway = "10.1.8.1"; - extraHosts = import ../hosts.nix; - interfaces.eth0 = { - useDHCP = false; - ipv4.addresses = [ { - address = cfg.address; - prefixLength = 24; - } ]; - }; - }; - - services.kubernetes.kubelet.extraSANs = mkSANs { - name = cfg.name; - address = cfg.address; - }; - - fileSystems = { - "/vol/local-storage/vol1" = { - device = "/vol/vol1"; - options = [ "bind" ]; - }; - "/vol/local-storage/vol2" = { - device = "/vol/vol2"; - options = [ "bind" ]; - }; - }; - }; -in { - # options.node = { - # address = mkOption { - # type = types.str; - # default = null; - # }; - - # name = mkOption { - # type = types.str; - # default = null; - # }; - # }; - - config = configuration; - - imports = [ - ../../modules - ../../nixos - ]; -} - diff --git a/clusters/k0/default.nix b/clusters/k0/default.nix deleted file mode 100644 index 5b3e58f..0000000 --- a/clusters/k0/default.nix +++ /dev/null @@ -1,54 +0,0 @@ -# Pin the deployment package-set to a specific version of nixpkgs -# with import ../nixos-21.05.nix {}; -with import {}; -let - etcdNodes = { - k0-0 = "10.1.8.50"; - k0-1 = "10.1.8.51"; - k0-2 = "10.1.8.52"; - }; - - etcdCluster = { - enable = true; - existing = true; - nodes = etcdNodes; - }; - - master = { - features.host = { - name = "k0-0"; - address = "10.1.8.50"; - }; - features.k8s = { - master.enable = true; - master.socat443 = true; - nodes = nodes; - inherit etcdCluster; - }; - imports = [ ./cluster.nix ./hw/k0-0.nix ]; - }; - - nodes = [ - { name = "k0-1"; address = "10.1.8.51"; } - { name = "k0-2"; address = "10.1.8.52"; } - ]; - - mkNode = x: { - "${x.name}" = - lib.mkMerge [ - { - features.host = x; - } - (if builtins.hasAttr x.name etcdNodes then - { - features.k8s = { inherit etcdCluster; }; - } - else {}) - ] - // { imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; }; - }; - -in - builtins.foldl' (a: x: a // mkNode x) { - "${master.features.host.name}" = master; - } nodes diff --git a/clusters/k0/hw/k0-0.nix b/clusters/k0/hw/k0-0.nix deleted file mode 100644 index 2e322b6..0000000 --- a/clusters/k0/hw/k0-0.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a6915f49-234d-4ec1-ab1c-87a529b7b36b"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/29C6-3721"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k0/hw/k0-1.nix b/clusters/k0/hw/k0-1.nix deleted file mode 100644 index 9e9bfb3..0000000 --- a/clusters/k0/hw/k0-1.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/0f636fe0-cd3c-4c82-b936-bb53a07ded6b"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/29AC-47D5"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k0/hw/k0-2.nix b/clusters/k0/hw/k0-2.nix deleted file mode 100644 index 4110d2d..0000000 --- a/clusters/k0/hw/k0-2.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/bf2f7548-1a5d-4b02-a684-f666e3563eaf"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2A74-A44E"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k0/k0.nix b/clusters/k0/k0.nix deleted file mode 100644 index d592370..0000000 --- a/clusters/k0/k0.nix +++ /dev/null @@ -1,44 +0,0 @@ -let - # Pin the deployment package-set to a specific version of nixpkgs - # pkgs = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz"; - # sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36"; - # }) {}; - pkgs = import {}; - - master = { - deployment.tags = [ "master" ]; - node.name = "k0-0"; - node.address = "10.1.8.50"; - features.k8s.master.enable = true; - features.k8s.nodes = nodes; - imports = [ ./cluster.nix ./hw/k0-0.nix ]; - }; - - nodes = [ - { name = "k0-1"; address = "10.1.8.51"; } - { name = "k0-2"; address = "10.1.8.52"; } - ]; - - mkNode = x: { - "${x.name}" = { config, pkgs, ... }: { - deployment.tags = [ "node" ]; - node.name = x.name; - node.address = x.address; - imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; - }; - }; - -in -{ - network = { - inherit pkgs; - description = "k0"; - ordering = { - tags = [ "master" "node" ]; - }; - }; -} // builtins.foldl' (a: x: a // mkNode x) { - "${master.node.name}" = master; - } nodes - diff --git a/clusters/k1/cluster.nix b/clusters/k1/cluster.nix deleted file mode 100644 index de11476..0000000 --- a/clusters/k1/cluster.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ pkgs, lib, config, ... }: -with lib; -let - cfg = config.features.host; - - mkSANs = host: [ - host.name - host.address - "127.0.0.1" - ]; - - configuration = { - deployment.targetHost = cfg.address; - system.autoUpgrade.enable = lib.mkForce false; - - boot = { - loader.systemd-boot.enable = false; - loader.efi.canTouchEfiVariables = true; - loader.grub = { - enable = true; - version = 2; - device = "/dev/sda"; - }; - }; - - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n = { - defaultLocale = "en_DK.UTF-8"; - extraLocaleSettings = { - LC_TIME = "en_DK.UTF-8"; - }; - }; - - time.timeZone = "Europe/Oslo"; - - features = { - os = { - externalInterface = "ens3"; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmqQuK1c56lBhSjWIXDFaaL44rm61Q15RULEI1qFd+mqVNNsrQ4t+IEx8rh99SYF0C8oD4eJqO78H+XkRBFCP/d/VArtPOdCAl9fPPHXtT3KgPywwRccVG7qpOsKs4VZmVM/Hd5t7cfkaeF0v+CWrodVxqozHxLPwkQ0xVg4bVpo8+9OZ2Hy09F3yBJviDvxcWtevFeUUeFX4rdNVnX5ew2knmDXn6/EFuIHhTYIlYMlIXOdCejPrRqcgw0F1sJSzOX7u+bumeOHJ1LBaHnts2y9Sc5tDQ5mpbWG868WkRhElnhOYzlDpqUxlhJRfQnsFvyHGbmDetzOS9uJTZDrdCTScjmEGxWyMh/dY5e3SVe8pEsIY5lWjyxkavkBUWTdLsV4a1oQjnwbvGWJQI2rYYBjDw2N4RU3j388P6H2IjAhtTwtCX2V8Qji27Y4U3RRzzY+UWqAyEiPNVNLXmnPTivXtEHL4fqVmDjLRoGwrvQ77Ir2V9bdaJ8sYwCbaktyQ2rwYDU+4yjlnJo2Ftb4iTgrlVorIFn+Ovu3UvG6ygxVjKaoJ9ka3w8hMIb4EA3lw7DlIVd1elbMgsybLiiamf5aPPZ/W5EPQ53aAs1ef6OPkOWW+SdIgZBXYL3lFuDc/15vmnWyVomrOf7/sWTTUkxp1YfgaLi7+YcSMfz/ZBDQ== rjod@SWAMPTHING" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEN59dUXFwoGL3reyVukqZA59fKJOCUZg19zndEqmnv39/Wi5JGS8uwSjetpwrmtwdwc4pq4fOeiAHtWm6oq7dNjMEvUqP2THehGXMr+fK4ElDgrA1NzUxvSXFhTmuQXGGNt7hl8Knsr5ySkLWrmcWkUn6z8rvefx++pTh3J7oDCYugTW/VGQaKYxHwQfZf1goppkQo8tJH5crJwgeaiTCn6645+rkVTYIzY4JVvXlvNuYWxwUaaeV7ztvdkHJc6WGCWQZGg9M3fYp52tC4HOlZ2aWRQ3PJuQ4wpNHGODwsZqB0yNgGnWZ9KH5+sOz0+3He5ZIPJo89HaqGCZi8wWNfhm+GHMDysxA2Ht+hvgBDccN9dDaSvXlUP1EtgFp8rG2baXEeHk3qMMJACxNuqVf4d8j/WIf0O5KswsiCLxdJFEcfDv573iA6rmM6R6oVvlAmO76K+sCD2T2Uy9WGlGIKdGtvC9dhbiB6d8clO4qDRzBPk6EUEFRFxwo4JkRx7XKpJkmbIl1gT22Btkwf5qjyPp025opaNFeEsP5s3LV0e+RY8VN0SpnOBdfyfwiXRDbunqRqZ662aBLGH0dAY1ocfUO1CdZerJ2ceLEY8ma/rC045arzwx4v+R538SnokyKzWsfwGWB7VzdwQZ2os/hLA6wmu9RPhuzmNFzjdrIsQ== remi@fork" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no" - ]; - }; - - k8s = { - enable = true; - node.enable = true; - clusterName = "k1"; - initca = ./ca; - cidr = "10.11.0.0/16"; - master = { - name = "k1-0"; - address = "10.1.30.100"; - extraSANs = [ "k1.itpartner.no" ]; - }; - ingressNodes = [ - "k1-0.itpartner.intern" - "k1-1.itpartner.intern" - "k1-2.itpartner.intern" - ]; - fileserver = "fs1-0"; - charts = { - acme_email = "innovasjon@itpartner.no"; - grafana_smtp_user = "utvikling"; - grafana_smtp_password = "S0m3rp0m@de#21!"; - }; - }; - }; - - networking = { - hostName = cfg.name; - domain = "itpartner.intern"; - nameservers = [ "8.8.8.8" ]; - search = [ "itpartner.no" ]; - defaultGateway = "10.1.30.1"; - extraHosts = import ../hosts.nix; - interfaces.ens3 = { - useDHCP = false; - ipv4.addresses = [ { - address = cfg.address; - prefixLength = 24; - } ]; - }; - }; - - services.kubernetes.kubelet.extraSANs = mkSANs { - name = cfg.name; - address = cfg.address; - }; - - fileSystems = { - "/vol/local-storage/vol1" = { - device = "/vol/vol1"; - options = [ "bind" ]; - }; - "/vol/local-storage/vol2" = { - device = "/vol/vol2"; - options = [ "bind" ]; - }; - }; - }; -in { - config = configuration; - - imports = [ - ../../modules - ../../nixos - ]; -} diff --git a/clusters/k1/default.nix b/clusters/k1/default.nix deleted file mode 100644 index 85537aa..0000000 --- a/clusters/k1/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -with import {}; -let - etcdNodes = { - k1-0 = "10.1.30.100"; - k1-1 = "10.1.30.101"; - k1-2 = "10.1.30.102"; - }; - - etcdCluster = { - enable = true; - existing = true; - nodes = etcdNodes; - }; - - master = { - features.host = { - name = "k1-0"; - address = "10.1.30.100"; - }; - features.k8s = { - host.name = "k1-0"; - host.address = "10.1.30.100"; - master.enable = true; - master.socat443 = true; - nodes = nodes; - inherit etcdCluster; - }; - imports = [ ./cluster.nix ./hw/k1-0.nix ]; - }; - - nodes = [ - { name = "k1-1"; address = "10.1.30.101"; } - { name = "k1-2"; address = "10.1.30.102"; } - { name = "k1-3"; address = "10.1.30.103"; } - { name = "k1-4"; address = "10.1.30.104"; } - { name = "k1-5"; address = "10.1.30.105"; } - ]; - - mkNode = x: { - "${x.name}" = - lib.mkMerge [ - { - features.host = x; - } - (if builtins.hasAttr x.name etcdNodes then - { - features.k8s = { inherit etcdCluster; }; - } - else {}) - ] - // { imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; }; - }; - -in - builtins.foldl' (a: x: a // mkNode x) { - "${master.features.host.name}" = master; - } nodes - diff --git a/clusters/k1/hw/k1-0.nix b/clusters/k1/hw/k1-0.nix deleted file mode 100644 index 5e5d1e2..0000000 --- a/clusters/k1/hw/k1-0.nix +++ /dev/null @@ -1,21 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/2e7ba83d-014f-4ef5-a1ce-fc9e34ce7b83"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} diff --git a/clusters/k1/hw/k1-1.nix b/clusters/k1/hw/k1-1.nix deleted file mode 100644 index 910e695..0000000 --- a/clusters/k1/hw/k1-1.nix +++ /dev/null @@ -1,21 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/70b9d730-9cb6-48e2-8e00-fa78c8feefdf"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} diff --git a/clusters/k1/hw/k1-2.nix b/clusters/k1/hw/k1-2.nix deleted file mode 100644 index f0575f4..0000000 --- a/clusters/k1/hw/k1-2.nix +++ /dev/null @@ -1,21 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/83bb471d-1db7-4c0b-b8aa-8111730a1ea9"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} diff --git a/clusters/k1/hw/k1-3.nix b/clusters/k1/hw/k1-3.nix deleted file mode 100644 index fe4ae9d..0000000 --- a/clusters/k1/hw/k1-3.nix +++ /dev/null @@ -1,21 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/67441b95-19f2-484d-b57b-3f4b2a55f3cc"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} diff --git a/clusters/k1/hw/k1-4.nix b/clusters/k1/hw/k1-4.nix deleted file mode 100644 index b8d9582..0000000 --- a/clusters/k1/hw/k1-4.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "uhci_hcd" "ehci_pci" "ahci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/8f42bf5b-67bf-401a-97ae-969fd4c808cf"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - -} diff --git a/clusters/k1/hw/k1-5.nix b/clusters/k1/hw/k1-5.nix deleted file mode 100644 index b8d9582..0000000 --- a/clusters/k1/hw/k1-5.nix +++ /dev/null @@ -1,23 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "uhci_hcd" "ehci_pci" "ahci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/8f42bf5b-67bf-401a-97ae-969fd4c808cf"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - -} diff --git a/clusters/k1/k1.nix b/clusters/k1/k1.nix deleted file mode 100644 index 443f7f3..0000000 --- a/clusters/k1/k1.nix +++ /dev/null @@ -1,45 +0,0 @@ -let - # Pin the deployment package-set to a specific version of nixpkgs - # pkgs = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz"; - # sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36"; - # }) {}; - pkgs = import {}; - - master = { - deployment.tags = [ "master" ]; - node.name = "k1-0"; - node.address = "10.1.30.100"; - features.k8s.master.enable = true; - features.k8s.nodes = nodes; - imports = [ ./cluster.nix ./hw/k1-0.nix ]; - }; - - nodes = [ - { name = "k1-1"; address = "10.1.30.101"; } - { name = "k1-2"; address = "10.1.30.102"; } - { name = "k1-3"; address = "10.1.30.103"; } - ]; - - mkNode = x: { - "${x.name}" = { config, pkgs, ... }: { - deployment.tags = [ "node" ]; - node.name = x.name; - node.address = x.address; - imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; - }; - }; - -in -{ - network = { - inherit pkgs; - description = "k1"; - ordering = { - tags = [ "master" "node" ]; - }; - }; -} // builtins.foldl' (a: x: a // mkNode x) { - "${master.node.name}" = master; - } nodes - diff --git a/clusters/k2/cluster.nix b/clusters/k2/cluster.nix deleted file mode 100644 index b9c6201..0000000 --- a/clusters/k2/cluster.nix +++ /dev/null @@ -1,115 +0,0 @@ -{ pkgs, lib, config, ... }: -with lib; -let - cfg = config.features.host; - - mkSANs = host: [ - host.name - host.address - "127.0.0.1" - ]; - - configuration = { - deployment.targetHost = cfg.address; - system.autoUpgrade.enable = lib.mkForce false; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n = { - defaultLocale = "en_DK.UTF-8"; - extraLocaleSettings = { - LC_TIME = "en_DK.UTF-8"; - }; - }; - - time.timeZone = "Europe/Oslo"; - - features = { - os = { - externalInterface = "eth0"; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlHx2RWPvBhYzevQE+llnyDuInSsyhs6PFaoavtEB2VLr2gOFxDZW5VmDXlorAXtCpcPpJdYbnPuRWZd0m5950BatWy5UPgDIK2Qm5XABlq6/tXzHJme9PJHcXwo6WStaB31RiJs9nhdYIhPRjcbeFdx/7Fz3atVikE6YUtb8a7YGeKgZh6ashtYPpG3oSBLn1menjk6CxVRt16de3PoDlYav/J8WPbaGJqcPIU9rjzqJkI4aG1txSyJ8Vt2vawQKnzPZCuQAdWgquE3CbJkJbgoh2TKmHds71WMTg3ZXz2KfVjdN8IXCTxdySlgVVAN6x0usGVnA22XnMYQEgbcb3Q== kai.simen" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5k0dXn60dZ3iORy99LVvgTldu9nYU1TJVL1wCJEqp kaih kubernetes" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4vSlN+vm9d5ZoDitR9b4zqx2Psqa6iH4dK5kN/NXy3 Steinar.Hansen@tromso.serit.no" - ]; - }; - - k8s = { - enable = true; - node.enable = true; - clusterName = "k2"; - initca = ./ca; - cidr = "10.100.0.0/16"; - master = { - name = "k2-0"; - address = "10.1.8.60"; - extraSANs = [ "k2.itpartner.no" ]; - }; - ingressNodes = [ - "k2-0.itpartner.intern" - "k2-1.itpartner.intern" - "k2-2.itpartner.intern" - ]; - fileserver = "fs2-0"; - charts = { - acme_email = "innovasjon@itpartner.no"; - grafana_smtp_user = "utvikling"; - grafana_smtp_password = "S0m3rp0m@de#21!"; - }; - }; - }; - - fileSystems = { - "/vol/local-storage/vol1" = { - device = "/vol/vol1"; - options = [ "bind" ]; - }; - "/vol/local-storage/vol2" = { - device = "/vol/vol2"; - options = [ "bind" ]; - }; - }; - - networking = { - hostName = cfg.name; - domain = "itpartner.intern"; - nameservers = [ "8.8.8.8" ]; - search = [ "itpartner.no" ]; - defaultGateway = "10.1.8.1"; - extraHosts = import ../hosts.nix; - interfaces.eth0 = { - useDHCP = false; - ipv4.addresses = [ { - address = cfg.address; - prefixLength = 24; - } ]; - }; - }; - - services.kubernetes.kubelet.extraSANs = mkSANs { - name = cfg.name; - address = cfg.address; - }; - - }; -in { - config = configuration; - - imports = [ - ../../modules - ../../nixos - ]; -} - diff --git a/clusters/k2/default.nix b/clusters/k2/default.nix deleted file mode 100644 index 7cec877..0000000 --- a/clusters/k2/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -with import {}; -let - etcdNodes = { - k2-0 = "10.1.8.60"; - k2-1 = "10.1.8.61"; - k2-2 = "10.1.8.62"; - }; - - etcdCluster = { - enable = true; - existing = true; - nodes = etcdNodes; - }; - - master = { - features.host = { - name = "k2-0"; - address = "10.1.8.60"; - }; - features.k8s = { - master.enable = true; - master.socat443 = true; - nodes = nodes; - inherit etcdCluster; - }; - imports = [ ./cluster.nix ./hw/k2-0.nix ]; - }; - - nodes = [ - { name = "k2-1"; address = "10.1.8.61"; } - { name = "k2-2"; address = "10.1.8.62"; } - { name = "k2-3"; address = "10.1.8.63"; } - { name = "k2-4"; address = "10.1.8.64"; } - { name = "k2-5"; address = "10.1.8.65"; } - { name = "k2-6"; address = "10.1.8.66"; } - ]; - - mkNode = x: { - "${x.name}" = - lib.mkMerge [ - { - features.host = x; - } - (if builtins.hasAttr x.name etcdNodes then - { - features.k8s = { inherit etcdCluster; }; - } - else {}) - # (if x.name == "k2-6" then - # { - # services.kubernetes.kubelet.taints.sonarqube = { - # key = "reserved"; - # value = "sonarqube"; - # effect = "NoSchedule"; - # }; - # } - # else {}) - ] - // { imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; }; - }; -in - builtins.foldl' (a: x: a // mkNode x) { - "${master.features.host.name}" = master; - } nodes diff --git a/clusters/k2/hw/k2-0.nix b/clusters/k2/hw/k2-0.nix deleted file mode 100644 index 3613065..0000000 --- a/clusters/k2/hw/k2-0.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/538136b2-8d66-4269-ba9d-03d9c4753670"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/4122-992F"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k2/hw/k2-1.nix b/clusters/k2/hw/k2-1.nix deleted file mode 100644 index 979f8d5..0000000 --- a/clusters/k2/hw/k2-1.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/9a8d3dae-d0e9-4af1-8eb0-a700cbd483c3"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/42A8-FFF9"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k2/hw/k2-2.nix b/clusters/k2/hw/k2-2.nix deleted file mode 100644 index ae4a935..0000000 --- a/clusters/k2/hw/k2-2.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/43f630c2-faeb-44bf-8978-9832de9a2122"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/43BB-4E5C"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k2/hw/k2-3.nix b/clusters/k2/hw/k2-3.nix deleted file mode 100644 index d830121..0000000 --- a/clusters/k2/hw/k2-3.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/402e3cc9-fab6-44b8-aeb9-62aac9a3712d"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/4476-D001"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k2/hw/k2-4.nix b/clusters/k2/hw/k2-4.nix deleted file mode 100644 index d0dc905..0000000 --- a/clusters/k2/hw/k2-4.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/663b0ba7-962a-4ec2-b0cd-09472a03f6dd"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/45CE-83A2"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k2/hw/k2-5.nix b/clusters/k2/hw/k2-5.nix deleted file mode 100644 index 38edc36..0000000 --- a/clusters/k2/hw/k2-5.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/9e5acd6c-3e18-40c0-9826-a620812a7bff"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/255E-65E7"; - fsType = "vfat"; - }; - - swapDevices = []; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k2/hw/k2-6.nix b/clusters/k2/hw/k2-6.nix deleted file mode 100644 index 7201fd4..0000000 --- a/clusters/k2/hw/k2-6.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/b34e8c50-665b-4a30-99cb-f845d2313cb8"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/51AC-7FD0"; - fsType = "vfat"; - }; - - swapDevices = []; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/k2/k2.nix b/clusters/k2/k2.nix deleted file mode 100644 index a4ba509..0000000 --- a/clusters/k2/k2.nix +++ /dev/null @@ -1,45 +0,0 @@ -let - # Pin the deployment package-set to a specific version of nixpkgs - # pkgs = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz"; - # sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36"; - # }) {}; - pkgs = import {}; - - master = { - deployment.tags = [ "master" ]; - node.name = "k2-0"; - node.address = "10.1.8.60"; - features.k8s.master.enable = true; - features.k8s.nodes = nodes; - imports = [ ./cluster.nix ./hw/k2-0.nix ]; - }; - - nodes = [ - { name = "k2-1"; address = "10.1.8.61"; } - { name = "k2-2"; address = "10.1.8.62"; } - { name = "k2-3"; address = "10.1.8.63"; } - { name = "k2-4"; address = "10.1.8.64"; } - ]; - - mkNode = x: { - "${x.name}" = { config, pkgs, ... }: { - deployment.tags = [ "node" ]; - node = x; - imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; - }; - }; - -in -{ - network = { - inherit pkgs; - description = "k2"; - ordering = { - tags = [ "master" "node" ]; - }; - }; -} // builtins.foldl' (a: x: a // mkNode x) { - "${master.node.name}" = master; - } nodes - diff --git a/clusters/nixos-21.05.nix b/clusters/nixos-21.05.nix deleted file mode 100644 index 2de087a..0000000 --- a/clusters/nixos-21.05.nix +++ /dev/null @@ -1,4 +0,0 @@ -import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/ad6e733d633802620b5eec9be91e837973eac18a.tar.gz"; - sha256 = "0220v3389awigxih0hrphnnc22gmslliv1q6f0f2cjk6ibhq5fff"; -}) diff --git a/clusters/nixos-21.11.nix b/clusters/nixos-21.11.nix deleted file mode 100644 index 96282d2..0000000 --- a/clusters/nixos-21.11.nix +++ /dev/null @@ -1,5 +0,0 @@ -import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/573603b7fdb9feb0eb8efc16ee18a015c667ab1b.tar.gz"; - sha256 = "1aa3wshxys9wrb4n0kxp3glvz06mv078kwl6m3v79cyr4gvmjh9q"; -}) - diff --git a/clusters/psql1/default.nix b/clusters/psql1/default.nix deleted file mode 100644 index 0f31fcf..0000000 --- a/clusters/psql1/default.nix +++ /dev/null @@ -1,99 +0,0 @@ -let - # Pin the deployment package-set to a specific version of nixpkgs - # pkgs = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz"; - # sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36"; - # }) {}; - pkgs = import {}; - - name = "psql1-0"; - address = "10.1.30.80"; -in { - psql1-0 = { config, pkgs, ... }: with pkgs; { - # deployment.tags = [ "db" ]; - deployment.targetHost = address; - system.autoUpgrade.enable = lib.mkForce false; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n = { - defaultLocale = "en_DK.UTF-8"; - extraLocaleSettings = { - LC_TIME = "en_DK.UTF-8"; - }; - }; - - time.timeZone = "Europe/Oslo"; - - features = { - os = { - externalInterface = "ens6"; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - }; - }; - - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - }; - }; - - networking = { - hostName = name; - domain = "itpartner.intern"; - defaultGateway = "10.1.30.1"; - nameservers = [ "8.8.8.8" ]; - search = [ "itpartner.intern" "itpartner.no" ]; - extraHosts = import ../hosts.nix; - interfaces.ens6 = { - useDHCP = false; - ipv4.addresses = [ { - address = address; - prefixLength = 24; - } ]; - }; - firewall.allowedTCPPorts = [ 5432 ]; - }; - - services.postgresql = { - enable = true; - dataDir = "/data/postgresql"; - enableTCPIP = true; - identMap = '' - nixos root postgres - nixos admin postgres - ''; - authentication = pkgs.lib.mkOverride 11 '' - local all all trust - host all all ::1/128 trust - host all all ::1/128 md5 - host all postgres 127.0.0.1/32 md5 - host all postgres ::1/128 md5 - host all postgres 10.1.8.0/24 md5 - host all postgres 10.1.30.0/24 md5 - host score consto 10.1.8.0/24 md5 - host score consto 10.1.30.0/24 md5 - host score consto all md5 - host mobilenews-provisioner mobilenews 10.1.8.0/24 md5 - host mobilenews-provisioner mobilenews 10.1.30.0/24 md5 - host all bizmart 10.1.8.0/24 md5 - host all bizmart 10.1.30.0/24 md5 - ''; - }; - - imports = [ ../../nixos ./psql1-0.nix ]; - }; -} diff --git a/clusters/psql1/psql1-0.nix b/clusters/psql1/psql1-0.nix deleted file mode 100644 index 7a148c6..0000000 --- a/clusters/psql1/psql1-0.nix +++ /dev/null @@ -1,35 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/49b61f5c-9dd6-4989-8d24-87e143a580ae"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/DCF5-0AA3"; - fsType = "vfat"; - }; - - fileSystems."/data" = - { device = "/dev/disk/by-label/psql"; - fsType = "ext4"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/137fc4ef-452d-4216-9f18-42cf859f77ce"; } - ]; - - nix.maxJobs = lib.mkDefault 4; - #virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/psql2/default.nix b/clusters/psql2/default.nix deleted file mode 100644 index d10e6a9..0000000 --- a/clusters/psql2/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -let - # Pin the deployment package-set to a specific version of nixpkgs - # pkgs = import (builtins.fetchTarball { - # url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz"; - # sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36"; - # }) {}; - pkgs = import {}; - - name = "psql2-0"; - address = "10.1.8.80"; -in { - psql2-0 = { config, pkgs, ... }: with pkgs; { - deployment.tags = [ "db" ]; - deployment.targetHost = address; - system.autoUpgrade.enable = lib.mkForce false; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n = { - defaultLocale = "en_DK.UTF-8"; - extraLocaleSettings = { - LC_TIME = "en_DK.UTF-8"; - }; - }; - - time.timeZone = "Europe/Oslo"; - - features = { - os = { - externalInterface = "eth0"; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - }; - }; - - networking = { - hostName = name; - domain = "itpartner.intern"; - defaultGateway = "10.1.8.1"; - nameservers = [ "8.8.8.8" ]; - search = [ "itpartner.intern" "itpartner.no" ]; - extraHosts = import ../hosts.nix; - interfaces.eth0 = { - useDHCP = false; - ipv4.addresses = [ { - address = address; - prefixLength = 24; - } ]; - }; - firewall.allowedTCPPorts = [ 5432 ]; - }; - - services.prometheus.exporters = { - node = { - enable = true; - openFirewall = true; - }; - }; - - services.postgresql = { - enable = true; - dataDir = "/data/postgresql"; - enableTCPIP = true; - identMap = '' - nixos root postgres - nixos admin postgres - ''; - authentication = pkgs.lib.mkOverride 11 '' - local all all trust - host all all ::1/128 trust - host all all ::1/128 md5 - host all postgres 127.0.0.1/32 md5 - host all postgres ::1/128 md5 - host all postgres 10.1.8.0/24 md5 - host all postgres 10.1.30.0/24 md5 - ''; - }; - - imports = [ ../../nixos ./psql2-0.nix ]; - }; -} diff --git a/clusters/psql2/psql2-0.nix b/clusters/psql2/psql2-0.nix deleted file mode 100644 index 05e454b..0000000 --- a/clusters/psql2/psql2-0.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/02bcc865-6f9f-4c8f-bd82-74989c6854cf"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9EB2-69DB"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/1e002a08-8014-4265-8557-1b64c9470d32"; } - ]; - - virtualisation.hypervGuest.enable = true; -} diff --git a/clusters/stokes/ca/ca-key.pem b/clusters/stokes/ca/ca-key.pem deleted file mode 100644 index 27920f7..0000000 --- a/clusters/stokes/ca/ca-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAukWIN5XpFB652nk7sPluIj56ScNljJNWBYesVh1828MPOUTz -ne81yHS0x7XUmpcyT7C6dPvUVrGYQFB2vj7JroSwN1XkYymtauPTZjWbzeWRlmgg -Gij1aQFNg/KzY3e0dpgUPI7MvPr1ISM5srnZtbTQrFf2ElswoTCO1cXDc252gnZa -EnzfRD7J6yz2Uv/1FRz/ZcoCeUbJrd5bcNI9gJaOy0140GGG67YdmepcAbWy1NbA -MZRBjaTQ+feEVkJxPcQ5fj1HkCDnLrcxJfw1IhodVe4WKNHriAFGrSKrH3UKoN9D -UmSTF9UDQkNA/s54dhBr1bEkne1mDll0afaXjwIDAQABAoIBADecdrSRrwpwue/9 -7dJCRZ03pe7LxU+Y1T/FZ7A2EYbSz4K7kTf/qMD2Btrw8E5PAZhFHQW8AYL4dooM -+8aEnFXcC3gZzpvEX5/f8Mc9Dg0EktiisaLdw5bb6raQCPqTTG9zq+cAgyOQkQqZ -p6oyTksvdnVdtXt5eiVFh/9OkbGuL7cDE6m7sWC9R0zgPBamM8W40IhbjqPhwnfJ -X2gtNAs28i4M9hr0yYJm98TxyNOeiYqtTkFAQ8eQG4orOfH5oM7N6g1soyTzX8Ya -J+dwGBzn0QPWnTTjLS/nJoKwpDsp2Jx/m9nIAFjyxXDdOLGTDP1malVlTp23ULWH -4O/wXIECgYEA9PSgPfK3Bf0ZxJG5QJXcHw4T3ZVHTUWas4ZhsXBEgtJt94wHjhvz -nQ5t/2e2SMIu5CX92tUb0FA4jEo2l7A59WcclqdPKJPGd/xComqPq6l+CVrHx6Hl -w/E2ittkUjbp1vf9EY0lDl0vBuC5sBV98FDOiEi8BH/vVz0Gt/fnwq8CgYEAwquN -fDpeKD8uVgyNAGkIYWX9uDY//jD4wPUrFVKHjPxcfVP0+kaXW3g3G0rpZSlK0MKy -kvOOimpoK/RNp1BxlvgJGZ/CYxslYfaIKDztu8dgNQJnKcSK8Ky+CW9qd6HI70dT -tLjszNyFZtzblPT9IKVUoOdR3TgBD8ZZ5mUdMSECgYEA10VgyfBTLl0nVxvl3T+W -Smh5xuMY3WzNLvZrRp/uZbX+1G1oelhQOPdkbe+8P6b/xJsqxDVDE0hc2dWisp45 -4VPzyOZSZ8uuwOWdvdS+XFNBI4F3TxcVsKR8lX2HZcVCrhwUeGc9aKk12eqG5ZuN -qTOqvhSFv8KbGWTVUbn5IJsCgYAsbA9WOM+BqaE+O5D1dgJWj3qNTbvemng5N/kD -3ZhXAMNuSflOH0ussMsKbFbEId8TskojpHZzeYKZ/R63PnEdPS5+bWljSi+GokZB -wF2TixSWJB08d8Ao2ZJn/sex0vZSO9mLFOPcf7nlViK5ZApbJ78fFIomy//aBK5B -F/PIYQKBgBuuTu1QaUPSs16f/515OJ2ZAv/8O6mtfZ2gCDIIf/dm8TQNA19RuAyu -aMV0lO1zaH/mGFEJDraCEVARwS36F4yar5B8X7mi5ltfTNnadK2d2nidev1LZVDN -6+zGiJHoPShBWF7XjxyhGprgFs6atNEso3LZG0GYHpG8SFjIcoUf ------END RSA PRIVATE KEY----- diff --git a/clusters/stokes/ca/ca.pem b/clusters/stokes/ca/ca.pem deleted file mode 100644 index 29bc5d8..0000000 --- a/clusters/stokes/ca/ca.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDajCCAlKgAwIBAgIUYudTFvTJDamPPtR4Xzw2S0dN36cwDQYJKoZIhvcNAQEL -BQAwTTESMBAGA1UEBxMJZ2VuZXJhdGVkMQ4wDAYDVQQKEwVOaXhPUzEnMCUGA1UE -CxMec2VydmljZXMua3ViZXJuZXRlcy5wa2kuY2FTcGVjMB4XDTE5MTAxNTA5MjEw -MFoXDTI0MTAxMzA5MjEwMFowTTESMBAGA1UEBxMJZ2VuZXJhdGVkMQ4wDAYDVQQK -EwVOaXhPUzEnMCUGA1UECxMec2VydmljZXMua3ViZXJuZXRlcy5wa2kuY2FTcGVj -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukWIN5XpFB652nk7sPlu -Ij56ScNljJNWBYesVh1828MPOUTzne81yHS0x7XUmpcyT7C6dPvUVrGYQFB2vj7J -roSwN1XkYymtauPTZjWbzeWRlmggGij1aQFNg/KzY3e0dpgUPI7MvPr1ISM5srnZ -tbTQrFf2ElswoTCO1cXDc252gnZaEnzfRD7J6yz2Uv/1FRz/ZcoCeUbJrd5bcNI9 -gJaOy0140GGG67YdmepcAbWy1NbAMZRBjaTQ+feEVkJxPcQ5fj1HkCDnLrcxJfw1 -IhodVe4WKNHriAFGrSKrH3UKoN9DUmSTF9UDQkNA/s54dhBr1bEkne1mDll0afaX -jwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUPT6LxrZCUpQ2jDmCMCDd6iULmwgwDQYJKoZIhvcNAQELBQADggEBAKis -hW6ldAV6cnve3waznZE5sOPyOXQXWDsltktsSpzYOhr59Y6wCj1/NoldQiv8QBxO -PaQwABR/q/sJumHD82pK4pl6W98VL1Oump8J1f1FWFj+2i2+NlmTS9GSqapdLu2h -OXMBz3BCdVVIT8DhseTA/mVyyQWXw/9lQ61OSusPnne0p0pnBFMMSUHMXVVxk++e -c7MLeUqqNlyb3RCxcUBESkXwwWHhXauTt99FB0yHSJy31wAM/jGyBavZaouLDkbq -05wpCwqC9zHAedITq8W9HNAP9CQcz7lWyCDxdgj+7hhxGkQJ2bjE0leZP5mzaEu2 -7OaICVDtpa9OaWcqiIA= ------END CERTIFICATE----- diff --git a/clusters/stokes/munge.key b/clusters/stokes/munge.key deleted file mode 100644 index 0aeca32..0000000 --- a/clusters/stokes/munge.key +++ /dev/null @@ -1,2 +0,0 @@ -çŁ/iką/¨÷|ńRŻEĽRŽ$ĂQfj5ˇrdĐĄś7“{˘–99âTÂîۛĂi‹ÄŒ‰–,ЌÍhçďŮ8töv:%‘T” -|ČÚČ´ţΕ§VŒ00w|ŸĎŽ÷íŕ|Č_ŸY{3L_!F1TdÔ&F7ő™B°R \ No newline at end of file diff --git a/clusters/stokes/overlays.nix b/clusters/stokes/overlays.nix deleted file mode 100644 index ea76aba..0000000 --- a/clusters/stokes/overlays.nix +++ /dev/null @@ -1,11 +0,0 @@ -self: super: -let - msmtp = super.msmtp.overrideAttrs (attrs: rec { - configureFlags = attrs.configureFlags ++ [ "--with-tls=openssl" ]; - buildInputs = attrs.buildInputs ++ [ super.openssl ]; - }); -in -{ - # inherit msmtp; -} - diff --git a/clusters/stokes/frontend.nix b/configuration.nix similarity index 98% rename from clusters/stokes/frontend.nix rename to configuration.nix index 3bb4511..e67a2d4 100644 --- a/clusters/stokes/frontend.nix +++ b/configuration.nix @@ -1,6 +1,6 @@ { pkgs, ...}: let - nodes = import ./nodes.nix; + nodes = import ./nixops/stokes/nodes.nix; in { # deployment.tags = [ "frontend" ]; @@ -229,5 +229,5 @@ in pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 ''; - imports = [ ./cluster.nix ./hw/frontend.nix ]; + imports = [ ./nixops/stokes/cluster.nix ./hardware-configuration.nix ]; } diff --git a/clusters/stokes/hw/frontend.nix b/hardware-configuration.nix similarity index 100% rename from clusters/stokes/hw/frontend.nix rename to hardware-configuration.nix diff --git a/bin/adduser.sh b/nixops/bin/adduser.sh similarity index 94% rename from bin/adduser.sh rename to nixops/bin/adduser.sh index 9a0d9a9..107110f 100755 --- a/bin/adduser.sh +++ b/nixops/bin/adduser.sh @@ -26,4 +26,4 @@ EOF sed -i " /# @grp@/i $grp /# @usr@/i $usr -" clusters/stokes/users.nix +" stokes/users.nix diff --git a/bin/copy-hardware-configuration.sh b/nixops/bin/copy-hardware-configuration.sh similarity index 100% rename from bin/copy-hardware-configuration.sh rename to nixops/bin/copy-hardware-configuration.sh diff --git a/bin/deploy.sh b/nixops/bin/deploy.sh similarity index 87% rename from bin/deploy.sh rename to nixops/bin/deploy.sh index 1dc2138..d13f4d4 100755 --- a/bin/deploy.sh +++ b/nixops/bin/deploy.sh @@ -7,12 +7,12 @@ if [ $# = 0 ]; then exit 1 fi -if [ ! -f $TOP/clusters/$1/default.nix ]; then +if [ ! -f $TOP/$1/default.nix ]; then echo "error: $1 does not contain a deployment" exit 1 fi -cd $TOP/clusters/$1 +cd $TOP/$1 nixops list | grep -q $1 if [ $? = 0 ]; then diff --git a/bin/initca.sh b/nixops/bin/initca.sh similarity index 94% rename from bin/initca.sh rename to nixops/bin/initca.sh index aeac54f..0491dd5 100755 --- a/bin/initca.sh +++ b/nixops/bin/initca.sh @@ -9,7 +9,7 @@ fi ca=$TOP/modules/initca.nix -cd $TOP/clusters/$1 +cd $TOP/$1 echo "--- Preparing CA certificate" nix-build -o ca $ca diff --git a/bin/reboot.sh b/nixops/bin/reboot.sh similarity index 100% rename from bin/reboot.sh rename to nixops/bin/reboot.sh diff --git a/bin/ssh.sh b/nixops/bin/ssh.sh similarity index 100% rename from bin/ssh.sh rename to nixops/bin/ssh.sh diff --git a/bin/teardown.sh b/nixops/bin/teardown.sh similarity index 95% rename from bin/teardown.sh rename to nixops/bin/teardown.sh index d45ecae..7b167db 100755 --- a/bin/teardown.sh +++ b/nixops/bin/teardown.sh @@ -13,11 +13,11 @@ if [ $# != 1 ]; then fi d=$1 -tmp=$TOP/clusters/.$d.$$ +tmp=$TOP/.$d.$$ teardown () { mkdir -p $tmp - cp -r $TOP/clusters/$d/* $tmp + cp -r $TOP/$d/* $tmp sed -i '/k8s *= *{/,+1 s/enable *= *true/enable = false/' $tmp/cluster.nix nixops modify -d $d $tmp nixops deploy -d $d diff --git a/clusters/hosts.nix b/nixops/hosts.nix similarity index 100% rename from clusters/hosts.nix rename to nixops/hosts.nix diff --git a/clusters/stokes/cluster.nix b/nixops/stokes/cluster.nix similarity index 100% rename from clusters/stokes/cluster.nix rename to nixops/stokes/cluster.nix diff --git a/clusters/stokes/connauthfile b/nixops/stokes/connauthfile similarity index 100% rename from clusters/stokes/connauthfile rename to nixops/stokes/connauthfile diff --git a/clusters/stokes/default.nix b/nixops/stokes/default.nix similarity index 100% rename from clusters/stokes/default.nix rename to nixops/stokes/default.nix diff --git a/clusters/stokes/hosts.nix b/nixops/stokes/hosts.nix similarity index 100% rename from clusters/stokes/hosts.nix rename to nixops/stokes/hosts.nix diff --git a/clusters/stokes/hw/c0-1.nix b/nixops/stokes/hw/c0-1.nix similarity index 100% rename from clusters/stokes/hw/c0-1.nix rename to nixops/stokes/hw/c0-1.nix diff --git a/clusters/stokes/hw/c0-2.nix b/nixops/stokes/hw/c0-2.nix similarity index 100% rename from clusters/stokes/hw/c0-2.nix rename to nixops/stokes/hw/c0-2.nix diff --git a/clusters/stokes/hw/c0-3.nix b/nixops/stokes/hw/c0-3.nix similarity index 100% rename from clusters/stokes/hw/c0-3.nix rename to nixops/stokes/hw/c0-3.nix diff --git a/clusters/stokes/hw/c0-4.nix b/nixops/stokes/hw/c0-4.nix similarity index 100% rename from clusters/stokes/hw/c0-4.nix rename to nixops/stokes/hw/c0-4.nix diff --git a/clusters/stokes/hw/c0-5.nix b/nixops/stokes/hw/c0-5.nix similarity index 100% rename from clusters/stokes/hw/c0-5.nix rename to nixops/stokes/hw/c0-5.nix diff --git a/clusters/stokes/hw/c0-6.nix b/nixops/stokes/hw/c0-6.nix similarity index 100% rename from clusters/stokes/hw/c0-6.nix rename to nixops/stokes/hw/c0-6.nix diff --git a/clusters/stokes/hw/c0-7.nix b/nixops/stokes/hw/c0-7.nix similarity index 100% rename from clusters/stokes/hw/c0-7.nix rename to nixops/stokes/hw/c0-7.nix diff --git a/clusters/stokes/hw/c0-8.nix b/nixops/stokes/hw/c0-8.nix similarity index 100% rename from clusters/stokes/hw/c0-8.nix rename to nixops/stokes/hw/c0-8.nix diff --git a/clusters/stokes/kernel.nix b/nixops/stokes/kernel.nix similarity index 100% rename from clusters/stokes/kernel.nix rename to nixops/stokes/kernel.nix diff --git a/clusters/ekman/munge.key b/nixops/stokes/munge.key similarity index 100% rename from clusters/ekman/munge.key rename to nixops/stokes/munge.key diff --git a/clusters/stokes/nodes.nix b/nixops/stokes/nodes.nix similarity index 100% rename from clusters/stokes/nodes.nix rename to nixops/stokes/nodes.nix diff --git a/clusters/ekman/overlays.nix b/nixops/stokes/overlays.nix similarity index 100% rename from clusters/ekman/overlays.nix rename to nixops/stokes/overlays.nix diff --git a/clusters/stokes/pubkeys/c0-1.pub b/nixops/stokes/pubkeys/c0-1.pub similarity index 100% rename from clusters/stokes/pubkeys/c0-1.pub rename to nixops/stokes/pubkeys/c0-1.pub diff --git a/clusters/stokes/pubkeys/c0-2.pub b/nixops/stokes/pubkeys/c0-2.pub similarity index 100% rename from clusters/stokes/pubkeys/c0-2.pub rename to nixops/stokes/pubkeys/c0-2.pub diff --git a/clusters/stokes/pubkeys/c0-3.pub b/nixops/stokes/pubkeys/c0-3.pub similarity index 100% rename from clusters/stokes/pubkeys/c0-3.pub rename to nixops/stokes/pubkeys/c0-3.pub diff --git a/clusters/stokes/pubkeys/c0-4.pub b/nixops/stokes/pubkeys/c0-4.pub similarity index 100% rename from clusters/stokes/pubkeys/c0-4.pub rename to nixops/stokes/pubkeys/c0-4.pub diff --git a/clusters/stokes/pubkeys/c0-5.pub b/nixops/stokes/pubkeys/c0-5.pub similarity index 100% rename from clusters/stokes/pubkeys/c0-5.pub rename to nixops/stokes/pubkeys/c0-5.pub diff --git a/clusters/stokes/pubkeys/c0-6.pub b/nixops/stokes/pubkeys/c0-6.pub similarity index 100% rename from clusters/stokes/pubkeys/c0-6.pub rename to nixops/stokes/pubkeys/c0-6.pub diff --git a/clusters/stokes/pubkeys/c0-7.pub b/nixops/stokes/pubkeys/c0-7.pub similarity index 100% rename from clusters/stokes/pubkeys/c0-7.pub rename to nixops/stokes/pubkeys/c0-7.pub diff --git a/clusters/stokes/pubkeys/c0-8.pub b/nixops/stokes/pubkeys/c0-8.pub similarity index 100% rename from clusters/stokes/pubkeys/c0-8.pub rename to nixops/stokes/pubkeys/c0-8.pub diff --git a/clusters/stokes/pubkeys/stokes.pub b/nixops/stokes/pubkeys/stokes.pub similarity index 100% rename from clusters/stokes/pubkeys/stokes.pub rename to nixops/stokes/pubkeys/stokes.pub diff --git a/clusters/stokes/users.nix b/nixops/stokes/users.nix similarity index 100% rename from clusters/stokes/users.nix rename to nixops/stokes/users.nix