oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

revamp nixops structure(s)

Browse Source
This commit is contained in:
Jonas Juselius
2022-08-19 15:33:10 +02:00
parent ece1b22711
commit cf956c739e
86 changed files with 8 additions and 2644 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
charts

Submodule charts deleted from 8c00fddf67

285
clusters/ekman/cluster.nix
View File

@@ -1,285 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.features.host;
mkSANs = host: [
host.name
host.address
"127.0.0.1"
];
configuration = {
system.autoUpgrade.enable = lib.mkForce false;
nixpkgs.overlays = [
(import ./overlays.nix)
];
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_5_4;
kernelModules = [ "ib_umad" "ib_ipoib" ];
# kernelParams = [
# "console=ttyS0,115200"
# "console=tty0"
# ];
};
services.udev.extraRules = ''
KERNEL=="ibp1s0", SUBSYSTEM=="net", ATTR{create_child}:="0x3666"
'';
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_CTYPE="en_DK.UTF-8";
LC_TIME="en_DK.UTF-8";
LC_PAPER="en_DK.UTF-8";
LC_NAME="en_DK.UTF-8";
LC_ADDRESS="en_DK.UTF-8";
LC_TELEPHONE="en_DK.UTF-8";
LC_MEASUREMENT="en_DK.UTF-8";
LC_IDENTIFICATION="en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
programs.msmtp = {
enable = true;
accounts = {
default = {
auth = false;
tls = false;
tls_starttls = false;
port = 24;
from = "ekman@oceanbox.io";
host = "smtpgw.itpartner.no";
# user = "utvikling";
# password = "S0m3rp0m@de#21!";
};
};
defaults = {
aliases = "/etc/aliases";
};
};
environment.etc = {
"aliases" = {
text = ''
root: jonas.juselius@oceanbox.io
'';
mode = "0644";
};
};
features = {
os = {
# boot.uefi = true;
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
];
docker.enable = false;
};
cachix.enable = false;
monitoring.nodeExporter.enable = false;
pki = { ca = ./ca; };
hpc = {
enable = true;
slurm = {
client = true;
mungeKey = ./munge.key;
controlMachine = "ekman";
nodeName = [
"c0-1 Sockets=2 CoresPerSocket=64 ThreadsPerCore=1 RealMemory=256000 TmpDisk=500000 State=UNKNOWN"
"ekman Sockets=2 CoresPerSocket=64 ThreadsPerCore=1 RealMemory=256000 TmpDisk=500000 State=UNKNOWN"
];
partitionName = [
"batch Nodes=c0-1 Default=YES MaxTime=INFINITE State=UP"
"frontend Nodes=ekman MaxTime=1:00:00 State=UP"
];
};
beegfs = {
enable = false;
beegfs = {
bee0-0 = {
mgmtdHost = "bee0-0";
connAuthFile = "/etc/beegfs/connauthfile";
client = {
enable = false;
mountPoint = "/work";
};
};
};
};
};
k8s = {
enable = true;
node.enable = true;
clusterName = "ekman";
initca = ./ca;
cidr = "10.100.0.0/16";
master = {
name = "ekman";
address = "10.255.241.8";
extraSANs = [ "ekman.local" "ekman.oceanbox.io" ];
};
ingressNodes = [
"ekman.oceanbox.io"
];
fileserver = "bee0-0";
charts = {
acme_email = "innovasjon@itpartner.no";
grafana_smtp_user = "utvikling";
grafana_smtp_password = "S0m3rp0m@de#21!";
};
};
};
services.kubernetes.kubelet.extraSANs = mkSANs {
name = cfg.name;
address = cfg.address;
};
networking = {
domain = mkDefault "cluster.local";
defaultGateway = mkDefault "10.255.241.1";
nameservers = mkDefault [ "8.8.8.8" ];
search = mkDefault [ "local" ];
extraHosts = import ./hosts.nix;
firewall.extraCommands = ''
iptables -I INPUT -s 10.255.241.0/24 -j ACCEPT
'';
};
environment.variables = {};
systemd.services."serial-getty@ttyS0".enable = true;
environment.etc."beegfs/connauthfile" = {
source = ./connauthfile;
mode = "0400";
uid = 0;
gid = 0;
};
nix = {
maxJobs = 32;
trustedUsers = [ "@wheel" ];
binaryCachePublicKeys = [
"ekman:pka41J3q4j9ZC3dr4y+sDN9uMW0pAxoWeCkrzUlqcZs="
];
};
};
deployment = {
deployment.targetHost = cfg.address;
};
shosts = {
environment.etc."ssh/shosts.equiv" = {
mode = "0644";
uid = 0;
gid = 0;
text = ''
10.255.241.8
10.255.241.11
'';
};
programs.ssh.knownHosts = {
ekman = {
hostNames = [
"ekman" "ekman.cluster.local" "ekman.oceanbox.io" "10.255.241.8"
];
publicKeyFile = ./pubkeys/ekman.pub;
};
c0-1 = { hostNames = [ "c0-1" "c0-1.cluster.local" "10.255.241.11" "10.255.243.11" ]; publicKeyFile = ./pubkeys/c0-1.pub; };
};
environment.systemPackages = [ openssh-shosts ];
security.wrappers = {
ssh-keysign = {
source = "${openssh-shosts}/libexec/ssh-keysign";
owner = "root";
group = "root";
permissions = "u+rs,g+rx,o+rx";
};
};
};
openssh-shosts = pkgs.openssh.overrideAttrs (attrs: {
buildFlags = [ "SSH_KEYSIGN=/run/wrappers/bin/ssh-keysign" ];
doCheck = false; # the tests take hours
});
myvnc =
let
myvnc = pkgs.writeScriptBin "myvnc" ''
#!${pkgs.runtimeShell}
uid=`id -u`
port=$((9000+$uid))
shell=`getent passwd $(id -un) | awk -F : '{print $NF}'`
# vnc=${pkgs.tigervnc}/bin/vncserver
vnc=/nix/store/czp2b60dwk75widi8y287hr0xx1wgv2a-tigervnc-1.10.1/bin/vncserver
case $1 in
-p|--port) shift; port=$1 ;;
kill|stop)
display=$($vnc -list | sed -n 's/^\(:[0-9]\+\).*/\1/p'| head -1)
$vnc -kill $display
exit 0
;;
esac
ps ax | sed '/grep/d' | grep "Xvnc.*-rfbport $port" >/dev/null 2>&1
[ $? = 1 ] && $vnc -rfbport $port
echo "Xvnc server is running on port $port."
exec $shell -i
'';
buildCommand = ''
mkdir -p $out/bin
echo $src > $out/bin/myvnc
chmod 755 $out/bin/myvnc
'';
in {
environment.systemPackages = [ myvnc ];
};
in {
options.node = {
myvnc = mkEnableOption "Enable myvnc script";
};
config = mkMerge [
configuration
deployment
shosts
(mkIf config.node.myvnc myvnc)
];
imports = [
../../modules
../../nixos
./users.nix
];
}

1
clusters/ekman/connauthfile
View File

@@ -1 +0,0 @@
q丘

343
clusters/ekman/default.nix
View File

@@ -1,343 +0,0 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e6377ff35544226392b49fa2cf05590f9f0c4b43.tar.gz";
# sha256 = "1fra9wwy5gvj5ibayqkzqpwdf715bggc0qbmrfch4fghwvl5m70l";
# }) {};
pkgs = import <nixpkgs> {};
etcdNodes = {
ekman = "10.255.241.8";
nsf0-0 = "10.255.241.9";
bee0-0 = "10.255.241.10";
};
etcdCluster = {
enable = true;
existing = true;
nodes = etcdNodes;
};
nodes =
with builtins;
let nodes = genList (n: n + 1) 1; in
map (n: ({ name = "c0-${toString n}"; address = "10.255.241.${toString (n + 10)}"; })) nodes;
ekman = {
# deployment.tags = [ "frontend" ];
node.myvnc = true;
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
features = {
host = {
address = "10.255.241.8";
name = "ekman";
};
os = {
externalInterface = "enp33s0f0np0";
nfs.enable = true;
nfs.exports = ''
/exports 10.255.241.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.243.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
'';
};
hpc = {
slurm.server = true;
frontend = true;
};
k8s = {
master.enable = true;
node.enable = true;
inherit nodes;
inherit etcdCluster;
};
monitoring = {
server = {
enable = false;
scrapeHosts = [ "frontend" "bee0-0" ] ++ (builtins.map (x: x.name) nodes);
defaultAlertReceiver = {
email_configs = [
{ to = "jonas.juselius@oceanbox.io"; }
];
};
pageAlertReceiver = {
webhook_configs = [
{
url = "https://prometheus-msteams.k2.itpartner.no/ekman";
http_config = {
tls_config = { insecure_skip_verify = true; };
};
}
];
};
};
webUI.enable = false;
webUI.acmeEmail = "innovasjon@itpartner.no";
webUI.allow = [
"10.1.2.0/24"
"172.19.254.0/24"
"172.19.255.0/24"
];
infiniband-exporter = {
enable = true;
nameMap = ''
0x0c42a10300ddc4bc "frontend"
0x0c42a10300dbe7f4 "c0-1"
'';
};
slurm-exporter = {
enable = true;
port = 6080;
};
};
};
networking = {
useDHCP = false;
interfaces.enp33s0f0np0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.255.241.8";
prefixLength = 24;
} ];
};
interfaces.enp33s0f0np1 = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.255.242.2";
prefixLength = 24;
} ];
};
interfaces."ibp1s0.3666" = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.255.243.8";
prefixLength = 24;
} ];
};
defaultGateway = "10.255.241.1";
firewall.extraCommands = ''
iptables -I INPUT -s 10.255.243.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE
'';
};
fileSystems ={
"/exports/home" = {
device = "/home";
options = [ "bind" ];
};
"/frontend" = {
device = "/home";
options = [ "bind" ];
};
# "/opt" = {
# device = "10.255.63.80:/opt";
# fsType = "nfs";
# options = [ "soft" "rdma" "defaults" ];
# };
# "/data" = {
# device = "10.255.63.80:/data";
# fsType = "nfs";
# options = [ "soft" "rdma" "defaults" ];
# };
# "/vol/local-storage/vol1" = {
# device = "/vol/vol1";
# options = [ "bind" ];
# };
# "/vol/local-storage/vol2" = {
# device = "/vol/vol2";
# options = [ "bind" ];
# };
};
nix.extraOptions = ''
secret-key-files = /etc/nix/ekman.key
'';
services.xserver = {
enable = true;
enableCtrlAltBackspace = true;
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "eurosign:e";
displayManager = {
gdm.enable = true;
job.logToFile = true;
};
desktopManager.xfce.enable = true;
};
services.prometheus.alertmanager.configuration.global = {
smtp_smarthost = "smtpgw.itpartner.no:465";
smtp_auth_username = "utvikling";
smtp_auth_password = "S0m3rp0m@de#21!";
smtp_hello = "ekman.oceanbox.io";
smtp_from = "noreply@ekman.oceanbox.io";
};
# services.nginx = {
# virtualHosts = {
# "ds.matnoc.regnekraft.io" = {
# forceSSL = true;
# enableACME = true;
# serverAliases = [];
# locations."/" = {
# proxyPass = "http://localhost:9088";
# proxyWebsockets = false;
# extraConfig = ''
# allow 10.1.2.0/24;
# allow 172.19.254.0/24;
# allow 172.19.255.0/24;
# deny all;
# '';
# };
# };
# };
# };
# services.gitlab-runner = {
# enable = true;
# extraPackages = with pkgs; [
# singularity
# ];
# concurrent = 4;
# services = {
# sif = {
# registrationConfigFile = "/var/lib/secrets/gitlab-runner-registration";
# executor = "shell";
# tagList = [ "ekman" "sif" ];
# };
# };
# };
# security.sudo.extraConfig = ''
# gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
# '';
security.pam = {
services.sshd.googleAuthenticator.enable = true;
loginLimits = [
{
domain = "@users";
item = "rss";
type = "hard";
value = 16000000;
}
{
domain = "@users";
item = "cpu";
type = "hard";
value = 180;
}
];
};
# ssh-rsa is deprecated, but putty/winscp users use it
# services.openssh.extraConfig = ''
# pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
# '';
imports = [ ./cluster.nix ./hw/frontend.nix ];
};
compute = {
# deployment.tags = [ "compute" ];
fileSystems = {
"/frontend" = {
device = "10.255.241.8:/home";
fsType = "nfs";
options = [
"soft"
"defaults"
"noauto"
"x-systemd.automount"
];
};
# "/opt" = {
# device = "10.1.63.80:/opt";
# fsType = "nfs";
# options = [ "soft" "rdma" "defaults" ];
# };
# "/data" = {
# device = "10.1.63.80:/data";
# fsType = "nfs";
# options = [ "soft" "rdma" "defaults" ];
# };
};
systemd.automounts = [
{
where = "/frontend";
wantedBy = [ "default.target" ];
}
];
};
mkCompute = host:
let
ipoib = builtins.replaceStrings [".241."] [".243."] host.address;
hw = ./hw + "/${host.name}.nix";
in {
"${host.name}" = {
features = {
inherit host;
os.externalInterface = "enp33s0f0np0";
hpc.compute = true;
k8s = { inherit etcdCluster; };
};
node = {
};
networking = {
useDHCP = false;
interfaces.enp33s0f0np0 = {
useDHCP = false;
ipv4.addresses = [ {
address = host.address;
prefixLength = 24;
} ];
ipv4.routes = [ {
address = "10.255.242.2";
prefixLength = 32;
via = "10.1.241.8";
} ];
};
interfaces."ibp1s0.3666" = {
useDHCP = false;
ipv4.addresses = [ {
address = ipoib;
prefixLength = 24;
} ];
};
};
imports = [ ./cluster.nix hw ];
}
// compute;
};
in {
## morph
# network = {
# inherit pkgs;
# description = "ekman";
# ordering = {
# tags = [ "frontend" "compute" ];
# };
# };
inherit ekman;
} // builtins.foldl' (a: n: a // mkCompute n) {} nodes

11
clusters/ekman/hosts.nix
View File

@@ -1,11 +0,0 @@
''
10.255.240.200 ekman ekman.cluster.local
10.255.240.200 etcd0 etcd0.cluster.local
10.255.240.201 c0-1 c0-1.cluster.local
# 10.1.61.80 bee0-0 bee0-0.cluster.local
# 10.1.63.101 ib0-1 ib0-1.cluster.local
# 10.1.63.80 ibmds0-0 ibmds0-0.cluster.local
''

39
clusters/ekman/hw/c0-1.nix
View File

@@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/102a2e89-1ffb-4f8b-810e-b742b6f9da98";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/54C4-7983";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/29ba5bab-0777-4ac1-96af-3952e28d570c"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp33s0f0np0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp33s0f1np1.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
clusters/ekman/hw/frontend.nix
View File

@@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e19cbe18-e194-47f6-8eb5-c60b5be1bb7a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/6A07-053A";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/2100e403-0dff-4314-b85a-cad99820aacf"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp33s0f0np0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp33s0f1np1.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

46
clusters/ekman/kernel.nix
View File

@@ -1,46 +0,0 @@
{pkgs, lib, stdenv, fetchurl, config, kernel ? pkgs.linux, ...}:
let
i40e =
stdenv.mkDerivation rec {
name = "i40e-${version}-${kernel.version}";
version = "2.13.10";
src = pkgs.fetchFromGitHub {
owner = "dmarion";
repo = "i40e";
rev = "7228a7c3b362c3170baa2f9a9c6870a900e78dbd";
sha256 = "087kvq9wrc1iw6vig8cqcx7cb6346wx8qxzb85c3n8638vq1vrxr";
};
hardeningDisable = [ "pic" ];
configurePhase = ''
cd src
kernel_version=${kernel.modDirVersion}
sed -i -e 's|/lib/modules|${kernel.dev}/lib/modules|' Makefile
sed -i -e 's|/lib/modules|${kernel.dev}/lib/modules|' common.mk
export makeFlags="BUILD_KERNEL=$kernel_version"
'';
installPhase = ''
install -v -D -m 644 i40e.ko "$out/lib/modules/$kernel_version/kernel/drivers/net/i40e/i40e2.ko"
'';
dontStrip = true;
enableParallelBuilding = true;
meta = {
description = "Linux kernel drivers for Intel Ethernet adapters and LOMs (LAN On Motherboard)";
homepage = https://github.com/dmarion/i40e;
license = lib.licenses.gpl2;
};
};
in
{
i40e2 = i40e;
overlay = self: super: {
linuxPackages_5_4 = super.linuxPackages_5_4 // { inherit i40e; };
};
}

1
clusters/ekman/pubkeys/c0-1.pub
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC11miL1X2hmZ+FZngDIMUECt8Mr7etEF1yXOXMBPwKSLhMaJnIo7+3C1oVlxf0MZjYMA0neIpSB/PpD1PZU89QBrL/HlnEHVChlNoPuTjN3SoMVSwClCf94VW4c5obK4b0EVbJujudreMC7q4sDOzcMVsBwWCZYmOroM1AqQ2dcZFWpj9hk7RWm3UlxnGG8ZPB9i6zzuKECp9W00RznxLaX0Ys6acXIrhg7N1CIZSWyQwQ6hb5bAz6rbTMgub3YZktckVgTlWnpyW6jfR4+xJW5fM5uVcW1kgSP/xQ+sAnAvH099ogBZSlv59oBL/jIGAVQwKptxkacues6drsohAocmstxVRyatBtEMBp5Grn+pzoDH6cIYTXy3qAgpUzQCnSsW6ttG2cVtPvw/3OSgYsJ1J0VHWfJ8AVBDpRahOa20A7hXR0RzbeRJ4xX4Fu4ndcaR+GTdLSBfb/WSyn1751WZmxqegFnjhuKNcxqKj2tjzm9/oKPtO0Ri8bIDVtLSjTJ4Vhed5I2X50Du9YBcbee1FtqHZV09OCfGRWKL39721b+gmC0JYKHCU6NpAnxa1jjrDJieYCKDsmQtXfWm1mtXeVir4I31ufWUJoGc0YTl/qWpcCVKPDmQHBRLvv7pqU2Fz/FkW+7mePf73Ympc1PRfxNoiP8oeQyPzsmN0liw== root@OBNODE01

1
clusters/ekman/pubkeys/ekman.pub
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCySwxKuwdqn+jaEi73BPSFslUoLW2St3FKZ1iojQa7H73SZDWQGCyyR9bwmMpjWUCXt/7aZmljF78MF9t/dE/ZJAQfxYv/rt6QCYDWLZBalyNQ2X3R7U2WNlZPF3KwnxnmOJOPCDKnHrbsGaUG7z6oERaCSgngY8haOVsHJIo55gpjBCkAT/WhvFQ4vcaECuJWVg619lebDVTAVNZDdI7I8KzezMOSX+dH1Z/nr90pq54ZunK5RmaMuYo7tb/PeD3T1/cbK8PUyZsx29iih8PtOwoIkeIaszvrk1BeJmFkhfUyuXZp3/a2BlZ01pIIf2RVpimsqCuk4vYw3OB8MQZDihBniYaNjvogsl7VGoVfGiJHb1az3P8NUYDl0kn7MaNJC5Mboaqj9DCDTAht6mTl3qLkDvpMnIAbxxRCNwqSxhfUvOZJRVe3qKWeKfggOeAWFwxy/Ij3EpiD5eiA/PnuZEA0iuJ+EPEbjJdlcUxy9ZjGgn3t0f5VygMV9E6v9fVF+79ocWqyuugwO/4WTWC/jqq5dfujNfsQ3QZ+wfsyuyZsDiCsqdk0GS3sE7ngy4aDs4G4qdkzB0USFaydv7R/Rbvsy2sLwivB+pLboVrnAVtDIlHuaKtMR1De/K9G4vvjEQ89T4Os3bMwkMY15HnEX5mO5vARnnz+VfGcKCbIIQ== root@OBNODE02

124
clusters/ekman/users.nix
View File

@@ -1,124 +0,0 @@
{ pkgs, ... }:
{
users.groups = {
jonas = { gid = 1000; };
olean = { gid = 1001; };
frankgaa = { gid = 1002; };
bast = { gid = 1003; };
stig = { gid = 1004; };
sif = {
gid = 11000;
members = [
"jonas"
"olean"
"bast"
"frankgaa"
"stig"
];
};
};
users.users = {
jonas = {
description = "Jonas Juselius";
home = "/home/jonas";
group = "jonas";
extraGroups = [
"users"
"wheel"
"root"
"adm"
"admin"
"cdrom"
"fuse"
"wireshark"
"libvirtd"
"networkmanager"
"tty"
"keys"
];
uid = 1000;
isNormalUser = true;
createHome = false;
useDefaultShell = false;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas-3"
];
};
olean = {
description = "Ole Anders Nøst";
home = "/home/olean";
group = "olean";
extraGroups = [
"users"
];
uid = 1001;
isNormalUser = true;
createHome = false;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlfc2r3mNkvmdta+H/5zfdFe6317zmCdhhPYbipaGVFPUZO2cCTgSso28oDvOpCDldo/wl3jUxYNDlwH8LYMqKT3aGaOZr8JbxYzd+L+5GM2KTD+4YRmPtpYS/LWcc3j+fiFXSgX6Mrrgf6ineCRuBxSooDVE+pBakM1U7d5NE25apaAvclzFTmZBg0Sf9e5sgHkR99r9DUeGEQWGNZVUGwti39dFVp+aC9dsA+1/OtNB/HMF5G1MMk9dqvN7n7i9o9Plef2DParn4QU1GhmUKeEiBe4OAmSP+WwD4YvK6iXSKZG6tuTEspw+mR3rK5gBHrEiaNlCtp7O9BnAw4Wjhw== rsa-key-20201218"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCp3QEG9uJq4EKMRWlBkqg/EQD6+2E90E6/1i+JLbiBYBSV6Yqac6KzyJezaVXzch+qm6FFXas3thaBScbA4cELkETaxyNzYG6sNcLyEhlQn51pEsq2mFiq8IiaMaDc55/2HTbXVrpNoTNQFt6lBwHziKQYuUI0H0cxze+ppp0ZJOu1MsayW8JOv75YSv6WFIDRR+KP6dOEBu1PsP6plTZwK94ogjQ+3KHGcMAnE3cf8VCEF8akNC6GRmCgXNZE4I9MmKTDr217OoFpnXAx5/KTvGo+USkXc6xn/vbQsni4ExwGlMTg97RK49wIHD1NfGxZ3sv7mZ+UQPqqmSxCG+zueJrR6BSBfbm7fw5KvRn69rOihapeo/6GoqqVDe4yn1imtojjHN6+9pgJ9E6o108qbXRw2X6t1KUuXrB+fTfUKvy0kWiJFIMDSUtKF/nhiES+aCI4b4WBwyg5hdKGvgJdjyUS7P/jYgqWRe+qmknAERtQKlFDA/C6ChsTXerFD5Ikvu3dajJUiDehszEON5F4JlxSf2VpUFCDLVNqV/GjJqOg90mXGDk82c+0ZHIUsPLsdqR+t/xnOSv1Ks9I5fId6g+3OlR1ifnb3Qm48QGKbi/CM8M/QXzv4VgeIkRTR0Oi4W0P1tpUSyPd1nyGaM/B/FqN52XIUjRqIfu0emwgiw== olean@navier"
];
};
frankgaa = {
description = "Frank Gaardsted";
home = "/home/frankgaa";
group = "frankgaa";
extraGroups = [
"users"
];
uid = 1002;
isNormalUser = true;
createHome = false;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTq/IAtLkvHaPKTsp5U9YnhBj7PLFflS9vWpm5e/bFXQkSShkqUOktff1GITIN+RTpUS8zF9UkJA8fj5K382DhIn4jVb9HvQzmHNBTxU5ClpOuKhfibrts5IKMLAiN1enwZYu0iUIVfDKTYmqgAnjN8B6OyzIAB8bsBUMdN29PEwJT4cCVRRySLRfoWiXiZKow71FzXIACgxMwGhj2fpslKQoat2LGny03XR7EZrv36u1OktT28Gxf4ZrGpT9+3SAyf7aW20xHALU/dHXVsfsuqnoqw1InZ5VhvIVtoIj+5Vc5dkTXkychL0Hb+WxiH5O/3T18YUqes08UPZX5G9kB fga@akvaplan.niva.no"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXv//iSTq5k1iYPZq9MKuF2OCE2UQPdR6TglWAeAnwL72UoKG068qDK3Ys+mFRY/S957hLn0FPFJPigcSaLzBq2v3G6kKySg68XWQfxBTSi5Wg81taNoJKQK+QAKfU2FiW9i1dLkvRKEXlY3tmF2mZLwqvrClRQMw8Nz0PQ5LnQfRgge07aXA3nDEf/nRuIaPG8zEki56lOONMWz4bGTjPn1y6y9gYAmskOc9w7uEOAy3VxkoR8fKvQM0ZTgt+6+68QxReyaDHH+12AqDxDy4wTCNX1LU902NDxyJZrUa2Xv9me2qN5O7hDOL/8S19MkJPBDEttMtA2rsFQlD9WYqycqgFhbOzLb7gixK1lrL3CYHsE9fXD2LuitSDXf79HFnCVHD5HJG7CbpIJLNNeTOCx94vspf9J8OENNdnNCgMFC1FKV/vdCiZ/RAOUCINrekvrX8FNjlXIhHOeK/gG6gP61oWpx3qbOExeMQTqWa9cGeHPtIdPiJVCza9Mg4X+0D9DCaP7KVLAxKioWqyd2WsyYeVhXA0OqnkEQk/jPZUjnxL1rnlH3I6QtVxHyqKcmmWEoRUnXId0ASUqx2hmsmI0TZD197PLFq53VO86v7jlAXLyzwmPh5VWdTOywklRpM29sZplVG/6gkHm/vM0DVSTEjVW+4mMFlzaiKgujH2fw== frankgaa@frankenstein"
];
};
bast = {
description = "Radovan Bast";
home = "/home/bast";
group = "bast";
extraGroups = [
"users"
"wheel"
"root"
];
uid = 1003;
isNormalUser = true;
createHome = false;
useDefaultShell = false;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbrEhm1acesXmbgfO5lN1gcTFXqusq61QyCZXunYJpl"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdcJteh9d/N1o8BbdEMRVxeMjm28saon/Oh2tV0+TYj"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEg6tHlB5xco85d4XJja71hz1nEe9wFF1+ht8oKULkwh"
];
};
stig = {
description = "Stig Rune Jensen";
home = "/home/stig";
group = "stig";
extraGroups = [
"users"
"wheel"
"root"
];
uid = 1004;
isNormalUser = true;
createHome = false;
useDefaultShell = false;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
];
};
};
}

142
clusters/fs1/default.nix
View File

@@ -1,142 +0,0 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz";
# sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36";
# }) {};
pkgs = import <nixpkgs> {};
name = "fs1-0";
address = "10.1.30.10";
in {
fs1-0 = { config, pkgs, ... }: with pkgs; {
# deployment.tags = [ "fs" ];
deployment.targetHost = address;
system.autoUpgrade.enable = lib.mkForce false;
boot = {
loader.systemd-boot.enable = false;
loader.efi.canTouchEfiVariables = true;
loader.grub = {
enable = true;
version = 2;
device = "/dev/sda";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
LC_TIME = "en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
features = {
os = {
externalInterface = "ens3";
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5k0dXn60dZ3iORy99LVvgTldu9nYU1TJVL1wCJEqp kaih kubernetes"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4vSlN+vm9d5ZoDitR9b4zqx2Psqa6iH4dK5kN/NXy3 Steinar.Hansen@tromso.serit.no"
];
};
fs = {
enable = true;
nfs.enable = true;
nfs.exports = ''
/vol/brick0/nfs0 10.1.30.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
'';
initca = ./ca;
};
certs = {
enable = true;
caBundle = ./ca;
certs = [
{
name = "fs1-0";
SANs = [ "fs1-0.itpartner.intern" "10.1.30.10" ];
owner = "nginx";
group = "nginx";
}
];
};
};
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
};
};
services.minio = {
enable = true;
region = "fs1";
browser = true;
accessKey = "admin";
secretKey = "en to tre fire";
listenAddress = "0.0.0.0:9000";
dataDir = [ "/vol/s3" ];
};
networking = {
hostName = name;
domain = "itpartner.intern";
defaultGateway = "10.1.30.1";
nameservers = [ "8.8.8.8" ];
search = [ "itpartner.intern" "itpartner.no" ];
extraHosts = import ../hosts.nix;
interfaces.ens3 = {
useDHCP = false;
ipv4.addresses = [ {
address = address;
prefixLength = 24;
} ];
};
firewall = {
allowedTCPPorts = [ 443 9000 9001 ];
allowedUDPPorts = [];
};
};
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"fs1-0.itpartner.intern" = {
forceSSL = true;
enableACME = false;
sslTrustedCertificate = "/var/lib/secrets/ca.pem";
sslCertificate = "/var/lib/secrets/fs1-0.pem";
sslCertificateKey = "/var/lib/secrets/fs1-0-key.pem";
serverAliases = [];
locations."/" = {
proxyPass = "http://127.0.0.1:9001";
extraConfig = ''
allow all;
'';
};
};
};
};
# nixos 21.11 will fix this properly
nixpkgs.overlays = [ (import ../../modules/overlays/minio.nix) ];
systemd.services.minio.serviceConfig.ExecStart = lib.mkForce
"${pkgs.minio}/bin/minio server --json --address :9000 --console-address :9001 --config-dir=/var/lib/minio/config /vol/s3";
imports = [ ../../nixos ../../modules ./fs1-0.nix ];
};
}

28
clusters/fs1/fs1-0.nix
View File

@@ -1,28 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/6b3d4c49-9719-49b3-8210-d53374cd0eff";
fsType = "ext4";
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/c1e78683-4fde-4029-a9f3-7631df649b2f";
fsType = "ext4";
};
fileSystems."/vol/brick0" =
{ device = "/dev/gfs_vg/brick0";
fsType = "ext4";
};
swapDevices = [ ];
}

148
clusters/fs2/default.nix
View File

@@ -1,148 +0,0 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz";
# sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36";
# }) {};
pkgs = import <nixpkgs> {};
name = "fs2-0";
address = "10.1.8.10";
in {
fs2-0 = { config, pkgs, ... }: with pkgs; {
# deployment.tags = [ "fs" ];
deployment.targetHost = address;
system.autoUpgrade.enable = lib.mkForce false;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
LC_TIME = "en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
environment.etc = {
minio-rootcredentials = {
text = ''
accessKey="admin"
secretKey="en to tre fire"
'';
mode = "640";
};
};
features = {
os = {
externalInterface = "eth0";
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5k0dXn60dZ3iORy99LVvgTldu9nYU1TJVL1wCJEqp kaih kubernetes"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4vSlN+vm9d5ZoDitR9b4zqx2Psqa6iH4dK5kN/NXy3 Steinar.Hansen@tromso.serit.no"
];
};
fs = {
enable = true;
nfs.enable = true;
nfs.exports = ''
/vol/export 10.1.8.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
'';
initca = ./ca;
};
certs = {
enable = true;
caBundle = ./ca;
certs = [
{
name = "fs2-0";
SANs = [ "fs2-0.itpartner.intern" "10.1.8.10" ];
owner = "nginx";
group = "nginx";
}
];
};
};
services.minio = {
enable = true;
region = "fs2";
browser = true;
# accessKey = "admin";
# secretKey = "en to tre fire"; DEPRECATED
listenAddress = "0.0.0.0:9000";
rootCredentialsFile = "/etc/minio-rootcredentials";
dataDir = [ "/vol/s3" ];
};
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
};
};
networking = {
hostName = name;
domain = "itpartner.intern";
defaultGateway = "10.1.8.1";
nameservers = [ "8.8.8.8" ];
search = [ "itpartner.intern" "itpartner.no" ];
extraHosts = import ../hosts.nix;
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [ {
address = address;
prefixLength = 24;
} ];
};
firewall = {
allowedTCPPorts = [ 443 9000 9001 ];
allowedUDPPorts = [];
};
};
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"fs2-0.itpartner.intern" = {
forceSSL = true;
enableACME = false;
sslTrustedCertificate = "/var/lib/secrets/ca.pem";
sslCertificate = "/var/lib/secrets/fs2-0.pem";
sslCertificateKey = "/var/lib/secrets/fs2-0-key.pem";
serverAliases = [];
locations."/" = {
proxyPass = "http://127.0.0.1:9001";
extraConfig = ''
allow all;
'';
};
};
};
};
# nixos 21.11 will fix this properly
nixpkgs.overlays = [ (import ../../modules/overlays/minio.nix) ];
systemd.services.minio.serviceConfig.ExecStart = lib.mkForce
"${pkgs.minio}/bin/minio server --json --address :9000 --console-address :9001 --config-dir=/var/lib/minio/config /vol/s3";
imports = [ ../../nixos ../../modules ./fs2-0.nix ];
};
}

34
clusters/fs2/fs2-0.nix
View File

@@ -1,34 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/92f12271-8191-4a81-9f9b-207484df78c3";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2D29-80C5";
fsType = "vfat";
};
fileSystems."/vol" =
{ device = "/dev/disk/by-label/data0";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d5f024b4-0b94-4140-9a1e-2c8ed4415d3b"; }
];
virtualisation.hypervGuest.enable = true;
}

126
clusters/k0/cluster.nix
View File

@@ -1,126 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.features.host;
mkSANs = host: [
host.name
host.address
"127.0.0.1"
];
configuration = {
deployment.targetHost = cfg.address;
system.autoUpgrade.enable = lib.mkForce false;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
LC_TIME = "en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
features = {
os = {
externalInterface = "eth0";
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlHx2RWPvBhYzevQE+llnyDuInSsyhs6PFaoavtEB2VLr2gOFxDZW5VmDXlorAXtCpcPpJdYbnPuRWZd0m5950BatWy5UPgDIK2Qm5XABlq6/tXzHJme9PJHcXwo6WStaB31RiJs9nhdYIhPRjcbeFdx/7Fz3atVikE6YUtb8a7YGeKgZh6ashtYPpG3oSBLn1menjk6CxVRt16de3PoDlYav/J8WPbaGJqcPIU9rjzqJkI4aG1txSyJ8Vt2vawQKnzPZCuQAdWgquE3CbJkJbgoh2TKmHds71WMTg3ZXz2KfVjdN8IXCTxdySlgVVAN6x0usGVnA22XnMYQEgbcb3Q== kai.simen"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5k0dXn60dZ3iORy99LVvgTldu9nYU1TJVL1wCJEqp kaih kubernetes"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4vSlN+vm9d5ZoDitR9b4zqx2Psqa6iH4dK5kN/NXy3 Steinar.Hansen@tromso.serit.no"
];
};
k8s = {
enable = true;
node.enable = mkDefault true;
clusterName = "k0";
initca = ./ca;
cidr = "10.100.0.0/16";
master = {
name = "k0-0";
address = "10.1.8.50";
extraSANs = [ "k0.itpartner.no" ];
};
ingressNodes = [
"k0-0.itpartner.intern"
"k0-1.itpartner.intern"
"k0-2.itpartner.intern"
];
fileserver = "fs2-0";
charts = {
acme_email = "innovasjon@itpartner.no";
grafana_smtp_user = "utvikling";
grafana_smtp_password = "S0m3rp0m@de#21!";
};
};
};
networking = {
hostName = cfg.name;
domain = "itpartner.intern";
nameservers = [ "8.8.8.8" ];
search = [ "itpartner.no" ];
defaultGateway = "10.1.8.1";
extraHosts = import ../hosts.nix;
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [ {
address = cfg.address;
prefixLength = 24;
} ];
};
};
services.kubernetes.kubelet.extraSANs = mkSANs {
name = cfg.name;
address = cfg.address;
};
fileSystems = {
"/vol/local-storage/vol1" = {
device = "/vol/vol1";
options = [ "bind" ];
};
"/vol/local-storage/vol2" = {
device = "/vol/vol2";
options = [ "bind" ];
};
};
};
in {
# options.node = {
# address = mkOption {
# type = types.str;
# default = null;
# };
# name = mkOption {
# type = types.str;
# default = null;
# };
# };
config = configuration;
imports = [
../../modules
../../nixos
];
}

54
clusters/k0/default.nix
View File

@@ -1,54 +0,0 @@
# Pin the deployment package-set to a specific version of nixpkgs
# with import ../nixos-21.05.nix {};
with import <nixpkgs> {};
let
etcdNodes = {
k0-0 = "10.1.8.50";
k0-1 = "10.1.8.51";
k0-2 = "10.1.8.52";
};
etcdCluster = {
enable = true;
existing = true;
nodes = etcdNodes;
};
master = {
features.host = {
name = "k0-0";
address = "10.1.8.50";
};
features.k8s = {
master.enable = true;
master.socat443 = true;
nodes = nodes;
inherit etcdCluster;
};
imports = [ ./cluster.nix ./hw/k0-0.nix ];
};
nodes = [
{ name = "k0-1"; address = "10.1.8.51"; }
{ name = "k0-2"; address = "10.1.8.52"; }
];
mkNode = x: {
"${x.name}" =
lib.mkMerge [
{
features.host = x;
}
(if builtins.hasAttr x.name etcdNodes then
{
features.k8s = { inherit etcdCluster; };
}
else {})
]
// { imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; };
};
in
builtins.foldl' (a: x: a // mkNode x) {
"${master.features.host.name}" = master;
} nodes

27
clusters/k0/hw/k0-0.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a6915f49-234d-4ec1-ab1c-87a529b7b36b";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/29C6-3721";
fsType = "vfat";
};
swapDevices = [ ];
virtualisation.hypervGuest.enable = true;
}

27
clusters/k0/hw/k0-1.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/0f636fe0-cd3c-4c82-b936-bb53a07ded6b";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/29AC-47D5";
fsType = "vfat";
};
swapDevices = [ ];
virtualisation.hypervGuest.enable = true;
}

27
clusters/k0/hw/k0-2.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/bf2f7548-1a5d-4b02-a684-f666e3563eaf";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2A74-A44E";
fsType = "vfat";
};
swapDevices = [ ];
virtualisation.hypervGuest.enable = true;
}

44
clusters/k0/k0.nix
View File

@@ -1,44 +0,0 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz";
# sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36";
# }) {};
pkgs = import <nixpkgs> {};
master = {
deployment.tags = [ "master" ];
node.name = "k0-0";
node.address = "10.1.8.50";
features.k8s.master.enable = true;
features.k8s.nodes = nodes;
imports = [ ./cluster.nix ./hw/k0-0.nix ];
};
nodes = [
{ name = "k0-1"; address = "10.1.8.51"; }
{ name = "k0-2"; address = "10.1.8.52"; }
];
mkNode = x: {
"${x.name}" = { config, pkgs, ... }: {
deployment.tags = [ "node" ];
node.name = x.name;
node.address = x.address;
imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ];
};
};
in
{
network = {
inherit pkgs;
description = "k0";
ordering = {
tags = [ "master" "node" ];
};
};
} // builtins.foldl' (a: x: a // mkNode x) {
"${master.node.name}" = master;
} nodes

117
clusters/k1/cluster.nix
View File

@@ -1,117 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.features.host;
mkSANs = host: [
host.name
host.address
"127.0.0.1"
];
configuration = {
deployment.targetHost = cfg.address;
system.autoUpgrade.enable = lib.mkForce false;
boot = {
loader.systemd-boot.enable = false;
loader.efi.canTouchEfiVariables = true;
loader.grub = {
enable = true;
version = 2;
device = "/dev/sda";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
LC_TIME = "en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
features = {
os = {
externalInterface = "ens3";
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmqQuK1c56lBhSjWIXDFaaL44rm61Q15RULEI1qFd+mqVNNsrQ4t+IEx8rh99SYF0C8oD4eJqO78H+XkRBFCP/d/VArtPOdCAl9fPPHXtT3KgPywwRccVG7qpOsKs4VZmVM/Hd5t7cfkaeF0v+CWrodVxqozHxLPwkQ0xVg4bVpo8+9OZ2Hy09F3yBJviDvxcWtevFeUUeFX4rdNVnX5ew2knmDXn6/EFuIHhTYIlYMlIXOdCejPrRqcgw0F1sJSzOX7u+bumeOHJ1LBaHnts2y9Sc5tDQ5mpbWG868WkRhElnhOYzlDpqUxlhJRfQnsFvyHGbmDetzOS9uJTZDrdCTScjmEGxWyMh/dY5e3SVe8pEsIY5lWjyxkavkBUWTdLsV4a1oQjnwbvGWJQI2rYYBjDw2N4RU3j388P6H2IjAhtTwtCX2V8Qji27Y4U3RRzzY+UWqAyEiPNVNLXmnPTivXtEHL4fqVmDjLRoGwrvQ77Ir2V9bdaJ8sYwCbaktyQ2rwYDU+4yjlnJo2Ftb4iTgrlVorIFn+Ovu3UvG6ygxVjKaoJ9ka3w8hMIb4EA3lw7DlIVd1elbMgsybLiiamf5aPPZ/W5EPQ53aAs1ef6OPkOWW+SdIgZBXYL3lFuDc/15vmnWyVomrOf7/sWTTUkxp1YfgaLi7+YcSMfz/ZBDQ== rjod@SWAMPTHING"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEN59dUXFwoGL3reyVukqZA59fKJOCUZg19zndEqmnv39/Wi5JGS8uwSjetpwrmtwdwc4pq4fOeiAHtWm6oq7dNjMEvUqP2THehGXMr+fK4ElDgrA1NzUxvSXFhTmuQXGGNt7hl8Knsr5ySkLWrmcWkUn6z8rvefx++pTh3J7oDCYugTW/VGQaKYxHwQfZf1goppkQo8tJH5crJwgeaiTCn6645+rkVTYIzY4JVvXlvNuYWxwUaaeV7ztvdkHJc6WGCWQZGg9M3fYp52tC4HOlZ2aWRQ3PJuQ4wpNHGODwsZqB0yNgGnWZ9KH5+sOz0+3He5ZIPJo89HaqGCZi8wWNfhm+GHMDysxA2Ht+hvgBDccN9dDaSvXlUP1EtgFp8rG2baXEeHk3qMMJACxNuqVf4d8j/WIf0O5KswsiCLxdJFEcfDv573iA6rmM6R6oVvlAmO76K+sCD2T2Uy9WGlGIKdGtvC9dhbiB6d8clO4qDRzBPk6EUEFRFxwo4JkRx7XKpJkmbIl1gT22Btkwf5qjyPp025opaNFeEsP5s3LV0e+RY8VN0SpnOBdfyfwiXRDbunqRqZ662aBLGH0dAY1ocfUO1CdZerJ2ceLEY8ma/rC045arzwx4v+R538SnokyKzWsfwGWB7VzdwQZ2os/hLA6wmu9RPhuzmNFzjdrIsQ== remi@fork"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no"
];
};
k8s = {
enable = true;
node.enable = true;
clusterName = "k1";
initca = ./ca;
cidr = "10.11.0.0/16";
master = {
name = "k1-0";
address = "10.1.30.100";
extraSANs = [ "k1.itpartner.no" ];
};
ingressNodes = [
"k1-0.itpartner.intern"
"k1-1.itpartner.intern"
"k1-2.itpartner.intern"
];
fileserver = "fs1-0";
charts = {
acme_email = "innovasjon@itpartner.no";
grafana_smtp_user = "utvikling";
grafana_smtp_password = "S0m3rp0m@de#21!";
};
};
};
networking = {
hostName = cfg.name;
domain = "itpartner.intern";
nameservers = [ "8.8.8.8" ];
search = [ "itpartner.no" ];
defaultGateway = "10.1.30.1";
extraHosts = import ../hosts.nix;
interfaces.ens3 = {
useDHCP = false;
ipv4.addresses = [ {
address = cfg.address;
prefixLength = 24;
} ];
};
};
services.kubernetes.kubelet.extraSANs = mkSANs {
name = cfg.name;
address = cfg.address;
};
fileSystems = {
"/vol/local-storage/vol1" = {
device = "/vol/vol1";
options = [ "bind" ];
};
"/vol/local-storage/vol2" = {
device = "/vol/vol2";
options = [ "bind" ];
};
};
};
in {
config = configuration;
imports = [
../../modules
../../nixos
];
}

58
clusters/k1/default.nix
View File

@@ -1,58 +0,0 @@
with import <nixpkgs> {};
let
etcdNodes = {
k1-0 = "10.1.30.100";
k1-1 = "10.1.30.101";
k1-2 = "10.1.30.102";
};
etcdCluster = {
enable = true;
existing = true;
nodes = etcdNodes;
};
master = {
features.host = {
name = "k1-0";
address = "10.1.30.100";
};
features.k8s = {
host.name = "k1-0";
host.address = "10.1.30.100";
master.enable = true;
master.socat443 = true;
nodes = nodes;
inherit etcdCluster;
};
imports = [ ./cluster.nix ./hw/k1-0.nix ];
};
nodes = [
{ name = "k1-1"; address = "10.1.30.101"; }
{ name = "k1-2"; address = "10.1.30.102"; }
{ name = "k1-3"; address = "10.1.30.103"; }
{ name = "k1-4"; address = "10.1.30.104"; }
{ name = "k1-5"; address = "10.1.30.105"; }
];
mkNode = x: {
"${x.name}" =
lib.mkMerge [
{
features.host = x;
}
(if builtins.hasAttr x.name etcdNodes then
{
features.k8s = { inherit etcdCluster; };
}
else {})
]
// { imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; };
};
in
builtins.foldl' (a: x: a // mkNode x) {
"${master.features.host.name}" = master;
} nodes

21
clusters/k1/hw/k1-0.nix
View File

@@ -1,21 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2e7ba83d-014f-4ef5-a1ce-fc9e34ce7b83";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 1;
}

21
clusters/k1/hw/k1-1.nix
View File

@@ -1,21 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/70b9d730-9cb6-48e2-8e00-fa78c8feefdf";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 1;
}

21
clusters/k1/hw/k1-2.nix
View File

@@ -1,21 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/83bb471d-1db7-4c0b-b8aa-8111730a1ea9";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 1;
}

21
clusters/k1/hw/k1-3.nix
View File

@@ -1,21 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/67441b95-19f2-484d-b57b-3f4b2a55f3cc";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 1;
}

23
clusters/k1/hw/k1-4.nix
View File

@@ -1,23 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "uhci_hcd" "ehci_pci" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8f42bf5b-67bf-401a-97ae-969fd4c808cf";
fsType = "ext4";
};
swapDevices = [ ];
}

23
clusters/k1/hw/k1-5.nix
View File

@@ -1,23 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "uhci_hcd" "ehci_pci" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8f42bf5b-67bf-401a-97ae-969fd4c808cf";
fsType = "ext4";
};
swapDevices = [ ];
}

45
clusters/k1/k1.nix
View File

@@ -1,45 +0,0 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz";
# sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36";
# }) {};
pkgs = import <nixpkgs> {};
master = {
deployment.tags = [ "master" ];
node.name = "k1-0";
node.address = "10.1.30.100";
features.k8s.master.enable = true;
features.k8s.nodes = nodes;
imports = [ ./cluster.nix ./hw/k1-0.nix ];
};
nodes = [
{ name = "k1-1"; address = "10.1.30.101"; }
{ name = "k1-2"; address = "10.1.30.102"; }
{ name = "k1-3"; address = "10.1.30.103"; }
];
mkNode = x: {
"${x.name}" = { config, pkgs, ... }: {
deployment.tags = [ "node" ];
node.name = x.name;
node.address = x.address;
imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ];
};
};
in
{
network = {
inherit pkgs;
description = "k1";
ordering = {
tags = [ "master" "node" ];
};
};
} // builtins.foldl' (a: x: a // mkNode x) {
"${master.node.name}" = master;
} nodes

115
clusters/k2/cluster.nix
View File

@@ -1,115 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.features.host;
mkSANs = host: [
host.name
host.address
"127.0.0.1"
];
configuration = {
deployment.targetHost = cfg.address;
system.autoUpgrade.enable = lib.mkForce false;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
LC_TIME = "en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
features = {
os = {
externalInterface = "eth0";
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlHx2RWPvBhYzevQE+llnyDuInSsyhs6PFaoavtEB2VLr2gOFxDZW5VmDXlorAXtCpcPpJdYbnPuRWZd0m5950BatWy5UPgDIK2Qm5XABlq6/tXzHJme9PJHcXwo6WStaB31RiJs9nhdYIhPRjcbeFdx/7Fz3atVikE6YUtb8a7YGeKgZh6ashtYPpG3oSBLn1menjk6CxVRt16de3PoDlYav/J8WPbaGJqcPIU9rjzqJkI4aG1txSyJ8Vt2vawQKnzPZCuQAdWgquE3CbJkJbgoh2TKmHds71WMTg3ZXz2KfVjdN8IXCTxdySlgVVAN6x0usGVnA22XnMYQEgbcb3Q== kai.simen"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2tox0uyFGfU1zPNU6yAVSoGOUkeU959aiTMrqu1U9MCCOP2o4IhZIlRpZ08XVnUU/AhycCUF4HgGqdcco8oIVX0P0Cn83KJoD/DOqAiz+1VwIUUV1ylrRdNqCgf4wnmLni3sUPHJdQnuq57+pzDDjHMr9CcBL2KzOHD/QanfR+jZmv9K3OS5oDcWquSCziXkpbkWQURPactmtyzGK2FRRxONZgYrB8gRTDstlWQg/t6GHNVelzuJ7SEf+t8pk/S2e/XAvfZyRJhrVJ35iZKpmxkIn5v0g1Z+z0yX/KRSAPRtNg9uM44cmto77MFx7iFs0CuleL3zHvRvZYW1ZnsKAiP07UkEK87luMpkTzFr9CSHJGpgk1RZYA3qidQti44n6NU9YRNhzO4v+KQE6XDqO80gZCJboSXr3fnYn/QHpPXzK5JcZNWmClyMURYj10qv9So3Fh0o3LV5GThA6JgN874vUywUZanPEdn8ePBcAsjLRzA4YBGEuvJCc6FELSuY2s+/pFba8NXQvrOdJKSRC0g5USQFfaWDln4Q4zZ1G5z76p1u6GtRWxvakkUQ0fze9KAW7msxeKaw+B7uMtyvCL8V2zEE8WKFP1sNyYEe7Sgp3RVfym2VPMNTZVhEImfM/3D+WbzfoJztnJvFKXeeMCcne4G8swyef3o1s3b+CvQ== ski027@uit.no"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5k0dXn60dZ3iORy99LVvgTldu9nYU1TJVL1wCJEqp kaih kubernetes"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4vSlN+vm9d5ZoDitR9b4zqx2Psqa6iH4dK5kN/NXy3 Steinar.Hansen@tromso.serit.no"
];
};
k8s = {
enable = true;
node.enable = true;
clusterName = "k2";
initca = ./ca;
cidr = "10.100.0.0/16";
master = {
name = "k2-0";
address = "10.1.8.60";
extraSANs = [ "k2.itpartner.no" ];
};
ingressNodes = [
"k2-0.itpartner.intern"
"k2-1.itpartner.intern"
"k2-2.itpartner.intern"
];
fileserver = "fs2-0";
charts = {
acme_email = "innovasjon@itpartner.no";
grafana_smtp_user = "utvikling";
grafana_smtp_password = "S0m3rp0m@de#21!";
};
};
};
fileSystems = {
"/vol/local-storage/vol1" = {
device = "/vol/vol1";
options = [ "bind" ];
};
"/vol/local-storage/vol2" = {
device = "/vol/vol2";
options = [ "bind" ];
};
};
networking = {
hostName = cfg.name;
domain = "itpartner.intern";
nameservers = [ "8.8.8.8" ];
search = [ "itpartner.no" ];
defaultGateway = "10.1.8.1";
extraHosts = import ../hosts.nix;
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [ {
address = cfg.address;
prefixLength = 24;
} ];
};
};
services.kubernetes.kubelet.extraSANs = mkSANs {
name = cfg.name;
address = cfg.address;
};
};
in {
config = configuration;
imports = [
../../modules
../../nixos
];
}

64
clusters/k2/default.nix
View File

@@ -1,64 +0,0 @@
with import <nixpkgs> {};
let
etcdNodes = {
k2-0 = "10.1.8.60";
k2-1 = "10.1.8.61";
k2-2 = "10.1.8.62";
};
etcdCluster = {
enable = true;
existing = true;
nodes = etcdNodes;
};
master = {
features.host = {
name = "k2-0";
address = "10.1.8.60";
};
features.k8s = {
master.enable = true;
master.socat443 = true;
nodes = nodes;
inherit etcdCluster;
};
imports = [ ./cluster.nix ./hw/k2-0.nix ];
};
nodes = [
{ name = "k2-1"; address = "10.1.8.61"; }
{ name = "k2-2"; address = "10.1.8.62"; }
{ name = "k2-3"; address = "10.1.8.63"; }
{ name = "k2-4"; address = "10.1.8.64"; }
{ name = "k2-5"; address = "10.1.8.65"; }
{ name = "k2-6"; address = "10.1.8.66"; }
];
mkNode = x: {
"${x.name}" =
lib.mkMerge [
{
features.host = x;
}
(if builtins.hasAttr x.name etcdNodes then
{
features.k8s = { inherit etcdCluster; };
}
else {})
# (if x.name == "k2-6" then
# {
# services.kubernetes.kubelet.taints.sonarqube = {
# key = "reserved";
# value = "sonarqube";
# effect = "NoSchedule";
# };
# }
# else {})
]
// { imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; };
};
in
builtins.foldl' (a: x: a // mkNode x) {
"${master.features.host.name}" = master;
} nodes

27
clusters/k2/hw/k2-0.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/538136b2-8d66-4269-ba9d-03d9c4753670";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4122-992F";
fsType = "vfat";
};
swapDevices = [ ];
virtualisation.hypervGuest.enable = true;
}

27
clusters/k2/hw/k2-1.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9a8d3dae-d0e9-4af1-8eb0-a700cbd483c3";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/42A8-FFF9";
fsType = "vfat";
};
swapDevices = [ ];
virtualisation.hypervGuest.enable = true;
}

27
clusters/k2/hw/k2-2.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/43f630c2-faeb-44bf-8978-9832de9a2122";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/43BB-4E5C";
fsType = "vfat";
};
swapDevices = [ ];
virtualisation.hypervGuest.enable = true;
}

27
clusters/k2/hw/k2-3.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/402e3cc9-fab6-44b8-aeb9-62aac9a3712d";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4476-D001";
fsType = "vfat";
};
swapDevices = [ ];
virtualisation.hypervGuest.enable = true;
}

27
clusters/k2/hw/k2-4.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/663b0ba7-962a-4ec2-b0cd-09472a03f6dd";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/45CE-83A2";
fsType = "vfat";
};
swapDevices = [ ];
virtualisation.hypervGuest.enable = true;
}

27
clusters/k2/hw/k2-5.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9e5acd6c-3e18-40c0-9826-a620812a7bff";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/255E-65E7";
fsType = "vfat";
};
swapDevices = [];
virtualisation.hypervGuest.enable = true;
}

27
clusters/k2/hw/k2-6.nix
View File

@@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b34e8c50-665b-4a30-99cb-f845d2313cb8";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/51AC-7FD0";
fsType = "vfat";
};
swapDevices = [];
virtualisation.hypervGuest.enable = true;
}

45
clusters/k2/k2.nix
View File

@@ -1,45 +0,0 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz";
# sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36";
# }) {};
pkgs = import <nixpkgs> {};
master = {
deployment.tags = [ "master" ];
node.name = "k2-0";
node.address = "10.1.8.60";
features.k8s.master.enable = true;
features.k8s.nodes = nodes;
imports = [ ./cluster.nix ./hw/k2-0.nix ];
};
nodes = [
{ name = "k2-1"; address = "10.1.8.61"; }
{ name = "k2-2"; address = "10.1.8.62"; }
{ name = "k2-3"; address = "10.1.8.63"; }
{ name = "k2-4"; address = "10.1.8.64"; }
];
mkNode = x: {
"${x.name}" = { config, pkgs, ... }: {
deployment.tags = [ "node" ];
node = x;
imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ];
};
};
in
{
network = {
inherit pkgs;
description = "k2";
ordering = {
tags = [ "master" "node" ];
};
};
} // builtins.foldl' (a: x: a // mkNode x) {
"${master.node.name}" = master;
} nodes

4
clusters/nixos-21.05.nix
View File

@@ -1,4 +0,0 @@
import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/ad6e733d633802620b5eec9be91e837973eac18a.tar.gz";
sha256 = "0220v3389awigxih0hrphnnc22gmslliv1q6f0f2cjk6ibhq5fff";
})

5
clusters/nixos-21.11.nix
View File

@@ -1,5 +0,0 @@
import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/573603b7fdb9feb0eb8efc16ee18a015c667ab1b.tar.gz";
sha256 = "1aa3wshxys9wrb4n0kxp3glvz06mv078kwl6m3v79cyr4gvmjh9q";
})

99
clusters/psql1/default.nix
View File

@@ -1,99 +0,0 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz";
# sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36";
# }) {};
pkgs = import <nixpkgs> {};
name = "psql1-0";
address = "10.1.30.80";
in {
psql1-0 = { config, pkgs, ... }: with pkgs; {
# deployment.tags = [ "db" ];
deployment.targetHost = address;
system.autoUpgrade.enable = lib.mkForce false;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
LC_TIME = "en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
features = {
os = {
externalInterface = "ens6";
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
];
};
};
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
};
};
networking = {
hostName = name;
domain = "itpartner.intern";
defaultGateway = "10.1.30.1";
nameservers = [ "8.8.8.8" ];
search = [ "itpartner.intern" "itpartner.no" ];
extraHosts = import ../hosts.nix;
interfaces.ens6 = {
useDHCP = false;
ipv4.addresses = [ {
address = address;
prefixLength = 24;
} ];
};
firewall.allowedTCPPorts = [ 5432 ];
};
services.postgresql = {
enable = true;
dataDir = "/data/postgresql";
enableTCPIP = true;
identMap = ''
nixos root postgres
nixos admin postgres
'';
authentication = pkgs.lib.mkOverride 11 ''
local all all trust
host all all ::1/128 trust
host all all ::1/128 md5
host all postgres 127.0.0.1/32 md5
host all postgres ::1/128 md5
host all postgres 10.1.8.0/24 md5
host all postgres 10.1.30.0/24 md5
host score consto 10.1.8.0/24 md5
host score consto 10.1.30.0/24 md5
host score consto all md5
host mobilenews-provisioner mobilenews 10.1.8.0/24 md5
host mobilenews-provisioner mobilenews 10.1.30.0/24 md5
host all bizmart 10.1.8.0/24 md5
host all bizmart 10.1.30.0/24 md5
'';
};
imports = [ ../../nixos ./psql1-0.nix ];
};
}

35
clusters/psql1/psql1-0.nix
View File

@@ -1,35 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/49b61f5c-9dd6-4989-8d24-87e143a580ae";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/DCF5-0AA3";
fsType = "vfat";
};
fileSystems."/data" =
{ device = "/dev/disk/by-label/psql";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/137fc4ef-452d-4216-9f18-42cf859f77ce"; }
];
nix.maxJobs = lib.mkDefault 4;
#virtualisation.hypervGuest.enable = true;
}

92
clusters/psql2/default.nix
View File

@@ -1,92 +0,0 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz";
# sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36";
# }) {};
pkgs = import <nixpkgs> {};
name = "psql2-0";
address = "10.1.8.80";
in {
psql2-0 = { config, pkgs, ... }: with pkgs; {
deployment.tags = [ "db" ];
deployment.targetHost = address;
system.autoUpgrade.enable = lib.mkForce false;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_DK.UTF-8";
extraLocaleSettings = {
LC_TIME = "en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
features = {
os = {
externalInterface = "eth0";
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
];
};
};
networking = {
hostName = name;
domain = "itpartner.intern";
defaultGateway = "10.1.8.1";
nameservers = [ "8.8.8.8" ];
search = [ "itpartner.intern" "itpartner.no" ];
extraHosts = import ../hosts.nix;
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [ {
address = address;
prefixLength = 24;
} ];
};
firewall.allowedTCPPorts = [ 5432 ];
};
services.prometheus.exporters = {
node = {
enable = true;
openFirewall = true;
};
};
services.postgresql = {
enable = true;
dataDir = "/data/postgresql";
enableTCPIP = true;
identMap = ''
nixos root postgres
nixos admin postgres
'';
authentication = pkgs.lib.mkOverride 11 ''
local all all trust
host all all ::1/128 trust
host all all ::1/128 md5
host all postgres 127.0.0.1/32 md5
host all postgres ::1/128 md5
host all postgres 10.1.8.0/24 md5
host all postgres 10.1.30.0/24 md5
'';
};
imports = [ ../../nixos ./psql2-0.nix ];
};
}

29
clusters/psql2/psql2-0.nix
View File

@@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/02bcc865-6f9f-4c8f-bd82-74989c6854cf";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9EB2-69DB";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1e002a08-8014-4265-8557-1b64c9470d32"; }
];
virtualisation.hypervGuest.enable = true;
}

27
clusters/stokes/ca/ca-key.pem
View File

@@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAukWIN5XpFB652nk7sPluIj56ScNljJNWBYesVh1828MPOUTz
ne81yHS0x7XUmpcyT7C6dPvUVrGYQFB2vj7JroSwN1XkYymtauPTZjWbzeWRlmgg
Gij1aQFNg/KzY3e0dpgUPI7MvPr1ISM5srnZtbTQrFf2ElswoTCO1cXDc252gnZa
EnzfRD7J6yz2Uv/1FRz/ZcoCeUbJrd5bcNI9gJaOy0140GGG67YdmepcAbWy1NbA
MZRBjaTQ+feEVkJxPcQ5fj1HkCDnLrcxJfw1IhodVe4WKNHriAFGrSKrH3UKoN9D
UmSTF9UDQkNA/s54dhBr1bEkne1mDll0afaXjwIDAQABAoIBADecdrSRrwpwue/9
7dJCRZ03pe7LxU+Y1T/FZ7A2EYbSz4K7kTf/qMD2Btrw8E5PAZhFHQW8AYL4dooM
+8aEnFXcC3gZzpvEX5/f8Mc9Dg0EktiisaLdw5bb6raQCPqTTG9zq+cAgyOQkQqZ
p6oyTksvdnVdtXt5eiVFh/9OkbGuL7cDE6m7sWC9R0zgPBamM8W40IhbjqPhwnfJ
X2gtNAs28i4M9hr0yYJm98TxyNOeiYqtTkFAQ8eQG4orOfH5oM7N6g1soyTzX8Ya
J+dwGBzn0QPWnTTjLS/nJoKwpDsp2Jx/m9nIAFjyxXDdOLGTDP1malVlTp23ULWH
4O/wXIECgYEA9PSgPfK3Bf0ZxJG5QJXcHw4T3ZVHTUWas4ZhsXBEgtJt94wHjhvz
nQ5t/2e2SMIu5CX92tUb0FA4jEo2l7A59WcclqdPKJPGd/xComqPq6l+CVrHx6Hl
w/E2ittkUjbp1vf9EY0lDl0vBuC5sBV98FDOiEi8BH/vVz0Gt/fnwq8CgYEAwquN
fDpeKD8uVgyNAGkIYWX9uDY//jD4wPUrFVKHjPxcfVP0+kaXW3g3G0rpZSlK0MKy
kvOOimpoK/RNp1BxlvgJGZ/CYxslYfaIKDztu8dgNQJnKcSK8Ky+CW9qd6HI70dT
tLjszNyFZtzblPT9IKVUoOdR3TgBD8ZZ5mUdMSECgYEA10VgyfBTLl0nVxvl3T+W
Smh5xuMY3WzNLvZrRp/uZbX+1G1oelhQOPdkbe+8P6b/xJsqxDVDE0hc2dWisp45
4VPzyOZSZ8uuwOWdvdS+XFNBI4F3TxcVsKR8lX2HZcVCrhwUeGc9aKk12eqG5ZuN
qTOqvhSFv8KbGWTVUbn5IJsCgYAsbA9WOM+BqaE+O5D1dgJWj3qNTbvemng5N/kD
3ZhXAMNuSflOH0ussMsKbFbEId8TskojpHZzeYKZ/R63PnEdPS5+bWljSi+GokZB
wF2TixSWJB08d8Ao2ZJn/sex0vZSO9mLFOPcf7nlViK5ZApbJ78fFIomy//aBK5B
F/PIYQKBgBuuTu1QaUPSs16f/515OJ2ZAv/8O6mtfZ2gCDIIf/dm8TQNA19RuAyu
aMV0lO1zaH/mGFEJDraCEVARwS36F4yar5B8X7mi5ltfTNnadK2d2nidev1LZVDN
6+zGiJHoPShBWF7XjxyhGprgFs6atNEso3LZG0GYHpG8SFjIcoUf
-----END RSA PRIVATE KEY-----

21
clusters/stokes/ca/ca.pem
View File

@@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDajCCAlKgAwIBAgIUYudTFvTJDamPPtR4Xzw2S0dN36cwDQYJKoZIhvcNAQEL
BQAwTTESMBAGA1UEBxMJZ2VuZXJhdGVkMQ4wDAYDVQQKEwVOaXhPUzEnMCUGA1UE
CxMec2VydmljZXMua3ViZXJuZXRlcy5wa2kuY2FTcGVjMB4XDTE5MTAxNTA5MjEw
MFoXDTI0MTAxMzA5MjEwMFowTTESMBAGA1UEBxMJZ2VuZXJhdGVkMQ4wDAYDVQQK
EwVOaXhPUzEnMCUGA1UECxMec2VydmljZXMua3ViZXJuZXRlcy5wa2kuY2FTcGVj
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukWIN5XpFB652nk7sPlu
Ij56ScNljJNWBYesVh1828MPOUTzne81yHS0x7XUmpcyT7C6dPvUVrGYQFB2vj7J
roSwN1XkYymtauPTZjWbzeWRlmggGij1aQFNg/KzY3e0dpgUPI7MvPr1ISM5srnZ
tbTQrFf2ElswoTCO1cXDc252gnZaEnzfRD7J6yz2Uv/1FRz/ZcoCeUbJrd5bcNI9
gJaOy0140GGG67YdmepcAbWy1NbAMZRBjaTQ+feEVkJxPcQ5fj1HkCDnLrcxJfw1
IhodVe4WKNHriAFGrSKrH3UKoN9DUmSTF9UDQkNA/s54dhBr1bEkne1mDll0afaX
jwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
HQ4EFgQUPT6LxrZCUpQ2jDmCMCDd6iULmwgwDQYJKoZIhvcNAQELBQADggEBAKis
hW6ldAV6cnve3waznZE5sOPyOXQXWDsltktsSpzYOhr59Y6wCj1/NoldQiv8QBxO
PaQwABR/q/sJumHD82pK4pl6W98VL1Oump8J1f1FWFj+2i2+NlmTS9GSqapdLu2h
OXMBz3BCdVVIT8DhseTA/mVyyQWXw/9lQ61OSusPnne0p0pnBFMMSUHMXVVxk++e
c7MLeUqqNlyb3RCxcUBESkXwwWHhXauTt99FB0yHSJy31wAM/jGyBavZaouLDkbq
05wpCwqC9zHAedITq8W9HNAP9CQcz7lWyCDxdgj+7hhxGkQJ2bjE0leZP5mzaEu2
7OaICVDtpa9OaWcqiIA=
-----END CERTIFICATE-----

2
clusters/stokes/munge.key
View File

@@ -1,2 +0,0 @@
ç£/ik±/¨÷|ñR¯E¥R®$ÃQfj5·<35>rd<0E>С¶7“{¢99âTÂîÛÃiÄŒ,ÐŒÍhçïÙ8töv:%T”
|ÈÚÈ´þΕ§VŒ00w<30>|ŸÏ®÷íà|È_ŸY{3L_!F1TdÔ&F7õ™B°R

11
clusters/stokes/overlays.nix
View File

@@ -1,11 +0,0 @@
self: super:
let
msmtp = super.msmtp.overrideAttrs (attrs: rec {
configureFlags = attrs.configureFlags ++ [ "--with-tls=openssl" ];
buildInputs = attrs.buildInputs ++ [ super.openssl ];
});
in
{
# inherit msmtp;
}

4
clusters/stokes/frontend.nix → configuration.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, ...}: { pkgs, ...}:
let let
nodes = import ./nodes.nix; nodes = import ./nixops/stokes/nodes.nix;
in in
{ {
# deployment.tags = [ "frontend" ]; # deployment.tags = [ "frontend" ];
@@ -229,5 +229,5 @@ in
pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
''; '';
imports = [ ./cluster.nix ./hw/frontend.nix ]; imports = [ ./nixops/stokes/cluster.nix ./hardware-configuration.nix ];
} }

0
clusters/stokes/hw/frontend.nix → hardware-configuration.nix
View File

2
bin/adduser.sh → nixops/bin/adduser.sh
View File

@@ -26,4 +26,4 @@ EOF
sed -i " sed -i "
/# @grp@/i $grp /# @grp@/i $grp
/# @usr@/i $usr /# @usr@/i $usr
" clusters/stokes/users.nix " stokes/users.nix

0
bin/copy-hardware-configuration.sh → nixops/bin/copy-hardware-configuration.sh
View File

4
bin/deploy.sh → nixops/bin/deploy.sh
View File

@@ -7,12 +7,12 @@ if [ $# = 0 ]; then
exit 1 exit 1
fi fi
if [ ! -f $TOP/clusters/$1/default.nix ]; then if [ ! -f $TOP/$1/default.nix ]; then
echo "error: $1 does not contain a deployment" echo "error: $1 does not contain a deployment"
exit 1 exit 1
fi fi
cd $TOP/clusters/$1 cd $TOP/$1
nixops list | grep -q $1 nixops list | grep -q $1
if [ $? = 0 ]; then if [ $? = 0 ]; then

2
bin/initca.sh → nixops/bin/initca.sh
View File

@@ -9,7 +9,7 @@ fi
ca=$TOP/modules/initca.nix ca=$TOP/modules/initca.nix
cd $TOP/clusters/$1 cd $TOP/$1
echo "--- Preparing CA certificate" echo "--- Preparing CA certificate"
nix-build -o ca $ca nix-build -o ca $ca

0
bin/reboot.sh → nixops/bin/reboot.sh
View File

0
bin/ssh.sh → nixops/bin/ssh.sh
View File

4
bin/teardown.sh → nixops/bin/teardown.sh
View File

@@ -13,11 +13,11 @@ if [ $# != 1 ]; then
fi fi
d=$1 d=$1
tmp=$TOP/clusters/.$d.$$ tmp=$TOP/.$d.$$
teardown () { teardown () {
mkdir -p $tmp mkdir -p $tmp
cp -r $TOP/clusters/$d/* $tmp cp -r $TOP/$d/* $tmp
sed -i '/k8s *= *{/,+1 s/enable *= *true/enable = false/' $tmp/cluster.nix sed -i '/k8s *= *{/,+1 s/enable *= *true/enable = false/' $tmp/cluster.nix
nixops modify -d $d $tmp nixops modify -d $d $tmp
nixops deploy -d $d nixops deploy -d $d

0
clusters/hosts.nix → nixops/hosts.nix
View File

0
clusters/stokes/cluster.nix → nixops/stokes/cluster.nix
View File

0
clusters/stokes/connauthfile → nixops/stokes/connauthfile
View File

0
clusters/stokes/default.nix → nixops/stokes/default.nix
View File

0
clusters/stokes/hosts.nix → nixops/stokes/hosts.nix
View File

0
clusters/stokes/hw/c0-1.nix → nixops/stokes/hw/c0-1.nix
View File

0
clusters/stokes/hw/c0-2.nix → nixops/stokes/hw/c0-2.nix
View File

0
clusters/stokes/hw/c0-3.nix → nixops/stokes/hw/c0-3.nix
View File

0
clusters/stokes/hw/c0-4.nix → nixops/stokes/hw/c0-4.nix
View File

0
clusters/stokes/hw/c0-5.nix → nixops/stokes/hw/c0-5.nix
View File

0
clusters/stokes/hw/c0-6.nix → nixops/stokes/hw/c0-6.nix
View File

0
clusters/stokes/hw/c0-7.nix → nixops/stokes/hw/c0-7.nix
View File

0
clusters/stokes/hw/c0-8.nix → nixops/stokes/hw/c0-8.nix
View File

0
clusters/stokes/kernel.nix → nixops/stokes/kernel.nix
View File

0
clusters/ekman/munge.key → nixops/stokes/munge.key
View File

0
clusters/stokes/nodes.nix → nixops/stokes/nodes.nix
View File

0
clusters/ekman/overlays.nix → nixops/stokes/overlays.nix
View File

0
clusters/stokes/pubkeys/c0-1.pub → nixops/stokes/pubkeys/c0-1.pub
View File

0
clusters/stokes/pubkeys/c0-2.pub → nixops/stokes/pubkeys/c0-2.pub
View File

0
clusters/stokes/pubkeys/c0-3.pub → nixops/stokes/pubkeys/c0-3.pub
View File

0
clusters/stokes/pubkeys/c0-4.pub → nixops/stokes/pubkeys/c0-4.pub
View File

0
clusters/stokes/pubkeys/c0-5.pub → nixops/stokes/pubkeys/c0-5.pub
View File

0
clusters/stokes/pubkeys/c0-6.pub → nixops/stokes/pubkeys/c0-6.pub
View File

0
clusters/stokes/pubkeys/c0-7.pub → nixops/stokes/pubkeys/c0-7.pub
View File

0
clusters/stokes/pubkeys/c0-8.pub → nixops/stokes/pubkeys/c0-8.pub
View File

0
clusters/stokes/pubkeys/stokes.pub → nixops/stokes/pubkeys/stokes.pub
View File

0
clusters/stokes/users.nix → nixops/stokes/users.nix
View File