summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/0tests/data/secrets/shackspace-gitlab-ci0
-rw-r--r--krebs/1systems/wolf/config.nix87
-rw-r--r--krebs/2configs/shack/gitlab-runner.nix21
-rw-r--r--krebs/2configs/shack/netbox.nix39
-rw-r--r--krebs/3modules/external/default.nix4
-rw-r--r--krebs/3modules/external/ssh/0x4a6f.pub1
6 files changed, 89 insertions, 63 deletions
diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci b/krebs/0tests/data/secrets/shackspace-gitlab-ci
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index ec8830711..7ca0f0ec1 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -11,83 +11,44 @@ in
<stockholm/krebs>
<stockholm/krebs/2configs>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
- <stockholm/krebs/2configs/collectd-base.nix>
- <stockholm/krebs/2configs/stats/wolf-client.nix>
- <stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
+ # handle the worlddomination map via coap
<stockholm/krebs/2configs/shack/worlddomination.nix>
+
+ # drivedroid.shack for shackphone
<stockholm/krebs/2configs/shack/drivedroid.nix>
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
- <stockholm/krebs/2configs/shack/mqtt_sub.nix>
+ # Say if muell will be collected
<stockholm/krebs/2configs/shack/muell_caller.nix>
- <stockholm/krebs/2configs/shack/radioactive.nix>
+
+ # create samba share for anonymous usage with the laser and 3d printer pc
<stockholm/krebs/2configs/shack/share.nix>
+
+ # mobile.lounge.mpd.shack
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
- {
- systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
- systemd.services.telegraf.environment = {
- MIBDIRS = pkgs.fetchgit {
- url = "http://git.shackspace.de/makefu/modem-mibs.git";
- sha256 =
- "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
- }; # extra mibs like ADSL
- };
- services.telegraf = {
- enable = true;
- extraConfig = {
- inputs = {
- snmp = {
- agents = [ "10.0.1.3:161" ];
- version = 2;
- community = "shack";
- name = "snmp";
- field = [
- {
- name = "hostname";
- oid = "RFC1213-MIB::sysName.0";
- is_tag = true;
- }
- {
- name = "load-percent"; #cisco
- oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9";
- }
- {
- name = "uptime";
- oid = "DISMAN-EVENT-MIB::sysUpTimeInstance";
- }
- ];
- table = [{
- name = "snmp";
- inherit_tags = [ "hostname" ];
- oid = "IF-MIB::ifXTable";
- field = [{
- name = "ifName";
- oid = "IF-MIB::ifName";
- is_tag = true;
- }];
- }];
- };
- };
- outputs = {
- influxdb = {
- urls = [ "http://${influx-host}:8086" ];
- database = "telegraf";
- write_consistency = "any";
- timeout = "5s";
- };
- };
- };
- };
- }
+ # connect to git.shackspace.de as group runner for rz
+ <stockholm/krebs/2configs/shack/gitlab-runner.nix>
+
+ # Statistics collection and visualization
+ <stockholm/krebs/2configs/graphite.nix>
+ ## Collect data from mqtt.shack and store in graphite database
+ <stockholm/krebs/2configs/shack/mqtt_sub.nix>
+ ## Collect radioactive data and put into graphite
+ <stockholm/krebs/2configs/shack/radioactive.nix>
+ ## Collect local statistics via collectd and send to collectd
+ <stockholm/krebs/2configs/stats/wolf-client.nix>
+ ## write collectd statistics to wolf.shack
+ <stockholm/krebs/2configs/collectd-base.nix>
+ { services.influxdb.enable = true; }
+ <stockholm/krebs/2configs/shack/netbox.nix>
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
- services.influxdb.enable = true;
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
@@ -156,10 +117,10 @@ in
# fallout of ipv6calypse
networking.extraHosts = ''
hass.shack 10.42.2.191
- heidi.shack 10.42.2.135
'';
users.extraUsers.root.openssh.authorizedKeys.keys = [
+ config.krebs.users."0x4a6f".pubkey
config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
new file mode 100644
index 000000000..57d670ea3
--- /dev/null
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+let
+ runner-src = builtins.fetchTarball {
+ url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz";
+ sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi";
+ };
+in
+{
+ systemd.services.gitlab-runner.path = [
+ "/run/wrappers" # /run/wrappers/bin/su
+ "/" # /bin/sh
+ ];
+ imports = [
+ "${runner-src}/gitlab-runner.nix"
+ ];
+ services.gitlab-runner2.enable = true;
+ ## registrationConfigurationFile contains:
+ # CI_SERVER_URL=<CI server URL>
+ # REGISTRATION_TOKEN=<registration secret>
+ services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>;
+}
diff --git a/krebs/2configs/shack/netbox.nix b/krebs/2configs/shack/netbox.nix
new file mode 100644
index 000000000..4fb5a7dbc
--- /dev/null
+++ b/krebs/2configs/shack/netbox.nix
@@ -0,0 +1,39 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = [ pkgs.docker-compose ];
+ virtualisation.docker.enable = true;
+ services.nginx = {
+ enable = true;
+ virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080";
+ };
+ # we store the netbox config there:
+ # state = [ "/var/lib/netbox" ];
+ systemd.services.backup-netbox = {
+ after = [ "netbox-docker-compose.service" ];
+ startAt = "daily";
+ path = with pkgs; [ docker-compose docker gzip coreutils ];
+ script = ''
+ cd /var/lib/netbox
+ mkdir -p backup
+ docker-compose exec -T -upostgres postgres pg_dumpall \
+ | gzip > backup/netdata_$(date -Iseconds).dump.gz
+ '';
+ };
+
+ systemd.services.netbox-docker-compose = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" "docker.service" ];
+ environment.VERSION = "v2.5.13";
+ serviceConfig = {
+ WorkingDirectory = "/var/lib/netbox";
+ # TODO: grep -q NAPALM_SECRET env/netbox.env
+ # TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml
+ ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull";
+ ExecStart = "${pkgs.docker-compose}/bin/docker-compose up";
+ Restart = "always";
+ RestartSec = "10";
+ StartLimitIntervalSec = 60;
+ StartLimitBurst = 3;
+ };
+ };
+}
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 080c259aa..70c49cfcf 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -487,6 +487,10 @@ in {
mail = "shackspace.de@myvdr.de";
pubkey = ssh-for "ulrich";
};
+ "0x4a6f" = {
+ mail = "0x4a6f@shackspace.de";
+ pubkey = ssh-for "0x4a6f";
+ };
miaoski = {
};
filly = {
diff --git a/krebs/3modules/external/ssh/0x4a6f.pub b/krebs/3modules/external/ssh/0x4a6f.pub
new file mode 100644
index 000000000..1ea084bad
--- /dev/null
+++ b/krebs/3modules/external/ssh/0x4a6f.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS