diff options
-rw-r--r-- | krebs/0tests/data/secrets/shackspace-gitlab-ci | 0 | ||||
-rw-r--r-- | krebs/1systems/wolf/config.nix | 87 | ||||
-rw-r--r-- | krebs/2configs/shack/gitlab-runner.nix | 21 | ||||
-rw-r--r-- | krebs/2configs/shack/netbox.nix | 39 | ||||
-rw-r--r-- | krebs/3modules/external/default.nix | 4 | ||||
-rw-r--r-- | krebs/3modules/external/ssh/0x4a6f.pub | 1 |
6 files changed, 89 insertions, 63 deletions
diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci b/krebs/0tests/data/secrets/shackspace-gitlab-ci new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index ec8830711..7ca0f0ec1 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -11,83 +11,44 @@ in <stockholm/krebs> <stockholm/krebs/2configs> <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - <stockholm/krebs/2configs/collectd-base.nix> - <stockholm/krebs/2configs/stats/wolf-client.nix> - <stockholm/krebs/2configs/graphite.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> + # handle the worlddomination map via coap <stockholm/krebs/2configs/shack/worlddomination.nix> + + # drivedroid.shack for shackphone <stockholm/krebs/2configs/shack/drivedroid.nix> # <stockholm/krebs/2configs/shack/nix-cacher.nix> - <stockholm/krebs/2configs/shack/mqtt_sub.nix> + # Say if muell will be collected <stockholm/krebs/2configs/shack/muell_caller.nix> - <stockholm/krebs/2configs/shack/radioactive.nix> + + # create samba share for anonymous usage with the laser and 3d printer pc <stockholm/krebs/2configs/shack/share.nix> + + # mobile.lounge.mpd.shack <stockholm/krebs/2configs/shack/mobile.mpd.nix> - { - systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - systemd.services.telegraf.environment = { - MIBDIRS = pkgs.fetchgit { - url = "http://git.shackspace.de/makefu/modem-mibs.git"; - sha256 = - "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k"; - }; # extra mibs like ADSL - }; - services.telegraf = { - enable = true; - extraConfig = { - inputs = { - snmp = { - agents = [ "10.0.1.3:161" ]; - version = 2; - community = "shack"; - name = "snmp"; - field = [ - { - name = "hostname"; - oid = "RFC1213-MIB::sysName.0"; - is_tag = true; - } - { - name = "load-percent"; #cisco - oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; - } - { - name = "uptime"; - oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; - } - ]; - table = [{ - name = "snmp"; - inherit_tags = [ "hostname" ]; - oid = "IF-MIB::ifXTable"; - field = [{ - name = "ifName"; - oid = "IF-MIB::ifName"; - is_tag = true; - }]; - }]; - }; - }; - outputs = { - influxdb = { - urls = [ "http://${influx-host}:8086" ]; - database = "telegraf"; - write_consistency = "any"; - timeout = "5s"; - }; - }; - }; - }; - } + # connect to git.shackspace.de as group runner for rz + <stockholm/krebs/2configs/shack/gitlab-runner.nix> + + # Statistics collection and visualization + <stockholm/krebs/2configs/graphite.nix> + ## Collect data from mqtt.shack and store in graphite database + <stockholm/krebs/2configs/shack/mqtt_sub.nix> + ## Collect radioactive data and put into graphite + <stockholm/krebs/2configs/shack/radioactive.nix> + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/wolf-client.nix> + ## write collectd statistics to wolf.shack + <stockholm/krebs/2configs/collectd-base.nix> + { services.influxdb.enable = true; } + <stockholm/krebs/2configs/shack/netbox.nix> ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) - services.influxdb.enable = true; # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; @@ -156,10 +117,10 @@ in # fallout of ipv6calypse networking.extraHosts = '' hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 ''; users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users."0x4a6f".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix new file mode 100644 index 000000000..57d670ea3 --- /dev/null +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +let + runner-src = builtins.fetchTarball { + url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz"; + sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi"; + }; +in +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + imports = [ + "${runner-src}/gitlab-runner.nix" + ]; + services.gitlab-runner2.enable = true; + ## registrationConfigurationFile contains: + # CI_SERVER_URL=<CI server URL> + # REGISTRATION_TOKEN=<registration secret> + services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>; +} diff --git a/krebs/2configs/shack/netbox.nix b/krebs/2configs/shack/netbox.nix new file mode 100644 index 000000000..4fb5a7dbc --- /dev/null +++ b/krebs/2configs/shack/netbox.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.docker-compose ]; + virtualisation.docker.enable = true; + services.nginx = { + enable = true; + virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080"; + }; + # we store the netbox config there: + # state = [ "/var/lib/netbox" ]; + systemd.services.backup-netbox = { + after = [ "netbox-docker-compose.service" ]; + startAt = "daily"; + path = with pkgs; [ docker-compose docker gzip coreutils ]; + script = '' + cd /var/lib/netbox + mkdir -p backup + docker-compose exec -T -upostgres postgres pg_dumpall \ + | gzip > backup/netdata_$(date -Iseconds).dump.gz + ''; + }; + + systemd.services.netbox-docker-compose = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "docker.service" ]; + environment.VERSION = "v2.5.13"; + serviceConfig = { + WorkingDirectory = "/var/lib/netbox"; + # TODO: grep -q NAPALM_SECRET env/netbox.env + # TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml + ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull"; + ExecStart = "${pkgs.docker-compose}/bin/docker-compose up"; + Restart = "always"; + RestartSec = "10"; + StartLimitIntervalSec = 60; + StartLimitBurst = 3; + }; + }; +} diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 080c259aa..70c49cfcf 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -487,6 +487,10 @@ in { mail = "shackspace.de@myvdr.de"; pubkey = ssh-for "ulrich"; }; + "0x4a6f" = { + mail = "0x4a6f@shackspace.de"; + pubkey = ssh-for "0x4a6f"; + }; miaoski = { }; filly = { diff --git a/krebs/3modules/external/ssh/0x4a6f.pub b/krebs/3modules/external/ssh/0x4a6f.pub new file mode 100644 index 000000000..1ea084bad --- /dev/null +++ b/krebs/3modules/external/ssh/0x4a6f.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS |