From 8f87254a2aa47630bc711c34a6322a974c6c040f Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 May 2019 21:03:36 +0200 Subject: puyak.r: allow access from raute and ulrich --- krebs/1systems/puyak/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'krebs/1systems') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 67257eacd..af11c6944 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -73,6 +73,13 @@ system.activationScripts."disengage fancontrol" = '' echo level disengaged > /proc/acpi/ibm/fan ''; + + # to access vorstand vm + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey + ]; + users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; -- cgit v1.3.1 From 866e94b4fa70181b9ae753b51d59c27ce42c9497 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 17 May 2019 13:36:13 +0200 Subject: hotdog.r: enable github-hosts-sync --- krebs/1systems/hotdog/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/1systems') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index f68c8ce50..32e416831 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -18,6 +18,7 @@ ]; krebs.build.host = config.krebs.hosts.hotdog; + krebs.github-hosts-sync.enable = true; boot.isContainer = true; networking.useDHCP = false; -- cgit v1.3.1 From 4caeb3d3f8525721cefa7a74e79781a3b9787eb6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Jun 2019 09:56:07 +0200 Subject: wolf.r: add declarative gitlab-runner --- krebs/1systems/wolf/config.nix | 1 + krebs/2configs/shack/gitlab-runner.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 krebs/2configs/shack/gitlab-runner.nix (limited to 'krebs/1systems') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index ec8830711..995e49669 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -26,6 +26,7 @@ in + { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate systemd.services.telegraf.environment = { diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix new file mode 100644 index 000000000..57d670ea3 --- /dev/null +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +let + runner-src = builtins.fetchTarball { + url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz"; + sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi"; + }; +in +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + imports = [ + "${runner-src}/gitlab-runner.nix" + ]; + services.gitlab-runner2.enable = true; + ## registrationConfigurationFile contains: + # CI_SERVER_URL= + # REGISTRATION_TOKEN= + services.gitlab-runner2.registrationConfigFile = ; +} -- cgit v1.3.1 From 30a90e48b91ba9d09da7cafe8ad81dcc153554d3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Jun 2019 20:53:02 +0200 Subject: wolf.r: add documentation for imports --- krebs/1systems/wolf/config.nix | 84 +++++++++++------------------------------- 1 file changed, 21 insertions(+), 63 deletions(-) (limited to 'krebs/1systems') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 995e49669..f629c5984 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -11,84 +11,42 @@ in - - - + # handle the worlddomination map via coap + + # drivedroid.shack for shackphone # - + # Say if muell will be collected - + + # create samba share for anonymous usage with the laser and 3d printer pc + + # mobile.lounge.mpd.shack + # connect to git.shackspace.de as group runner for rz - { - systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - systemd.services.telegraf.environment = { - MIBDIRS = pkgs.fetchgit { - url = "http://git.shackspace.de/makefu/modem-mibs.git"; - sha256 = - "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k"; - }; # extra mibs like ADSL - }; - services.telegraf = { - enable = true; - extraConfig = { - inputs = { - snmp = { - agents = [ "10.0.1.3:161" ]; - version = 2; - community = "shack"; - name = "snmp"; - field = [ - { - name = "hostname"; - oid = "RFC1213-MIB::sysName.0"; - is_tag = true; - } - { - name = "load-percent"; #cisco - oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; - } - { - name = "uptime"; - oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; - } - ]; - table = [{ - name = "snmp"; - inherit_tags = [ "hostname" ]; - oid = "IF-MIB::ifXTable"; - field = [{ - name = "ifName"; - oid = "IF-MIB::ifName"; - is_tag = true; - }]; - }]; - }; - }; - outputs = { - influxdb = { - urls = [ "http://${influx-host}:8086" ]; - database = "telegraf"; - write_consistency = "any"; - timeout = "5s"; - }; - }; - }; - }; - } + # Statistics collection and visualization + + ## Collect data from mqtt.shack and store in graphite database + + ## Collect radioactive data and put into graphite + + ## Collect local statistics via collectd and send to collectd + + ## write collectd statistics to wolf.shack + + { services.influxdb.enable = true; } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) - services.influxdb.enable = true; # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; @@ -157,10 +115,10 @@ in # fallout of ipv6calypse networking.extraHosts = '' hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 ''; users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users."0x4a6f".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey -- cgit v1.3.1 From 27f3c2cd53adce6a0dcc6e2b9e917b8da9486d24 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:17:45 +0200 Subject: wolf.r: add netbox docker-compose --- krebs/1systems/wolf/config.nix | 2 ++ krebs/2configs/shack/netbox.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 krebs/2configs/shack/netbox.nix (limited to 'krebs/1systems') diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index f629c5984..7ca0f0ec1 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -43,6 +43,8 @@ in ## write collectd statistics to wolf.shack { services.influxdb.enable = true; } + + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/krebs/2configs/shack/netbox.nix b/krebs/2configs/shack/netbox.nix new file mode 100644 index 000000000..4fb5a7dbc --- /dev/null +++ b/krebs/2configs/shack/netbox.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.docker-compose ]; + virtualisation.docker.enable = true; + services.nginx = { + enable = true; + virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080"; + }; + # we store the netbox config there: + # state = [ "/var/lib/netbox" ]; + systemd.services.backup-netbox = { + after = [ "netbox-docker-compose.service" ]; + startAt = "daily"; + path = with pkgs; [ docker-compose docker gzip coreutils ]; + script = '' + cd /var/lib/netbox + mkdir -p backup + docker-compose exec -T -upostgres postgres pg_dumpall \ + | gzip > backup/netdata_$(date -Iseconds).dump.gz + ''; + }; + + systemd.services.netbox-docker-compose = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "docker.service" ]; + environment.VERSION = "v2.5.13"; + serviceConfig = { + WorkingDirectory = "/var/lib/netbox"; + # TODO: grep -q NAPALM_SECRET env/netbox.env + # TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml + ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull"; + ExecStart = "${pkgs.docker-compose}/bin/docker-compose up"; + Restart = "always"; + RestartSec = "10"; + StartLimitIntervalSec = 60; + StartLimitBurst = 3; + }; + }; +} -- cgit v1.3.1