DGNum/infrastructure
9
6
Fork 3
Code Issues 28 Pull requests 33 Projects 1 Releases Packages Wiki Activity Actions

chore: Abstract machines and modules
All checks were successful
Check workflows / check_workflows (push) Successful in 21s
Details
Run pre-commit on all files / check (push) Successful in 24s
Details
Check meta / check_dns (pull_request) Successful in 19s
Details
Check meta / check_meta (pull_request) Successful in 18s
Details
Check workflows / check_workflows (pull_request) Successful in 19s
Details
Build all the nodes / bridge01 (pull_request) Successful in 1m13s
Details
Build all the nodes / geo01 (pull_request) Successful in 1m14s
Details
Build all the nodes / compute01 (pull_request) Successful in 1m44s
Details
Build all the nodes / geo02 (pull_request) Successful in 1m12s
Details
Build all the nodes / rescue01 (pull_request) Successful in 1m30s
Details
Build all the nodes / storage01 (pull_request) Successful in 1m29s
Details
Build all the nodes / vault01 (pull_request) Successful in 1m26s
Details
Build all the nodes / web02 (pull_request) Successful in 1m19s
Details
Run pre-commit on all files / check (pull_request) Successful in 24s
Details
Build all the nodes / web01 (pull_request) Successful in 1m56s
Details
Build all the nodes / web03 (pull_request) Successful in 1m25s
Details

Browse source 
This adds subdirectories for the different types of systems, for the
modules and the machines
This commit is contained in:
Tom Hubrecht 2024-12-08 13:22:07 +01:00
parent c3f4e7ade6
commit ecbad0a638
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
264 changed files with 49 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

19
machines/nixos/rescue01/_configuration.nix Normal file
View file

@ -0,0 +1,19 @@
{ lib, ... }:
lib.extra.mkConfig {
enabledModules = [
# List of modules to enable
"dgn-web"
];
enabledServices = [
# List of services to enable
"uptime-kuma"
];
extraConfig = {
services.netbird.enable = true;
};
root = ./.;
}

41
machines/nixos/rescue01/_hardware-configuration.nix Normal file
View file

@ -0,0 +1,41 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
initrd.kernelModules = [ ];
# hack to avoid intel_kvm that is set in dgn-hardware
kernelModules = lib.mkForce [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/ed02dfb7-7071-4852-9bb6-f3bd965e0234";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5781-E6CA";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

4
machines/nixos/rescue01/secrets/secrets.nix Normal file
View file

@ -0,0 +1,4 @@
(import ../../../../keys).mkSecrets [ "rescue01" ] [
# List of secrets for rescue01
"stateless-uptime-kuma-password"
]

28
machines/nixos/rescue01/secrets/stateless-uptime-kuma-password Normal file
View file

@ -0,0 +1,28 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA wZdqi7vBlMEOJiY1VvbsmqyBSO/jl6SWLRGw+0ylKWo
UvKyh4Jh608Z9i9+6WuPu3mwnlC98aAr6jiV38JJGzk
-> ssh-ed25519 QlRB9Q +DUjR2Wqwg2SevBY+YgvLEDkcnoWGRTfcVFbl27CQT4
poWQnP4cOQGc5Xhgrgz2KKEOJ8dB+iCcqME5D/zJv5c
-> ssh-ed25519 r+nK/Q GsidIKDaPJmx8igrgoAbWGywJQB0nV/cY8Zm0CIByho
m4HrxUhPkp7gahyLO2gfQUnglkB715jaCrADg77ns34
-> ssh-rsa krWCLQ
VwNy3N6+l3Vgpo8AK7cJ2gRmHa+oBtB4w3n+E8gn7sugcEB16NDtjK861zwszUq7
OfOPUZ5mE+RWz20XYWPAJIPEYNaiqc5vJzguFvZdlyJNInJLxANlIaHydE1AGA9v
l07t9PAxxV5L40EiPHxjveEKaKiAAJVbWWfILX9f4U5vjKy5729IE/3aTRUbTD/M
CXINLnzFWwDLi3x2yBrGUly2mLIb4KyDuE8jnPmtCFveKsVxVsDEeiXvi0yeT+xM
viGvXJ9Ad6tAug4BE2suqwG1iPHsa98pFBqYM8gG2rp2WOFhzs0emkTu5LGYJOMr
VR39Qxcdp1WjPr9e+l/MDQ
-> ssh-ed25519 /vwQcQ GBXHQzwSFS+abM91umquafIEcUoI407reSuULz7SGGY
WpW9aHq2Eq8pXpvGsEKoByQLj0tr04GxNQrf09ronrY
-> ssh-ed25519 0R97PA BxlIEcd6G5GDLUxgoTzyUqRRxGIx49YCZSvzjVIBdjw
oDqUd2O+oBdDrOvrQysdptF1LuvXK/dKurFnHUjgNfk
-> ssh-ed25519 JGx7Ng Km6PmwRZ9HfGjEhkgb8P+ZCt+B/C+jg9bcvdwBvrS0Q
D+UC5nkMnpYuJtz5X30iF1avU+jlEy4zOEPkyj5o2x8
-> ssh-ed25519 5SY7Kg 3tf/eLI3ngqilOfEz8fayTDHWHNd14ANJTSt5lz1yDM
QUhDPYuiZ9YloKgYqY5UdMVmawyMAOS/T4jbpvsNJpI
-> ssh-ed25519 p/Mg4Q h/8lvmwcmoyTa6vW0N2AbgKt/dpNNqVmRW02NaYl7Wo
OaFeo+ZPa2LY5zRJzv/exq4bv734FxZwX3ql1kpv5bk
-> ssh-ed25519 +MNHsw iaiHp0x4Xzf886Q0Li6IleeO3wZUAQbYFHxn0jzdCk0
W4gaBtwKPbonB2g9+Ts+teXPEPoWDCVoVn1vixiQ+7M
--- 1ACvcwsxZKnjgKRAzJy8e4eBtxZXrwe00wPdDlMWnBo
Œ<ƒ¼î|ë=©r<2Ÿµ.>ÃÇ~,5J² Ä … àé[ºë^+͸Z‰ñjá×=Ï<Ï%Út뮪

156
machines/nixos/rescue01/uptime-kuma.nix Normal file
View file

@ -0,0 +1,156 @@
{
config,
lib,
nodes,
sources,
...
}:
let
inherit (lib)
concatLists
mapAttrsToList
mkForce
mkMerge
;
inherit (config.statelessUptimeKuma.lib)
pingProbesFromHive
fromHive
httpProbesFromConfig
probesWithTag
;
probesCfg = config.statelessUptimeKuma.probesConfig;
mkMonitors = name: builtins.attrNames (probesWithTag { inherit name; } probesCfg);
host = "status.dgnum.eu";
port = 3001;
httpExcludes = [
"localhost"
"ens.cal.dgnum.eu"
"luj-current.cal.dgnum.eu"
"s3.dgnum.eu"
"cdn.dgnum.eu"
"saml-idp.dgnum.eu"
"status.dgnum.eu"
"radius.dgnum.eu"
] ++ (concatLists (mapAttrsToList (_: { config, ... }: config.dgn-redirections.retired) nodes));
extraProbes = {
monitors = {
"prometheus.dgnum.eu" = {
type = mkForce "http";
accepted_statuscodes = [ "401" ];
};
"ollama01.beta.dgnum.eu" = {
type = mkForce "http";
accepted_statuscodes = [ "401" ];
};
"s3-admin.dgnum.eu" = {
type = mkForce "http";
accepted_statuscodes = [ "400" ];
};
"api.meet.dgnum.eu" = {
keyword = "Crab Fit API";
};
};
};
status_pages = {
"dgnum" = {
title = "DGNum";
description = "Etat de l'infra de la DGNum";
showTags = true;
publicGroupList = [
{
name = "Services";
weight = 1;
monitorList = mkMonitors "Service";
}
{
name = "Serveurs";
weight = 2;
monitorList = mkMonitors "Ping";
}
{
name = "VPN Interne";
weight = 2;
monitorList = mkMonitors "VPN";
}
];
};
};
pingProbes = pingProbesFromHive {
inherit nodes;
mkHost = _: config: config.networking.fqdn;
tags = [ { name = "Ping"; } ];
excludes = [
"geo01"
"geo02"
"rescue01"
];
};
vpnProbes = pingProbesFromHive {
inherit nodes;
prefix = "VPN - ";
mkHost = node: _: "${node}.dgnum";
tags = [ { name = "VPN"; } ];
excludes = [
"rescue01"
"web02"
];
};
httpProbes = fromHive {
inherit nodes;
builder =
_: module:
httpProbesFromConfig {
inherit (module) config;
tags = [
{
name = "Host";
value = module.config.networking.fqdn;
}
{ name = "Service"; }
];
excludes = httpExcludes;
};
};
in
{
imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ];
nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ];
services.uptime-kuma.enable = true;
dgn-web.simpleProxies.uptime-kuma = {
inherit host port;
proxyWebsockets = true;
};
statelessUptimeKuma = {
probesConfig = mkMerge [
pingProbes
httpProbes
extraProbes
vpnProbes
{ inherit status_pages; }
];
extraFlags = [ "-s" ];
host = "http://localhost:${builtins.toString port}/";
username = "dgnum";
passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;
enableService = true;
};
}