DGNum/infrastructure
13
6
Fork 3
Code Issues 20 Pull requests 9 Projects 1 Releases Packages Wiki Activity Actions

Compare commits

base: DGNum:a37d83c418db7b07ee342b25db1f54eaa39c9d99
Branches Tags
DGNum:main
DGNum:crabfit-padding
DGNum:npins-update
DGNum:lix-patched
DGNum:web01
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:ds-fr
DGNum:colmena-liminix
..
compare: DGNum:5a14c63ba577b3174cb8baed2b5c271c77839b9e
Branches Tags
DGNum:crabfit-padding
DGNum:npins-update
DGNum:main
DGNum:lix-patched
DGNum:web01
DGNum:declarative-buckets
DGNum:victoria-metrics
DGNum:mattermost
DGNum:init-dgnum-page
DGNum:takumi-can-do-ollama
DGNum:ds-fr
DGNum:colmena-liminix

5 commits
a37d83c418 ... 5a14c63ba5

Author SHA1 Message Date
Ryan Lahfa
5a14c63ba5 feat(infra): showcase the declarative bucket feature
All checks were successful
Check meta / check_meta (push) Successful in 17s
Details
Check meta / check_dns (push) Successful in 17s
Details
lint / check (push) Successful in 24s
Details
Check meta / check_meta (pull_request) Successful in 18s
Details
Check meta / check_dns (pull_request) Successful in 19s
Details
build configuration / build_and_cache_geo01 (pull_request) Successful in 1m8s
Details
build configuration / build_and_cache_geo02 (pull_request) Successful in 1m2s
Details
build configuration / build_and_cache_rescue01 (pull_request) Successful in 1m20s
Details
build configuration / build_and_cache_storage01 (pull_request) Successful in 1m22s
Details
build configuration / build_and_cache_compute01 (pull_request) Successful in 1m36s
Details
lint / check (pull_request) Successful in 23s
Details
build configuration / build_and_cache_krz01 (pull_request) Successful in 2m13s
Details
build configuration / build_and_cache_bridge01 (pull_request) Successful in 1m10s
Details
build configuration / build_and_cache_web02 (pull_request) Successful in 1m13s
Details
build configuration / build_and_cache_vault01 (pull_request) Successful in 1m23s
Details
build configuration / build_and_cache_web01 (pull_request) Successful in 1m51s
Details 
Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:53:00 +02:00
Ryan Lahfa
2f188ba32f feat(infra): add S3 declarative buckets 
A very simple basic support for it, which requires a S3 admin token.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:53:00 +02:00
Ryan Lahfa
4d68bfda2a feat(infra): introduce Terranix 
This requires the support for monorepo-terraform-state.s3.dgnum.eu being
available.

`.credentials/` is age-encrypted using only my key for now until we
figure out the right mechanism.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:53:00 +02:00
Ryan Lahfa
f20353b727 fix(storage01): pass through the admin API of Garage
All checks were successful
build configuration / build_and_cache_geo01 (push) Successful in 1m13s
Details
build configuration / build_and_cache_geo02 (push) Successful in 1m14s
Details
build configuration / build_and_cache_rescue01 (push) Successful in 1m18s
Details
build configuration / build_and_cache_storage01 (push) Successful in 1m35s
Details
build configuration / build_and_cache_compute01 (push) Successful in 1m38s
Details
lint / check (push) Successful in 25s
Details
build configuration / build_and_cache_krz01 (push) Successful in 2m11s
Details
build configuration / build_and_cache_web02 (push) Successful in 1m11s
Details
build configuration / build_and_cache_bridge01 (push) Successful in 1m8s
Details
build configuration / build_and_cache_vault01 (push) Successful in 1m31s
Details
build configuration / build_and_cache_web01 (push) Successful in 1m40s
Details 
not the web API!

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:52:22 +02:00
Ryan Lahfa
a4de5f4d31 feat(krz01): move ollama to compute01 via a reverse proxy
All checks were successful
Check meta / check_meta (pull_request) Successful in 16s
Details
Check meta / check_dns (pull_request) Successful in 18s
Details
build configuration / build_and_cache_geo01 (pull_request) Successful in 1m8s
Details
build configuration / build_and_cache_rescue01 (pull_request) Successful in 1m17s
Details
build configuration / build_and_cache_storage01 (pull_request) Successful in 1m21s
Details
build configuration / build_and_cache_geo02 (pull_request) Successful in 1m9s
Details
build configuration / build_and_cache_compute01 (pull_request) Successful in 1m52s
Details
build configuration / build_and_cache_krz01 (pull_request) Successful in 2m0s
Details
lint / check (pull_request) Successful in 25s
Details
build configuration / build_and_cache_vault01 (pull_request) Successful in 1m18s
Details
build configuration / build_and_cache_web02 (pull_request) Successful in 1m14s
Details
build configuration / build_and_cache_bridge01 (pull_request) Successful in 1m2s
Details
build configuration / build_and_cache_web01 (pull_request) Successful in 1m48s
Details
Check meta / check_meta (push) Successful in 19s
Details
Check meta / check_dns (push) Successful in 20s
Details
build configuration / build_and_cache_geo01 (push) Successful in 1m5s
Details
build configuration / build_and_cache_geo02 (push) Successful in 1m5s
Details
build configuration / build_and_cache_storage01 (push) Successful in 1m27s
Details
build configuration / build_and_cache_rescue01 (push) Successful in 1m32s
Details
build configuration / build_and_cache_compute01 (push) Successful in 1m41s
Details
lint / check (push) Successful in 24s
Details
build configuration / build_and_cache_krz01 (push) Successful in 2m20s
Details
build configuration / build_and_cache_bridge01 (push) Successful in 1m9s
Details
build configuration / build_and_cache_web02 (push) Successful in 1m17s
Details
build configuration / build_and_cache_vault01 (push) Successful in 1m22s
Details
build configuration / build_and_cache_web01 (push) Successful in 1m54s
Details 
krz01 has no public web IP.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
 2024-10-10 17:40:56 +02:00
9 changed files with 105 additions and 30 deletions
Show stats Expand all files Collapse all files

BIN
.credentials/admin-environment.age
View file

Binary file not shown.

3
.gitignore vendored
View file

@ -12,3 +12,6 @@ result-*
# Ignore Terraform configuration file
config.tf.json
# Ignore Terraform stuff
.terraform

38
.terraform.lock.hcl Normal file
View file

@ -0,0 +1,38 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/numtide/secret" {
version = "1.2.1"
constraints = "~> 1.2.1"
hashes = [
"h1:t2z3CjxVsXjKb3g59WGkLtvDIR4NzLU7UFEcyAgF2C0=",
"zh:17cbc7f3b90ee2b3ae5adfc3bd9cb70166a5ffbd8e642e64afa7cb0e32a34bae",
"zh:5d66ce2aea25fc3c12cec6fc569b8ff314df6d773b9c3449983a4e9cde8347c7",
"zh:67d02e96bf0d07f2fcf16ce9427a7a26f53e695676405d0c2b815808f950411d",
"zh:77c3c05681ce199e6b0e2e5a2dfe418f61ae8863d527e7a7d47a9699d912683b",
"zh:7f37e633b4f94ba9f347cfe68d44f80fe066188feb954b13ee0f621caae4121d",
"zh:ea16bbe494c6ddd0af7bbea9554474c387517db4e7f0d15513bb29ff893871bc",
]
}
provider "registry.opentofu.org/raitobezarius/garage" {
version = "1.0.3"
constraints = "~> 1.0.3"
hashes = [
"h1:QKbZcU7u9OG1t/h4S3+pXS3sOUfVMmfLTiYh5L5j1rE=",
"zh:04f220a2baf4bd1bae07888a1c311cacd6076c209de83adbe573525fc50f2ea4",
"zh:078938d5fa07e024d779c664823427af28935bbeb77e0ff940bac3e7bc41f1e8",
"zh:2dd58a2d82094a1b07ff1b6de57e4a0d96e1f20abecd4f70a6469079b46b76d9",
"zh:325da7a74b1c84f934b38134d7c419253292aeed6f6836a2fb37f42d13a8ff67",
"zh:3ca9230ef87e70691b24fd83d40bb5b6a08f0b91ab26cbb2e692f92155b6d179",
"zh:45ef683a18a5053c93c691d08f3903fd4918467dfa056b1c274207de8a6aeb74",
"zh:4c9ee6c34b07c209c5daf1e9ff182f828667e54a90a683bc11cdcea86e4f8ef7",
"zh:5f0bb6524b2fffa606e0e3585af93dfc31b611c7abf55e4371ae5fc36e85972c",
"zh:7a3495dc211164c7d4042769c20d7111c767d0fd5908742e0766281c70d7d184",
"zh:7ce79867cdd4b1f7028da811cd5cb271a46820c79c0328a1221dd3bb6215c631",
"zh:93278861ee6bcb64e23bd1268f79b02035fba4fca0a98607a98f46abf8dfdf83",
"zh:937e681beea8b0dd899557f2a194c8128bd8810417ff04954bc9958ff826e980",
"zh:cae6e1598dd32f23f3900c41e50a6ece7d9456dbd033d855bb238ac21539d67b",
"zh:f6f7556ba7d5578604290170a709e00140be6d7f8a510a20bce49a9a23d75e5f",
]
}

1
machines/compute01/_configuration.nix
View file

@ -21,6 +21,7 @@ lib.extra.mkConfig {
"librenms"
"mastodon"
"nextcloud"
"ollama-proxy"
"outline"
"plausible"
"postgresql"

27
machines/compute01/ollama-proxy.nix Normal file
View file

@ -0,0 +1,27 @@
{
pkgs,
nodes,
meta,
...
}:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."ollama01.beta.dgnum.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${meta.network.krz01.netbirdIp}:${toString nodes.krz01.config.services.ollama.port}";
basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
'';
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

22
machines/krz01/_configuration.nix
View file

@ -2,6 +2,8 @@
config,
lib,
pkgs,
meta,
name,
...
}:
@ -59,22 +61,9 @@ lib.extra.mkConfig {
];
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."ollama01.beta.dgnum.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${config.services.ollama.host}:${toString config.services.ollama.port}";
basicAuthFile = pkgs.writeText "ollama-htpasswd" ''
raito:$y$j9T$UDEHpLtM52hRGK0I4qT6M0$N75AhENLqgtJnTGaPzq51imhjZvuPr.ow81Co1ZTcX2
'';
};
};
};
ollama = {
enable = true;
host = meta.network.${name}.netbirdIp;
package = pkgs.callPackage ./ollama.nix {
cudaPackages = pkgs.cudaPackages_11;
# We need to thread our nvidia x11 driver for CUDA.
@ -83,10 +72,7 @@ lib.extra.mkConfig {
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.interfaces.wt0.allowedTCPPorts = [ config.services.ollama.port ];
};
root = ./.;

2
machines/storage01/garage.nix
View file

@ -84,7 +84,7 @@ in
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:3902;
proxy_pass http://127.0.0.1:3903;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
'';

14
meta/dns.nix
View file

@ -68,6 +68,12 @@ let
"support" # Zammad support
"telegraf" # Telegraf
# Beta-grade machine learning API servers
"ollama01.beta"
"openui.beta"
"whisper.beta"
"stable-diffusion.beta"
# DGSI
"dgsi"
"profil"
@ -129,14 +135,6 @@ let
"cas-eleves"
"vote"
];
krz01.dual = [
# Beta-grade machine learning API servers
"ollama01.beta"
"openui.beta"
"whisper.beta"
"stable-diffusion.beta"
];
}
)
);

28
terranix/s3.nix
View file

@ -12,15 +12,37 @@ in
resource = {
secret_resource.admin-s3-token.lifecycle.prevent_destroy = true;
garage_bucket.monorepo-terraform-state = { };
garage_bucket = {
monorepo-terraform-state = { };
impress-raito-demo = { };
};
garage_bucket_global_alias = {
monorepo-terraform-state = {
bucket_id = tf.ref "resource.garage_bucket.monorepo-terraform-state.id";
alias = "monorepo-terraform-state";
};
impress-raito-demo = {
bucket_id = tf.ref "resource.garage_bucket.impress-raito-demo.id";
alias = "impress-raito-demo";
};
};
garage_key = {
raito-dinum-test = {
name = "raito-dinum-test";
permissions.create_bucket = false;
};
};
garage_bucket_key = {
raito-dinum-test = {
bucket_id = tf.ref "resource.garage_bucket.impress-raito-demo.id";
access_key_id = tf.ref "resource.garage_key.raito-dinum-test.access_key_id";
read = true;
write = true;
owner = true;
};
};
garage_key = { };
garage_bucket_key = { };
};
provider.garage = {