Merge remote-tracking branch 'gum/master'

krebs/3modules/makefu/default.nix

@@ -453,6 +453,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
           git.euer          IN A      ${nets.internet.ip4.addr}
           gum               IN A      ${nets.internet.ip4.addr}
           cgit.euer         IN A      ${nets.internet.ip4.addr}
+          o.euer            IN A      ${nets.internet.ip4.addr}
+          dl.euer           IN A      ${nets.internet.ip4.addr}
         '';
       };
       nets = rec {
@@ -470,6 +472,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
             "gum.r"
             "gum.retiolum"
             "cgit.gum.retiolum"
+            "o.gum.r"
+            "o.gum.retiolum"
             "tracker.makefu.r"
             "tracker.makefu.retiolum"
           ];

krebs/3modules/rtorrent.nix

@@ -224,13 +224,14 @@ let
             cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc
           '';
           ExecStart = "${pkgs.tmux}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'";
+          Restart = "always";
+          RestartSec = "10";
 
           ## you can simply sudo -u rtorrent tmux a if privateTmp is set to false
           ## otherwise the tmux session is stored in some private folder in /tmp
           PrivateTmp = false;
 
           WorkingDirectory = cfg.workDir;
-          Restart = "on-failure";
           User = "${cfg.user}";
         };
       };

makefu/1systems/wry.nix

@@ -24,10 +24,10 @@ in {
       # ../2configs/nginx/euer.test.nix
 
       # collectd
-      # ../2configs/collectd/collectd-base.nix
+      ../2configs/logging/central-stats-client.nix
 
       ../2configs/tinc/retiolum.nix
-      ../2configs/torrent.nix
+      # ../2configs/torrent.nix
   ];
 
   krebs.build.host = config.krebs.hosts.wry;

makefu/2configs/backup.nix

@@ -29,6 +29,7 @@ let
   };
 in {
   krebs.backup.plans = {
-    wry-to-omo_var-www = defaultPull config.krebs.hosts.wry "/";
+    wry-to-omo_root = defaultPull config.krebs.hosts.wry "/";
+    gum-to-omo_root = defaultPull config.krebs.hosts.gum "/";
   };
 }

makefu/2configs/elchos/log.nix

@@ -21,9 +21,9 @@ in {
         }
       '';
       outputConfig = ''
-        stdout {
-          codec => rubydebug
-        }
+        #stdout {
+        #  codec => rubydebug
+        #}
         elasticsearch { }
         '';
 	};

makefu/2configs/elchos/stats.nix

@@ -7,6 +7,11 @@
 with import <stockholm/lib>;
 {
 
+  networking.firewall = {
+    allowedTCPPorts = [ 2003 80 443 18080 ];
+    allowedUDPPorts = [ 2003 ];
+  };
+
   services.nginx = {
     enable = mkDefault true;
     virtualHosts = {
@@ -39,58 +44,11 @@ with import <stockholm/lib>;
   };
 
   services.graphite = {
-    beacon = {
-      enable = true;
-      config = {
-        graphite_url = "http://localhost:18080";
-
-        no_data = "critical";
-        loading_error = "normal";
-
-        prefix = "[elchos]";
-
-        cli = {
-          command = ''${pkgs.irc-announce}/bin/irc-announce irc.freenode.org 6667 alert0r \#elchos ' [elchos] ''${level} ''${name} ''${value}' '';
-        };
-        #smtp = {
-        #  from = "beacon@mors.r";
-        #  to = [
-        #    "lass@mors.r"
-        #  ];
-        #};
-        normal_handlers = [
-          # "smtp"
-          "cli"
-        ];
-        warning_handlers = [
-          # "smtp"
-          "cli"
-        ];
-        critical_handlers = [
-          # "smtp"
-          "cli"
-        ];
-        alerts = let
-          high-load = hostid: let
-              host = "elch-${toString hostid}"; in {
-              name = "high-cpu-load-${host}";
-              query = "aliasByNode(perSecond(elchos.${host}.cpu.0.cpu.idle),1)";
-              method = "average";
-              interval = "1minute";
-              logging = "info";
-              repeat_interval = "5minute";
-              rules = [
-  #              "warning: < 30.0"
-                "critical: < 1.0"
-              ];
-            };
-          in map high-load [ 1 2 3 4 5 6 7 8 ];
-      };
-   };
    api = {
       enable = true;
-      package = pkgs.graphiteApi;
-      listenAddress = "127.0.0.1";
+      # package = pkgs.graphiteApi;
+      #listenAddress = "127.0.0.1";
+      listenAddress = "0.0.0.0";
       port = 18080;
     };
     carbon = {
@@ -99,8 +57,11 @@ with import <stockholm/lib>;
       config = ''
         [cache]
         MAX_CACHE_SIZE = inf
-        MAX_UPDATES_PER_SECOND = 10
+        MAX_UPDATES_PER_SECOND = 3
         MAX_CREATES_PER_MINUTE = 5000
+        LOG_UPDATES = False
+        LOG_CACHE_HITS = False
+        LOG_CACHE_QUEUE_SORTS = False
         '';
       storageSchemas = ''
         [carbon]
@@ -122,8 +83,4 @@ with import <stockholm/lib>;
     };
   };
 
-  networking.firewall = {
-    allowedTCPPorts = [ 2003 80 443 ];
-    allowedUDPPorts = [ 2003 ];
-  };
 }

makefu/2configs/logging/central-stats-client.nix

@@ -0,0 +1,60 @@
+{pkgs, config, ...}:
+{
+  services.collectd = {
+    enable = true;
+    autoLoadPlugin = true;
+    extraConfig = ''
+      Hostname ${config.krebs.build.host.name}
+      LoadPlugin load
+      LoadPlugin disk
+      LoadPlugin memory
+      LoadPlugin df
+      Interval 30.0
+
+      LoadPlugin interface
+      <Plugin "interface">
+        Interface "*Link"
+        Interface "lo"
+        Interface "vboxnet*"
+        Interface "virbr*"
+        IgnoreSelected true
+      </Plugin>
+
+      LoadPlugin df
+      <Plugin "df">
+        MountPoint "/nix/store"
+        # MountPoint "/run*"
+        # MountPoint "/sys*"
+        # MountPoint "/dev"
+        # MountPoint "/dev/shm"
+        # MountPoint "/tmp"
+        FSType "tmpfs"
+        FSType "binfmt_misc"
+        FSType "debugfs"
+        FSType "mqueue"
+        FSType "hugetlbfs"
+        FSType "systemd-1"
+        FSType "cgroup"
+        FSType "securityfs"
+        FSType "ramfs"
+        FSType "proc"
+        FSType "devpts"
+        FSType "devtmpfs"
+        MountPoint "/var/lib/docker/devicemapper"
+        IgnoreSelected true
+      </Plugin>
+
+      LoadPlugin cpu
+      <Plugin cpu>
+        ReportByCpu true
+        ReportByState true
+        ValuesPercentage true
+      </Plugin>
+
+      LoadPlugin network
+      <Plugin "network">
+          Server "${config.makefu.stats-server}" "25826"
+      </Plugin>
+    '';
+  };
+}

makefu/2configs/logging/central-stats-server.nix

@@ -0,0 +1,36 @@
+{pkgs, config, ...}:
+
+with import <stockholm/lib>;
+let
+  collectd-port = 25826;
+  influx-port = 8086;
+  grafana-port = 3000; # TODO nginx forward
+in {
+  services.grafana.enable = true;
+  services.grafana.addr = "0.0.0.0";
+
+  services.influxdb.enable = true;
+
+  # forward these via nginx
+  services.influxdb.extraConfig = {
+    meta.hostname = config.krebs.build.host.name;
+    # meta.logging-enabled = true;
+    http.bind-address = ":${toString influx-port}";
+    admin.bind-address = ":8083";
+    monitoring = {
+      enabled = false;
+      # write-interval = "24h";
+    };
+    collectd = [{
+      enabled = true;
+      typesdb = "${pkgs.collectd}/share/collectd/types.db";
+      database = "collectd_db";
+      port = collectd-port;
+    }];
+  };
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
+    iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
+    iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
+  '';
+}

makefu/2configs/nginx/share-download.nix

@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  services.nginx = {
+    enable = mkDefault true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    virtualHosts."dl.euer.krebsco.de" = {
+        root = config.makefu.dl-dir;
+        extraConfig = "autoindex on;";
+        forceSSL = true;
+        enableSSL = true;
+        enableACME = true;
+        basicAuth = import <secrets/dl.euer.krebsco.de-auth.nix>;
+    };
+  };
+}

makefu/2configs/omo-share.nix

@@ -42,6 +42,12 @@ in {
         browseable = "yes";
         "guest ok" = "yes";
       };
+      crypt0 = {
+        path = "/media/crypt0";
+        "read only" = "yes";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
       crypt0-rw = {
         path = "/media/crypt0/";
         "read only" = "no";

makefu/2configs/torrent.nix

@@ -8,13 +8,13 @@ let
   peer-port = 51412;
   web-port = 8112;
   daemon-port = 58846;
-  dl-dir = "/var/download";
+  dl-dir = config.makefu.dl-dir;
 in {
   # prepare secrets
   krebs.build.source.torrent-secrets.file =
     if getEnv "dummy_secrets" == "true"
     then toString <stockholm/makefu/6tests/data/secrets>
-    else "/home/makefu/secrets/torrent";
+    else config.makefu.torrent-secrets ;
 
   users.users = {
     download = {

makefu/3modules/default.nix

@@ -8,9 +8,11 @@ _:
     ./forward-journal.nix
     ./opentracker.nix
     ./ps3netsrv.nix
+    ./logging-config.nix
     ./server-config.nix
     ./snapraid.nix
     ./taskserver.nix
+    ./torrent.nix
     ./udpt.nix
     ./umts.nix
   ];

makefu/3modules/logging-config.nix

@@ -0,0 +1,11 @@
+{config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  options.makefu.stats-server = lib.mkOption {
+    type = types.str;
+    default = "omo.retiolum";
+    description = "Central stats server (collectd)";
+  };
+}
+

makefu/3modules/torrent.nix

@@ -0,0 +1,13 @@
+{config, lib, pkgs, ... }:
+
+{
+  options.makefu.dl-dir = lib.mkOption {
+    type = lib.types.str;
+    description = "Default download directory";
+    default = "/media/cryptX/torrent";
+  };
+  options.makefu.torrent-secrets = lib.mkOption {
+    type = lib.types.str;
+    default = "/home/makefu/secrets/torrent";
+  };
+}

makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix

@@ -0,0 +1 @@
+{}