Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
cb7fcd8efa
0
krebs/0tests/data/secrets/shackspace-gitlab-ci
Normal file
0
krebs/0tests/data/secrets/shackspace-gitlab-ci
Normal file
@ -11,83 +11,44 @@ in
|
|||||||
<stockholm/krebs>
|
<stockholm/krebs>
|
||||||
<stockholm/krebs/2configs>
|
<stockholm/krebs/2configs>
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
<stockholm/krebs/2configs/collectd-base.nix>
|
|
||||||
<stockholm/krebs/2configs/stats/wolf-client.nix>
|
|
||||||
|
|
||||||
<stockholm/krebs/2configs/graphite.nix>
|
|
||||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||||
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
||||||
|
|
||||||
|
# handle the worlddomination map via coap
|
||||||
<stockholm/krebs/2configs/shack/worlddomination.nix>
|
<stockholm/krebs/2configs/shack/worlddomination.nix>
|
||||||
|
|
||||||
|
# drivedroid.shack for shackphone
|
||||||
<stockholm/krebs/2configs/shack/drivedroid.nix>
|
<stockholm/krebs/2configs/shack/drivedroid.nix>
|
||||||
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
|
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
|
||||||
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
|
# Say if muell will be collected
|
||||||
<stockholm/krebs/2configs/shack/muell_caller.nix>
|
<stockholm/krebs/2configs/shack/muell_caller.nix>
|
||||||
<stockholm/krebs/2configs/shack/radioactive.nix>
|
|
||||||
<stockholm/krebs/2configs/shack/share.nix>
|
|
||||||
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
|
|
||||||
{
|
|
||||||
systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
|
|
||||||
systemd.services.telegraf.environment = {
|
|
||||||
MIBDIRS = pkgs.fetchgit {
|
|
||||||
url = "http://git.shackspace.de/makefu/modem-mibs.git";
|
|
||||||
sha256 =
|
|
||||||
"1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
|
|
||||||
}; # extra mibs like ADSL
|
|
||||||
};
|
|
||||||
services.telegraf = {
|
|
||||||
enable = true;
|
|
||||||
extraConfig = {
|
|
||||||
inputs = {
|
|
||||||
snmp = {
|
|
||||||
agents = [ "10.0.1.3:161" ];
|
|
||||||
version = 2;
|
|
||||||
community = "shack";
|
|
||||||
name = "snmp";
|
|
||||||
field = [
|
|
||||||
{
|
|
||||||
name = "hostname";
|
|
||||||
oid = "RFC1213-MIB::sysName.0";
|
|
||||||
is_tag = true;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "load-percent"; #cisco
|
|
||||||
oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "uptime";
|
|
||||||
oid = "DISMAN-EVENT-MIB::sysUpTimeInstance";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
table = [{
|
|
||||||
name = "snmp";
|
|
||||||
inherit_tags = [ "hostname" ];
|
|
||||||
oid = "IF-MIB::ifXTable";
|
|
||||||
field = [{
|
|
||||||
name = "ifName";
|
|
||||||
oid = "IF-MIB::ifName";
|
|
||||||
is_tag = true;
|
|
||||||
}];
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
outputs = {
|
|
||||||
influxdb = {
|
|
||||||
urls = [ "http://${influx-host}:8086" ];
|
|
||||||
database = "telegraf";
|
|
||||||
write_consistency = "any";
|
|
||||||
timeout = "5s";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
|
# create samba share for anonymous usage with the laser and 3d printer pc
|
||||||
|
<stockholm/krebs/2configs/shack/share.nix>
|
||||||
|
|
||||||
|
# mobile.lounge.mpd.shack
|
||||||
|
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
|
||||||
|
# connect to git.shackspace.de as group runner for rz
|
||||||
|
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
|
||||||
|
|
||||||
|
# Statistics collection and visualization
|
||||||
|
<stockholm/krebs/2configs/graphite.nix>
|
||||||
|
## Collect data from mqtt.shack and store in graphite database
|
||||||
|
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
|
||||||
|
## Collect radioactive data and put into graphite
|
||||||
|
<stockholm/krebs/2configs/shack/radioactive.nix>
|
||||||
|
## Collect local statistics via collectd and send to collectd
|
||||||
|
<stockholm/krebs/2configs/stats/wolf-client.nix>
|
||||||
|
## write collectd statistics to wolf.shack
|
||||||
|
<stockholm/krebs/2configs/collectd-base.nix>
|
||||||
|
{ services.influxdb.enable = true; }
|
||||||
|
|
||||||
|
<stockholm/krebs/2configs/shack/netbox.nix>
|
||||||
];
|
];
|
||||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||||
# apt-cacher-ng in first place)
|
# apt-cacher-ng in first place)
|
||||||
|
|
||||||
services.influxdb.enable = true;
|
|
||||||
|
|
||||||
# local discovery in shackspace
|
# local discovery in shackspace
|
||||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||||
@ -156,10 +117,10 @@ in
|
|||||||
# fallout of ipv6calypse
|
# fallout of ipv6calypse
|
||||||
networking.extraHosts = ''
|
networking.extraHosts = ''
|
||||||
hass.shack 10.42.2.191
|
hass.shack 10.42.2.191
|
||||||
heidi.shack 10.42.2.135
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users."0x4a6f".pubkey
|
||||||
config.krebs.users.ulrich.pubkey
|
config.krebs.users.ulrich.pubkey
|
||||||
config.krebs.users.raute.pubkey
|
config.krebs.users.raute.pubkey
|
||||||
config.krebs.users.makefu-omo.pubkey
|
config.krebs.users.makefu-omo.pubkey
|
||||||
|
21
krebs/2configs/shack/gitlab-runner.nix
Normal file
21
krebs/2configs/shack/gitlab-runner.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
let
|
||||||
|
runner-src = builtins.fetchTarball {
|
||||||
|
url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz";
|
||||||
|
sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
systemd.services.gitlab-runner.path = [
|
||||||
|
"/run/wrappers" # /run/wrappers/bin/su
|
||||||
|
"/" # /bin/sh
|
||||||
|
];
|
||||||
|
imports = [
|
||||||
|
"${runner-src}/gitlab-runner.nix"
|
||||||
|
];
|
||||||
|
services.gitlab-runner2.enable = true;
|
||||||
|
## registrationConfigurationFile contains:
|
||||||
|
# CI_SERVER_URL=<CI server URL>
|
||||||
|
# REGISTRATION_TOKEN=<registration secret>
|
||||||
|
services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>;
|
||||||
|
}
|
39
krebs/2configs/shack/netbox.nix
Normal file
39
krebs/2configs/shack/netbox.nix
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
environment.systemPackages = [ pkgs.docker-compose ];
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080";
|
||||||
|
};
|
||||||
|
# we store the netbox config there:
|
||||||
|
# state = [ "/var/lib/netbox" ];
|
||||||
|
systemd.services.backup-netbox = {
|
||||||
|
after = [ "netbox-docker-compose.service" ];
|
||||||
|
startAt = "daily";
|
||||||
|
path = with pkgs; [ docker-compose docker gzip coreutils ];
|
||||||
|
script = ''
|
||||||
|
cd /var/lib/netbox
|
||||||
|
mkdir -p backup
|
||||||
|
docker-compose exec -T -upostgres postgres pg_dumpall \
|
||||||
|
| gzip > backup/netdata_$(date -Iseconds).dump.gz
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.netbox-docker-compose = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-online.target" "docker.service" ];
|
||||||
|
environment.VERSION = "v2.5.13";
|
||||||
|
serviceConfig = {
|
||||||
|
WorkingDirectory = "/var/lib/netbox";
|
||||||
|
# TODO: grep -q NAPALM_SECRET env/netbox.env
|
||||||
|
# TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml
|
||||||
|
ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull";
|
||||||
|
ExecStart = "${pkgs.docker-compose}/bin/docker-compose up";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "10";
|
||||||
|
StartLimitIntervalSec = 60;
|
||||||
|
StartLimitBurst = 3;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
4
krebs/3modules/external/default.nix
vendored
4
krebs/3modules/external/default.nix
vendored
@ -494,6 +494,10 @@ in {
|
|||||||
mail = "shackspace.de@myvdr.de";
|
mail = "shackspace.de@myvdr.de";
|
||||||
pubkey = ssh-for "ulrich";
|
pubkey = ssh-for "ulrich";
|
||||||
};
|
};
|
||||||
|
"0x4a6f" = {
|
||||||
|
mail = "0x4a6f@shackspace.de";
|
||||||
|
pubkey = ssh-for "0x4a6f";
|
||||||
|
};
|
||||||
miaoski = {
|
miaoski = {
|
||||||
};
|
};
|
||||||
filly = {
|
filly = {
|
||||||
|
1
krebs/3modules/external/ssh/0x4a6f.pub
vendored
Normal file
1
krebs/3modules/external/ssh/0x4a6f.pub
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS
|
@ -1 +1 @@
|
|||||||
yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
|
A7UPKSUaCZaJ9hXv6X4jvcZ+5X+PlS1EmCwxlLBAKH0=
|
||||||
|
1
krebs/3modules/makefu/wiregrill/rockit.pub
Normal file
1
krebs/3modules/makefu/wiregrill/rockit.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
|
Loading…
Reference in New Issue
Block a user