Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
cb7fcd8efa
0
krebs/0tests/data/secrets/shackspace-gitlab-ci
Normal file
0
krebs/0tests/data/secrets/shackspace-gitlab-ci
Normal file
|
@ -11,83 +11,44 @@ in
|
|||
<stockholm/krebs>
|
||||
<stockholm/krebs/2configs>
|
||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||
<stockholm/krebs/2configs/collectd-base.nix>
|
||||
<stockholm/krebs/2configs/stats/wolf-client.nix>
|
||||
|
||||
<stockholm/krebs/2configs/graphite.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||
<stockholm/krebs/2configs/binary-cache/prism.nix>
|
||||
|
||||
# handle the worlddomination map via coap
|
||||
<stockholm/krebs/2configs/shack/worlddomination.nix>
|
||||
|
||||
# drivedroid.shack for shackphone
|
||||
<stockholm/krebs/2configs/shack/drivedroid.nix>
|
||||
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
|
||||
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
|
||||
# Say if muell will be collected
|
||||
<stockholm/krebs/2configs/shack/muell_caller.nix>
|
||||
<stockholm/krebs/2configs/shack/radioactive.nix>
|
||||
<stockholm/krebs/2configs/shack/share.nix>
|
||||
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
|
||||
{
|
||||
systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
|
||||
systemd.services.telegraf.environment = {
|
||||
MIBDIRS = pkgs.fetchgit {
|
||||
url = "http://git.shackspace.de/makefu/modem-mibs.git";
|
||||
sha256 =
|
||||
"1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k";
|
||||
}; # extra mibs like ADSL
|
||||
};
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
inputs = {
|
||||
snmp = {
|
||||
agents = [ "10.0.1.3:161" ];
|
||||
version = 2;
|
||||
community = "shack";
|
||||
name = "snmp";
|
||||
field = [
|
||||
{
|
||||
name = "hostname";
|
||||
oid = "RFC1213-MIB::sysName.0";
|
||||
is_tag = true;
|
||||
}
|
||||
{
|
||||
name = "load-percent"; #cisco
|
||||
oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9";
|
||||
}
|
||||
{
|
||||
name = "uptime";
|
||||
oid = "DISMAN-EVENT-MIB::sysUpTimeInstance";
|
||||
}
|
||||
];
|
||||
table = [{
|
||||
name = "snmp";
|
||||
inherit_tags = [ "hostname" ];
|
||||
oid = "IF-MIB::ifXTable";
|
||||
field = [{
|
||||
name = "ifName";
|
||||
oid = "IF-MIB::ifName";
|
||||
is_tag = true;
|
||||
}];
|
||||
}];
|
||||
};
|
||||
};
|
||||
outputs = {
|
||||
influxdb = {
|
||||
urls = [ "http://${influx-host}:8086" ];
|
||||
database = "telegraf";
|
||||
write_consistency = "any";
|
||||
timeout = "5s";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
# create samba share for anonymous usage with the laser and 3d printer pc
|
||||
<stockholm/krebs/2configs/shack/share.nix>
|
||||
|
||||
# mobile.lounge.mpd.shack
|
||||
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
|
||||
# connect to git.shackspace.de as group runner for rz
|
||||
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
|
||||
|
||||
# Statistics collection and visualization
|
||||
<stockholm/krebs/2configs/graphite.nix>
|
||||
## Collect data from mqtt.shack and store in graphite database
|
||||
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
|
||||
## Collect radioactive data and put into graphite
|
||||
<stockholm/krebs/2configs/shack/radioactive.nix>
|
||||
## Collect local statistics via collectd and send to collectd
|
||||
<stockholm/krebs/2configs/stats/wolf-client.nix>
|
||||
## write collectd statistics to wolf.shack
|
||||
<stockholm/krebs/2configs/collectd-base.nix>
|
||||
{ services.influxdb.enable = true; }
|
||||
|
||||
<stockholm/krebs/2configs/shack/netbox.nix>
|
||||
];
|
||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||
# apt-cacher-ng in first place)
|
||||
|
||||
services.influxdb.enable = true;
|
||||
|
||||
# local discovery in shackspace
|
||||
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
|
||||
|
@ -156,10 +117,10 @@ in
|
|||
# fallout of ipv6calypse
|
||||
networking.extraHosts = ''
|
||||
hass.shack 10.42.2.191
|
||||
heidi.shack 10.42.2.135
|
||||
'';
|
||||
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users."0x4a6f".pubkey
|
||||
config.krebs.users.ulrich.pubkey
|
||||
config.krebs.users.raute.pubkey
|
||||
config.krebs.users.makefu-omo.pubkey
|
||||
|
|
21
krebs/2configs/shack/gitlab-runner.nix
Normal file
21
krebs/2configs/shack/gitlab-runner.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
runner-src = builtins.fetchTarball {
|
||||
url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz";
|
||||
sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi";
|
||||
};
|
||||
in
|
||||
{
|
||||
systemd.services.gitlab-runner.path = [
|
||||
"/run/wrappers" # /run/wrappers/bin/su
|
||||
"/" # /bin/sh
|
||||
];
|
||||
imports = [
|
||||
"${runner-src}/gitlab-runner.nix"
|
||||
];
|
||||
services.gitlab-runner2.enable = true;
|
||||
## registrationConfigurationFile contains:
|
||||
# CI_SERVER_URL=<CI server URL>
|
||||
# REGISTRATION_TOKEN=<registration secret>
|
||||
services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>;
|
||||
}
|
39
krebs/2configs/shack/netbox.nix
Normal file
39
krebs/2configs/shack/netbox.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.docker-compose ];
|
||||
virtualisation.docker.enable = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080";
|
||||
};
|
||||
# we store the netbox config there:
|
||||
# state = [ "/var/lib/netbox" ];
|
||||
systemd.services.backup-netbox = {
|
||||
after = [ "netbox-docker-compose.service" ];
|
||||
startAt = "daily";
|
||||
path = with pkgs; [ docker-compose docker gzip coreutils ];
|
||||
script = ''
|
||||
cd /var/lib/netbox
|
||||
mkdir -p backup
|
||||
docker-compose exec -T -upostgres postgres pg_dumpall \
|
||||
| gzip > backup/netdata_$(date -Iseconds).dump.gz
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.netbox-docker-compose = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" "docker.service" ];
|
||||
environment.VERSION = "v2.5.13";
|
||||
serviceConfig = {
|
||||
WorkingDirectory = "/var/lib/netbox";
|
||||
# TODO: grep -q NAPALM_SECRET env/netbox.env
|
||||
# TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml
|
||||
ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull";
|
||||
ExecStart = "${pkgs.docker-compose}/bin/docker-compose up";
|
||||
Restart = "always";
|
||||
RestartSec = "10";
|
||||
StartLimitIntervalSec = 60;
|
||||
StartLimitBurst = 3;
|
||||
};
|
||||
};
|
||||
}
|
4
krebs/3modules/external/default.nix
vendored
4
krebs/3modules/external/default.nix
vendored
|
@ -494,6 +494,10 @@ in {
|
|||
mail = "shackspace.de@myvdr.de";
|
||||
pubkey = ssh-for "ulrich";
|
||||
};
|
||||
"0x4a6f" = {
|
||||
mail = "0x4a6f@shackspace.de";
|
||||
pubkey = ssh-for "0x4a6f";
|
||||
};
|
||||
miaoski = {
|
||||
};
|
||||
filly = {
|
||||
|
|
1
krebs/3modules/external/ssh/0x4a6f.pub
vendored
Normal file
1
krebs/3modules/external/ssh/0x4a6f.pub
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS
|
|
@ -1 +1 @@
|
|||
yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
|
||||
A7UPKSUaCZaJ9hXv6X4jvcZ+5X+PlS1EmCwxlLBAKH0=
|
||||
|
|
1
krebs/3modules/makefu/wiregrill/rockit.pub
Normal file
1
krebs/3modules/makefu/wiregrill/rockit.pub
Normal file
|
@ -0,0 +1 @@
|
|||
YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
|
Loading…
Reference in New Issue
Block a user