From 4caeb3d3f8525721cefa7a74e79781a3b9787eb6 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Jun 2019 09:56:07 +0200 Subject: wolf.r: add declarative gitlab-runner --- krebs/1systems/wolf/config.nix | 1 + krebs/2configs/shack/gitlab-runner.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 krebs/2configs/shack/gitlab-runner.nix diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index ec8830711..995e49669 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -26,6 +26,7 @@ in + { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate systemd.services.telegraf.environment = { diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix new file mode 100644 index 000000000..57d670ea3 --- /dev/null +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +let + runner-src = builtins.fetchTarball { + url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz"; + sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi"; + }; +in +{ + systemd.services.gitlab-runner.path = [ + "/run/wrappers" # /run/wrappers/bin/su + "/" # /bin/sh + ]; + imports = [ + "${runner-src}/gitlab-runner.nix" + ]; + services.gitlab-runner2.enable = true; + ## registrationConfigurationFile contains: + # CI_SERVER_URL= + # REGISTRATION_TOKEN= + services.gitlab-runner2.registrationConfigFile = ; +} -- cgit v1.2.3 From 30a90e48b91ba9d09da7cafe8ad81dcc153554d3 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Jun 2019 20:53:02 +0200 Subject: wolf.r: add documentation for imports --- krebs/1systems/wolf/config.nix | 84 +++++++++++------------------------------- 1 file changed, 21 insertions(+), 63 deletions(-) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 995e49669..f629c5984 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -11,84 +11,42 @@ in - - - + # handle the worlddomination map via coap + + # drivedroid.shack for shackphone # - + # Say if muell will be collected - + + # create samba share for anonymous usage with the laser and 3d printer pc + + # mobile.lounge.mpd.shack + # connect to git.shackspace.de as group runner for rz - { - systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate - systemd.services.telegraf.environment = { - MIBDIRS = pkgs.fetchgit { - url = "http://git.shackspace.de/makefu/modem-mibs.git"; - sha256 = - "1rhrpaascvj5p3dj29hrw79gm39rp0aa787x95m3r2jrcq83ln1k"; - }; # extra mibs like ADSL - }; - services.telegraf = { - enable = true; - extraConfig = { - inputs = { - snmp = { - agents = [ "10.0.1.3:161" ]; - version = 2; - community = "shack"; - name = "snmp"; - field = [ - { - name = "hostname"; - oid = "RFC1213-MIB::sysName.0"; - is_tag = true; - } - { - name = "load-percent"; #cisco - oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; - } - { - name = "uptime"; - oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; - } - ]; - table = [{ - name = "snmp"; - inherit_tags = [ "hostname" ]; - oid = "IF-MIB::ifXTable"; - field = [{ - name = "ifName"; - oid = "IF-MIB::ifName"; - is_tag = true; - }]; - }]; - }; - }; - outputs = { - influxdb = { - urls = [ "http://${influx-host}:8086" ]; - database = "telegraf"; - write_consistency = "any"; - timeout = "5s"; - }; - }; - }; - }; - } + # Statistics collection and visualization + + ## Collect data from mqtt.shack and store in graphite database + + ## Collect radioactive data and put into graphite + + ## Collect local statistics via collectd and send to collectd + + ## write collectd statistics to wolf.shack + + { services.influxdb.enable = true; } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) - services.influxdb.enable = true; # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; @@ -157,10 +115,10 @@ in # fallout of ipv6calypse networking.extraHosts = '' hass.shack 10.42.2.191 - heidi.shack 10.42.2.135 ''; users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users."0x4a6f".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey -- cgit v1.2.3 From 27f3c2cd53adce6a0dcc6e2b9e917b8da9486d24 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:17:45 +0200 Subject: wolf.r: add netbox docker-compose --- krebs/1systems/wolf/config.nix | 2 ++ krebs/2configs/shack/netbox.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 krebs/2configs/shack/netbox.nix diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index f629c5984..7ca0f0ec1 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -43,6 +43,8 @@ in ## write collectd statistics to wolf.shack { services.influxdb.enable = true; } + + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/krebs/2configs/shack/netbox.nix b/krebs/2configs/shack/netbox.nix new file mode 100644 index 000000000..4fb5a7dbc --- /dev/null +++ b/krebs/2configs/shack/netbox.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.docker-compose ]; + virtualisation.docker.enable = true; + services.nginx = { + enable = true; + virtualHosts."netbox.shack".locations."/".proxyPass = "http://localhost:18080"; + }; + # we store the netbox config there: + # state = [ "/var/lib/netbox" ]; + systemd.services.backup-netbox = { + after = [ "netbox-docker-compose.service" ]; + startAt = "daily"; + path = with pkgs; [ docker-compose docker gzip coreutils ]; + script = '' + cd /var/lib/netbox + mkdir -p backup + docker-compose exec -T -upostgres postgres pg_dumpall \ + | gzip > backup/netdata_$(date -Iseconds).dump.gz + ''; + }; + + systemd.services.netbox-docker-compose = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "docker.service" ]; + environment.VERSION = "v2.5.13"; + serviceConfig = { + WorkingDirectory = "/var/lib/netbox"; + # TODO: grep -q NAPALM_SECRET env/netbox.env + # TODO: grep -q NAPALM_SECRET netbox-netprod-importer/switches.yml + ExecStartPre = "${pkgs.docker-compose}/bin/docker-compose pull"; + ExecStart = "${pkgs.docker-compose}/bin/docker-compose up"; + Restart = "always"; + RestartSec = "10"; + StartLimitIntervalSec = 60; + StartLimitBurst = 3; + }; + }; +} -- cgit v1.2.3 From df8e811695bae334879981c6b2696be226e73f72 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:28:32 +0200 Subject: external: add 0x4a6f --- krebs/3modules/external/default.nix | 4 ++++ krebs/3modules/external/ssh/0x4a6f.pub | 1 + 2 files changed, 5 insertions(+) create mode 100644 krebs/3modules/external/ssh/0x4a6f.pub diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 080c259aa..70c49cfcf 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -487,6 +487,10 @@ in { mail = "shackspace.de@myvdr.de"; pubkey = ssh-for "ulrich"; }; + "0x4a6f" = { + mail = "0x4a6f@shackspace.de"; + pubkey = ssh-for "0x4a6f"; + }; miaoski = { }; filly = { diff --git a/krebs/3modules/external/ssh/0x4a6f.pub b/krebs/3modules/external/ssh/0x4a6f.pub new file mode 100644 index 000000000..1ea084bad --- /dev/null +++ b/krebs/3modules/external/ssh/0x4a6f.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS -- cgit v1.2.3 From 592d157eba8f1b5ba35f1fca64c2905897468f83 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Jun 2019 20:43:32 +0200 Subject: wolf secrets: add shackspace-gitlab-ci --- krebs/0tests/data/secrets/shackspace-gitlab-ci | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 krebs/0tests/data/secrets/shackspace-gitlab-ci diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci b/krebs/0tests/data/secrets/shackspace-gitlab-ci new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3