From 2f7a6c1bbe2f11dd0983165caa8e9e0731fca16b Mon Sep 17 00:00:00 2001 From: garionion Date: Mon, 12 Apr 2021 14:02:17 +0200 Subject: [PATCH] add nebula --- .gitignore | 1 + hosts/nebula/configuration.nix | 38 ++++++++++++ hosts/nebula/drone.nix | 80 +++++++++++++++++++++++++ hosts/nebula/hardware-configuration.nix | 30 ++++++++++ nixops/bulldog/deployment.nix | 1 + nixops/bulldog/deployment_ip.nix | 3 + 6 files changed, 153 insertions(+) create mode 100644 hosts/nebula/configuration.nix create mode 100644 hosts/nebula/drone.nix create mode 100644 hosts/nebula/hardware-configuration.nix diff --git a/.gitignore b/.gitignore index d1e44e9..46eaf68 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ secrets.nix +**/*.secret /hosts/nio \ No newline at end of file diff --git a/hosts/nebula/configuration.nix b/hosts/nebula/configuration.nix new file mode 100644 index 0000000..3937506 --- /dev/null +++ b/hosts/nebula/configuration.nix @@ -0,0 +1,38 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../common/common.nix + ../../common/kvm.nix + ./drone.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "nebula"; + time.timeZone = "Europe/Berlin"; + + networking.useDHCP = false; + networking.interfaces.ens18.useDHCP = true; + networking.interfaces.ens18.ipv6.addresses = [{ + address = "2a01:4f8:c010:61dc:200::500:2"; + prefixLength = 72; + }]; + + networking.defaultGateway6 = { + address = "2a01:4f8:c010:61dc:200::1"; + interface = "ens18"; + }; + + clerie.monitoring = { + enable = true; + id = "203"; + privKeyFile = "/run/keys/wg-nebula_priv"; + pubkey = "tfBtyAOJ5OtkTulQVI5+cY+vGd9x2l09NaL0Va7B520="; + }; + +} \ No newline at end of file diff --git a/hosts/nebula/drone.nix b/hosts/nebula/drone.nix new file mode 100644 index 0000000..41642ef --- /dev/null +++ b/hosts/nebula/drone.nix @@ -0,0 +1,80 @@ + +{ config, pkgs, lib, ... }: +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."drone.entr0py.de" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:2380/"; + }; + }; + services.postgresql = { + enable = false; + package = pkgs.postgresql_12; + ensureDatabases = [ "drone" ]; + authentication = lib.mkForce '' + # Generated file; do not edit! + # TYPE DATABASE USER ADDRESS METHOD + local all all trust + host all drone trust + ''; + ensureUsers = [ + { + name = "drone"; + ensurePermissions."DATABASE drone" = "ALL PRIVILEGES"; + } + ]; + }; + users.users.drone = { + isNormalUser = false; + }; + virtualisation.oci-containers.backend = "podman"; + virtualisation.oci-containers.containers = { + drone-server = { + autoStart = true; + image = "drone/drone:latest"; + environment = { + /*DRONE_DATABASE_DRIVER="postgres"; + DRONE_DATABASE_DATASOURCE="postgresql:///drone?host=/run/postgresql";*/ + DRONE_DATABASE_SECRET= toString ./drone_database.secret; + DRONE_GITEA_SERVER="https://git.entr0py.de"; + DRONE_GITEA_CLIENT_ID="07f3c25c-4f9d-4642-afcf-c419976cfaac"; + DRONE_GITEA_CLIENT_SECRET= toString ./gitea_client.secret; + DRONE_RPC_SECRET= toString ./drone_rpc.secret; + DRONE_SERVER_HOST="drone.entr0py.de"; + DRONE_SERVER_PROTO="https"; + DRONE_USER_CREATE="username:garionion,admin:true"; + }; + ports = [ + "2380:80" + ]; + volumes = [ + "/var/lib/drone:/data" + ]; + }; + drone-runner-docker = { + autoStart = true; + dependsOn = [ "drone-server" ]; + image = "drone/drone-runner-docker:1"; + environment = { + DRONE_RPC_SECRET= toString ./drone_rpc.secret; + DRONE_RPC_PROTO="https"; + DRONE_RPC_HOST="drone.entr0py.de"; + DRONE_RUNNER_CAPACITY="4"; + DRONE_RUNNER_NAME="nebula"; + }; + ports = [ + "3000:3000" + ]; + volumes = [ + "/var/run/podman/podman.sock:/var/run/docker.sock" + ]; + }; + }; +} \ No newline at end of file diff --git a/hosts/nebula/hardware-configuration.nix b/hosts/nebula/hardware-configuration.nix new file mode 100644 index 0000000..6021aac --- /dev/null +++ b/hosts/nebula/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/442e0ed1-a194-4b7b-8c54-b247a1a4bf6f"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0B65-B37A"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/179f9069-56dd-4b80-88bb-947d5ae28402"; } + ]; + +} \ No newline at end of file diff --git a/nixops/bulldog/deployment.nix b/nixops/bulldog/deployment.nix index 48a6f4f..fae3aed 100644 --- a/nixops/bulldog/deployment.nix +++ b/nixops/bulldog/deployment.nix @@ -6,4 +6,5 @@ tailpipe = import ../../hosts/tailpipe/configuration.nix; dyon = import ../../hosts/dyon/configuration.nix; kaon = import ../../hosts/kaon/configuration.nix; + nebula = import ../../hosts/nebula/configuration.nix; } \ No newline at end of file diff --git a/nixops/bulldog/deployment_ip.nix b/nixops/bulldog/deployment_ip.nix index d792c81..39136d6 100644 --- a/nixops/bulldog/deployment_ip.nix +++ b/nixops/bulldog/deployment_ip.nix @@ -20,4 +20,7 @@ kaon = { config, pkgs, ... }:{ deployment.targetHost = "kaon.net.entr0py.de"; }; + nebula = { config, pkgs, ... }:{ + deployment.targetHost = "nebula.net.entr0py.de"; + }; } \ No newline at end of file