diff --git a/machines/default.nix b/machines/default.nix index f4a3fef..337e329 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -4,7 +4,7 @@ inputs: { # deploy = { # # host = "10.0.0.202"; # host = "ci.barn-beaver.ts.net"; - # sshUser = "erwin"; + # targetUser = "erwin"; # buildOn = "local"; # substituteOnTarget = true; # tags = [ "container" ]; @@ -15,7 +15,7 @@ inputs: { deploy = { # host = "10.0.0.205"; host = "frigate.barn-beaver.ts.net"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "container" ]; @@ -26,7 +26,7 @@ inputs: { deploy = { # host = "10.0.0.203"; host = "gitea.barn-beaver.ts.net"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "container" ]; @@ -37,7 +37,7 @@ inputs: { deploy = { # host = "10.0.0.210"; host = "gitea-runner.barn-beaver.ts.net"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "container" ]; @@ -48,7 +48,7 @@ inputs: { deploy = { # host = "heimdall.datarift.nl"; host = "heimdall.barn-beaver.ts.net"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "metal" ]; @@ -59,7 +59,7 @@ inputs: { deploy = { # host = "10.0.0.167"; host = "10.0.0.208"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "container" ]; @@ -76,7 +76,7 @@ inputs: { deploy = { # host = "10.0.0.204"; host = "minio.barn-beaver.ts.net"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "container" ]; @@ -106,7 +106,7 @@ inputs: { deploy = { # host = "10.0.0.251"; host = "proxy.barn-beaver.ts.net"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "container" ]; @@ -116,12 +116,21 @@ inputs: { system = "aarch64-linux"; config = import ./regin/configuration.nix inputs; }; + saga = { + config = import ./saga/configuration.nix inputs; + deploy = { + # host = "10.0.0.212"; + host = "saga.barn-beaver.ts.net"; + targetUser = "erwin"; + tags = [ "container" ]; + }; + }; # thor = { # system = "aarch64-linux"; # config = import ./thor/configuration.nix inputs; # # deploy = { # # host = "10.0.0.198"; - # # sshUser = "erwin"; + # # targetUser = "erwin"; # # buildOn = "local"; # # substituteOnTarget = true; # # }; @@ -131,7 +140,7 @@ inputs: { deploy = { # host = "10.0.0.207"; host = "unifi.barn-beaver.ts.net"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "container" ]; @@ -142,7 +151,7 @@ inputs: { deploy = { # host = "10.0.0.206"; host = "valkyrie.barn-beaver.ts.net"; - sshUser = "erwin"; + targetUser = "erwin"; buildOn = "local"; substituteOnTarget = true; tags = [ "container" ]; diff --git a/machines/saga/configuration.nix b/machines/saga/configuration.nix new file mode 100644 index 0000000..6288e57 --- /dev/null +++ b/machines/saga/configuration.nix @@ -0,0 +1,80 @@ +{ self, ... }: +{ modulesPath, lib, ... }: +{ + imports = [ + (modulesPath + "/virtualisation/lxc-container.nix") + ../../users/root + ../../users/erwin + + ./grafana + ./prometheus + ]; + + eboskma = { + users.erwin = { + enable = true; + server = true; + }; + nix-common = { + enable = true; + remote-builders = true; + }; + tailscale.enable = true; + }; + + boot = { + isContainer = true; + }; + + time.timeZone = "Europe/Amsterdam"; + + system.configurationRevision = lib.mkIf (self ? rev) self.rev; + + networking = { + hostName = "saga"; + useDHCP = false; + useHostResolvConf = false; + networkmanager.enable = false; + useNetworkd = true; + nftables.enable = true; + + firewall.trustedInterfaces = [ "tailscale0" ]; + }; + + systemd.network = { + enable = true; + + wait-online.anyInterface = true; + + networks = { + "40-eth0" = { + matchConfig = { + Name = "eth0"; + }; + + networkConfig = { + Address = "10.0.0.212/24"; + Gateway = "10.0.0.1"; + DNS = "10.0.0.206"; + DHCP = "no"; + }; + }; + }; + }; + + security = { + sudo-rs = { + enable = true; + execWheelOnly = true; + wheelNeedsPassword = false; + }; + sudo.enable = false; + }; + + # sops.defaultSopsFile = ./secrets.yaml; + # sops.secrets = { + + # }; + + system.stateVersion = "24.05"; +} diff --git a/machines/saga/grafana/default.nix b/machines/saga/grafana/default.nix new file mode 100644 index 0000000..177eddf --- /dev/null +++ b/machines/saga/grafana/default.nix @@ -0,0 +1,13 @@ +{ + services.grafana = { + enable = true; + settings = { + server = { + domain = "saga.datarift.nl"; + enforce_domain = true; + http_addr = "0.0.0.0"; + root_url = "https://saga.datarift.nl"; + }; + }; + }; +} diff --git a/machines/saga/prometheus/default.nix b/machines/saga/prometheus/default.nix new file mode 100644 index 0000000..b8824fd --- /dev/null +++ b/machines/saga/prometheus/default.nix @@ -0,0 +1,37 @@ +{ config, ... }: +{ + services.prometheus = { + enable = true; + + scrapeConfigs = [ + { + job_name = "saga"; + static_configs = [ + { + targets = [ + "saga:${toString config.services.prometheus.exporters.node.port}" # node + ]; + } + ]; + } + { + job_name = "valkyrie"; + static_configs = [ + { + targets = [ + "valkyrie:${toString config.services.prometheus.exporters.node.port}" # node + "valkyrie:${toString config.services.prometheus.exporters.unbound.port}" # unbound + ]; + } + ]; + } + ]; + + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + }; + }; + }; +} diff --git a/modules/caddy-proxy/default.nix b/modules/caddy-proxy/default.nix index bced65a..fd55a1f 100644 --- a/modules/caddy-proxy/default.nix +++ b/modules/caddy-proxy/default.nix @@ -14,6 +14,7 @@ let tls { dns cloudflare {env.CF_API_TOKEN} + propagation_timeout -1 } ''; }; @@ -32,6 +33,7 @@ let tls { dns cloudflare {env.CF_API_TOKEN} + propagation_timeout -1 } ''; }; @@ -49,7 +51,7 @@ in email = "erwin@datarift.nl"; - # acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; + acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; virtualHosts = { "home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123"; @@ -58,6 +60,7 @@ in "git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000"; "minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000"; "minio-admin.datarift.nl" = mkLocalProxyHost "minio.barn-beaver.ts.net:9001"; + "saga.datarift.nl" = mkLocalProxyHost "saga.barn-beaver.ts.net:3000"; "unifi.datarift.nl" = mkLocalProxyHost "unifi.barn-beaver.ts.net:8443"; }; };