qo.is/infrastructure
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Activity Actions

Remove tierberg #17

Merged
fabianhauser merged 1 commit from upgrade-2411 into main 2024-12-23 21:30:59 +01:00
Conversation 0 Commits 1 Files changed 15 +2 -209
15 changed files with 2 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
SUMMARY.md
View file

@ -29,5 +29,4 @@
- [cyprianspitz](nixos-configurations/cyprianspitz/README.md) - [cyprianspitz](nixos-configurations/cyprianspitz/README.md)
- [lindberg](nixos-configurations/lindberg/README.md) - [lindberg](nixos-configurations/lindberg/README.md)
- [stompert](nixos-configurations/stompert/README.md) - [stompert](nixos-configurations/stompert/README.md)
- [tierberg](nixos-configurations/tierberg/README.md)

4
defaults/meta/hosts.json
View file

@ -22,10 +22,6 @@
"batzberg": { "batzberg": {
"hostName": "batzberg" "hostName": "batzberg"
}, },
"tierberg": {
"hostName": "tierberg",
"sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJS2v0mUDJsNr1DHdgjxEQRnoVaEmExFfvHqpvagYLi6"
},
"stompert": { "stompert": {
"hostName": "stompert", "hostName": "stompert",
"sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKuqMPLbREFIrYcmReaRoHdz1TatpvlrZN14L6cikia" "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKuqMPLbREFIrYcmReaRoHdz1TatpvlrZN14L6cikia"

3
defaults/meta/network-physical.nix
View file

@ -91,9 +91,6 @@
}; };
domain = "lattenbach-lan.net.qo.is"; domain = "lattenbach-lan.net.qo.is";
hosts = { hosts = {
tierberg = {
v4.ip = "10.0.0.60";
};
}; };
}; };

5
defaults/meta/network-virtual.nix
View file

@ -41,11 +41,6 @@
publicKey = "6XGL4QKB8AMpm/VGcTgWqk9RiSws7DmY5TpIDkXbwlg="; publicKey = "6XGL4QKB8AMpm/VGcTgWqk9RiSws7DmY5TpIDkXbwlg=";
persistentKeepalive = 25; persistentKeepalive = 25;
}; };
tierberg = {
v4.ip = "10.250.0.4";
publicKey = "51j1l+pT9W61wx4y2KyUb1seLdCHs3FUKAjmrHBFz1w=";
persistentKeepalive = 25;
};
stompert = { stompert = {
v4.ip = "10.250.0.5"; v4.ip = "10.250.0.5";
publicKey = "CHTjQbmN9WhbRCxKgowxpMx4c5Zu0NDk0rRXEvuB3XA="; publicKey = "CHTjQbmN9WhbRCxKgowxpMx4c5Zu0NDk0rRXEvuB3XA=";

42
nixos-configurations/lindberg-build/backup.nix
View file

@ -1,42 +0,0 @@
{ config, pkgs, ... }:
let
vnet = config.qois.meta.network.virtual.backplane.hosts;
systemTargets = [
"tierberg"
];
systemJobs = builtins.listToAttrs (
map (backupHost: {
name = "system-${backupHost}";
value = {
repo = "borg@${vnet.${backupHost}.v4.ip}:.";
environment.BORG_RSH = "ssh -i /secrets/backup/system/ssh-key";
paths = [
"/etc"
"/home"
"/var"
"/secrets"
];
exclude = [
"/var/tmp"
"/var/cache"
"/var/lib/atticd"
"/var/cache/nginx/nixpkgs-cache"
];
doInit = false;
encryption = {
mode = "repokey";
passCommand = "cat /secrets/backup/system/password";
};
startAt = "07:06";
persistentTimer = true;
};
}) systemTargets
);
in
{
services.borgbackup.jobs = systemJobs;
}

1
nixos-configurations/lindberg-build/default.nix
View file

@ -6,7 +6,6 @@
../../defaults/meta ../../defaults/meta
./applications ./applications
./backup.nix
./disko-config.nix ./disko-config.nix
./networking.nix ./networking.nix
./secrets.nix ./secrets.nix

1
nixos-configurations/lindberg-nextcloud/secrets.nix
View file

@ -3,7 +3,6 @@ let
backupConfiguration = { backupConfiguration = {
restartUnits = [ restartUnits = [
"borgbackup-job-system-cyprianspitz.service" "borgbackup-job-system-cyprianspitz.service"
"borgbackup-job-system-tierberg.service"
]; ];
}; };
in in

1
nixos-configurations/lindberg/secrets.nix
View file

@ -3,7 +3,6 @@ let
backupConfiguration = { backupConfiguration = {
restartUnits = [ restartUnits = [
"borgbackup-job-data-cyprianspitz.service" "borgbackup-job-data-cyprianspitz.service"
"borgbackup-job-data-tierberg.service"
]; ];
}; };
in in

9
nixos-configurations/tierberg/README.md
View file

@ -1,9 +0,0 @@
Access via `tierberg.coredump-ext.net.qo.is` `:51022` (SSH) and `:51023` (SSH-LUKS)
## Operations
Reboot requires passphrase (see pass `host/tierberg/hdd_luks)
```bash
ssh -p 51023 root@tierberg.coredump-ext.net.qo.is
```

35
nixos-configurations/tierberg/backup.nix
View file

@ -1,35 +0,0 @@
{ config, pkgs, ... }:
{
qois.backup-server = {
enable = true;
backupStorageRoot = "/mnt/nas-backup-qois";
};
services.borgbackup.repos =
let
backupRoot = "/mnt/nas-backup-qois";
hostBackupRoot = "${backupRoot}/hosts";
dataBackupRoot = "${backupRoot}/data";
in
{
"lindberg-nextcloud" = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIpzfp9VqclbPJ42ZrkRpvjMSTeyq0qce03zCRXqIHMw backup@lindberg-nextcloud"
];
path = "${hostBackupRoot}/lindberg-nextcloud";
};
"lindberg-data" = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTmyoVONC12MgOodvzdPpZzLSVwpkC6zkf+Rg0W36gy backup-data@lindberg"
];
path = "${dataBackupRoot}/lindberg-data";
};
"lindberg-build-system" = {
authorizedKeys = [
"ssh-ed25519 AAAATODOTODOTODOTODOAAAAIGTmyoVONC12MgOodvzdPpZzLSVwpkC6zkf+Rg0W36gy backup-system@lindberg-build"
];
path = "${dataBackupRoot}/lindberg-build-system";
};
};
}

24
nixos-configurations/tierberg/default.nix
View file

@ -1,24 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./networking.nix
./filesystems.nix
./backup.nix
../../defaults/hardware/apu1.nix
# wle600: Not used currently
../../defaults/base
../../defaults/meta
];
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "24.11"; # Did you read the comment?
}

52
nixos-configurations/tierberg/filesystems.nix
View file

@ -1,52 +0,0 @@
{ config, pkgs, ... }:
{
boot.initrd.luks.devices = {
"system".device = "/dev/disk/by-uuid/ac7f7ef2-280d-4b9f-8150-a6f11ecec1df";
"swap".device = "/dev/disk/by-uuid/6ce21585-6813-46d0-9a98-ebcfa507bdb0";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/c775e380-b15f-499b-94f2-8caa27e6e0ff";
fsType = "btrfs";
options = [
"defaults"
"subvol=nixos"
"noatime"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/0b22a6bc-0721-49d6-9e66-1f8d9258f47b";
fsType = "ext4";
};
"/mnt/nas-backup-qois" = {
device = "192.168.254.1:/raid0/data/_NAS_NFS_Exports_/backup-qois";
fsType = "nfs";
options = [
"defaults"
"noatime"
"soft"
"vers=3"
];
};
"/mnt/nas-backup-coredump" = {
device = "192.168.254.1:/raid0/data/_NAS_NFS_Exports_/backup-qois";
fsType = "nfs";
options = [
"defaults"
"noatime"
"soft"
"vers=3"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/e91f9aba-1e59-4d41-a772-f11d4314dc19"; } ];
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
}

29
nixos-configurations/tierberg/networking.nix
View file

@ -1,29 +0,0 @@
{ config, pkgs, ... }:
let
meta = config.qois.meta;
lattenbach-nas-net = meta.network.physical.lattenbach-nas;
in
{
networking.hostName = meta.hosts.tierberg.hostName;
networking.enableIPv6 = false; # TODO
networking.useDHCP = false;
networking.interfaces.enp1s0.useDHCP = true;
networking.interfaces.enp2s0.ipv4.addresses = [
{
inherit (lattenbach-nas-net.v4) prefixLength;
address = lattenbach-nas-net.hosts.tierberg.v4.ip;
}
];
networking.interfaces.enp3s0.useDHCP = true;
qois.backplane-net.enable = true;
services.qois.luks-ssh = {
enable = true;
interface = "eth0";
sshPort = 2222;
};
}

2
private

@ -1 +1 @@
Subproject commit 1d096ecce6a9b722dbdc70515375ec6798958c23 Subproject commit 18d3b3b703a6139b9ebd5ec64311717cf2a6f9bc

2
updates.md
View file

@ -28,7 +28,7 @@ deploy-qois .#lindberg-nextcloud .#lindberg-build
deploy-qois .#lindberg deploy-qois .#lindberg
# Deploy slow physical hosts (maybe do individually) # Deploy slow physical hosts (maybe do individually)
deploy-qois --confirm-timeout 600 --activation-timeout 600 --targets .#tierberg .#stompert .#stompert deploy-qois --confirm-timeout 600 --activation-timeout 600 --targets .#stompert .#stompert
``` ```