feat(servers): move oksys services to cluster
All checks were successful
Discord / discord commits (push) Successful in 28s

This commit is contained in:
matt1432 2024-01-23 23:42:41 -05:00
parent 6dc386046b
commit 8cd7cf258c
8 changed files with 76 additions and 40 deletions

View file

@ -1,5 +1,7 @@
deviceName: {config, ...}: let deviceName: {config, ...}: let
inherit (config.vars) mainUser hostName; inherit (config.vars) mainUser hostName;
clusterIP = (builtins.elemAt config.services.pacemaker.resources.caddy.virtualIps 0).ip;
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -34,6 +36,10 @@ in {
networking = { networking = {
inherit hostName; inherit hostName;
resolvconf.enable = true; resolvconf.enable = true;
nameservers = [
clusterIP
"1.0.0.1"
];
firewall.enable = false; firewall.enable = false;
}; };

View file

@ -8,6 +8,8 @@
inherit (config.sops) secrets; inherit (config.sops) secrets;
caddy = caddy-plugins.packages.${pkgs.system}.default; caddy = caddy-plugins.packages.${pkgs.system}.default;
clusterIP = (builtins.elemAt config.services.pacemaker.resources.caddy.virtualIps 0).ip;
in { in {
imports = [caddy-plugins.nixosModules.default]; imports = [caddy-plugins.nixosModules.default];
@ -33,7 +35,6 @@ in {
dockerIP = "10.0.0.122"; dockerIP = "10.0.0.122";
jellyIP = "10.0.0.123"; jellyIP = "10.0.0.123";
servivi = "10.0.0.249"; servivi = "10.0.0.249";
oksysIP = "10.0.0.213";
in { in {
"nelim.org" = { "nelim.org" = {
serverAliases = ["*.nelim.org"]; serverAliases = ["*.nelim.org"];
@ -48,7 +49,7 @@ in {
# Misc one-liners # Misc one-liners
vault.reverseProxy = "${dockerIP}:8781"; vault.reverseProxy = "${dockerIP}:8781";
hauk.reverseProxy = "${dockerIP}:3003"; hauk.reverseProxy = "${dockerIP}:3003";
headscale.reverseProxy = "${oksysIP}:8085"; headscale.reverseProxy = "${clusterIP}:8085";
jelly.reverseProxy = "${jellyIP}:80"; jelly.reverseProxy = "${jellyIP}:80";
# Resume builder # Resume builder

View file

@ -6,8 +6,10 @@
... ...
}: let }: let
inherit (builtins) readFile; inherit (builtins) readFile;
inherit (config.vars) mainUser; inherit (config.vars) mainUser hostName;
headscale-flake = headscale.packages.${pkgs.system}.headscale; headscale-flake = headscale.packages.${pkgs.system}.headscale;
clusterIP = (builtins.elemAt config.services.pacemaker.resources.caddy.virtualIps 0).ip;
in { in {
environment.systemPackages = [headscale-flake]; environment.systemPackages = [headscale-flake];
users.users.${mainUser}.extraGroups = ["headscale"]; users.users.${mainUser}.extraGroups = ["headscale"];
@ -19,7 +21,7 @@ in {
enable = true; enable = true;
package = headscale-flake; package = headscale-flake;
address = "10.0.0.213"; address = clusterIP;
port = 8085; port = 8085;
settings = { settings = {
@ -36,10 +38,15 @@ in {
private_key_path = "/var/lib/headscale/private.key"; private_key_path = "/var/lib/headscale/private.key";
noise.private_key_path = "/var/lib/headscale/noise_private.key"; noise.private_key_path = "/var/lib/headscale/noise_private.key";
dns_config = { dns_config = let
caddyIp =
if hostName == "thingone"
then "100.64.0.8"
else "100.64.0.9";
in {
magic_dns = false; magic_dns = false;
override_local_dns = true; override_local_dns = true;
nameservers = ["100.64.0.1"]; nameservers = [caddyIp];
}; };
derp = { derp = {
@ -47,7 +54,7 @@ in {
server = { server = {
enabled = true; enabled = true;
stun_listen_addr = "0.0.0.0:3479"; stun_listen_addr = "${clusterIP}:3479";
private_key_path = "/var/lib/headscale/derp_server_private.key"; private_key_path = "/var/lib/headscale/derp_server_private.key";
region_id = 995; region_id = 995;

View file

@ -3,15 +3,22 @@
./options.nix ./options.nix
../corosync.nix ../corosync.nix
../blocky.nix
../caddy.nix ../caddy.nix
../headscale
../unbound.nix
]; ];
# TODO: update script # TODO: update script
services = { services.pacemaker = {
pacemaker = {
enable = true; enable = true;
resources = { resources = {
"blocky" = {
enable = true;
dependsOn = ["unbound"];
};
"caddy" = { "caddy" = {
enable = true; enable = true;
virtualIps = [ virtualIps = [
@ -22,23 +29,45 @@
} }
]; ];
}; };
"headscale" = {
enable = true;
dependsOn = ["caddy"];
};
"unbound" = {
enable = true;
dependsOn = ["caddy"];
};
}; };
}; };
rpcbind.enable = true; # needed for NFS # NFS client setup
}; services.rpcbind.enable = true;
boot.supportedFilesystems = ["nfs"]; boot.supportedFilesystems = ["nfs"];
environment.systemPackages = with pkgs; [nfs-utils]; environment.systemPackages = with pkgs; [nfs-utils];
systemd.mounts = [ systemd.mounts = let
host = "10.0.0.249";
in [
{ {
type = "nfs"; type = "nfs";
mountConfig = { mountConfig = {
Options = "noatime"; Options = "noatime";
}; };
what = "servivi:/caddy"; what = "${host}:/caddy";
where = "/var/lib/caddy"; where = "/var/lib/caddy";
requiredBy = ["caddy.service"]; requiredBy = ["caddy.service"];
} }
{
type = "nfs";
mountConfig = {
Options = "noatime";
};
what = "${host}:/headscale";
where = "/var/lib/headscale";
requiredBy = ["headscale.service"];
}
]; ];
} }

View file

@ -1,5 +1,5 @@
{config, ...}: let {config, ...}: let
inherit (config.vars) mainUser; inherit (config.vars) mainUser hostName;
in { in {
# https://github.com/MatthewVance/unbound-docker-rpi/issues/4#issuecomment-1001879602 # https://github.com/MatthewVance/unbound-docker-rpi/issues/4#issuecomment-1001879602
boot.kernel.sysctl."net.core.rmem_max" = 1048576; boot.kernel.sysctl."net.core.rmem_max" = 1048576;
@ -27,7 +27,12 @@ in {
"ota.nelim.org redirect" "ota.nelim.org redirect"
"nelim.org redirect" "nelim.org redirect"
]; ];
local-data = [ local-data = let
caddyIp =
if hostName == "thingone"
then "100.64.0.8"
else "100.64.0.9";
in [
"\"pve.nelim.org IN A 100.64.0.4\"" "\"pve.nelim.org IN A 100.64.0.4\""
"\"headscale.nelim.org. IN A 24.200.126.219\"" "\"headscale.nelim.org. IN A 24.200.126.219\""
@ -45,9 +50,8 @@ in {
"\"ota.nelim.org. IN A 100.64.0.5\"" "\"ota.nelim.org. IN A 100.64.0.5\""
"\"nelim.org IN A 100.64.0.1\"" "\"nelim.org 0 A ${caddyIp}\""
]; ];
#
do-ip4 = true; do-ip4 = true;
do-ip6 = false; do-ip6 = false;

View file

@ -1,12 +1,5 @@
{config, ...}: let {config, ...}: let
inherit (config.vars) mainUser hostName; inherit (config.vars) mainUser hostName;
tailscaleNameservers =
config
.services
.headscale
.settings
.dns_config
.nameservers;
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -14,10 +7,7 @@ in {
../../modules/sshd.nix ../../modules/sshd.nix
../../modules/tailscale.nix ../../modules/tailscale.nix
./modules/blocky.nix
./modules/headscale
./modules/remote-builder.nix ./modules/remote-builder.nix
./modules/unbound.nix
]; ];
vars = { vars = {
@ -43,7 +33,6 @@ in {
networking = { networking = {
inherit hostName; inherit hostName;
resolvconf.enable = true; resolvconf.enable = true;
nameservers = tailscaleNameservers ++ ["1.0.0.1"];
firewall.enable = false; firewall.enable = false;
}; };