Changes for SEA

2020-02-18 10:58:47 -08:00 · 2020-02-18 10:58:47 -08:00 · 61b3ca6dd6
parent 93f490e488
commit 61b3ca6dd6
6 changed files with 54 additions and 66 deletions
--- a/config/fudo/chat.nix
+++ b/config/fudo/chat.nix
@ -32,7 +32,7 @@ in {
    };

    smtp-password-file = mkOption {
-      type = types.path;
+      type = types.str;
      description = "Path to a file containing the password to use while connecting to the SMTP server.";
    };

@ -61,7 +61,7 @@ in {
          };

          password-file = mkOption {
-            type = types.path;
+            type = types.str;
            description = "Path to file containing database password.";
          };
        };
--- a/config/fudo/webmail.nix
+++ b/config/fudo/webmail.nix
@ -180,7 +180,7 @@ let
      };

      password-file = mkOption {
-        type = types.path;
+        type = types.str;
        description = "Password to use when connecting to the database.";
      };
    };
--- a/defaults.nix
+++ b/defaults.nix
@ -72,6 +72,7 @@
    unzip
    vim
    wget
+    yubikey-manager
  ];

  system.stateVersion = "19.09";
--- a/fudo/sites/seattle.nix
+++ b/fudo/sites/seattle.nix
@ -12,6 +12,8 @@ in {

    time.timeZone = "America/Los_Angeles";

+    services.printing.enable = true;
+
    services.cron = {
      mailto = admin;
    };
--- a/hosts/france.nix
+++ b/hosts/france.nix
@ -242,7 +242,7 @@ in {
          name = "webmail";
          hostname = "localhost";
          user = "webmail";
-          password-file = /srv/webmail/secure/db.passwd;
+          password-file = "/srv/webmail/secure/db.passwd";
        };
      };
    };
@ -255,12 +255,12 @@ in {
    site-name = "Fudo Chat";
    smtp-server = "france.fudo.org";
    smtp-user = "chat";
-    smtp-password-file = /srv/mattermost/secure/smtp.passwd;
+    smtp-password-file = "/srv/mattermost/secure/smtp.passwd";
    database = {
      name = "mattermost";
      hostname = "localhost";
      user = "mattermost";
-      password-file = /srv/mattermost/secure/db.passwd;
+      password-file = "/srv/mattermost/secure/db.passwd";
    };
  };

--- a/hosts/nostromo.nix
+++ b/hosts/nostromo.nix
@ -1,7 +1,7 @@
 { lib, config, pkgs, ... }:

 let
-  hostname = "nostromo";
+  hostname = "nostromo.sea.fudo.org";
  inherit (lib.strings) concatStringsSep;

 in {
@ -12,16 +12,18 @@ in {
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sdb";

+  hardware.bluetooth.enable = false;
+
  imports = [
    ../defaults.nix
-    ../networks/sea.fudo.org.nix
-    ../profiles/server.nix
    ../hardware-configuration.nix
-
-    ../profiles/services/postgres.nix
-    # ../profiles/services/local_nameserver.nix
  ];

+  fudo.common = {
+    profile = "server";
+    site = "seattle";
+  };
+
  networking = {
    hostName = hostname;

@ -55,11 +57,22 @@ in {
    };
  };

-  hardware.bluetooth.enable = false;
+  fudo = {
+    postgresql = {
+      enable = true;
+      ssl-private-key = "/srv/nostromo/certs/private/privkey.pem";
+      ssl-certificate = "/srv/nostromo/certs/cert.pem";
+      keytab = "/srv/nostromo/keytabs/postgres.keytab";
+
+      local-networks = [
+        "10.0.0.1/24"
+        "127.0.0.1/8"
+      ];
+    };
+  };

  environment.systemPackages = with pkgs; [
-    # ganesha
-    ipfs
+    ceph
    libguestfs-with-appliance
    libvirt
    virtmanager
@ -71,14 +84,6 @@ in {
    onShutdown = "shutdown";
  };

-  fileSystems = {
-    "/data/gluster0" = {
-      device = "/dev/nostromo-gluster/gluster0";
-      fsType = "xfs";
-      options = ["rw" "inode64" "noatime" "nouuid"];
-    };
-  };
-
  services = {
    # glusterfs = {
    #   enable = true;
@ -86,52 +91,32 @@ in {
    #   useRpcbind = true;
    # };

-    # -DWITH_SPDK=OFF
-    # ceph = {
-    #   enable = true;
+    ceph = {
+      enable = true;

-    #   global = {
-    #     clusterName = "sea-data";
+      global = {
+        clusterName = "sea-data";
+        clusterNetwork = "10.0.10.0/24";
+        fsid = "d443e192-896d-4102-a60f-f8f0777eb2a3";
+        monHost = "10.0.10.2";
+        monInitialMembers = "mon-1";
+        publicNetwork = "10.0.0.0/22";
+      };

-    #     clusterNetwork = "10.0.10.0/24";
-    #     publicNetwork = "10.0.0.0/23";
+      mds = {
+        enable = true;
+        daemons = ["srv-2"];
+      };

-    #     monHost = "srv-1.data.sea.fudo.org";
-    #     monInitialMembers = concatStringsSep "," [
-    #       "srv-1.data.sea.fudo.org"
-    #       #"srv-2.data.sea.fudo.org"
-    #     ];
+      mgr = {
+        enable = true;
+        daemons = ["srv-2"];
+      };

-    #     authClientRequired = "cephx";
-    #     authClusterRequired = "cephx";
-    #     authServiceRequired = "cephx";
-
-    #     fsid = "14c6fc0f-13f5-43ab-9b90-b012cd12cbaa";
-    #   };
-
-    #   mds = {
-    #     enable = true;
-    #     daemons = ["srv-1"];
-    #   };
-
-    #   mon = {
-    #     enable = true;
-    #     daemons = ["srv-1"];
-    #   };
-
-    #   osd = {
-    #     enable = true;
-    #     daemons = ["srv-1"];
-    #   };
-    # };
+      mon = {
+        enable = true;
+        daemons = ["srv-2"];
+      };
+    };
  };
-
-  # services.ipfs = {
-  #   enable = true;
-  #   enableGC = true;
-  #   autoMount = false;
-  #   defaultMode = "online";
-  #   apiAddress = "/ip4/10.0.0.2/tcp/5001";
-  #   gatewayAddress = "/ipv4/10.0.0.2/tcp/8080";
-  # };
 }