From 874242af340be48ba211e3f55730ecfcdbb772b5 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 19 Sep 2024 13:49:01 +0200 Subject: [PATCH 1/6] flake: make nixos-24.05 the default and update --- .../configuration.nix | 41 +++++++++++++++++++ .../default.nix | 12 ++++++ 2 files changed, 53 insertions(+) create mode 100644 modules/flake-parts/nixosConfigurations.monitoring-0/configuration.nix create mode 100644 modules/flake-parts/nixosConfigurations.monitoring-0/default.nix diff --git a/modules/flake-parts/nixosConfigurations.monitoring-0/configuration.nix b/modules/flake-parts/nixosConfigurations.monitoring-0/configuration.nix new file mode 100644 index 00000000..61049f82 --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.monitoring-0/configuration.nix @@ -0,0 +1,41 @@ +{ + config, + inputs, + self, + pkgs, + ... +}: let + hostName = "monitoring-0"; + + primaryIpv4 = "135.181.110.69"; +in { + imports = [ + inputs.disko.nixosModules.disko + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.mixins-terminfo + inputs.srvos.nixosModules.hardware-hetzner-cloud + self.nixosModules.hardware-hetzner-cloud-cpx + + inputs.sops-nix.nixosModules.sops + + self.nixosModules.holo-users + ../../nixos/shared.nix + ../../nixos/shared-nix-settings.nix + ]; + + networking.hostName = hostName; # Define your hostname. + + hostName = primaryIpv4; + + nix.settings.max-jobs = 2; + + nix.settings.substituters = [ + "https://holochain-ci.cachix.org" + ]; + + nix.settings.trusted-public-keys = [ + "holochain-ci.cachix.org-2:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8=" + ]; + + system.stateVersion = "24.05"; +} diff --git a/modules/flake-parts/nixosConfigurations.monitoring-0/default.nix b/modules/flake-parts/nixosConfigurations.monitoring-0/default.nix new file mode 100644 index 00000000..038a3b25 --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.monitoring-0/default.nix @@ -0,0 +1,12 @@ +{ + self, + lib, + inputs, + ... +}: { + flake.nixosConfigurations.turn-2 = inputs.nixpkgs.lib.nixosSystem { + modules = [./configuration.nix]; + system = "x86_64-linux"; + specialArgs = self.specialArgs; + }; +} From 422de16e54bcdf3290721f1f739e3e59abf40775 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 19 Sep 2024 13:53:19 +0200 Subject: [PATCH 2/6] feat: init monitoring-0 and add dns-entry --- .../configuration.nix | 2 ++ .../configuration.nix | 17 +++++++++-------- .../default.nix | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix b/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix index 49026ae8..7d05d88a 100644 --- a/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix @@ -205,6 +205,8 @@ in turn-3.${fqdn2domain}. A ${self.nixosConfigurations.turn-3.config.services.holochain-turn-server.address} signal-3.${fqdn2domain}. A ${self.nixosConfigurations.turn-3.config.services.tx5-signal-server.address} bootstrap-3.${fqdn2domain}. A ${self.nixosConfigurations.turn-3.config.services.kitsune-bootstrap.address} + + monitoring-0.${fqdn2domain}. A ${self.nixosConfigurations.monitoring-0.config.passthru.primaryIpv4} ''; }; diff --git a/modules/flake-parts/nixosConfigurations.monitoring-0/configuration.nix b/modules/flake-parts/nixosConfigurations.monitoring-0/configuration.nix index 61049f82..64acf7ce 100644 --- a/modules/flake-parts/nixosConfigurations.monitoring-0/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.monitoring-0/configuration.nix @@ -4,11 +4,7 @@ self, pkgs, ... -}: let - hostName = "monitoring-0"; - - primaryIpv4 = "135.181.110.69"; -in { +}: { imports = [ inputs.disko.nixosModules.disko inputs.srvos.nixosModules.server @@ -23,11 +19,11 @@ in { ../../nixos/shared-nix-settings.nix ]; - networking.hostName = hostName; # Define your hostname. + networking.hostName = config.passthru.hostName; # Define your hostname. - hostName = primaryIpv4; + hostName = "${config.passthru.hostName}.${(builtins.elemAt (builtins.attrValues self.nixosConfigurations.dweb-reverse-tls-proxy.config.services.bind.zones) 0).name}"; - nix.settings.max-jobs = 2; + nix.settings.max-jobs = 3; nix.settings.substituters = [ "https://holochain-ci.cachix.org" @@ -38,4 +34,9 @@ in { ]; system.stateVersion = "24.05"; + + passthru = { + hostName = "monitoring-0"; + primaryIpv4 = "135.181.110.69"; + }; } diff --git a/modules/flake-parts/nixosConfigurations.monitoring-0/default.nix b/modules/flake-parts/nixosConfigurations.monitoring-0/default.nix index 038a3b25..3567b617 100644 --- a/modules/flake-parts/nixosConfigurations.monitoring-0/default.nix +++ b/modules/flake-parts/nixosConfigurations.monitoring-0/default.nix @@ -4,7 +4,7 @@ inputs, ... }: { - flake.nixosConfigurations.turn-2 = inputs.nixpkgs.lib.nixosSystem { + flake.nixosConfigurations.monitoring-0 = inputs.nixpkgs.lib.nixosSystem { modules = [./configuration.nix]; system = "x86_64-linux"; specialArgs = self.specialArgs; From 804d29848be67eb8ca9c11f6ac7a43461446833d Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 19 Sep 2024 14:35:10 +0200 Subject: [PATCH 3/6] docs: cover bind error --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index c5a2728e..16a66fb8 100644 --- a/README.md +++ b/README.md @@ -150,3 +150,22 @@ nix run .#deploy-linux-builder-01 switch ``` nix run .#turn-readiness-check ``` + +### Bind refuses to start after an update + +The error message + +``` +journal rollforward failed: journal out of sync with zone +``` + +This can be fixed by removing the journal files. + +Upon connection via SSH (`nix run .\#ssh-dweb-reverse-tls-proxy +`): + +```shell +systemctl stop bind +rm /etc/bind/zones/infra.holochain.org.zone.jnl +systemctl start bind +``` From 021c6cf98896fd4eafde58036563ce0708465fee Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 20 Sep 2024 20:48:01 +0200 Subject: [PATCH 4/6] monitoring-0: add README --- .../flake-parts/nixosConfigurations.monitoring-0/README.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 modules/flake-parts/nixosConfigurations.monitoring-0/README.md diff --git a/modules/flake-parts/nixosConfigurations.monitoring-0/README.md b/modules/flake-parts/nixosConfigurations.monitoring-0/README.md new file mode 100644 index 00000000..e7522dcb --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.monitoring-0/README.md @@ -0,0 +1,5 @@ +## Installation log + +``` +nix run .#nixos-anywhere -- --flake .#monitoring-0 root@monitoring-0.infra.holochain.org +``` From c170948b24be054a1c8fa59f8b1556e838aa71c6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Tue, 24 Sep 2024 11:50:52 +0200 Subject: [PATCH 5/6] feat: init buildbot-nix-0 bare config and DNS entry --- .../configuration.nix | 97 +++++++++++++++++++ .../default.nix | 14 +++ .../configuration.nix | 1 + 3 files changed, 112 insertions(+) create mode 100644 modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix create mode 100644 modules/flake-parts/nixosConfigurations.buildbot-nix-0/default.nix diff --git a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix new file mode 100644 index 00000000..467b779a --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix @@ -0,0 +1,97 @@ +{ + config, + inputs, + self, + pkgs, + lib, + ... +}: { + imports = [ + inputs.disko.nixosModules.disko + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.hardware-hetzner-online-amd + inputs.srvos.nixosModules.roles-nix-remote-builder + self.nixosModules.holo-users + self.nixosModules.nix-build-distributor + + inputs.sops-nix.nixosModules.sops + + ../../nixos/shared.nix + ../../nixos/shared-nix-settings.nix + ../../nixos/shared-linux.nix + ]; + + system.stateVersion = "24.05"; + + passthru = { + hostName = "buildbot-nix-0"; + primaryIpv4 = "135.181.114.173"; + primaryIpv6 = "2a01:4f9:4b:1a93::1/64"; + }; + + networking.hostName = config.passthru.hostName; # Define your hostname. + + hostName = "${config.passthru.hostName}.${(builtins.elemAt (builtins.attrValues self.nixosConfigurations.dweb-reverse-tls-proxy.config.services.bind.zones) 0).name}"; + + nix.settings.max-jobs = 16; + + boot.loader.grub = { + efiSupport = false; + }; + # boot.loader.systemd-boot.enable = true; + # boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + systemd.network.networks."10-uplink".networkConfig.Address = config.passthru.primaryIpv6; + + disko.devices = let + disk = id: { + type = "disk"; + device = "/dev/${id}"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; + }; + }; + }; + }; + in { + disk = { + sda = disk "nvme0n1"; + sdb = disk "nvme1n1"; + }; + mdadm = { + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + + roles.nix-remote-builder.schedulerPublicKeys = [ + # TODO + ]; +} diff --git a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/default.nix b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/default.nix new file mode 100644 index 00000000..fd261ddb --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/default.nix @@ -0,0 +1,14 @@ +{ + self, + lib, + inputs, + ... +}: let + evaluatedSystem = inputs.nixpkgs.lib.nixosSystem { + modules = [./configuration.nix]; + system = "x86_64-linux"; + specialArgs = self.specialArgs; + }; +in { + flake.nixosConfigurations."${evaluatedSystem.config.passthru.hostName}" = evaluatedSystem; +} diff --git a/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix b/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix index 7d05d88a..472c3d8f 100644 --- a/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix @@ -207,6 +207,7 @@ in bootstrap-3.${fqdn2domain}. A ${self.nixosConfigurations.turn-3.config.services.kitsune-bootstrap.address} monitoring-0.${fqdn2domain}. A ${self.nixosConfigurations.monitoring-0.config.passthru.primaryIpv4} + buildbot-nix-0.${fqdn2domain}. A ${self.nixosConfigurations.buildbot-nix-0.config.passthru.primaryIpv4} ''; }; From 1b129b3d2712fec74c70cfc33149d668f8c80df1 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 25 Sep 2024 14:10:20 +0200 Subject: [PATCH 6/6] feat(buildbot-nix-0): use btrfs subvolumes --- .../configuration.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix index 467b779a..daa0c36a 100644 --- a/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.buildbot-nix-0/configuration.nix @@ -80,9 +80,18 @@ primary = { size = "100%"; content = { - type = "filesystem"; - format = "btrfs"; - mountpoint = "/"; + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = ["noatime"]; + mountpoint = "/nix"; + }; + }; }; }; };