srv0-dmz0: update and comment out nomad&holochain specifics

2023-12-28 14:02:27 +01:00 · 2023-12-28 14:02:27 +01:00 · aec8d62202
commit aec8d62202
parent 429fb1da00
3 changed files with 89 additions and 89 deletions
--- a/nix/os/devices/srv0-dmz0/configuration.nix
+++ b/nix/os/devices/srv0-dmz0/configuration.nix
@ -6,7 +6,7 @@
  config,
  ...
 }: let
-  disk = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002051";
+  disk = "/dev/disk/by-id/ata-INTEL_SSDSC2BW240A4_PHDA435602332403GN";
 in {
  disabledModules = [];
  imports = [
@ -124,90 +124,90 @@ in {
  containers = {
  };
-  sops.secrets.holochain-nomad-agent-ca = {
+  # sops.secrets.holochain-nomad-agent-ca = {
-    sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
+  #   sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
-    owner = config.users.extraUsers.nomad.name;
+  #   owner = config.users.extraUsers.nomad.name;
-    group = config.users.groups.nomad.name;
+  #   group = config.users.groups.nomad.name;
-  };
+  # };
-  sops.secrets.holochain-global-nomad-client-cert = {
+  # sops.secrets.holochain-global-nomad-client-cert = {
-    sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
+  #   sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
-    owner = config.users.extraUsers.nomad.name;
+  #   owner = config.users.extraUsers.nomad.name;
-    group = config.users.groups.nomad.name;
+  #   group = config.users.groups.nomad.name;
-  };
+  # };
-  sops.secrets.holochain-global-client-nomad-key = {
+  # sops.secrets.holochain-global-client-nomad-key = {
-    sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
+  #   sopsFile = ../../../../secrets/holochain-infra/nomad.yaml;
-    owner = config.users.extraUsers.nomad.name;
+  #   owner = config.users.extraUsers.nomad.name;
-    group = config.users.groups.nomad.name;
+  #   group = config.users.groups.nomad.name;
-  };
+  # };
-  services.nomad = {
+  # services.nomad = {
-    enable = true;
+  #   enable = true;
-    package = packages'.nomad;
+  #   package = packages'.nomad;
-    enableDocker = false;
+  #   enableDocker = false;
-    dropPrivileges = false;
+  #   dropPrivileges = false;
-    extraPackages = [
+  #   extraPackages = [
-      pkgs.coreutils
+  #     pkgs.coreutils
-      pkgs.nix
+  #     pkgs.nix
-      pkgs.bash
+  #     pkgs.bash
-      pkgs.gitFull
+  #     pkgs.gitFull
-      pkgs.cacert
+  #     pkgs.cacert
-    ];
+  #   ];
-    settings = {
+  #   settings = {
-      server.enabled = false;
+  #     server.enabled = false;
-      client = {
+  #     client = {
-        enabled = true;
+  #       enabled = true;
-        server_join = {
+  #       server_join = {
-          retry_join = [
+  #         retry_join = [
-            "infra.holochain.org"
+  #           "infra.holochain.org"
-          ];
+  #         ];
-          retry_interval = "60s";
+  #         retry_interval = "60s";
-        };
+  #       };
-        node_class = "testing";
+  #       node_class = "testing";
-        meta = {
+  #       meta = {
-          inherit (pkgs.targetPlatform) system;
+  #         inherit (pkgs.targetPlatform) system;
-          features = builtins.concatStringsSep "," [
+  #         features = builtins.concatStringsSep "," [
-            "poc-1"
+  #           "poc-1"
-            "poc-2"
+  #           "poc-2"
-            "ipv4-nat"
+  #           "ipv4-nat"
-            "nix"
+  #           "nix"
-            "nixos"
+  #           "nixos"
-            "holoport"
+  #           "holoport"
-          ];
+  #         ];
-          machine_type = "baremetal";
+  #         machine_type = "baremetal";
-        };
+  #       };
-      };
+  #     };
-      tls = {
+  #     tls = {
-        http = true;
+  #       http = true;
-        rpc = true;
+  #       rpc = true;
-        ca_file = config.sops.secrets.holochain-nomad-agent-ca.path;
+  #       ca_file = config.sops.secrets.holochain-nomad-agent-ca.path;
-        cert_file = config.sops.secrets.holochain-global-nomad-client-cert.path;
+  #       cert_file = config.sops.secrets.holochain-global-nomad-client-cert.path;
-        key_file = config.sops.secrets.holochain-global-client-nomad-key.path;
+  #       key_file = config.sops.secrets.holochain-global-client-nomad-key.path;
-        verify_server_hostname = true;
+  #       verify_server_hostname = true;
-        verify_https_client = true;
+  #       verify_https_client = true;
-      };
+  #     };
-      plugin.raw_exec.config.enabled = true;
+  #     plugin.raw_exec.config.enabled = true;
-    };
+  #   };
-  };
+  # };
-  users.extraUsers.nomad.isNormalUser = true;
+  # users.extraUsers.nomad.isNormalUser = true;
-  users.extraUsers.nomad.isSystemUser = false;
+  # users.extraUsers.nomad.isSystemUser = false;
-  users.extraUsers.nomad.group = "nomad";
+  # users.extraUsers.nomad.group = "nomad";
-  users.extraUsers.nomad.home = config.services.nomad.settings.data_dir;
+  # users.extraUsers.nomad.home = config.services.nomad.settings.data_dir;
-  users.extraUsers.nomad.createHome = true;
+  # users.extraUsers.nomad.createHome = true;
-  users.groups.nomad.members = ["nomad"];
+  # users.groups.nomad.members = ["nomad"];
-  systemd.services.nomad.serviceConfig.User = "nomad";
+  # systemd.services.nomad.serviceConfig.User = "nomad";
-  systemd.services.nomad.serviceConfig.Group = "nomad";
+  # systemd.services.nomad.serviceConfig.Group = "nomad";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
@ -215,5 +215,5 @@ in {
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
+  system.stateVersion = "23.11"; # Did you read the comment?
 }
--- a/nix/os/devices/srv0-dmz0/flake.lock
+++ b/nix/os/devices/srv0-dmz0/flake.lock
@ -7,43 +7,43 @@
        ]
      },
      "locked": {
-        "lastModified": 1687871164,
+        "lastModified": 1703367386,
-        "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+        "narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+        "rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-23.05",
+        "ref": "release-23.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1688594934,
+        "lastModified": 1703467016,
-        "narHash": "sha256-3dUo20PsmUd57jVZRx5vgKyIN1tv+v/JQweZsve5q/A=",
+        "narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e11142026e2cef35ea52c9205703823df225c947",
+        "rev": "d02d818f22c777aa4e854efc3242ec451e5d462a",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1688668881,
+        "lastModified": 1703766384,
-        "narHash": "sha256-q5QIxsX5UR+P2uq8RyaJA/GI5z3yZiKl3Q35gVyr9UM=",
+        "narHash": "sha256-PN7mpVqo/Rf/XIIJv7Kuc4MVvF349F9hBipcGjr4HNg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0ffe9cc640d092e6abd8c0adec483acfd2ed7cda",
+        "rev": "05d50dc97a11f0382514bb062ce470ce7da20dfd",
        "type": "github"
      },
      "original": {
@ -55,11 +55,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1688640665,
+        "lastModified": 1703643441,
-        "narHash": "sha256-bpNl3nTFDZqrLiRU0bO6vdIT5Ww13nNCVsOLLKEqGuE=",
+        "narHash": "sha256-UsAtbIwxBuciNfiwY9g+jiLDyvYIaO5jai8avtAK+EE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "88faf206ce0d5cfda760539a367daf6cde5b3712",
+        "rev": "f930306a698f1ae7045cf3265693b7ebc9512f23",
        "type": "github"
      },
      "original": {
--- a/nix/os/devices/srv0-dmz0/flake.nix
+++ b/nix/os/devices/srv0-dmz0/flake.nix
@ -1,10 +1,10 @@
 {
-  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
  inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
  inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master";
  inputs.home-manager = {
-    url = "github:nix-community/home-manager/release-23.05";
+    url = "github:nix-community/home-manager/release-23.11";
    inputs.nixpkgs.follows = "nixpkgs";
  };