From fffbd0530c0749f9398684fc0d9fd76af2d80db6 Mon Sep 17 00:00:00 2001 From: natto1784 Date: Wed, 2 Nov 2022 13:26:40 +0530 Subject: [PATCH] hosts/marisa/services: remove hashicorp configs Signed-off-by: natto1784 --- hosts/marisa/services.nix | 136 -------------------------------------- 1 file changed, 136 deletions(-) diff --git a/hosts/marisa/services.nix b/hosts/marisa/services.nix index 42ba10b..c182492 100755 --- a/hosts/marisa/services.nix +++ b/hosts/marisa/services.nix @@ -9,133 +9,6 @@ }; }; systemd.tmpfiles.rules = lib.singleton "d /run/vault - vault vault 1h"; - systemd.services.vault.preStart = - let - originalCfg = pkgs.writeText "vaultConfiguration.json" (builtins.toJSON rec { - storage."consul" = { - address = "10.55.0.2:8500"; - path = "vault"; - token = "+++vault_consul_token+++"; - }; - api_addr = "https://10.55.0.2:8800"; - ui = true; - }); - in - lib.mkForce '' - mkdir -p /run/vault - sed -e 's,+++vault_consul_token+++,'"$(cat /var/secrets/vault_consul.key)"',' \ - ${originalCfg} > /run/vault/vault.json - ''; - systemd.services.consul.preStart = - let - originalCfg = pkgs.writeText "consulConfiguration.json" (builtins.toJSON rec { - data_dir = "/var/lib/consul"; - ui_config = { - enabled = true; - }; - bootstrap = true; - log_level = "DEBUG"; - enable_syslog = true; - bind_addr = "10.55.0.2"; - client_addr = bind_addr; - datacenter = "cirno"; - primary_datacenter = "cirno"; - node_name = "Marisa"; - acl = { - enabled = true; - default_policy = "deny"; - enable_token_persistence = true; - tokens = { - agent = "+++consul_token+++"; - }; - }; - server = true; - ports = { - grpc = 8502; - }; - connect = { - enabled = true; - }; - encrypt = "+++consul_encryption+++"; - }); - in - lib.mkForce '' - mkdir -p /run/consul - sed -e 's,+++consul_encryption+++,'"$(cat /var/secrets/consul_encryption.key)"',' \ - -e 's,+++consul_token+++,'"$(cat /var/secrets/consul_bootstrap.token)"',' \ - ${originalCfg} > /run/consul/consul.json - ''; - - systemd.services.nomad.after = [ "vault.service" ]; - systemd.services.nomad.preStart = - let - originalCfg = pkgs.writeText "nomadConfiguration.json" - (builtins.toJSON rec { - bind_addr = "0.0.0.0"; - data_dir = "/var/lib/nomad"; - disable_update_check = true; - datacenter = "nazrin"; - log_file = "/var/log/nomad/nomad.log"; - name = "Marisa"; - server = { - enabled = true; - encrypt = "+++nomad_encryption+++"; - bootstrap_expect = 1; - }; - plugin."docker" = { - config = { - allow_privileged = true; - volumes.enabled = true; - pull_activity_timeout = "30m"; - # allow_caps = [ "audit_write" "chown" "dac_override" "fowner" "fsetid" "kill" "mknod" "net_bind_service" "setfcap" "setgid" "setpcap" "setuid" "sys_chroot" "sys_admin" "sys_time" ]; - }; - }; - plugin."raw_exec" = { - config = { - enabled = true; - }; - }; - client = { - meta."connect.sidecar_image" = "envoyproxy/envoy:v1.21.5"; - options = { - "docker.privileged.enabled" = true; - "docker.volumes.enabled" = true; - }; - enabled = true; - cni_path = "${pkgs.cni-plugins}/bin"; - }; - vault = { - enabled = true; - token = "+++nomad_vault+++"; - task_token_ttl = "1h"; - address = "https://10.55.0.2:8800"; - ca_file = "/var/rootcert/cert.pem"; - cert_file = "/var/certs/cert.pem"; - key_file = "/var/certs/key.pem"; - allow_unauthenticated = false; - create_from_role = "nomad-cluster"; - }; - consul = { - address = "10.55.0.2:8500"; - token = "+++nomad_consul+++"; - ssl = false; - allow_unauthenticated = false; - auto_advertise = true; - server_auto_join = true; - client_auto_join = true; - }; - acl = { - enabled = true; - }; - }); - in - '' - mkdir -p /run/nomad - sed -e 's,+++nomad_encryption+++,'"$(cat /var/secrets/nomad_encryption.key)"',' \ - -e 's,+++nomad_consul+++,'"$(cat /var/secrets/nomad_consul.token)"',' \ - -e 's,+++nomad_vault+++,'"$(cat /var/secrets/nomad_vault.token)"',' \ - ${originalCfg} > /run/nomad/nomad.json - ''; services = { openssh = { enable = true; @@ -164,15 +37,6 @@ package = pkgs.master.consul; extraConfigFiles = lib.singleton "/run/consul/consul.json"; }; - create_ap = { - enable = true; - settings = { - INTERNET_IFACE = "eth0"; - PASSPHRASE = "agnishwar"; - SSID = "Marisa"; - WIFI_IFACE = "wlan0"; - }; - }; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"