forked from DGNum/infrastructure
Compare commits
5 Commits
7a0af9ac8e
...
4b9ed774f4
| Author | SHA1 | Date |
|---|---|---|
 katvayor
|
4b9ed774f4 | |
|
katvayor
|
aff824e0a9 | |
|
katvayor
|
6a9c017edb | |
 Tom Hubrecht
|
17a6e085b5 | |
|
Tom Hubrecht
|
4e7b3154da |
|
|
@ -20,6 +20,7 @@ lib.extra.mkConfig {
|
|||
"nextcloud"
|
||||
"outline"
|
||||
"plausible"
|
||||
"postgresql"
|
||||
"rstudio-server"
|
||||
"satosa"
|
||||
"signald"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
|
||||
package = pkgs.postgresql_14;
|
||||
|
||||
settings = {
|
||||
checkpoint_completion_target = 0.90625;
|
||||
default_statistics_target = 100;
|
||||
effective_cache_size = "32GB";
|
||||
effective_io_concurrency = 200;
|
||||
maintenance_work_mem = "2GB";
|
||||
max_connections = 500;
|
||||
max_parallel_maintenance_workers = 4;
|
||||
max_parallel_workers = 12;
|
||||
max_parallel_workers_per_gather = 4;
|
||||
max_wal_size = "4GB";
|
||||
max_worker_processes = 12;
|
||||
min_wal_size = "1GB";
|
||||
random_page_cost = 1.125;
|
||||
shared_buffers = "16GB";
|
||||
wal_buffers = "16MB";
|
||||
work_mem = "83886kB";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
let
|
||||
listen = vlan: ''
|
||||
listen {
|
||||
type = dhcp
|
||||
ipaddr = 10.0.0.1
|
||||
src_ipaddr = 10.0.0.1
|
||||
port = 67
|
||||
interface = vlan-user-${vlan}
|
||||
broadcast = no #?
|
||||
performance {
|
||||
skip_duplicate_checks = no
|
||||
}
|
||||
# we store servIP so that latter modules can know with wich IP reply
|
||||
update control {
|
||||
&Client-Vlan = ${vlan}
|
||||
}
|
||||
}
|
||||
'';
|
||||
dhcpCommon = ''
|
||||
update reply {
|
||||
&DHCP-Domain-Name-Server = 10.0.0.1
|
||||
&DHCP-Subnet-Mask = 255.255.128.0 # /17 ?????????
|
||||
&DHCP-Router-Address = &control:Server-IP
|
||||
&DHCP-Broadcast-Address = 10.0.127.255 # ???????
|
||||
&DHCP-IP-Address-Lease-Time = 7200
|
||||
&DHCP-DHCP-Server-Identifier = 10.0.0.1
|
||||
}
|
||||
'';
|
||||
dhcpDiscover = ''
|
||||
dhcp DHCP-Discover {
|
||||
${dhcpCommon}
|
||||
update control {
|
||||
&Pool-Name := "pool-%{&control:Client-Vlan}"
|
||||
}
|
||||
dhcp_sqlippool
|
||||
if (notfound) {
|
||||
do_not_respond #TODO not silent
|
||||
}
|
||||
ok
|
||||
}
|
||||
'';
|
||||
dhcpRequest = ''
|
||||
dhcp DHCP-Request {
|
||||
if (&request:DHCP-DHCP-Server-Identifier && \
|
||||
&request:DHCP-DHCP-Server-Identifier != &control:Server-IP) {
|
||||
do_not_respond
|
||||
}
|
||||
${dhcpCommon}
|
||||
update control {
|
||||
&Pool-Name := "pool-%{&control:Client-Vlan}"
|
||||
}
|
||||
dhcp_sqlippool_request
|
||||
if (notfound) {
|
||||
do_not_respond #TODO not silent
|
||||
}
|
||||
ok
|
||||
}
|
||||
'';
|
||||
in
|
||||
''
|
||||
server dhcp {
|
||||
|
||||
${builtins.concatStringsSep "\n\n" (map listen [ ])}
|
||||
|
||||
${dhcpDiscover}
|
||||
|
||||
${dhcpRequest}
|
||||
|
||||
}
|
||||
''
|
||||
|
|
@ -38,15 +38,51 @@ let
|
|||
mkUserVlan =
|
||||
id:
|
||||
let
|
||||
vlan = 3245 + id;
|
||||
prefix24nb = id / 32;
|
||||
prefix29nb = (id - prefix24nb * 32) * 8;
|
||||
# on alloue 10.0.0.0/17 aux thurnés, avec un /27 chacun, on garde 10.0.0.0/27 pour nous (routeur et autres)
|
||||
vlan = 4094 - id;
|
||||
prefix24nb = (id + 1) / 8;
|
||||
prefix27nb = (id + 1 - prefix24nb * 8) * 32;
|
||||
in
|
||||
{
|
||||
name = "vlan-user-${builtins.toString vlan}";
|
||||
value = {
|
||||
Id = vlan;
|
||||
address = [ "10.0.${builtins.toString prefix24nb}.${builtins.toString (prefix29nb + 1)}/29" ];
|
||||
address = [ ];
|
||||
extraNetwork = {
|
||||
networkConfig.DHCPServer = "yes";
|
||||
dhcpServerConfig = {
|
||||
EmitRouter = true;
|
||||
Router = "10.0.0.1";
|
||||
EmitDNS = true;
|
||||
DNS = "10.0.0.1";
|
||||
};
|
||||
addresses = [
|
||||
{
|
||||
addressConfig = {
|
||||
Address = "10.0.${builtins.toString prefix24nb}.${builtins.toString (prefix27nb + 1)}/27";
|
||||
AddPrefixRoute = false;
|
||||
};
|
||||
}
|
||||
];
|
||||
routes = [
|
||||
{
|
||||
routeConfig = {
|
||||
Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
|
||||
Table = "user";
|
||||
};
|
||||
}
|
||||
];
|
||||
routingPolicyRules = [
|
||||
{
|
||||
routingPolicyRuleConfig = {
|
||||
From = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
|
||||
To = "10.0.0.0/27";
|
||||
IncomingInterface = "vlan-user-${builtins.toString vlan}";
|
||||
Table = "user";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -82,12 +118,37 @@ let
|
|||
|
||||
extraNetwork.networkConfig.DHCPServer = "yes";
|
||||
};
|
||||
} // builtins.listToAttrs (builtins.genList mkUserVlan 300); # 850 when we can
|
||||
} // builtins.listToAttrs (builtins.genList mkUserVlan 10); # 850 when we can
|
||||
in
|
||||
|
||||
{
|
||||
systemd.network = {
|
||||
config.routeTables."user" = 1000;
|
||||
networks = {
|
||||
"10-lo" = {
|
||||
name = "lo";
|
||||
address = [
|
||||
"::1/128"
|
||||
"127.0.0.1/8"
|
||||
"10.0.0.1/16"
|
||||
];
|
||||
routes = [
|
||||
{
|
||||
routeConfig = {
|
||||
Destination = "10.0.0.0/27";
|
||||
Table = "user";
|
||||
};
|
||||
}
|
||||
];
|
||||
routingPolicyRules = [
|
||||
{
|
||||
routingPolicyRuleConfig = {
|
||||
IncomingInterface = "lo";
|
||||
Table = "user";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
"10-enp67s0f0np0" = {
|
||||
name = "enp67s0f0np0";
|
||||
networkConfig = {
|
||||
|
|
|
|||
|
|
@ -76,30 +76,32 @@ in
|
|||
mtr
|
||||
tcpdump
|
||||
])
|
||||
++ lib.optional
|
||||
(config.services.postgresql.enable && config.services.postgresql.package != cfg.pg-upgrade-to)
|
||||
(
|
||||
pkgs.writeScriptBin "upgrade-pg-cluster" ''
|
||||
set -eux
|
||||
# XXX it's perhaps advisable to stop all services that depend on postgresql
|
||||
systemctl stop postgresql
|
||||
++ [ config.boot.kernelPackages.perf ]
|
||||
++
|
||||
lib.optional
|
||||
(config.services.postgresql.enable && config.services.postgresql.package != cfg.pg-upgrade-to)
|
||||
(
|
||||
pkgs.writeScriptBin "upgrade-pg-cluster" ''
|
||||
set -eux
|
||||
# XXX it's perhaps advisable to stop all services that depend on postgresql
|
||||
systemctl stop postgresql
|
||||
|
||||
export NEWDATA="/var/lib/postgresql/${cfg.pg-upgrade-to.psqlSchema}"
|
||||
export NEWDATA="/var/lib/postgresql/${cfg.pg-upgrade-to.psqlSchema}"
|
||||
|
||||
export NEWBIN="${cfg.pg-upgrade-to}/bin"
|
||||
export NEWBIN="${cfg.pg-upgrade-to}/bin"
|
||||
|
||||
export OLDDATA="${config.services.postgresql.dataDir}"
|
||||
export OLDBIN="${config.services.postgresql.package}/bin"
|
||||
export OLDDATA="${config.services.postgresql.dataDir}"
|
||||
export OLDBIN="${config.services.postgresql.package}/bin"
|
||||
|
||||
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
|
||||
cd "$NEWDATA"
|
||||
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
|
||||
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
|
||||
cd "$NEWDATA"
|
||||
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
|
||||
|
||||
sudo -u postgres $NEWBIN/pg_upgrade \
|
||||
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
|
||||
--old-bindir $OLDBIN --new-bindir $NEWBIN \
|
||||
"$@"
|
||||
''
|
||||
);
|
||||
sudo -u postgres $NEWBIN/pg_upgrade \
|
||||
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
|
||||
--old-bindir $OLDBIN --new-bindir $NEWBIN \
|
||||
"$@"
|
||||
''
|
||||
);
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue