Switch from coreos to nixos

archive/1-coreos/1-prepare-ignition-files/compile.sh

@@ -0,0 +1,5 @@
+#! /bin/sh
+rpm -qa | grep -qw butane || dnf install butane
+butane --pretty --strict jaglan-beta-m40.bu --files-dir . --output jaglan-beta-m40.ign
+butane --pretty --strict jaglan-beta-m41.bu --files-dir . --output jaglan-beta-m41.ign
+butane --pretty --strict jaglan-beta-m42.bu --files-dir . --output jaglan-beta-m42.ign

archive/1-coreos/1-prepare-ignition-files/etc/consul.d/consul.hcl

@@ -0,0 +1,5 @@
+datacenter = "jaglan-beta"
+data_dir = "/opt/consul"
+encrypt = "5L5cOnGhQ63EUMqPtn4tYDb1XafmmbQx2n6WqPkqeFs=" # This is a secret that should be generated with `consul keygen`
+retry_join = ["jaglan-beta-m01", "jaglan-beta-m40", "jaglan-beta-m41", "jaglan-beta-m42"]
+server = true

archive/1-coreos/1-prepare-ignition-files/etc/nomad.d/nomad.hcl

@@ -0,0 +1,9 @@
+datacenter = "jaglan-beta"
+data_dir = "/opt/nomad/data"
+
+client {
+  enabled = true
+}
+server {
+  enabled = true
+}

archive/1-coreos/1-prepare-ignition-files/etc/yum.repos.d/hashicorp.repo

@@ -0,0 +1,13 @@
+[hashicorp]
+name=Hashicorp Stable - $basearch
+baseurl=https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/stable
+enabled=1
+gpgcheck=1
+gpgkey=https://rpm.releases.hashicorp.com/gpg
+
+[hashicorp-test]
+name=Hashicorp Test - $basearch
+baseurl=https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/test
+enabled=0
+gpgcheck=1
+gpgkey=https://rpm.releases.hashicorp.com/gpg

archive/1-coreos/1-prepare-ignition-files/jaglan-beta-m40.bu

@@ -0,0 +1,56 @@
+variant: fcos
+version: 1.5.0
+passwd:
+  users:
+    - name: core
+      ssh_authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com
+    # We need to make users for consul and nomad as we need them before their installed
+    - name: consul
+      no_create_home: true
+    - name: nomad
+      no_create_home: true
+systemd:
+  units:
+    - name: rpm-ostree-install-hashistack.service
+      enabled: true
+      contents_local: /units/rpm-ostree-install-hashistack.service
+storage:
+  files:
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: jaglan-beta-m40
+    - path: /etc/yum.repos.d/hashicorp.repo
+      contents:
+        local: /etc/yum.repos.d/hashicorp.repo
+      mode: 0644
+    - path: /etc/consul.d/consul.hcl
+      contents:
+        local: /etc/consul.d/consul.hcl
+      mode: 0600
+      group:
+        name: consul
+      user:
+        name: consul
+    - path: /etc/nomad.d/nomad.hcl
+      contents:
+        local: /etc/nomad.d/nomad.hcl
+      mode: 0600
+      group:
+        name: nomad
+      user:
+        name: nomad
+  directories:
+    - path: /opt/consul
+      mode: 0700
+      user:
+        name: consul
+      group:
+        name: consul
+    - path: /opt/nomad/data
+      mode: 0700
+      user:
+        name: nomad
+      group:
+        name: nomad

archive/1-coreos/1-prepare-ignition-files/jaglan-beta-m40.ign

@@ -0,0 +1,102 @@
+{
+  "ignition": {
+    "version": "3.4.0"
+  },
+  "passwd": {
+    "users": [
+      {
+        "name": "core",
+        "sshAuthorizedKeys": [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com"
+        ]
+      },
+      {
+        "name": "consul",
+        "noCreateHome": true
+      },
+      {
+        "name": "nomad",
+        "noCreateHome": true
+      }
+    ]
+  },
+  "storage": {
+    "directories": [
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/opt/consul",
+        "user": {
+          "name": "consul"
+        },
+        "mode": 448
+      },
+      {
+        "group": {
+          "name": "nomad"
+        },
+        "path": "/opt/nomad/data",
+        "user": {
+          "name": "nomad"
+        },
+        "mode": 448
+      }
+    ],
+    "files": [
+      {
+        "path": "/etc/hostname",
+        "contents": {
+          "compression": "",
+          "source": "data:,jaglan-beta-m40"
+        },
+        "mode": 420
+      },
+      {
+        "path": "/etc/yum.repos.d/hashicorp.repo",
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/7SPPcvCQBCE+/sVKdIm+76tkN5eO7HYXMY7ydexuwr+e4kfZ2EjgtXOMvAMzy6yxqOfJe3dxCOa9fMvNsbtgKIqypYVLD66JZxkaKJZ0hWRpLEWDGCF1plU+3mkA7pZmMpHfYZQ5pDe0A7Tcrrm34UUfITv77HH5ZOJkIJzL4HKoPZmsYXaTxyWtWzw97XBNQAA//9Dsu7agQEAAA=="
+        },
+        "mode": 420
+      },
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/etc/consul.d/consul.hcl",
+        "user": {
+          "name": "consul"
+        },
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/1SPPU/DMBRFd/+KK7NSlZa2WzY+FhCtBAKEUPviPGK3yXNjvwD596hhgfWc4d5TkZJjUU4oYPdUNySTkpWsOaltFUYxjUeduii5b6xhcWk46okv75buQW79ZnV5/XTfrVUW+npVzl7oo23LzfdcVs/d+tDxTS4szvDoQ0bIIGR2iRXqSZF97JsKJaNm4UTKFb6Ceux+J3HgoWbZmcSahu0+BkGBt793J+3FzJ7jP1rM7bvJnD7HOk09m58AAAD//+J027nwAAAA"
+        },
+        "mode": 384
+      },
+      {
+        "group": {
+          "name": "nomad"
+        },
+        "path": "/etc/nomad.d/nomad.hcl",
+        "user": {
+          "name": "nomad"
+        },
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/2zJMQ7DIAwF0N2nsNgrTsBZKoO/KipqKtfNEuXuEZmzvqcS0mAB58LpLa8h9qgISbTqqf2KPL+RbX5E8+JE1EaHBe/EDJM6oFw4/A866Aff4Pd3BgAA///Bwum4cQAAAA=="
+        },
+        "mode": 384
+      }
+    ]
+  },
+  "systemd": {
+    "units": [
+      {
+        "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul nomad\nExecStart=systemctl enable consul nomad\nExecStart=/bin/touch /var/lib/%N.stamp\nExecStart=systemctl reboot\n\n[Install]\nWantedBy=multi-user.target",
+        "enabled": true,
+        "name": "rpm-ostree-install-hashistack.service"
+      }
+    ]
+  }
+}

archive/1-coreos/1-prepare-ignition-files/jaglan-beta-m41.bu

@@ -0,0 +1,56 @@
+variant: fcos
+version: 1.5.0
+passwd:
+  users:
+    - name: core
+      ssh_authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com
+    # We need to make users for consul and nomad as we need them before their installed
+    - name: consul
+      no_create_home: true
+    - name: nomad
+      no_create_home: true
+systemd:
+  units:
+    - name: rpm-ostree-install-hashistack.service
+      enabled: true
+      contents_local: /units/rpm-ostree-install-hashistack.service
+storage:
+  files:
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: jaglan-beta-m41
+    - path: /etc/yum.repos.d/hashicorp.repo
+      contents:
+        local: /etc/yum.repos.d/hashicorp.repo
+      mode: 0644
+    - path: /etc/consul.d/consul.hcl
+      contents:
+        local: /etc/consul.d/consul.hcl
+      mode: 0600
+      group:
+        name: consul
+      user:
+        name: consul
+    - path: /etc/nomad.d/nomad.hcl
+      contents:
+        local: /etc/nomad.d/nomad.hcl
+      mode: 0600
+      group:
+        name: nomad
+      user:
+        name: nomad
+  directories:
+    - path: /opt/consul
+      mode: 0700
+      user:
+        name: consul
+      group:
+        name: consul
+    - path: /opt/nomad/data
+      mode: 0700
+      user:
+        name: nomad
+      group:
+        name: nomad

archive/1-coreos/1-prepare-ignition-files/jaglan-beta-m41.ign

@@ -0,0 +1,102 @@
+{
+  "ignition": {
+    "version": "3.4.0"
+  },
+  "passwd": {
+    "users": [
+      {
+        "name": "core",
+        "sshAuthorizedKeys": [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com"
+        ]
+      },
+      {
+        "name": "consul",
+        "noCreateHome": true
+      },
+      {
+        "name": "nomad",
+        "noCreateHome": true
+      }
+    ]
+  },
+  "storage": {
+    "directories": [
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/opt/consul",
+        "user": {
+          "name": "consul"
+        },
+        "mode": 448
+      },
+      {
+        "group": {
+          "name": "nomad"
+        },
+        "path": "/opt/nomad/data",
+        "user": {
+          "name": "nomad"
+        },
+        "mode": 448
+      }
+    ],
+    "files": [
+      {
+        "path": "/etc/hostname",
+        "contents": {
+          "compression": "",
+          "source": "data:,jaglan-beta-m41"
+        },
+        "mode": 420
+      },
+      {
+        "path": "/etc/yum.repos.d/hashicorp.repo",
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/7SPPcvCQBCE+/sVKdIm+76tkN5eO7HYXMY7ydexuwr+e4kfZ2EjgtXOMvAMzy6yxqOfJe3dxCOa9fMvNsbtgKIqypYVLD66JZxkaKJZ0hWRpLEWDGCF1plU+3mkA7pZmMpHfYZQ5pDe0A7Tcrrm34UUfITv77HH5ZOJkIJzL4HKoPZmsYXaTxyWtWzw97XBNQAA//9Dsu7agQEAAA=="
+        },
+        "mode": 420
+      },
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/etc/consul.d/consul.hcl",
+        "user": {
+          "name": "consul"
+        },
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/1SPPU/DMBRFd/+KK7NSlZa2WzY+FhCtBAKEUPviPGK3yXNjvwD596hhgfWc4d5TkZJjUU4oYPdUNySTkpWsOaltFUYxjUeduii5b6xhcWk46okv75buQW79ZnV5/XTfrVUW+npVzl7oo23LzfdcVs/d+tDxTS4szvDoQ0bIIGR2iRXqSZF97JsKJaNm4UTKFb6Ceux+J3HgoWbZmcSahu0+BkGBt793J+3FzJ7jP1rM7bvJnD7HOk09m58AAAD//+J027nwAAAA"
+        },
+        "mode": 384
+      },
+      {
+        "group": {
+          "name": "nomad"
+        },
+        "path": "/etc/nomad.d/nomad.hcl",
+        "user": {
+          "name": "nomad"
+        },
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/2zJMQ7DIAwF0N2nsNgrTsBZKoO/KipqKtfNEuXuEZmzvqcS0mAB58LpLa8h9qgISbTqqf2KPL+RbX5E8+JE1EaHBe/EDJM6oFw4/A866Aff4Pd3BgAA///Bwum4cQAAAA=="
+        },
+        "mode": 384
+      }
+    ]
+  },
+  "systemd": {
+    "units": [
+      {
+        "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul nomad\nExecStart=systemctl enable consul nomad\nExecStart=/bin/touch /var/lib/%N.stamp\nExecStart=systemctl reboot\n\n[Install]\nWantedBy=multi-user.target",
+        "enabled": true,
+        "name": "rpm-ostree-install-hashistack.service"
+      }
+    ]
+  }
+}

archive/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.bu

@@ -0,0 +1,56 @@
+variant: fcos
+version: 1.5.0
+passwd:
+  users:
+    - name: core
+      ssh_authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com
+    # We need to make users for consul and nomad as we need them before their installed
+    - name: consul
+      no_create_home: true
+    - name: nomad
+      no_create_home: true
+systemd:
+  units:
+    - name: rpm-ostree-install-hashistack.service
+      enabled: true
+      contents_local: /units/rpm-ostree-install-hashistack.service
+storage:
+  files:
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: jaglan-beta-m42
+    - path: /etc/yum.repos.d/hashicorp.repo
+      contents:
+        local: /etc/yum.repos.d/hashicorp.repo
+      mode: 0644
+    - path: /etc/consul.d/consul.hcl
+      contents:
+        local: /etc/consul.d/consul.hcl
+      mode: 0600
+      group:
+        name: consul
+      user:
+        name: consul
+    - path: /etc/nomad.d/nomad.hcl
+      contents:
+        local: /etc/nomad.d/nomad.hcl
+      mode: 0600
+      group:
+        name: nomad
+      user:
+        name: nomad
+  directories:
+    - path: /opt/consul
+      mode: 0700
+      user:
+        name: consul
+      group:
+        name: consul
+    - path: /opt/nomad/data
+      mode: 0700
+      user:
+        name: nomad
+      group:
+        name: nomad

archive/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.ign

@@ -0,0 +1,102 @@
+{
+  "ignition": {
+    "version": "3.4.0"
+  },
+  "passwd": {
+    "users": [
+      {
+        "name": "core",
+        "sshAuthorizedKeys": [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com"
+        ]
+      },
+      {
+        "name": "consul",
+        "noCreateHome": true
+      },
+      {
+        "name": "nomad",
+        "noCreateHome": true
+      }
+    ]
+  },
+  "storage": {
+    "directories": [
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/opt/consul",
+        "user": {
+          "name": "consul"
+        },
+        "mode": 448
+      },
+      {
+        "group": {
+          "name": "nomad"
+        },
+        "path": "/opt/nomad/data",
+        "user": {
+          "name": "nomad"
+        },
+        "mode": 448
+      }
+    ],
+    "files": [
+      {
+        "path": "/etc/hostname",
+        "contents": {
+          "compression": "",
+          "source": "data:,jaglan-beta-m42"
+        },
+        "mode": 420
+      },
+      {
+        "path": "/etc/yum.repos.d/hashicorp.repo",
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/7SPPcvCQBCE+/sVKdIm+76tkN5eO7HYXMY7ydexuwr+e4kfZ2EjgtXOMvAMzy6yxqOfJe3dxCOa9fMvNsbtgKIqypYVLD66JZxkaKJZ0hWRpLEWDGCF1plU+3mkA7pZmMpHfYZQ5pDe0A7Tcrrm34UUfITv77HH5ZOJkIJzL4HKoPZmsYXaTxyWtWzw97XBNQAA//9Dsu7agQEAAA=="
+        },
+        "mode": 420
+      },
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/etc/consul.d/consul.hcl",
+        "user": {
+          "name": "consul"
+        },
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/1SPPU/DMBRFd/+KK7NSlZa2WzY+FhCtBAKEUPviPGK3yXNjvwD596hhgfWc4d5TkZJjUU4oYPdUNySTkpWsOaltFUYxjUeduii5b6xhcWk46okv75buQW79ZnV5/XTfrVUW+npVzl7oo23LzfdcVs/d+tDxTS4szvDoQ0bIIGR2iRXqSZF97JsKJaNm4UTKFb6Ceux+J3HgoWbZmcSahu0+BkGBt793J+3FzJ7jP1rM7bvJnD7HOk09m58AAAD//+J027nwAAAA"
+        },
+        "mode": 384
+      },
+      {
+        "group": {
+          "name": "nomad"
+        },
+        "path": "/etc/nomad.d/nomad.hcl",
+        "user": {
+          "name": "nomad"
+        },
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/2zJMQ7DIAwF0N2nsNgrTsBZKoO/KipqKtfNEuXuEZmzvqcS0mAB58LpLa8h9qgISbTqqf2KPL+RbX5E8+JE1EaHBe/EDJM6oFw4/A866Aff4Pd3BgAA///Bwum4cQAAAA=="
+        },
+        "mode": 384
+      }
+    ]
+  },
+  "systemd": {
+    "units": [
+      {
+        "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul nomad\nExecStart=systemctl enable consul nomad\nExecStart=/bin/touch /var/lib/%N.stamp\nExecStart=systemctl reboot\n\n[Install]\nWantedBy=multi-user.target",
+        "enabled": true,
+        "name": "rpm-ostree-install-hashistack.service"
+      }
+    ]
+  }
+}

archive/1-coreos/1-prepare-ignition-files/readme.md

@@ -0,0 +1,3 @@
+1. Ensure butane is installed `dnf install butane`
+2. Compile butane files into ignition files
+    `butane --pretty --strict jaglan-beta-m42.bu --files-dir . --output jaglan-beta-m42.ign`

archive/1-coreos/1-prepare-ignition-files/units/rpm-ostree-install-hashistack.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Layer nomad & consul with rpm-ostree
+Wants=network-online.target
+After=network-online.target
+# We run before `zincati.service` to avoid conflicting rpm-ostree
+# transactions.
+Before=zincati.service
+ConditionPathExists=!/var/lib/%N.stamp
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+# `--allow-inactive` ensures that rpm-ostree does not return an error
+# if the package is already installed. This is useful if the package is
+# added to the root image in a future Fedora CoreOS release as it will
+# prevent the service from failing.
+ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul nomad
+ExecStart=systemctl enable consul nomad
+ExecStart=/bin/touch /var/lib/%N.stamp
+ExecStart=systemctl reboot
+
+[Install]
+WantedBy=multi-user.target