From 8756b1b65ee781db58446b801669c489bba4c479 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Tue, 16 Sep 2025 13:36:12 +0200 Subject: [PATCH] set up initial k3s config --- clan.nix | 7 + flake.lock | 318 ++++++++++++++++++-- flake.nix | 9 +- sops/secrets/zitadel_inital_password/secret | 15 + 4 files changed, 329 insertions(+), 20 deletions(-) create mode 100644 sops/secrets/zitadel_inital_password/secret diff --git a/clan.nix b/clan.nix index 4e373a3..0582c93 100644 --- a/clan.nix +++ b/clan.nix @@ -42,6 +42,13 @@ roles.controller.machines."m1" = { }; roles.peer.tags.all = { }; }; + + k3s = { + module = { + name = "@amarth/k3s"; + input = "amarth"; + }; + }; }; # Additional NixOS configuration can be added here. diff --git a/flake.lock b/flake.lock index acbceee..0b21c58 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,30 @@ { "nodes": { + "amarth": { + "inputs": { + "clan-core": "clan-core", + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "amarth", + "clan-core", + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1757947021, + "narHash": "sha256-BinQx0l//FdLRxYzvQG6lwP8HR9g8iiJ5I6vt5Mm1Fs=", + "ref": "refs/heads/main", + "rev": "5525d770f1f73145860f2f929496d3d85ee058dc", + "revCount": 3, + "type": "git", + "url": "https://git.amarth.cloud/amarth/services.git" + }, + "original": { + "type": "git", + "url": "https://git.amarth.cloud/amarth/services.git" + } + }, "clan-core": { "inputs": { "data-mesher": "data-mesher", @@ -14,11 +39,36 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1756806573, - "narHash": "sha256-NHpnZrZ2bploGlGEUEvTvhDZRpI1yjFj72SSTmw56GI=", - "rev": "f97e22e125143e8e58325aa614aee59ed868296b", + "lastModified": 1757912940, + "narHash": "sha256-Xypz7pxa1L09GooMueosv0CRW4Cx5/gdtvSPBrnXf6M=", + "rev": "93280a9f987bbe689c74f1ea21d0c2fa4645c359", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/f97e22e125143e8e58325aa614aee59ed868296b.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/93280a9f987bbe689c74f1ea21d0c2fa4645c359.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.clan.lol/clan/clan-core/archive/main.tar.gz" + } + }, + "clan-core_2": { + "inputs": { + "data-mesher": "data-mesher_2", + "disko": "disko_2", + "flake-parts": "flake-parts_3", + "nix-darwin": "nix-darwin_2", + "nix-select": "nix-select_2", + "nixos-facter-modules": "nixos-facter-modules_2", + "nixpkgs": "nixpkgs_2", + "sops-nix": "sops-nix_2", + "systems": "systems_3", + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1757912940, + "narHash": "sha256-Xypz7pxa1L09GooMueosv0CRW4Cx5/gdtvSPBrnXf6M=", + "rev": "93280a9f987bbe689c74f1ea21d0c2fa4645c359", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/93280a9f987bbe689c74f1ea21d0c2fa4645c359.tar.gz" }, "original": { "type": "tarball", @@ -26,6 +76,36 @@ } }, "data-mesher": { + "inputs": { + "flake-parts": [ + "amarth", + "clan-core", + "flake-parts" + ], + "nixpkgs": [ + "amarth", + "clan-core", + "nixpkgs" + ], + "treefmt-nix": [ + "amarth", + "clan-core", + "treefmt-nix" + ] + }, + "locked": { + "lastModified": 1757905600, + "narHash": "sha256-Yd7buL9N7N7IaDVViItqP9HsECfnlDFykxvvNgMYcKk=", + "rev": "c10c4002bdc5aef040fcbb814d5f482e82dc8345", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/c10c4002bdc5aef040fcbb814d5f482e82dc8345.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.clan.lol/clan/data-mesher/archive/main.tar.gz" + } + }, + "data-mesher_2": { "inputs": { "flake-parts": [ "clan-core", @@ -41,11 +121,11 @@ ] }, "locked": { - "lastModified": 1756695982, - "narHash": "sha256-dyLhOSDzxZtRgi5aj/OuaZJUsuvo+8sZ9CU/qieZ15c=", - "rev": "cc8f26e7e6c2dc985526ba59b286ae5a83168cdb", + "lastModified": 1757905600, + "narHash": "sha256-Yd7buL9N7N7IaDVViItqP9HsECfnlDFykxvvNgMYcKk=", + "rev": "c10c4002bdc5aef040fcbb814d5f482e82dc8345", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/cc8f26e7e6c2dc985526ba59b286ae5a83168cdb.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/c10c4002bdc5aef040fcbb814d5f482e82dc8345.tar.gz" }, "original": { "type": "tarball", @@ -55,16 +135,38 @@ "disko": { "inputs": { "nixpkgs": [ + "amarth", "clan-core", "nixpkgs" ] }, "locked": { - "lastModified": 1756733629, - "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "owner": "nix-community", "repo": "disko", - "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "owner": "nix-community", + "repo": "disko", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "type": "github" }, "original": { @@ -74,6 +176,49 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "amarth", + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "amarth", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "clan-core", @@ -97,16 +242,38 @@ "nix-darwin": { "inputs": { "nixpkgs": [ + "amarth", "clan-core", "nixpkgs" ] }, "locked": { - "lastModified": 1755825449, - "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", + "lastModified": 1757430124, + "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", + "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", + "type": "github" + }, + "original": { + "owner": "nix-darwin", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-darwin_2": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757430124, + "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", + "owner": "nix-darwin", + "repo": "nix-darwin", + "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", "type": "github" }, "original": { @@ -128,6 +295,19 @@ "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" } }, + "nix-select_2": { + "locked": { + "lastModified": 1755887746, + "narHash": "sha256-lzWbpHKX0WAn/jJDoCijIDss3rqYIPawe46GDaE6U3g=", + "rev": "92c2574c5e113281591be01e89bb9ddb31d19156", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/nix-select/archive/92c2574c5e113281591be01e89bb9ddb31d19156.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" + } + }, "nixos-facter-modules": { "locked": { "lastModified": 1756491981, @@ -143,6 +323,21 @@ "type": "github" } }, + "nixos-facter-modules_2": { + "locked": { + "lastModified": 1756491981, + "narHash": "sha256-lXyDAWPw/UngVtQfgQ8/nrubs2r+waGEYIba5UX62+k=", + "owner": "nix-community", + "repo": "nixos-facter-modules", + "rev": "c1b29520945d3e148cd96618c8a0d1f850965d8c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-facter-modules", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 315532800, @@ -156,9 +351,23 @@ "url": "https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 315532800, + "narHash": "sha256-h8Sx4S+/0FpodZji6W9lHzwY5BcuUG85Aj3GfhvGC2o=", + "rev": "a650b5d0de99158323597f048667c4d914243224", + "type": "tarball", + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre845298.a650b5d0de99/nixexprs.tar.xz" + }, + "original": { + "type": "tarball", + "url": "https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz" + } + }, "root": { "inputs": { - "clan-core": "clan-core", + "amarth": "amarth", + "clan-core": "clan-core_2", "nixpkgs": [ "clan-core", "nixpkgs" @@ -168,16 +377,38 @@ "sops-nix": { "inputs": { "nixpkgs": [ + "amarth", "clan-core", "nixpkgs" ] }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1757449901, + "narHash": "sha256-qwN8nYdSRnmmyyi+uR6m4gXnVktmy5smG1MOrSFD8PI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "3b4a369df9dd6ee171a7ea4448b50e2528faf850", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_2": { + "inputs": { + "nixpkgs": [ + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757449901, + "narHash": "sha256-qwN8nYdSRnmmyyi+uR6m4gXnVktmy5smG1MOrSFD8PI=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "3b4a369df9dd6ee171a7ea4448b50e2528faf850", "type": "github" }, "original": { @@ -201,7 +432,58 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "amarth", + "clan-core", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756662192, + "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "clan-core", diff --git a/flake.nix b/flake.nix index 340c1b7..ffd0b70 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,11 @@ { - inputs.clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; - inputs.nixpkgs.follows = "clan-core/nixpkgs"; + inputs = { + clan-core.url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + + nixpkgs.follows = "clan-core/nixpkgs"; + + amarth.url = "git+https://git.amarth.cloud/amarth/services.git"; + }; outputs = { diff --git a/sops/secrets/zitadel_inital_password/secret b/sops/secrets/zitadel_inital_password/secret new file mode 100644 index 0000000..a4eec86 --- /dev/null +++ b/sops/secrets/zitadel_inital_password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:goNAmzE7VSnSeW3VmCg8ZM6iq66WN2Lo8UqSTN3t9rbmqm0L+Ho8SqfqiKX7gCrid1A=,iv:fgU2T94TRRH00GcLtUc6/TaTv/HyvZrOok5zrBFpyoI=,tag:lJr/KUSVupAwI1/Cp/er5A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMUQ5VkRnT3BtYlMvUVYx\nOEwrUjF4dUQxRU93ZkE0RUl5YlFRa29veVJzCjlLOGNGWEw0Sm5RaFFDekNhL1Ft\nY3NwNjZIRHpmMGVPU3FiS0VOVlV5WlUKLS0tIEQvc21HaER3VUQ2ZE5LdjREdFVo\nek95a3kwTWVLODJPRE5NM2paamZ1UHcKcdPkfgbrFOepolCt8Z/Qcd2FyUDHuDlG\nKLKqzwu5ieWk7A3BQ3Q03on5WYLhbY51PxAIDFbQzOgBSrcP7R52RQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-15T09:17:20Z", + "mac": "ENC[AES256_GCM,data:x58lVbUftxLT27hsSNSjX7Oy55W7UXiaLa4uQA4o+wxH4JlPR75sa/UGOVhufQoEi4hOPc/9b4kDt9jEasNJpdCaUrtsstfe69ZpWtCrnfZMAywlplKofRzMuxbvJHlU8Wn+gGll5BFz400fJMq2qPDLhVEo4eUzcX/RqDGymC0=,iv:BdkvmpEdMmTMkxbs+yvHxZWUgxf8flqhkjSitUlU3CU=,tag:usXzrIPEwKrQFs3vL/Ss4g==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +}