From 8834b42f909942546c0defe544030988b0071301 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Thu, 18 Sep 2025 09:08:26 +0000 Subject: [PATCH 1/7] Update vars via generator zitadel for machine m1 --- .../zitadel/initialAdminPassword/machines/m1 | 1 + .../m1/zitadel/initialAdminPassword/secret | 19 +++++++++++++++++++ .../zitadel/initialAdminPassword/users/nixos | 1 + .../m1/zitadel/masterKey/machines/m1 | 1 + vars/per-machine/m1/zitadel/masterKey/secret | 19 +++++++++++++++++++ .../m1/zitadel/masterKey/users/nixos | 1 + 6 files changed, 42 insertions(+) create mode 120000 vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 create mode 100644 vars/per-machine/m1/zitadel/initialAdminPassword/secret create mode 120000 vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos create mode 120000 vars/per-machine/m1/zitadel/masterKey/machines/m1 create mode 100644 vars/per-machine/m1/zitadel/masterKey/secret create mode 120000 vars/per-machine/m1/zitadel/masterKey/users/nixos diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 b/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 new file mode 120000 index 0000000..9be3644 --- /dev/null +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 @@ -0,0 +1 @@ +../../../../../../sops/machines/m1 \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/secret b/vars/per-machine/m1/zitadel/initialAdminPassword/secret new file mode 100644 index 0000000..9b59309 --- /dev/null +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:oWC0pFxI6dSiuVa7EIA26hO2GF9gjbSlR38c+la8jRZlf1F6iVWAqObSWGYDJO96bE7o,iv:fJsWsw4Uy6HXmzrJ2OzSf58MPjOwnwi+9+lPUAS7gO8=,tag:Lc1yiSdsnFROUdvZ/8dKfA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jttkmrt43ugulsn9q6y9u0hm2ec96nkfud3thfkrtsuyrpzcg2saan3mu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZ0MxUkh2NnFJSTZRT1FK\nL1RWb2tvYzdITWhQb2RyUURaVWlSV2hEbmprCmlRSC9iUHNjL2pBblZiQ0U1Q1RP\nYXNkdkppejZKM3NmOHEybjVoc1ZtK3cKLS0tIDF0MzJRWEVwKzR3SXBQMWVKNk5k\nRmV0eGp1Wjk1UHNVMjY5V3l2QXo3NkUKfGyfGT0c0RUfsc+uwZFepJzkMojYr+zJ\nNscvqxTTUYXtPhUI9m44fVZKIYWjf8hsrceGWexexzf04w0oW2YafA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTWg0dy9iRTVHZ2k1WW82\nSU9oWGUxUHRHMmJKZGxCVkY5akt2bmpFbWw4CkRXVGtaRzN0bGZzamdkNGsvSktu\neWdFb29EdmNtVDZRYXBhTmc4cTdLbFkKLS0tIG1OYWRoSnpldnFWNlpUTWFQQWdk\naTgrcGFpUTBNUmc2ODVDM3hkQUt0cTQKn7Wwnmtt0QSdJGRaKyRbkRMfmpyt8ZY6\ngfZtP4YD+uxqC1qPsj2kTPdxXfzsG5xW5DDkOnIasV25R7tfCzeKjg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-18T09:08:25Z", + "mac": "ENC[AES256_GCM,data:wYTgJq4LGWkRToxCofJnP6l3er9AfiP/1S1MjHLl9I+E3nxnT3M4FWtGzERlJfDKIwwoHweLKMOEow6idThLq1/88ncp05AhAgHke6+KB3mWAFlsRyJ0EZfuZVua4jpgHFz2FqvFx2VYp5QbZBhYclGewyBOxh/B24p/N+T9dZA=,iv:i3d3/eGAX5rmzmlYQ+tsoIcH1K+PZ4iK7NmJIZ+ZLGI=,tag:LlVrm5ss1IyYY3zKpejFag==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos b/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos new file mode 120000 index 0000000..b1bb8e7 --- /dev/null +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos @@ -0,0 +1 @@ +../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/masterKey/machines/m1 b/vars/per-machine/m1/zitadel/masterKey/machines/m1 new file mode 120000 index 0000000..9be3644 --- /dev/null +++ b/vars/per-machine/m1/zitadel/masterKey/machines/m1 @@ -0,0 +1 @@ +../../../../../../sops/machines/m1 \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/masterKey/secret b/vars/per-machine/m1/zitadel/masterKey/secret new file mode 100644 index 0000000..94af45d --- /dev/null +++ b/vars/per-machine/m1/zitadel/masterKey/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:+NswiWNxVb80iqoq16OtDhAQVQRJIkuCDGn962Rdg3w=,iv:mFVEyMelfJSCh23v9z3JSIt6DNxSoNMesjr0PFGfGnw=,tag:z9TRFvayy1yKxEXJ10I12A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jttkmrt43ugulsn9q6y9u0hm2ec96nkfud3thfkrtsuyrpzcg2saan3mu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4N0hCSmpUc29YcGxtQXZ0\nNUk0ZTFINE91K3FrT1h6Y2p2b0JDUURrdmhrCnpOZ1JkNEJnYlk0NjdnYkZQQVZP\nZzFpV1lWRUpVa2JSeVZ0TEVxdVFwQk0KLS0tIGptTm5qemZHQ2pockJPWTZFYmVW\nL3VQK2JHMzlEaTBsV0tRRlVKUHh4d28KBdw1YR3Op/YErtdlz9fW/K1FcL8WaCRg\nvutT+4Y7hmGk33O06qCnTu1+02OYprKydgogmOYSl+xAdhtx7+PGTA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSE9rNHRTbnQ5QlJHZDdR\nRVcvc2UvODlseXg2UDgxdU9PdVk3U25valJjCmxETHJJQ2Y4UGxQOVd3UTdDK3NR\nQThRbkFRemsyYWZvYnArWWdWMnpmNW8KLS0tIHhWbGI2RDVZNW10cnZOWW5RV09Z\ncHlyTmZpb1JWZ1AzOUQzb1c3ZjRFeUUKepUBc6vrUnZCu0BrSRPYjGj+SaUTqb+0\nZUQ0yCZuYbDZ1HHaW4vqVc1/bkJuset+aULCzRk1v436LCqu4uxghw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-18T09:08:25Z", + "mac": "ENC[AES256_GCM,data:FrW80en9DQXNIm/3doIwbnyP7OP7m+UNnoobQy59P3BeZVclpBSFKsJYtJqjS6QgWcf/FsXTe5i8Cw4A3ZOu0+KF9hpn+by118aball+pRn9WN8HOEtrTKd0hzibFZN4qqg4tyhql16FeYkm71spmwo2i8W861fSis/ei82unIM=,iv:1/4Td9cdVZIpXg/6JLTR+IaaFTnRT61pf1ITJf0sieo=,tag:jc8hfVmbZiFxcWMzhmVuhQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/m1/zitadel/masterKey/users/nixos b/vars/per-machine/m1/zitadel/masterKey/users/nixos new file mode 120000 index 0000000..b1bb8e7 --- /dev/null +++ b/vars/per-machine/m1/zitadel/masterKey/users/nixos @@ -0,0 +1 @@ +../../../../../../sops/users/nixos \ No newline at end of file From af595f2d312359f167717178053afb756b7f7b3c Mon Sep 17 00:00:00 2001 From: clan-tool Date: Thu, 18 Sep 2025 09:15:21 +0000 Subject: [PATCH 2/7] Update vars via generator zitadel for machine m1 --- vars/per-machine/m1/zitadel/initialAdminPassword/value | 1 + vars/per-machine/m1/zitadel/masterKey/secret | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 vars/per-machine/m1/zitadel/initialAdminPassword/value diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/value b/vars/per-machine/m1/zitadel/initialAdminPassword/value new file mode 100644 index 0000000..8ebc5e7 --- /dev/null +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/value @@ -0,0 +1 @@ +aid7eixoo1Aecootoo5IeZ9ooc2imiekeeWovohyaecizaishi diff --git a/vars/per-machine/m1/zitadel/masterKey/secret b/vars/per-machine/m1/zitadel/masterKey/secret index 94af45d..84189a4 100644 --- a/vars/per-machine/m1/zitadel/masterKey/secret +++ b/vars/per-machine/m1/zitadel/masterKey/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:+NswiWNxVb80iqoq16OtDhAQVQRJIkuCDGn962Rdg3w=,iv:mFVEyMelfJSCh23v9z3JSIt6DNxSoNMesjr0PFGfGnw=,tag:z9TRFvayy1yKxEXJ10I12A==,type:str]", + "data": "ENC[AES256_GCM,data:69+gMlRREra1/VDGefyY4uO3dNEMfg2PhUJWs8roGUw=,iv:4klTKyb+Hohc85p2oCLRQ+yO1G7AUWW8X694mUunPpk=,tag:h2l6sATSK+7QKreExWy6Yw==,type:str]", "sops": { "age": [ { "recipient": "age12jttkmrt43ugulsn9q6y9u0hm2ec96nkfud3thfkrtsuyrpzcg2saan3mu", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4N0hCSmpUc29YcGxtQXZ0\nNUk0ZTFINE91K3FrT1h6Y2p2b0JDUURrdmhrCnpOZ1JkNEJnYlk0NjdnYkZQQVZP\nZzFpV1lWRUpVa2JSeVZ0TEVxdVFwQk0KLS0tIGptTm5qemZHQ2pockJPWTZFYmVW\nL3VQK2JHMzlEaTBsV0tRRlVKUHh4d28KBdw1YR3Op/YErtdlz9fW/K1FcL8WaCRg\nvutT+4Y7hmGk33O06qCnTu1+02OYprKydgogmOYSl+xAdhtx7+PGTA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVVUwcEJERGk5ZDVJRTFt\nTzV2cVFhWjYyK1duT0QxVlhpVzhQMUJLM1MwCmxXM2kzajRXOTBkTk9ic3huUUow\nRXg2anNudFBsaU92YnBUVzZSbWE3NDAKLS0tIDhwd2d5cy9TU0YvT2pwUHgyR1Nr\neGl0Sk9meGJoUlIxMHI0VWtRSElTUFkKdgJIZ3avNeyR7q7w9rVTZKhMYmBGa4va\n9m+voQ4IKJbCQGeL+K6UKSU1uEYxkDwM0rLkAJGGo/wndwrJ5Cx+xQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSE9rNHRTbnQ5QlJHZDdR\nRVcvc2UvODlseXg2UDgxdU9PdVk3U25valJjCmxETHJJQ2Y4UGxQOVd3UTdDK3NR\nQThRbkFRemsyYWZvYnArWWdWMnpmNW8KLS0tIHhWbGI2RDVZNW10cnZOWW5RV09Z\ncHlyTmZpb1JWZ1AzOUQzb1c3ZjRFeUUKepUBc6vrUnZCu0BrSRPYjGj+SaUTqb+0\nZUQ0yCZuYbDZ1HHaW4vqVc1/bkJuset+aULCzRk1v436LCqu4uxghw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Y0Q0UFZYTHpTNXdKMzNh\nbmluOU9oV3lBeG5CQS9NQ2FaTjMvVDNlSFJ3Cnd3Snh2QnZldDYyRDZtd1hTOVFF\neTlrS244ZFRsTVVKTGVEU1d2NmRFNVEKLS0tIGV1OWljTittTENEblFwMTNIVUho\nOUVCTEg3UU53SmhpT1lWNnhFbEpucHMKI1FK4lhef3Q5CRFcGHnCGeyumThLaG64\nGJfDwHLQDOEso4P76iu3cIDk2milg0k6rzZvvlunPuyYhMBLdQnO4w==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-18T09:08:25Z", - "mac": "ENC[AES256_GCM,data:FrW80en9DQXNIm/3doIwbnyP7OP7m+UNnoobQy59P3BeZVclpBSFKsJYtJqjS6QgWcf/FsXTe5i8Cw4A3ZOu0+KF9hpn+by118aball+pRn9WN8HOEtrTKd0hzibFZN4qqg4tyhql16FeYkm71spmwo2i8W861fSis/ei82unIM=,iv:1/4Td9cdVZIpXg/6JLTR+IaaFTnRT61pf1ITJf0sieo=,tag:jc8hfVmbZiFxcWMzhmVuhQ==,type:str]", + "lastmodified": "2025-09-18T09:15:20Z", + "mac": "ENC[AES256_GCM,data:69bA5w6Qps1WVv1O5MrBNK66JlUla5HW2oWj2whz1ssJvH1DZzxZK+TQHHTM4ECgvl/6MR6pqqIDxIBjMI/CwYe9zAY7YrKYUM8XJCLt6c8c8C3SQwqaeojcjFKaZ2SSMLlG+wAMFQINjZxtctY9Vs0ayVBwnw8HG0YDb1Ir3b0=,iv:peNqi2leQcVjawrNTUEY80D184ZfkZ1xUzqqEg6b6Po=,tag:jkK76MKjm0lKGrLgFRa0Pw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From ac7a6f8a148c22a115374313f7af238f6b48b48c Mon Sep 17 00:00:00 2001 From: clan-tool Date: Thu, 18 Sep 2025 09:45:51 +0000 Subject: [PATCH 3/7] Update vars via generator k3s for machine c1 --- vars/per-machine/c1/k3s/ip_v4/value | 1 + vars/per-machine/c1/k3s/ip_v6/value | 1 + vars/per-machine/c1/k3s/token/secret | 15 +++++++++++++++ vars/per-machine/c1/k3s/token/users/nixos | 1 + 4 files changed, 18 insertions(+) create mode 100644 vars/per-machine/c1/k3s/ip_v4/value create mode 100644 vars/per-machine/c1/k3s/ip_v6/value create mode 100644 vars/per-machine/c1/k3s/token/secret create mode 120000 vars/per-machine/c1/k3s/token/users/nixos diff --git a/vars/per-machine/c1/k3s/ip_v4/value b/vars/per-machine/c1/k3s/ip_v4/value new file mode 100644 index 0000000..7b9ad53 --- /dev/null +++ b/vars/per-machine/c1/k3s/ip_v4/value @@ -0,0 +1 @@ +127.0.0.1 diff --git a/vars/per-machine/c1/k3s/ip_v6/value b/vars/per-machine/c1/k3s/ip_v6/value new file mode 100644 index 0000000..20e29b1 --- /dev/null +++ b/vars/per-machine/c1/k3s/ip_v6/value @@ -0,0 +1 @@ +::1 diff --git a/vars/per-machine/c1/k3s/token/secret b/vars/per-machine/c1/k3s/token/secret new file mode 100644 index 0000000..65c6188 --- /dev/null +++ b/vars/per-machine/c1/k3s/token/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:MtwZ3Fc2LPNs1ldihofchR4ZVXbcv3bvAcI49Wsqoe7LVAOmuo8tk+0F0DZxlcsZrnyI,iv:oQ0xLxs/IzfrbsA4WH3fiH1P8oTvwOQ460xabFg7j1k=,tag:PJO/rxi9ReZTlXi703UGgw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd1ZvMFZxSDVkYlJaOGZY\ncjVWZVRONVI1SXBaK1ptZlJiZVRudEdVUWtzCmlobkVvSTFLck8wclpyY04zWTlH\nZHZ0K3FCMytTMmJ5eGdOaWdEVXI2azgKLS0tIHBxZzI3N0JXQm12Y0U2TThZMk5I\nK3V1SXZ2YUpFUFJVa3p3TjdwMEo0bG8KCtyaTfNqk9RUwfwb/kNkaAuwrQuFoQbx\nJkt+oolhzgt/hwB+KT2tMKqKn6v7J8WhEItPlylJfsrPTJ6oy5NIFA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-18T09:45:49Z", + "mac": "ENC[AES256_GCM,data:o7owG4EgbZi7wwdCDI/KKFIkRTeALUCsB92TIBip9ZZ2nHyXv7+r5KctHIAEZIIkoTR6FNs7riosA1Td7RbZGkVlSQa/D4vuoFTLQTt+N9ZFnWaz50SYEOkfH6ofieB6zI+JH4RyuDedha+1cVlCzDmZWHsj+bXXXE4Scx04aj4=,iv:pbF/vWAPsgCa/oG7bilALTJMnlfgsuv5mpcCRgemkWE=,tag:VUBavWjXJXLNIM5jumY+Cg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/c1/k3s/token/users/nixos b/vars/per-machine/c1/k3s/token/users/nixos new file mode 120000 index 0000000..b1bb8e7 --- /dev/null +++ b/vars/per-machine/c1/k3s/token/users/nixos @@ -0,0 +1 @@ +../../../../../../sops/users/nixos \ No newline at end of file From 41f85ed7a9202f76b55967302658f24b60984528 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Thu, 18 Sep 2025 09:47:32 +0000 Subject: [PATCH 4/7] Update vars via generator zerotier for machine c2 --- .../zerotier-identity-secret/machines/c2 | 1 + .../zerotier/zerotier-identity-secret/secret | 19 +++++++++++++++++++ .../zerotier-identity-secret/users/nixos | 1 + .../per-machine/c2/zerotier/zerotier-ip/value | 1 + 4 files changed, 22 insertions(+) create mode 120000 vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 create mode 100644 vars/per-machine/c2/zerotier/zerotier-identity-secret/secret create mode 120000 vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos create mode 100644 vars/per-machine/c2/zerotier/zerotier-ip/value diff --git a/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 b/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 new file mode 120000 index 0000000..42c1f4d --- /dev/null +++ b/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 @@ -0,0 +1 @@ +../../../../../../sops/machines/c2 \ No newline at end of file diff --git a/vars/per-machine/c2/zerotier/zerotier-identity-secret/secret b/vars/per-machine/c2/zerotier/zerotier-identity-secret/secret new file mode 100644 index 0000000..05de9b7 --- /dev/null +++ b/vars/per-machine/c2/zerotier/zerotier-identity-secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:0dqzliabPL2ZKLkr+x6GQ4mVlNq8WD1k5dRw1ohqzxtgAuhxeB3yDWVaWtpQT6LQwbcHkQG5eLddgSdGHiKdj3YdSWbqdasL23r5NBxqmdekrvVe2dusAEhhcKIokj0WziOIkti/UBLJsRU71/mba/q6wyCkCUFQvnHML5xz/657dfLqFo6dY4P1Am7hiClADGAZpLIhxS2P1RO2GaOG+BjLNm8KpytKxb1gATsGdQDHTFFtF0S1TuerTASQ2+34v9r/2p92AACliN0uuajD8e2Ev/vr/ZaQmmvws7q23qQoIxjApM7EtRZfQu1LacY8DjiKDT8m22Q5rp7Pf3/IqHnzPf2OmyK2Ln40NOvq,iv:DYig33lqxLoyjbNUJyZRTwaTR0eyfnx70rMN9FSdFWU=,tag:X3dkhi1A05SQNTQtTed79Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10uarjm0d8udtzarf3j7n6tfydsr0crwjv20j0yg8xyvcf2a4jafssqn344", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOFJTM25SNkdVRWdyM3Na\nV3NvQ3k4UTRrUEdNT0tTdzVwTmtiMk9hdGpjCk4rSExIQW1zS1F6MTRiTHJTK2RN\nQVhISjlWM2tpUERlbmM3STJrNElwdDgKLS0tIG9jTWVsRFlLZmF4bUZLVE1HYU9X\nN0xoTEF3SkhmYlhUa1RwbWI2ZzVvWGsKCSXEWIwO0P0TrCICAb265eGE+M/N5uFv\nm05i9y3SnWK4NsQ3lcUA92lYadLsXUUHRuATze7vz3PKgDm7/bGBzg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ejJpSEZWYm9lQlBNc1g2\nSHNsb242R3NjUVdUWjJrWTlGRWZ1L1R0enljCmloOXNta0pQWVJzK0FFc3Z5VnBp\nNlV1L3o3SHpOSDNsTEZwRmpHWlVab0EKLS0tIGgvdGF6ZUtJMDA4U3RaSm40ckhk\nc0xwWXF1TmFGSUdxc29qZG5saS9NV2cKTMGeNYas82xp9ynLb5eOTbQKonGFG6Ig\nYfnGqj/nCQUk6J1QYiY07/FLU5Wldu5jWdCYkVxN+pX6v7tdFRmxLA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-18T09:47:31Z", + "mac": "ENC[AES256_GCM,data:CBRUFJSmGo1OltMNhivUg9Zioygv+rWMbIyJXKBAnUS2P4j2jwV5bPE3KhnXmzkoVP1SrAYstd9Ht9Zx1KHeU0B0E0OKiJPT30dpDflFPja707P94kxHvnkIkALkLbJiW9dgHF6uQOMvupn6iTN/O30EmIPOnBZFj7kfuBmwaiQ=,iv:N6n7GlOnr6NdbBmW/B4XO+CgC+pMuiBFQjprltQ5+p0=,tag:XLMti3OM3dz7pK1WBFgd4w==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos b/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos new file mode 120000 index 0000000..b1bb8e7 --- /dev/null +++ b/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos @@ -0,0 +1 @@ +../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/c2/zerotier/zerotier-ip/value b/vars/per-machine/c2/zerotier/zerotier-ip/value new file mode 100644 index 0000000..b4c98a3 --- /dev/null +++ b/vars/per-machine/c2/zerotier/zerotier-ip/value @@ -0,0 +1 @@ +fd03:2623:9523:e639:2899:9304:1bc9:4a52 \ No newline at end of file From 547155b5dea1b11c4b97c5934912628c7cf086a5 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Thu, 18 Sep 2025 09:47:38 +0000 Subject: [PATCH 5/7] Update vars via generator zerotier for machine c3 --- .../zerotier-identity-secret/machines/c3 | 1 + .../zerotier/zerotier-identity-secret/secret | 19 +++++++++++++++++++ .../zerotier-identity-secret/users/nixos | 1 + .../per-machine/c3/zerotier/zerotier-ip/value | 1 + 4 files changed, 22 insertions(+) create mode 120000 vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 create mode 100644 vars/per-machine/c3/zerotier/zerotier-identity-secret/secret create mode 120000 vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos create mode 100644 vars/per-machine/c3/zerotier/zerotier-ip/value diff --git a/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 b/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 new file mode 120000 index 0000000..4115c15 --- /dev/null +++ b/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 @@ -0,0 +1 @@ +../../../../../../sops/machines/c3 \ No newline at end of file diff --git a/vars/per-machine/c3/zerotier/zerotier-identity-secret/secret b/vars/per-machine/c3/zerotier/zerotier-identity-secret/secret new file mode 100644 index 0000000..b594327 --- /dev/null +++ b/vars/per-machine/c3/zerotier/zerotier-identity-secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:Vq+/jlokkShxyCXZj984waAaw9LKqz1JD6ezoR9u/5yDoWPt7k/qGO/yo/g1VWIWrwF7APoP7Nx3Sk5F4xiYLh3iSD93zFfSyT6qAYfG3LW9kBe1w+GvHdx7C4AyZL2pHb66RkTzi+dosdI6KuZemqPwfZS/FBUKObiNWeaXz/pMsucRcUt7FqqpGjeDZTZr+avGLWzfxv8tIZ7RSIL5rbEpinDe/RsKJBVEYqI59rm/NJoOM8V/dkxh3vFkY5X4g4Fh97CkHrNKBfeIrDKDfO7pZ1I4UsZiwUojsDaOaGPkKXNwCGyY7X/AmAoDSEOMFF7S3pcjraO0UZq2/iId95o9FtZ7nVwLkp90Zbwg,iv:O8lENuRf9cP2dC3AjBkvNFY/HLIJJoggWKlvC67d6lo=,tag:uww8yvF9LDY57CmML/VHIw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1axpkt9hv6nat3hqsz69h2ps83q8dqkadg97s3a6yyycqdg5tdy3q5dxtkg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyelNvNDdTWlNjSUhEK21r\nTTNPeml4NzF3aElQWVRkK3YyZzRyTGZLamhZCkRYNlJQRkRFc1RPUEM0UmpYWWFP\nV1E4LzlqME1FWmlyT0VTcmoyeVp1VEkKLS0tIE5Tc3RWeG8xOGFpM0JuRHV2NnJl\nQy9VNXZ6OGQva1R2ZGdIc3BrRCtEMW8KgZ+gJzJpzTluyQrH3NVvtP4wN0oFS1I1\nLCCv5S2dpKw6IG6388Cv7BCoA6dRuI/ijHNimGxrXARXgqKQjzQHfQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBaHFRcmpmK1V6angwY2Rm\nNmFsRGgra1R4YUx4ckRkRlY1aDVNMC8ySFJJCmFXRE05UVlRaXMzVHcrZi9DNGR2\nMnZnaWNxWE5KZ2dhNVZJSCtRWC9HQU0KLS0tIFB3NDhwcW0yTUo5a3Q1VXZ4VmND\nb081aDVOT0lqYmVlSFBxSnpwWnB1WUUKaTrZaBYRHOT71wL0RC6Em3IVStMWK5pw\nTX6zEdyXrvkesWfvfp7FHA+mV0ju11BDNEVQJksRjnGToGCe98BwRg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-18T09:47:36Z", + "mac": "ENC[AES256_GCM,data:qK8okCuc1QuRqnWzDFE0eSJ/QflBxtHo/77J6M9jypBTMM3Qq3VFrh1QxDl4GLt5MfB0XxMcSEQk2775jAZmO5xQexO2LC5DBLV+C1OhObpla6/Fb9TbJfHctQfvuzEr8pCJo83E1g8dq9a6fu5s/eabvPaR5ARVT2ymaI2DtCc=,iv:YNeySSXy+sdzs8h/aoYCxeuOuiY1CeEdIWBMkmk6crk=,tag:FMg5nZZkoV/+Dx+Sk7t13Q==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos b/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos new file mode 120000 index 0000000..b1bb8e7 --- /dev/null +++ b/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos @@ -0,0 +1 @@ +../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/c3/zerotier/zerotier-ip/value b/vars/per-machine/c3/zerotier/zerotier-ip/value new file mode 100644 index 0000000..19639e0 --- /dev/null +++ b/vars/per-machine/c3/zerotier/zerotier-ip/value @@ -0,0 +1 @@ +fd03:2623:9523:e639:2899:93e8:5d0:8ec6 \ No newline at end of file From 0d1e1fe033582c4424bd550bacf08c79b5b952dc Mon Sep 17 00:00:00 2001 From: clan-tool Date: Thu, 18 Sep 2025 10:03:59 +0000 Subject: [PATCH 6/7] Add c1 to secret --- vars/per-machine/c1/k3s/token/machines/c1 | 1 + vars/per-machine/c1/k3s/token/secret | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 120000 vars/per-machine/c1/k3s/token/machines/c1 diff --git a/vars/per-machine/c1/k3s/token/machines/c1 b/vars/per-machine/c1/k3s/token/machines/c1 new file mode 120000 index 0000000..01430a8 --- /dev/null +++ b/vars/per-machine/c1/k3s/token/machines/c1 @@ -0,0 +1 @@ +../../../../../../sops/machines/c1 \ No newline at end of file diff --git a/vars/per-machine/c1/k3s/token/secret b/vars/per-machine/c1/k3s/token/secret index 65c6188..3d07cc2 100644 --- a/vars/per-machine/c1/k3s/token/secret +++ b/vars/per-machine/c1/k3s/token/secret @@ -2,9 +2,13 @@ "data": "ENC[AES256_GCM,data:MtwZ3Fc2LPNs1ldihofchR4ZVXbcv3bvAcI49Wsqoe7LVAOmuo8tk+0F0DZxlcsZrnyI,iv:oQ0xLxs/IzfrbsA4WH3fiH1P8oTvwOQ460xabFg7j1k=,tag:PJO/rxi9ReZTlXi703UGgw==,type:str]", "sops": { "age": [ + { + "recipient": "age19cnepqj2xclqwgv9esldz3znsezxazz0599ctkn2t5znsvxjxdjqvnxl80", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WW40aExiWjB4OTlyU1RU\nQThRcml1N1RBSlJhUDhiVTB3TGE5MVpQTm5vClo1bEhyT1lYMWpWaCtndm12NHJS\nUi80RmUwdW5sODBDK0dyUVd3VEcvQTgKLS0tIHJGbmluUi9hQVIrRWZhaEVwcE9U\nenc3MEZvM2ZyOE5uRENwQmxKUXpQMncKiaOpoGlMteGv0mNsG9fPjN5ZWh966hH4\nFXuUkcViZAdesFuaiGXHbyD/UvQpiY2PknQTSWlyy51ah6/gjgq7ew==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd1ZvMFZxSDVkYlJaOGZY\ncjVWZVRONVI1SXBaK1ptZlJiZVRudEdVUWtzCmlobkVvSTFLck8wclpyY04zWTlH\nZHZ0K3FCMytTMmJ5eGdOaWdEVXI2azgKLS0tIHBxZzI3N0JXQm12Y0U2TThZMk5I\nK3V1SXZ2YUpFUFJVa3p3TjdwMEo0bG8KCtyaTfNqk9RUwfwb/kNkaAuwrQuFoQbx\nJkt+oolhzgt/hwB+KT2tMKqKn6v7J8WhEItPlylJfsrPTJ6oy5NIFA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONXpzaVF6RjhCVlE3ZWdm\nUUNTL3E4UzE2SGZReWQrNGpaM2R6ZWRRSkI0CnNwQVQvUjc4b25OR1Vwa3lKVTVJ\nWHZJM2ZMV3V0RHc2NmlQaXBXUFRVOEEKLS0tIFpVY0lqUmlSMVR5amNyV1VmUlBw\namxrN2NvQnlKeVE1aE9NazloN3pubEEKfj1FFC+aLeqX8Lt1tnYAaS5pLZEEAZdL\nCJRNXEa4W+++dDsGEbK4iHy9DtHFeATPcd3TnpGKeUTThIUvOhajrw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-18T09:45:49Z", From f099496668cf43c293addbee1d71467a1b40d1ad Mon Sep 17 00:00:00 2001 From: clan-tool Date: Thu, 18 Sep 2025 14:24:34 +0200 Subject: [PATCH 7/7] . --- clan.nix | 58 ++++++++++++++----- devShells/flake-module.nix | 12 ++++ flake.lock | 47 ++++++++++----- flake.nix | 55 +++--------------- machines/c1/disko.nix | 50 ++++++++++++++++ machines/c2/disko.nix | 50 ++++++++++++++++ machines/c3/disko.nix | 50 ++++++++++++++++ machines/m1/configuration.nix | 3 +- modules/gnome.nix | 15 ----- sops/secrets/c1-age.key/users/chris | 1 - sops/secrets/c2-age.key/users/chris | 1 - sops/secrets/c3-age.key/users/chris | 1 - sops/secrets/m1-age.key/users/chris | 1 - vars/per-machine/c1/k3s/token/machines/c1 | 1 - vars/per-machine/c1/k3s/token/users/nixos | 1 - .../zerotier-identity-secret/machines/c2 | 1 - .../zerotier-identity-secret/users/nixos | 1 - .../zerotier-identity-secret/machines/c3 | 1 - .../zerotier-identity-secret/users/nixos | 1 - .../zitadel/initialAdminPassword/machines/m1 | 1 - .../m1/zitadel/initialAdminPassword/secret | 19 ------ .../zitadel/initialAdminPassword/users/nixos | 1 - .../m1/zitadel/masterKey/machines/m1 | 1 - .../m1/zitadel/masterKey/users/nixos | 1 - 24 files changed, 245 insertions(+), 128 deletions(-) create mode 100644 devShells/flake-module.nix create mode 100644 machines/c1/disko.nix create mode 100644 machines/c2/disko.nix create mode 100644 machines/c3/disko.nix delete mode 100644 modules/gnome.nix delete mode 120000 sops/secrets/c1-age.key/users/chris delete mode 120000 sops/secrets/c2-age.key/users/chris delete mode 120000 sops/secrets/c3-age.key/users/chris delete mode 120000 sops/secrets/m1-age.key/users/chris delete mode 120000 vars/per-machine/c1/k3s/token/machines/c1 delete mode 120000 vars/per-machine/c1/k3s/token/users/nixos delete mode 120000 vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 delete mode 120000 vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos delete mode 120000 vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 delete mode 120000 vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos delete mode 120000 vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 delete mode 100644 vars/per-machine/m1/zitadel/initialAdminPassword/secret delete mode 120000 vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos delete mode 120000 vars/per-machine/m1/zitadel/masterKey/machines/m1 delete mode 120000 vars/per-machine/m1/zitadel/masterKey/users/nixos diff --git a/clan.nix b/clan.nix index 92e13a2..874586a 100644 --- a/clan.nix +++ b/clan.nix @@ -7,25 +7,29 @@ inventory.machines = { m1 = { - name = "Management node 1"; + name = "management-1"; + description = "Management node 1"; machineClass = "nixos"; - tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity: medium" "" ]; + tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity:critical" "" ]; deploy.targetHost = "root@192.168.1.222"; }; c1 = { - name = "Compute node 1"; + name = "compute-1"; + description = "Compute node 1"; machineClass = "nixos"; - tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; + tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; }; c2 = { - name = "Compute node 2"; + name = "compute-2"; + description = "Compute node 2"; machineClass = "nixos"; - tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; + tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; }; c3 = { - name = "Compute node 3"; + name = "compute-3"; + description = "Compute node 3"; machineClass = "nixos"; - tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; + tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; }; }; @@ -45,24 +49,28 @@ zitadel = { module = { - name = "@amarth/zitadel"; + name = "zitadel"; input = "amarth-services"; }; - roles.controller.machines."m1" = {}; + roles.controller = { + machines."m1" = {}; + settings = { + hostName = "auth.amarth.cloud"; + displayName = "Amarth"; + }; + }; }; k3s = { module = { - name = "@amarth/k3s"; - input = "amarth"; + name = "k3s"; + input = "amarth-services"; }; roles.server.machines."c1" = {}; - roles.agent.machines."c2" = {}; roles.agent.machines."c3" = {}; ->>>>>>> 81bc14dcb9b649451939a01d3828ca4c170dc897 }; }; @@ -70,8 +78,26 @@ # machines/jon/configuration.nix will be automatically imported. # See: https://docs.clan.lol/guides/more-machines/#automatic-registration machines = { - m1 = { config, pkgs, ... }: { - environment.systemPackages = [ pkgs.asciinema ]; + # m1 = { config, pkgs, ... }: { + # environment.systemPackages = [ pkgs.asciinema ]; + + # nixpkgs.hostPlatform = "x86_64-linux"; + # }; + m1 = { + nixpkgs.hostPlatform = "x86_64-linux"; + networking.domain = "amarth.local"; + }; + c1 = { + nixpkgs.hostPlatform = "x86_64-linux"; + networking.domain = "amarth.local"; + }; + c2 = { + nixpkgs.hostPlatform = "x86_64-linux"; + networking.domain = "amarth.local"; + }; + c3 = { + nixpkgs.hostPlatform = "x86_64-linux"; + networking.domain = "amarth.local"; }; }; } diff --git a/devShells/flake-module.nix b/devShells/flake-module.nix new file mode 100644 index 0000000..6fa23fd --- /dev/null +++ b/devShells/flake-module.nix @@ -0,0 +1,12 @@ +{ + perSystem = { pkgs, inputs', ... }: { + devShells.default = pkgs.mkShellNoCC { + packages = with pkgs; [ + bash + sops + + inputs'.clan-core.packages.clan-cli + ]; + }; + }; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index d9f9b6f..287fa11 100644 --- a/flake.lock +++ b/flake.lock @@ -5,14 +5,15 @@ "clan-core": "clan-core", "devshell": "devshell", "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "systems": "systems_2" }, "locked": { - "lastModified": 1758132307, - "narHash": "sha256-qO40PUZ6OJnBGPWA4wXG0TnKAcgM+CQhroKHFle8O88=", + "lastModified": 1758197467, + "narHash": "sha256-3LciQLDSdPaD/rgcVCk3V62XlCtDFLdRy/NkbUbkgAY=", "ref": "refs/heads/main", - "rev": "bf272f660796f765c2919a2e4a75441556604d18", - "revCount": 12, + "rev": "9f16bb29ab94268c8177d4965f621319dfb5bad7", + "revCount": 39, "type": "git", "url": "https://git.amarth.cloud/amarth/services" }, @@ -66,15 +67,15 @@ "nixpkgs" ], "sops-nix": "sops-nix_2", - "systems": "systems_2", + "systems": "systems_3", "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1758121565, - "narHash": "sha256-y37cz5A+EFMBvWi0/S+wrkTMHGQnDb7cifqZoIfSRHE=", - "rev": "b7798f54666fe61d8b16b5c45c39fac97e2d2e60", + "lastModified": 1758189924, + "narHash": "sha256-qBoYADWqfKPhr5D0Sz8vWa3BrWbMH2boAh3qfEdUkmg=", + "rev": "e03fcc25e7846c74b04eb73ed577bb7b20629356", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/b7798f54666fe61d8b16b5c45c39fac97e2d2e60.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/e03fcc25e7846c74b04eb73ed577bb7b20629356.tar.gz" }, "original": { "type": "tarball", @@ -204,11 +205,11 @@ ] }, "locked": { - "lastModified": 1757508292, - "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "lastModified": 1758160037, + "narHash": "sha256-fXelTdjdILspZ1IUU9aICB1+PXwSFiF8j+7ujwo1VpQ=", "owner": "nix-community", "repo": "disko", - "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "rev": "4f554162fff88e77655073d352eec0cea71103a2", "type": "github" }, "original": { @@ -407,11 +408,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1758035966, + "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "type": "github" }, "original": { @@ -489,6 +490,20 @@ } }, "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index e096edf..e9fb98f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,8 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + nixpkgs = { + url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + }; flake-parts = { url = "github:hercules-ci/flake-parts"; @@ -23,59 +25,18 @@ }; outputs = - inputs@{ flake-parts, ... }: + inputs@{ flake-parts, self, clan-core, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ ... }: { systems = [ "x86_64-linux" ]; imports = [ - inputs.clan-core.flakeModules.default - inputs.devshell.flakeModule - ./clan.nix + clan-core.flakeModules.default + + ./devShells/flake-module.nix ]; - perSystem = { system, ... }: { - devshells = { - default = { - packages = [ inputs.clan-core.packages.${system}.clan-cli ]; - }; - }; - }; + clan = import ./clan.nix; }); - - # outputs = - # { - # self, - # clan-core, - # nixpkgs, - # ... - # }@inputs: - # let - # # Usage see: https://docs.clan.lol - # clan = clan-core.lib.clan { - # inherit self; - # imports = [ ./clan.nix ]; - # specialArgs = { inherit inputs; }; - # }; - # in - # { - # inherit (clan.config) nixosConfigurations nixosModules clanInternals; - # clan = clan.config; - # # Add the Clan cli tool to the dev shell. - # # Use "nix develop" to enter the dev shell. - # devShells = - # nixpkgs.lib.genAttrs - # [ - # "x86_64-linux" - # "aarch64-linux" - # "aarch64-darwin" - # "x86_64-darwin" - # ] - # (system: { - # default = clan-core.inputs.nixpkgs.legacyPackages.${system}.mkShell { - # packages = [ clan-core.packages.${system}.clan-cli ]; - # }; - # }); - # }; } diff --git a/machines/c1/disko.nix b/machines/c1/disko.nix new file mode 100644 index 0000000..01879d1 --- /dev/null +++ b/machines/c1/disko.nix @@ -0,0 +1,50 @@ +# --- +# schema = "single-disk" +# [placeholders] +# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335" +# --- +# This file was automatically generated! +# CHANGING this configuration requires wiping and reinstalling the machine +{ + + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.enable = true; + disko.devices = { + disk = { + main = { + name = "main-a122d42601d5437687431cfd63ed44e9"; + device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/c2/disko.nix b/machines/c2/disko.nix new file mode 100644 index 0000000..01879d1 --- /dev/null +++ b/machines/c2/disko.nix @@ -0,0 +1,50 @@ +# --- +# schema = "single-disk" +# [placeholders] +# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335" +# --- +# This file was automatically generated! +# CHANGING this configuration requires wiping and reinstalling the machine +{ + + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.enable = true; + disko.devices = { + disk = { + main = { + name = "main-a122d42601d5437687431cfd63ed44e9"; + device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/c3/disko.nix b/machines/c3/disko.nix new file mode 100644 index 0000000..01879d1 --- /dev/null +++ b/machines/c3/disko.nix @@ -0,0 +1,50 @@ +# --- +# schema = "single-disk" +# [placeholders] +# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335" +# --- +# This file was automatically generated! +# CHANGING this configuration requires wiping and reinstalling the machine +{ + + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.enable = true; + disko.devices = { + disk = { + main = { + name = "main-a122d42601d5437687431cfd63ed44e9"; + device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/m1/configuration.nix b/machines/m1/configuration.nix index 9e26dfe..7a73a41 100644 --- a/machines/m1/configuration.nix +++ b/machines/m1/configuration.nix @@ -1 +1,2 @@ -{} \ No newline at end of file +{ +} \ No newline at end of file diff --git a/modules/gnome.nix b/modules/gnome.nix deleted file mode 100644 index d36b852..0000000 --- a/modules/gnome.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: -{ - # Can be imported into machines to enable GNOME and GDM. - # - # Copy this into a machine's configuration: - # `machines//configuration.nix` - # ```nix - # imports = [ - # ../../modules/gnome.nix - # ]; - # ``` - - services.displayManager.gdm.enable = true; - services.desktopManager.gnome.enable = true; -} diff --git a/sops/secrets/c1-age.key/users/chris b/sops/secrets/c1-age.key/users/chris deleted file mode 120000 index 1d434d3..0000000 --- a/sops/secrets/c1-age.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../users/chris \ No newline at end of file diff --git a/sops/secrets/c2-age.key/users/chris b/sops/secrets/c2-age.key/users/chris deleted file mode 120000 index 1d434d3..0000000 --- a/sops/secrets/c2-age.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../users/chris \ No newline at end of file diff --git a/sops/secrets/c3-age.key/users/chris b/sops/secrets/c3-age.key/users/chris deleted file mode 120000 index 1d434d3..0000000 --- a/sops/secrets/c3-age.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../users/chris \ No newline at end of file diff --git a/sops/secrets/m1-age.key/users/chris b/sops/secrets/m1-age.key/users/chris deleted file mode 120000 index 1d434d3..0000000 --- a/sops/secrets/m1-age.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../users/chris \ No newline at end of file diff --git a/vars/per-machine/c1/k3s/token/machines/c1 b/vars/per-machine/c1/k3s/token/machines/c1 deleted file mode 120000 index 01430a8..0000000 --- a/vars/per-machine/c1/k3s/token/machines/c1 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/c1 \ No newline at end of file diff --git a/vars/per-machine/c1/k3s/token/users/nixos b/vars/per-machine/c1/k3s/token/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/c1/k3s/token/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 b/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 deleted file mode 120000 index 42c1f4d..0000000 --- a/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/c2 \ No newline at end of file diff --git a/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos b/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 b/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 deleted file mode 120000 index 4115c15..0000000 --- a/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/c3 \ No newline at end of file diff --git a/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos b/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 b/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 deleted file mode 120000 index 9be3644..0000000 --- a/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/m1 \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/secret b/vars/per-machine/m1/zitadel/initialAdminPassword/secret deleted file mode 100644 index 9b59309..0000000 --- a/vars/per-machine/m1/zitadel/initialAdminPassword/secret +++ /dev/null @@ -1,19 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:oWC0pFxI6dSiuVa7EIA26hO2GF9gjbSlR38c+la8jRZlf1F6iVWAqObSWGYDJO96bE7o,iv:fJsWsw4Uy6HXmzrJ2OzSf58MPjOwnwi+9+lPUAS7gO8=,tag:Lc1yiSdsnFROUdvZ/8dKfA==,type:str]", - "sops": { - "age": [ - { - "recipient": "age12jttkmrt43ugulsn9q6y9u0hm2ec96nkfud3thfkrtsuyrpzcg2saan3mu", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZ0MxUkh2NnFJSTZRT1FK\nL1RWb2tvYzdITWhQb2RyUURaVWlSV2hEbmprCmlRSC9iUHNjL2pBblZiQ0U1Q1RP\nYXNkdkppejZKM3NmOHEybjVoc1ZtK3cKLS0tIDF0MzJRWEVwKzR3SXBQMWVKNk5k\nRmV0eGp1Wjk1UHNVMjY5V3l2QXo3NkUKfGyfGT0c0RUfsc+uwZFepJzkMojYr+zJ\nNscvqxTTUYXtPhUI9m44fVZKIYWjf8hsrceGWexexzf04w0oW2YafA==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTWg0dy9iRTVHZ2k1WW82\nSU9oWGUxUHRHMmJKZGxCVkY5akt2bmpFbWw4CkRXVGtaRzN0bGZzamdkNGsvSktu\neWdFb29EdmNtVDZRYXBhTmc4cTdLbFkKLS0tIG1OYWRoSnpldnFWNlpUTWFQQWdk\naTgrcGFpUTBNUmc2ODVDM3hkQUt0cTQKn7Wwnmtt0QSdJGRaKyRbkRMfmpyt8ZY6\ngfZtP4YD+uxqC1qPsj2kTPdxXfzsG5xW5DDkOnIasV25R7tfCzeKjg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-09-18T09:08:25Z", - "mac": "ENC[AES256_GCM,data:wYTgJq4LGWkRToxCofJnP6l3er9AfiP/1S1MjHLl9I+E3nxnT3M4FWtGzERlJfDKIwwoHweLKMOEow6idThLq1/88ncp05AhAgHke6+KB3mWAFlsRyJ0EZfuZVua4jpgHFz2FqvFx2VYp5QbZBhYclGewyBOxh/B24p/N+T9dZA=,iv:i3d3/eGAX5rmzmlYQ+tsoIcH1K+PZ4iK7NmJIZ+ZLGI=,tag:LlVrm5ss1IyYY3zKpejFag==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -} diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos b/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/masterKey/machines/m1 b/vars/per-machine/m1/zitadel/masterKey/machines/m1 deleted file mode 120000 index 9be3644..0000000 --- a/vars/per-machine/m1/zitadel/masterKey/machines/m1 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/m1 \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/masterKey/users/nixos b/vars/per-machine/m1/zitadel/masterKey/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/m1/zitadel/masterKey/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file