diff --git a/clan.nix b/clan.nix index 92e13a2..874586a 100644 --- a/clan.nix +++ b/clan.nix @@ -7,25 +7,29 @@ inventory.machines = { m1 = { - name = "Management node 1"; + name = "management-1"; + description = "Management node 1"; machineClass = "nixos"; - tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity: medium" "" ]; + tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity:critical" "" ]; deploy.targetHost = "root@192.168.1.222"; }; c1 = { - name = "Compute node 1"; + name = "compute-1"; + description = "Compute node 1"; machineClass = "nixos"; - tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; + tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; }; c2 = { - name = "Compute node 2"; + name = "compute-2"; + description = "Compute node 2"; machineClass = "nixos"; - tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; + tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; }; c3 = { - name = "Compute node 3"; + name = "compute-3"; + description = "Compute node 3"; machineClass = "nixos"; - tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; + tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; }; }; @@ -45,24 +49,28 @@ zitadel = { module = { - name = "@amarth/zitadel"; + name = "zitadel"; input = "amarth-services"; }; - roles.controller.machines."m1" = {}; + roles.controller = { + machines."m1" = {}; + settings = { + hostName = "auth.amarth.cloud"; + displayName = "Amarth"; + }; + }; }; k3s = { module = { - name = "@amarth/k3s"; - input = "amarth"; + name = "k3s"; + input = "amarth-services"; }; roles.server.machines."c1" = {}; - roles.agent.machines."c2" = {}; roles.agent.machines."c3" = {}; ->>>>>>> 81bc14dcb9b649451939a01d3828ca4c170dc897 }; }; @@ -70,8 +78,26 @@ # machines/jon/configuration.nix will be automatically imported. # See: https://docs.clan.lol/guides/more-machines/#automatic-registration machines = { - m1 = { config, pkgs, ... }: { - environment.systemPackages = [ pkgs.asciinema ]; + # m1 = { config, pkgs, ... }: { + # environment.systemPackages = [ pkgs.asciinema ]; + + # nixpkgs.hostPlatform = "x86_64-linux"; + # }; + m1 = { + nixpkgs.hostPlatform = "x86_64-linux"; + networking.domain = "amarth.local"; + }; + c1 = { + nixpkgs.hostPlatform = "x86_64-linux"; + networking.domain = "amarth.local"; + }; + c2 = { + nixpkgs.hostPlatform = "x86_64-linux"; + networking.domain = "amarth.local"; + }; + c3 = { + nixpkgs.hostPlatform = "x86_64-linux"; + networking.domain = "amarth.local"; }; }; } diff --git a/devShells/flake-module.nix b/devShells/flake-module.nix new file mode 100644 index 0000000..6fa23fd --- /dev/null +++ b/devShells/flake-module.nix @@ -0,0 +1,12 @@ +{ + perSystem = { pkgs, inputs', ... }: { + devShells.default = pkgs.mkShellNoCC { + packages = with pkgs; [ + bash + sops + + inputs'.clan-core.packages.clan-cli + ]; + }; + }; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index d9f9b6f..287fa11 100644 --- a/flake.lock +++ b/flake.lock @@ -5,14 +5,15 @@ "clan-core": "clan-core", "devshell": "devshell", "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "systems": "systems_2" }, "locked": { - "lastModified": 1758132307, - "narHash": "sha256-qO40PUZ6OJnBGPWA4wXG0TnKAcgM+CQhroKHFle8O88=", + "lastModified": 1758197467, + "narHash": "sha256-3LciQLDSdPaD/rgcVCk3V62XlCtDFLdRy/NkbUbkgAY=", "ref": "refs/heads/main", - "rev": "bf272f660796f765c2919a2e4a75441556604d18", - "revCount": 12, + "rev": "9f16bb29ab94268c8177d4965f621319dfb5bad7", + "revCount": 39, "type": "git", "url": "https://git.amarth.cloud/amarth/services" }, @@ -66,15 +67,15 @@ "nixpkgs" ], "sops-nix": "sops-nix_2", - "systems": "systems_2", + "systems": "systems_3", "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1758121565, - "narHash": "sha256-y37cz5A+EFMBvWi0/S+wrkTMHGQnDb7cifqZoIfSRHE=", - "rev": "b7798f54666fe61d8b16b5c45c39fac97e2d2e60", + "lastModified": 1758189924, + "narHash": "sha256-qBoYADWqfKPhr5D0Sz8vWa3BrWbMH2boAh3qfEdUkmg=", + "rev": "e03fcc25e7846c74b04eb73ed577bb7b20629356", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/b7798f54666fe61d8b16b5c45c39fac97e2d2e60.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/e03fcc25e7846c74b04eb73ed577bb7b20629356.tar.gz" }, "original": { "type": "tarball", @@ -204,11 +205,11 @@ ] }, "locked": { - "lastModified": 1757508292, - "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "lastModified": 1758160037, + "narHash": "sha256-fXelTdjdILspZ1IUU9aICB1+PXwSFiF8j+7ujwo1VpQ=", "owner": "nix-community", "repo": "disko", - "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "rev": "4f554162fff88e77655073d352eec0cea71103a2", "type": "github" }, "original": { @@ -407,11 +408,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1758035966, + "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "type": "github" }, "original": { @@ -489,6 +490,20 @@ } }, "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index e096edf..e9fb98f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,8 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + nixpkgs = { + url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + }; flake-parts = { url = "github:hercules-ci/flake-parts"; @@ -23,59 +25,18 @@ }; outputs = - inputs@{ flake-parts, ... }: + inputs@{ flake-parts, self, clan-core, ... }: flake-parts.lib.mkFlake { inherit inputs; } ({ ... }: { systems = [ "x86_64-linux" ]; imports = [ - inputs.clan-core.flakeModules.default - inputs.devshell.flakeModule - ./clan.nix + clan-core.flakeModules.default + + ./devShells/flake-module.nix ]; - perSystem = { system, ... }: { - devshells = { - default = { - packages = [ inputs.clan-core.packages.${system}.clan-cli ]; - }; - }; - }; + clan = import ./clan.nix; }); - - # outputs = - # { - # self, - # clan-core, - # nixpkgs, - # ... - # }@inputs: - # let - # # Usage see: https://docs.clan.lol - # clan = clan-core.lib.clan { - # inherit self; - # imports = [ ./clan.nix ]; - # specialArgs = { inherit inputs; }; - # }; - # in - # { - # inherit (clan.config) nixosConfigurations nixosModules clanInternals; - # clan = clan.config; - # # Add the Clan cli tool to the dev shell. - # # Use "nix develop" to enter the dev shell. - # devShells = - # nixpkgs.lib.genAttrs - # [ - # "x86_64-linux" - # "aarch64-linux" - # "aarch64-darwin" - # "x86_64-darwin" - # ] - # (system: { - # default = clan-core.inputs.nixpkgs.legacyPackages.${system}.mkShell { - # packages = [ clan-core.packages.${system}.clan-cli ]; - # }; - # }); - # }; } diff --git a/machines/c1/disko.nix b/machines/c1/disko.nix new file mode 100644 index 0000000..01879d1 --- /dev/null +++ b/machines/c1/disko.nix @@ -0,0 +1,50 @@ +# --- +# schema = "single-disk" +# [placeholders] +# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335" +# --- +# This file was automatically generated! +# CHANGING this configuration requires wiping and reinstalling the machine +{ + + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.enable = true; + disko.devices = { + disk = { + main = { + name = "main-a122d42601d5437687431cfd63ed44e9"; + device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/c2/disko.nix b/machines/c2/disko.nix new file mode 100644 index 0000000..01879d1 --- /dev/null +++ b/machines/c2/disko.nix @@ -0,0 +1,50 @@ +# --- +# schema = "single-disk" +# [placeholders] +# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335" +# --- +# This file was automatically generated! +# CHANGING this configuration requires wiping and reinstalling the machine +{ + + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.enable = true; + disko.devices = { + disk = { + main = { + name = "main-a122d42601d5437687431cfd63ed44e9"; + device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/c3/disko.nix b/machines/c3/disko.nix new file mode 100644 index 0000000..01879d1 --- /dev/null +++ b/machines/c3/disko.nix @@ -0,0 +1,50 @@ +# --- +# schema = "single-disk" +# [placeholders] +# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335" +# --- +# This file was automatically generated! +# CHANGING this configuration requires wiping and reinstalling the machine +{ + + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.enable = true; + disko.devices = { + disk = { + main = { + name = "main-a122d42601d5437687431cfd63ed44e9"; + device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + "boot" = { + size = "1M"; + type = "EF02"; # for grub MBR + priority = 1; + }; + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/m1/configuration.nix b/machines/m1/configuration.nix index 9e26dfe..7a73a41 100644 --- a/machines/m1/configuration.nix +++ b/machines/m1/configuration.nix @@ -1 +1,2 @@ -{} \ No newline at end of file +{ +} \ No newline at end of file diff --git a/modules/gnome.nix b/modules/gnome.nix deleted file mode 100644 index d36b852..0000000 --- a/modules/gnome.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: -{ - # Can be imported into machines to enable GNOME and GDM. - # - # Copy this into a machine's configuration: - # `machines//configuration.nix` - # ```nix - # imports = [ - # ../../modules/gnome.nix - # ]; - # ``` - - services.displayManager.gdm.enable = true; - services.desktopManager.gnome.enable = true; -} diff --git a/sops/secrets/c1-age.key/users/chris b/sops/secrets/c1-age.key/users/chris deleted file mode 120000 index 1d434d3..0000000 --- a/sops/secrets/c1-age.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../users/chris \ No newline at end of file diff --git a/sops/secrets/c2-age.key/users/chris b/sops/secrets/c2-age.key/users/chris deleted file mode 120000 index 1d434d3..0000000 --- a/sops/secrets/c2-age.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../users/chris \ No newline at end of file diff --git a/sops/secrets/c3-age.key/users/chris b/sops/secrets/c3-age.key/users/chris deleted file mode 120000 index 1d434d3..0000000 --- a/sops/secrets/c3-age.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../users/chris \ No newline at end of file diff --git a/sops/secrets/m1-age.key/users/chris b/sops/secrets/m1-age.key/users/chris deleted file mode 120000 index 1d434d3..0000000 --- a/sops/secrets/m1-age.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../users/chris \ No newline at end of file diff --git a/vars/per-machine/c1/k3s/token/machines/c1 b/vars/per-machine/c1/k3s/token/machines/c1 deleted file mode 120000 index 01430a8..0000000 --- a/vars/per-machine/c1/k3s/token/machines/c1 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/c1 \ No newline at end of file diff --git a/vars/per-machine/c1/k3s/token/users/nixos b/vars/per-machine/c1/k3s/token/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/c1/k3s/token/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 b/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 deleted file mode 120000 index 42c1f4d..0000000 --- a/vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/c2 \ No newline at end of file diff --git a/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos b/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 b/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 deleted file mode 120000 index 4115c15..0000000 --- a/vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/c3 \ No newline at end of file diff --git a/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos b/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 b/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 deleted file mode 120000 index 9be3644..0000000 --- a/vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/m1 \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/secret b/vars/per-machine/m1/zitadel/initialAdminPassword/secret deleted file mode 100644 index 9b59309..0000000 --- a/vars/per-machine/m1/zitadel/initialAdminPassword/secret +++ /dev/null @@ -1,19 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:oWC0pFxI6dSiuVa7EIA26hO2GF9gjbSlR38c+la8jRZlf1F6iVWAqObSWGYDJO96bE7o,iv:fJsWsw4Uy6HXmzrJ2OzSf58MPjOwnwi+9+lPUAS7gO8=,tag:Lc1yiSdsnFROUdvZ/8dKfA==,type:str]", - "sops": { - "age": [ - { - "recipient": "age12jttkmrt43ugulsn9q6y9u0hm2ec96nkfud3thfkrtsuyrpzcg2saan3mu", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZ0MxUkh2NnFJSTZRT1FK\nL1RWb2tvYzdITWhQb2RyUURaVWlSV2hEbmprCmlRSC9iUHNjL2pBblZiQ0U1Q1RP\nYXNkdkppejZKM3NmOHEybjVoc1ZtK3cKLS0tIDF0MzJRWEVwKzR3SXBQMWVKNk5k\nRmV0eGp1Wjk1UHNVMjY5V3l2QXo3NkUKfGyfGT0c0RUfsc+uwZFepJzkMojYr+zJ\nNscvqxTTUYXtPhUI9m44fVZKIYWjf8hsrceGWexexzf04w0oW2YafA==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTWg0dy9iRTVHZ2k1WW82\nSU9oWGUxUHRHMmJKZGxCVkY5akt2bmpFbWw4CkRXVGtaRzN0bGZzamdkNGsvSktu\neWdFb29EdmNtVDZRYXBhTmc4cTdLbFkKLS0tIG1OYWRoSnpldnFWNlpUTWFQQWdk\naTgrcGFpUTBNUmc2ODVDM3hkQUt0cTQKn7Wwnmtt0QSdJGRaKyRbkRMfmpyt8ZY6\ngfZtP4YD+uxqC1qPsj2kTPdxXfzsG5xW5DDkOnIasV25R7tfCzeKjg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-09-18T09:08:25Z", - "mac": "ENC[AES256_GCM,data:wYTgJq4LGWkRToxCofJnP6l3er9AfiP/1S1MjHLl9I+E3nxnT3M4FWtGzERlJfDKIwwoHweLKMOEow6idThLq1/88ncp05AhAgHke6+KB3mWAFlsRyJ0EZfuZVua4jpgHFz2FqvFx2VYp5QbZBhYclGewyBOxh/B24p/N+T9dZA=,iv:i3d3/eGAX5rmzmlYQ+tsoIcH1K+PZ4iK7NmJIZ+ZLGI=,tag:LlVrm5ss1IyYY3zKpejFag==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -} diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos b/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/masterKey/machines/m1 b/vars/per-machine/m1/zitadel/masterKey/machines/m1 deleted file mode 120000 index 9be3644..0000000 --- a/vars/per-machine/m1/zitadel/masterKey/machines/m1 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/m1 \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/masterKey/users/nixos b/vars/per-machine/m1/zitadel/masterKey/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/m1/zitadel/masterKey/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file