amarth/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.
Some checks failed
Test action / Print hello world (push) Failing after 1m15s
Details

Browse source
This commit is contained in:
clan-tool 2025-09-18 14:24:34 +02:00
parent 0d1e1fe033
commit f099496668
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
24 changed files with 245 additions and 128 deletions
Download patch file Download diff file Expand all files Collapse all files

58
clan.nix
View file

@ -7,25 +7,29 @@
inventory.machines = { inventory.machines = {
m1 = { m1 = {
name = "Management node 1"; name = "management-1";
description = "Management node 1";
machineClass = "nixos"; machineClass = "nixos";
tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity: medium" "" ]; tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity:critical" "" ];
deploy.targetHost = "root@192.168.1.222"; deploy.targetHost = "root@192.168.1.222";
}; };
c1 = { c1 = {
name = "Compute node 1"; name = "compute-1";
description = "Compute node 1";
machineClass = "nixos"; machineClass = "nixos";
tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ];
}; };
c2 = { c2 = {
name = "Compute node 2"; name = "compute-2";
description = "Compute node 2";
machineClass = "nixos"; machineClass = "nixos";
tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ];
}; };
c3 = { c3 = {
name = "Compute node 3"; name = "compute-3";
description = "Compute node 3";
machineClass = "nixos"; machineClass = "nixos";
tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity: medium" "" ]; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ];
}; };
}; };
@ -45,24 +49,28 @@
zitadel = { zitadel = {
module = { module = {
name = "@amarth/zitadel"; name = "zitadel";
input = "amarth-services"; input = "amarth-services";
}; };
roles.controller.machines."m1" = {}; roles.controller = {
machines."m1" = {};
settings = {
hostName = "auth.amarth.cloud";
displayName = "Amarth";
};
};
}; };
k3s = { k3s = {
module = { module = {
name = "@amarth/k3s"; name = "k3s";
input = "amarth"; input = "amarth-services";
}; };
roles.server.machines."c1" = {}; roles.server.machines."c1" = {};
roles.agent.machines."c2" = {}; roles.agent.machines."c2" = {};
roles.agent.machines."c3" = {}; roles.agent.machines."c3" = {};
>>>>>>> 81bc14dcb9b649451939a01d3828ca4c170dc897
}; };
}; };
@ -70,8 +78,26 @@
# machines/jon/configuration.nix will be automatically imported. # machines/jon/configuration.nix will be automatically imported.
# See: https://docs.clan.lol/guides/more-machines/#automatic-registration # See: https://docs.clan.lol/guides/more-machines/#automatic-registration
machines = { machines = {
m1 = { config, pkgs, ... }: { # m1 = { config, pkgs, ... }: {
environment.systemPackages = [ pkgs.asciinema ]; # environment.systemPackages = [ pkgs.asciinema ];
# nixpkgs.hostPlatform = "x86_64-linux";
# };
m1 = {
nixpkgs.hostPlatform = "x86_64-linux";
networking.domain = "amarth.local";
};
c1 = {
nixpkgs.hostPlatform = "x86_64-linux";
networking.domain = "amarth.local";
};
c2 = {
nixpkgs.hostPlatform = "x86_64-linux";
networking.domain = "amarth.local";
};
c3 = {
nixpkgs.hostPlatform = "x86_64-linux";
networking.domain = "amarth.local";
}; };
}; };
} }

12
devShells/flake-module.nix Normal file
View file

@ -0,0 +1,12 @@
{
perSystem = { pkgs, inputs', ... }: {
devShells.default = pkgs.mkShellNoCC {
packages = with pkgs; [
bash
sops
inputs'.clan-core.packages.clan-cli
];
};
};
}

47
flake.lock generated
View file

@ -5,14 +5,15 @@
"clan-core": "clan-core", "clan-core": "clan-core",
"devshell": "devshell", "devshell": "devshell",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2",
"systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1758132307, "lastModified": 1758197467,
"narHash": "sha256-qO40PUZ6OJnBGPWA4wXG0TnKAcgM+CQhroKHFle8O88=", "narHash": "sha256-3LciQLDSdPaD/rgcVCk3V62XlCtDFLdRy/NkbUbkgAY=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "bf272f660796f765c2919a2e4a75441556604d18", "rev": "9f16bb29ab94268c8177d4965f621319dfb5bad7",
"revCount": 12, "revCount": 39,
"type": "git", "type": "git",
"url": "https://git.amarth.cloud/amarth/services" "url": "https://git.amarth.cloud/amarth/services"
}, },
@ -66,15 +67,15 @@
"nixpkgs" "nixpkgs"
], ],
"sops-nix": "sops-nix_2", "sops-nix": "sops-nix_2",
"systems": "systems_2", "systems": "systems_3",
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1758121565, "lastModified": 1758189924,
"narHash": "sha256-y37cz5A+EFMBvWi0/S+wrkTMHGQnDb7cifqZoIfSRHE=", "narHash": "sha256-qBoYADWqfKPhr5D0Sz8vWa3BrWbMH2boAh3qfEdUkmg=",
"rev": "b7798f54666fe61d8b16b5c45c39fac97e2d2e60", "rev": "e03fcc25e7846c74b04eb73ed577bb7b20629356",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/b7798f54666fe61d8b16b5c45c39fac97e2d2e60.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/e03fcc25e7846c74b04eb73ed577bb7b20629356.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -204,11 +205,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757508292, "lastModified": 1758160037,
"narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "narHash": "sha256-fXelTdjdILspZ1IUU9aICB1+PXwSFiF8j+7ujwo1VpQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "rev": "4f554162fff88e77655073d352eec0cea71103a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -407,11 +408,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1757745802, "lastModified": 1758035966,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -489,6 +490,20 @@
} }
}, },
"systems_2": { "systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_3": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

55
flake.nix
View file

@ -1,6 +1,8 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable"; nixpkgs = {
url = "github:NixOS/nixpkgs?ref=nixos-unstable";
};
flake-parts = { flake-parts = {
url = "github:hercules-ci/flake-parts"; url = "github:hercules-ci/flake-parts";
@ -23,59 +25,18 @@
}; };
outputs = outputs =
inputs@{ flake-parts, ... }: inputs@{ flake-parts, self, clan-core, ... }:
flake-parts.lib.mkFlake { inherit inputs; } ({ ... }: { flake-parts.lib.mkFlake { inherit inputs; } ({ ... }: {
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
]; ];
imports = [ imports = [
inputs.clan-core.flakeModules.default clan-core.flakeModules.default
inputs.devshell.flakeModule
./clan.nix ./devShells/flake-module.nix
]; ];
perSystem = { system, ... }: { clan = import ./clan.nix;
devshells = {
default = {
packages = [ inputs.clan-core.packages.${system}.clan-cli ];
};
};
};
}); });
# outputs =
# {
# self,
# clan-core,
# nixpkgs,
# ...
# }@inputs:
# let
# # Usage see: https://docs.clan.lol
# clan = clan-core.lib.clan {
# inherit self;
# imports = [ ./clan.nix ];
# specialArgs = { inherit inputs; };
# };
# in
# {
# inherit (clan.config) nixosConfigurations nixosModules clanInternals;
# clan = clan.config;
# # Add the Clan cli tool to the dev shell.
# # Use "nix develop" to enter the dev shell.
# devShells =
# nixpkgs.lib.genAttrs
# [
# "x86_64-linux"
# "aarch64-linux"
# "aarch64-darwin"
# "x86_64-darwin"
# ]
# (system: {
# default = clan-core.inputs.nixpkgs.legacyPackages.${system}.mkShell {
# packages = [ clan-core.packages.${system}.clan-cli ];
# };
# });
# };
} }

50
machines/c1/disko.nix Normal file
View file

@ -0,0 +1,50 @@
# ---
# schema = "single-disk"
# [placeholders]
# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"
# ---
# This file was automatically generated!
# CHANGING this configuration requires wiping and reinstalling the machine
{
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.enable = true;
disko.devices = {
disk = {
main = {
name = "main-a122d42601d5437687431cfd63ed44e9";
device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335";
type = "disk";
content = {
type = "gpt";
partitions = {
"boot" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

50
machines/c2/disko.nix Normal file
View file

@ -0,0 +1,50 @@
# ---
# schema = "single-disk"
# [placeholders]
# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"
# ---
# This file was automatically generated!
# CHANGING this configuration requires wiping and reinstalling the machine
{
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.enable = true;
disko.devices = {
disk = {
main = {
name = "main-a122d42601d5437687431cfd63ed44e9";
device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335";
type = "disk";
content = {
type = "gpt";
partitions = {
"boot" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

50
machines/c3/disko.nix Normal file
View file

@ -0,0 +1,50 @@
# ---
# schema = "single-disk"
# [placeholders]
# mainDisk = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335"
# ---
# This file was automatically generated!
# CHANGING this configuration requires wiping and reinstalling the machine
{
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.enable = true;
disko.devices = {
disk = {
main = {
name = "main-a122d42601d5437687431cfd63ed44e9";
device = "/dev/disk/by-id/ata-SAMSUNG_MZ7LN256HAJQ-000H1_S3TCNE0JA38335";
type = "disk";
content = {
type = "gpt";
partitions = {
"boot" = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

3
machines/m1/configuration.nix
View file

@ -1 +1,2 @@
{} {
}

15
modules/gnome.nix
View file

@ -1,15 +0,0 @@
{ ... }:
{
# Can be imported into machines to enable GNOME and GDM.
#
# Copy this into a machine's configuration:
# `machines/<name>/configuration.nix`
# ```nix
# imports = [
# ../../modules/gnome.nix
# ];
# ```
services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true;
}

1
sops/secrets/c1-age.key/users/chris
View file

@ -1 +0,0 @@
../../../users/chris

1
sops/secrets/c2-age.key/users/chris
View file

@ -1 +0,0 @@
../../../users/chris

1
sops/secrets/c3-age.key/users/chris
View file

@ -1 +0,0 @@
../../../users/chris

1
sops/secrets/m1-age.key/users/chris
View file

@ -1 +0,0 @@
../../../users/chris

1
vars/per-machine/c1/k3s/token/machines/c1
View file

@ -1 +0,0 @@
../../../../../../sops/machines/c1

1
vars/per-machine/c1/k3s/token/users/nixos
View file

@ -1 +0,0 @@
../../../../../../sops/users/nixos

1
vars/per-machine/c2/zerotier/zerotier-identity-secret/machines/c2
View file

@ -1 +0,0 @@
../../../../../../sops/machines/c2

1
vars/per-machine/c2/zerotier/zerotier-identity-secret/users/nixos
View file

@ -1 +0,0 @@
../../../../../../sops/users/nixos

1
vars/per-machine/c3/zerotier/zerotier-identity-secret/machines/c3
View file

@ -1 +0,0 @@
../../../../../../sops/machines/c3

1
vars/per-machine/c3/zerotier/zerotier-identity-secret/users/nixos
View file

@ -1 +0,0 @@
../../../../../../sops/users/nixos

1
vars/per-machine/m1/zitadel/initialAdminPassword/machines/m1
View file

@ -1 +0,0 @@
../../../../../../sops/machines/m1

19
vars/per-machine/m1/zitadel/initialAdminPassword/secret
View file

@ -1,19 +0,0 @@
{
"data": "ENC[AES256_GCM,data:oWC0pFxI6dSiuVa7EIA26hO2GF9gjbSlR38c+la8jRZlf1F6iVWAqObSWGYDJO96bE7o,iv:fJsWsw4Uy6HXmzrJ2OzSf58MPjOwnwi+9+lPUAS7gO8=,tag:Lc1yiSdsnFROUdvZ/8dKfA==,type:str]",
"sops": {
"age": [
{
"recipient": "age12jttkmrt43ugulsn9q6y9u0hm2ec96nkfud3thfkrtsuyrpzcg2saan3mu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZ0MxUkh2NnFJSTZRT1FK\nL1RWb2tvYzdITWhQb2RyUURaVWlSV2hEbmprCmlRSC9iUHNjL2pBblZiQ0U1Q1RP\nYXNkdkppejZKM3NmOHEybjVoc1ZtK3cKLS0tIDF0MzJRWEVwKzR3SXBQMWVKNk5k\nRmV0eGp1Wjk1UHNVMjY5V3l2QXo3NkUKfGyfGT0c0RUfsc+uwZFepJzkMojYr+zJ\nNscvqxTTUYXtPhUI9m44fVZKIYWjf8hsrceGWexexzf04w0oW2YafA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTWg0dy9iRTVHZ2k1WW82\nSU9oWGUxUHRHMmJKZGxCVkY5akt2bmpFbWw4CkRXVGtaRzN0bGZzamdkNGsvSktu\neWdFb29EdmNtVDZRYXBhTmc4cTdLbFkKLS0tIG1OYWRoSnpldnFWNlpUTWFQQWdk\naTgrcGFpUTBNUmc2ODVDM3hkQUt0cTQKn7Wwnmtt0QSdJGRaKyRbkRMfmpyt8ZY6\ngfZtP4YD+uxqC1qPsj2kTPdxXfzsG5xW5DDkOnIasV25R7tfCzeKjg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-09-18T09:08:25Z",
"mac": "ENC[AES256_GCM,data:wYTgJq4LGWkRToxCofJnP6l3er9AfiP/1S1MjHLl9I+E3nxnT3M4FWtGzERlJfDKIwwoHweLKMOEow6idThLq1/88ncp05AhAgHke6+KB3mWAFlsRyJ0EZfuZVua4jpgHFz2FqvFx2VYp5QbZBhYclGewyBOxh/B24p/N+T9dZA=,iv:i3d3/eGAX5rmzmlYQ+tsoIcH1K+PZ4iK7NmJIZ+ZLGI=,tag:LlVrm5ss1IyYY3zKpejFag==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
vars/per-machine/m1/zitadel/initialAdminPassword/users/nixos
View file

@ -1 +0,0 @@
../../../../../../sops/users/nixos

1
vars/per-machine/m1/zitadel/masterKey/machines/m1
View file

@ -1 +0,0 @@
../../../../../../sops/machines/m1

1
vars/per-machine/m1/zitadel/masterKey/users/nixos
View file

@ -1 +0,0 @@
../../../../../../sops/users/nixos