From f28941dfa4e00699422c19f58375f4c5ae87aa17 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Tue, 16 Sep 2025 12:11:39 +0000 Subject: [PATCH 1/6] Update vars via generator k3s-ip for machine c1 --- vars/shared/k3s-ip/ip_v4/value | 1 + vars/shared/k3s-ip/ip_v6/value | 1 + 2 files changed, 2 insertions(+) create mode 100644 vars/shared/k3s-ip/ip_v4/value create mode 100644 vars/shared/k3s-ip/ip_v6/value diff --git a/vars/shared/k3s-ip/ip_v4/value b/vars/shared/k3s-ip/ip_v4/value new file mode 100644 index 0000000..7b9ad53 --- /dev/null +++ b/vars/shared/k3s-ip/ip_v4/value @@ -0,0 +1 @@ +127.0.0.1 diff --git a/vars/shared/k3s-ip/ip_v6/value b/vars/shared/k3s-ip/ip_v6/value new file mode 100644 index 0000000..20e29b1 --- /dev/null +++ b/vars/shared/k3s-ip/ip_v6/value @@ -0,0 +1 @@ +::1 From cc0593787b8084d67975810633cb6aa51f77a597 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Tue, 16 Sep 2025 12:11:41 +0000 Subject: [PATCH 2/6] Update vars via generator k3s-token for machine c1 --- vars/shared/k3s-token/token/secret | 15 +++++++++++++++ vars/shared/k3s-token/token/users/nixos | 1 + 2 files changed, 16 insertions(+) create mode 100644 vars/shared/k3s-token/token/secret create mode 120000 vars/shared/k3s-token/token/users/nixos diff --git a/vars/shared/k3s-token/token/secret b/vars/shared/k3s-token/token/secret new file mode 100644 index 0000000..b44800d --- /dev/null +++ b/vars/shared/k3s-token/token/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:BOewQTwOh0/4jc4nCrIMagpR0875lfermaywa6SYoWhJI/eJEZHYhMI768dyzYe0r1xb,iv:zygnLd+e58BKLV5FTJ/XrYxcGumOmtw3KfH/GJyZP1U=,tag:u7xE06ObElNWh8jIb/cZeQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHhvNVRhVVl1VzlVQlpF\nOUZ2RHlEMUViOW5ZMVJ0ZzMwekcrWEMvckZNCnR3ZmdQWlQ0ZEFGczFMVlY3QThS\nTFNQVUJkNkFCV0hieUdEaGh2MXJmUmsKLS0tIEl6YnAzMU1BeThJRTJxMHYwb254\nWkFZQ2dQc3dnQlkyS0RKemJ5Rmh0OXcK7XJhESkmaNK7d6sFEPZXlt9X5EH8Evtr\nzbZpY8n/d5/hx1v3yELOMCaT72Sn4W7EM5J8TxYc/pSsB4w4bR5jnQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-16T12:11:40Z", + "mac": "ENC[AES256_GCM,data:KGx82ishq62L5XqTHuoxYvIBH8mpiYSRnCjY0Jnlh1fxsy2nvWMpR+SBnjyGZpn+hGRPEr9nr3Cy/0gdrI7vcpZKzqGCSla26lW9xQixpl3nf0dEJEvCdanlYBZq/Y5zOeZD3CA9XKv+4qwj7UnJnW9dLwb74cOWEwfGviA5dHU=,iv:hb2raFi0UNCL8siYr6IZ+z8e6nSxOX7yel3r8nh5des=,tag:MeanXTvPCJ2W0GnYZ719gA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/shared/k3s-token/token/users/nixos b/vars/shared/k3s-token/token/users/nixos new file mode 120000 index 0000000..f8de8df --- /dev/null +++ b/vars/shared/k3s-token/token/users/nixos @@ -0,0 +1 @@ +../../../../../sops/users/nixos \ No newline at end of file From 3eb6cb8fe6942015a63470f8d0cde80404f55062 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Tue, 16 Sep 2025 12:11:45 +0000 Subject: [PATCH 3/6] Update vars via generator zerotier for machine c1 --- .../zerotier-identity-secret/machines/c1 | 1 + .../zerotier/zerotier-identity-secret/secret | 19 +++++++++++++++++++ .../zerotier-identity-secret/users/nixos | 1 + .../per-machine/c1/zerotier/zerotier-ip/value | 1 + 4 files changed, 22 insertions(+) create mode 120000 vars/per-machine/c1/zerotier/zerotier-identity-secret/machines/c1 create mode 100644 vars/per-machine/c1/zerotier/zerotier-identity-secret/secret create mode 120000 vars/per-machine/c1/zerotier/zerotier-identity-secret/users/nixos create mode 100644 vars/per-machine/c1/zerotier/zerotier-ip/value diff --git a/vars/per-machine/c1/zerotier/zerotier-identity-secret/machines/c1 b/vars/per-machine/c1/zerotier/zerotier-identity-secret/machines/c1 new file mode 120000 index 0000000..01430a8 --- /dev/null +++ b/vars/per-machine/c1/zerotier/zerotier-identity-secret/machines/c1 @@ -0,0 +1 @@ +../../../../../../sops/machines/c1 \ No newline at end of file diff --git a/vars/per-machine/c1/zerotier/zerotier-identity-secret/secret b/vars/per-machine/c1/zerotier/zerotier-identity-secret/secret new file mode 100644 index 0000000..ecbf66f --- /dev/null +++ b/vars/per-machine/c1/zerotier/zerotier-identity-secret/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:aWunrs+Y0zsINHpVRHpBsj1loN3K4qP8rfWz4QY7DyteXQbCoomZuoc+OCJuQ8Y2VPDlc93shaRXcarnKTwztVZezfs09KazxALmwQmKzExY/4Fg2pnc8A18JKAY0PmSbcpKiMCUfwuD8XsAUPQ09aJQTBPPWOq23VDujlnQTO/waO/zaYhgOHw9QKFxknOL+Jyd2T9coB6aK8pkgOu65RbC5nlzS7noUGIVPA+5pi1y16p6f/1MibIV0oMO7+7Tgx8jKKESYbQUCuPqJUJsiMTEu6JXf25eLaHEmsPYTkaPYXda2bcAt4nA5DEq+vFhb3KYiSXbxoRp2phaozZSb4VgzqNUaoDCPwsn4bo7,iv:NPDB2pe++UNXjM3MQUvDMh4qDD072G+onboqGuZb4QU=,tag:QWByLe294QAqmH0HVsnGOQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19cnepqj2xclqwgv9esldz3znsezxazz0599ctkn2t5znsvxjxdjqvnxl80", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMGlzZzEzTTNhRzYrNG9Q\nMTFGNEtmVVdMRlNrellBb0diR2dTWmhYbURNCmR3bmE3VWkvd1EzRFRKQWRkT2g0\nd0dVUUtKTTlmL3YvTUdPZ0VKT1ZabVEKLS0tIGVteVFCNnVHS25VY3U3OUpCNHg3\nSUZaYU9iVWY1MXRqZjhRYTRIVUpqNWsKFjrxGe+1zGBQrJzfPrPyTX5cQ2aQs2V7\njMUY6l9/RmYhmHnvaTiEzKfBmJKBV284G2N3zLg3jORboYNe6gmU0A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZWdqaVpwZjVHMlNJbmFF\nSjF3ODNiNGVGMkZNUDFycVNQNGFpVDJvU21FCmdML1VMMzFYcHd2Rk0vMUg1Uzg5\neEVhUW1FNWVzeHZlWldLQ1kxcmlyYzAKLS0tIEhMdkYwOHo0b2E2OS9RekY4a3c1\naW1uTklBQVgxdHYxYzRhbjVTRXBxNUEK7szc1EoEfLP7w5KM8p+Nt/zxNm/Zih7r\nyjMWJ8upJ3baL6fCJAwI8DhBQy3WenQKHXp4g2cH2AUxOnYk1jaPIA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-16T12:11:44Z", + "mac": "ENC[AES256_GCM,data:bbZVtnTwkWC+9w/zM6FfAr42wmsm0ymDBmtc4ZGCDtsizMYKB955B4XG0jI8oavyv4HxPZo/XETo7Eo30T6LpGge0qQ53ZMygYP/xIsM9vwF8rk8f1qNGfNAUDYSBk95Fe5/l9YzCRwZunGw0Dz427VeSJnKLXPjYdvGctWlowM=,iv:DGMxTXhNHgoLI+8E6SaKbALwqsq68A/qXhqTmqRYvdE=,tag:6iSUxFnE1lb7kTc3+VTewQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/c1/zerotier/zerotier-identity-secret/users/nixos b/vars/per-machine/c1/zerotier/zerotier-identity-secret/users/nixos new file mode 120000 index 0000000..b1bb8e7 --- /dev/null +++ b/vars/per-machine/c1/zerotier/zerotier-identity-secret/users/nixos @@ -0,0 +1 @@ +../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/c1/zerotier/zerotier-ip/value b/vars/per-machine/c1/zerotier/zerotier-ip/value new file mode 100644 index 0000000..62c0836 --- /dev/null +++ b/vars/per-machine/c1/zerotier/zerotier-ip/value @@ -0,0 +1 @@ +fd03:2623:9523:e639:2899:933b:7273:40e9 \ No newline at end of file From bbb8a97c59936ec94a56256ec96f51bd683d56a6 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Tue, 16 Sep 2025 12:17:59 +0000 Subject: [PATCH 4/6] Update vars via generator k3s-ip for machine c1 --- vars/{shared => per-machine/c1}/k3s-ip/ip_v4/value | 0 vars/{shared => per-machine/c1}/k3s-ip/ip_v6/value | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename vars/{shared => per-machine/c1}/k3s-ip/ip_v4/value (100%) rename vars/{shared => per-machine/c1}/k3s-ip/ip_v6/value (100%) diff --git a/vars/shared/k3s-ip/ip_v4/value b/vars/per-machine/c1/k3s-ip/ip_v4/value similarity index 100% rename from vars/shared/k3s-ip/ip_v4/value rename to vars/per-machine/c1/k3s-ip/ip_v4/value diff --git a/vars/shared/k3s-ip/ip_v6/value b/vars/per-machine/c1/k3s-ip/ip_v6/value similarity index 100% rename from vars/shared/k3s-ip/ip_v6/value rename to vars/per-machine/c1/k3s-ip/ip_v6/value From 9ec0fc4a96c3469997326c304bb850f9844920df Mon Sep 17 00:00:00 2001 From: clan-tool Date: Tue, 16 Sep 2025 12:18:01 +0000 Subject: [PATCH 5/6] Update vars via generator k3s-token for machine c1 --- vars/per-machine/c1/k3s-token/token/secret | 15 +++++++++++++++ vars/per-machine/c1/k3s-token/token/users/nixos | 1 + vars/shared/k3s-token/token/secret | 15 --------------- vars/shared/k3s-token/token/users/nixos | 1 - 4 files changed, 16 insertions(+), 16 deletions(-) create mode 100644 vars/per-machine/c1/k3s-token/token/secret create mode 120000 vars/per-machine/c1/k3s-token/token/users/nixos delete mode 100644 vars/shared/k3s-token/token/secret delete mode 120000 vars/shared/k3s-token/token/users/nixos diff --git a/vars/per-machine/c1/k3s-token/token/secret b/vars/per-machine/c1/k3s-token/token/secret new file mode 100644 index 0000000..0c21df6 --- /dev/null +++ b/vars/per-machine/c1/k3s-token/token/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:KAyQJfDtHcwT2MP+C74ovM1k5Rw1rEjF5LsyH2CjS1VBxbQ+ACen/qEDzGw5db15/NZW,iv:1HzHYAgHtcyQbJRN2BHK+DPhhIPTao2yJMSZTDWO5xQ=,tag:vUKOJTpv/y6pm6pzzfEfZw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dmZJNCtGeXNCTEp6T2Fq\nRmxsUHBVRmszT0RhdDUyckh1MHZhNUxkUTB3ClYxWnFOaWpocXBhY2EvbWJCaEVa\nQUR6cnBmajkySVo4dHdlTnl0NVJFQTQKLS0tIEQ3UW5ZUGVQckorWlpMSkovaGZt\nblJRaVd1NkkxLzJRT0o0Y1JPMlpwaW8KaqYT1lqsLjzRScgSapz+5anOGaS/SXPW\nzZkKQbYKa6ZmjOwuBJ2GBdni7iNSd7BGmZhyzgvs1h30kMLEkW2GtA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-16T12:18:00Z", + "mac": "ENC[AES256_GCM,data:VD+Swc/5+f3vWHIoTBQmtiLc6GhEKX/suygfKJWpum3INnxCTvj4QXcGVc6Hzn5Yeat9tdiiXXcuu0F2zTcDjikGL167iuf6HlC1ASfBh/gt7yau5SiD0WYhouxZFo+b4FvnNv0sb4+JTGMSkOLdJD2h6UvA15iXe5vTS9+ZCq8=,iv:f4TZkVrriKxZBMcJLLtyR/RJ7vDtBOSx/stwoWV/A3A=,tag:JGIExjoT/zTj4NPEsJ+vBg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/c1/k3s-token/token/users/nixos b/vars/per-machine/c1/k3s-token/token/users/nixos new file mode 120000 index 0000000..b1bb8e7 --- /dev/null +++ b/vars/per-machine/c1/k3s-token/token/users/nixos @@ -0,0 +1 @@ +../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/shared/k3s-token/token/secret b/vars/shared/k3s-token/token/secret deleted file mode 100644 index b44800d..0000000 --- a/vars/shared/k3s-token/token/secret +++ /dev/null @@ -1,15 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:BOewQTwOh0/4jc4nCrIMagpR0875lfermaywa6SYoWhJI/eJEZHYhMI768dyzYe0r1xb,iv:zygnLd+e58BKLV5FTJ/XrYxcGumOmtw3KfH/GJyZP1U=,tag:u7xE06ObElNWh8jIb/cZeQ==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSHhvNVRhVVl1VzlVQlpF\nOUZ2RHlEMUViOW5ZMVJ0ZzMwekcrWEMvckZNCnR3ZmdQWlQ0ZEFGczFMVlY3QThS\nTFNQVUJkNkFCV0hieUdEaGh2MXJmUmsKLS0tIEl6YnAzMU1BeThJRTJxMHYwb254\nWkFZQ2dQc3dnQlkyS0RKemJ5Rmh0OXcK7XJhESkmaNK7d6sFEPZXlt9X5EH8Evtr\nzbZpY8n/d5/hx1v3yELOMCaT72Sn4W7EM5J8TxYc/pSsB4w4bR5jnQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-09-16T12:11:40Z", - "mac": "ENC[AES256_GCM,data:KGx82ishq62L5XqTHuoxYvIBH8mpiYSRnCjY0Jnlh1fxsy2nvWMpR+SBnjyGZpn+hGRPEr9nr3Cy/0gdrI7vcpZKzqGCSla26lW9xQixpl3nf0dEJEvCdanlYBZq/Y5zOeZD3CA9XKv+4qwj7UnJnW9dLwb74cOWEwfGviA5dHU=,iv:hb2raFi0UNCL8siYr6IZ+z8e6nSxOX7yel3r8nh5des=,tag:MeanXTvPCJ2W0GnYZ719gA==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -} diff --git a/vars/shared/k3s-token/token/users/nixos b/vars/shared/k3s-token/token/users/nixos deleted file mode 120000 index f8de8df..0000000 --- a/vars/shared/k3s-token/token/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../sops/users/nixos \ No newline at end of file From 81bc14dcb9b649451939a01d3828ca4c170dc897 Mon Sep 17 00:00:00 2001 From: clan-tool Date: Tue, 16 Sep 2025 15:16:12 +0200 Subject: [PATCH 6/6] kaas --- clan.nix | 5 +++ flake.lock | 41 ++++++------------- .../c1/k3s-token/token/users/nixos | 1 - .../zerotier-identity-secret/machines/c1 | 1 - .../zerotier-identity-secret/users/nixos | 1 - 5 files changed, 18 insertions(+), 31 deletions(-) delete mode 120000 vars/per-machine/c1/k3s-token/token/users/nixos delete mode 120000 vars/per-machine/c1/zerotier/zerotier-identity-secret/machines/c1 delete mode 120000 vars/per-machine/c1/zerotier/zerotier-identity-secret/users/nixos diff --git a/clan.nix b/clan.nix index 0582c93..2d030e3 100644 --- a/clan.nix +++ b/clan.nix @@ -48,6 +48,11 @@ name = "@amarth/k3s"; input = "amarth"; }; + + roles.server.machines."c1" = {}; + + roles.agent.machines."c2" = {}; + roles.agent.machines."c3" = {}; }; }; diff --git a/flake.lock b/flake.lock index 0b21c58..90ca109 100644 --- a/flake.lock +++ b/flake.lock @@ -8,15 +8,14 @@ "amarth", "clan-core", "nixpkgs" - ], - "systems": "systems_2" + ] }, "locked": { - "lastModified": 1757947021, - "narHash": "sha256-BinQx0l//FdLRxYzvQG6lwP8HR9g8iiJ5I6vt5Mm1Fs=", + "lastModified": 1758024845, + "narHash": "sha256-aMhb+b0LA3IxoaXJ+5YoGSs5mf/N18z+/tj+NjASTmU=", "ref": "refs/heads/main", - "rev": "5525d770f1f73145860f2f929496d3d85ee058dc", - "revCount": 3, + "rev": "ceed1a0cdf5b72c290ad5e060f8a68539847df67", + "revCount": 8, "type": "git", "url": "https://git.amarth.cloud/amarth/services.git" }, @@ -60,15 +59,15 @@ "nixos-facter-modules": "nixos-facter-modules_2", "nixpkgs": "nixpkgs_2", "sops-nix": "sops-nix_2", - "systems": "systems_3", + "systems": "systems_2", "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1757912940, - "narHash": "sha256-Xypz7pxa1L09GooMueosv0CRW4Cx5/gdtvSPBrnXf6M=", - "rev": "93280a9f987bbe689c74f1ea21d0c2fa4645c359", + "lastModified": 1758021280, + "narHash": "sha256-tnXjO1KpfFRKqe9tPZ5ZrM6O2E1DG2nJiE0QKJACPG8=", + "rev": "f2134754c5f0fdca982487de82a16428021a0e0e", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/93280a9f987bbe689c74f1ea21d0c2fa4645c359.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/f2134754c5f0fdca982487de82a16428021a0e0e.tar.gz" }, "original": { "type": "tarball", @@ -404,11 +403,11 @@ ] }, "locked": { - "lastModified": 1757449901, - "narHash": "sha256-qwN8nYdSRnmmyyi+uR6m4gXnVktmy5smG1MOrSFD8PI=", + "lastModified": 1758007585, + "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3b4a369df9dd6ee171a7ea4448b50e2528faf850", + "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", "type": "github" }, "original": { @@ -433,20 +432,6 @@ } }, "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "id": "systems", - "type": "indirect" - } - }, - "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/vars/per-machine/c1/k3s-token/token/users/nixos b/vars/per-machine/c1/k3s-token/token/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/c1/k3s-token/token/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file diff --git a/vars/per-machine/c1/zerotier/zerotier-identity-secret/machines/c1 b/vars/per-machine/c1/zerotier/zerotier-identity-secret/machines/c1 deleted file mode 120000 index 01430a8..0000000 --- a/vars/per-machine/c1/zerotier/zerotier-identity-secret/machines/c1 +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/c1 \ No newline at end of file diff --git a/vars/per-machine/c1/zerotier/zerotier-identity-secret/users/nixos b/vars/per-machine/c1/zerotier/zerotier-identity-secret/users/nixos deleted file mode 120000 index b1bb8e7..0000000 --- a/vars/per-machine/c1/zerotier/zerotier-identity-secret/users/nixos +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/nixos \ No newline at end of file