224 lines
6.2 KiB
Nix
224 lines
6.2 KiB
Nix
{
|
|
# Ensure this is unique among all clans you want to use.
|
|
meta = {
|
|
name = "amarth-infra";
|
|
description = "Amarth cloud";
|
|
};
|
|
|
|
inventory.machines = {
|
|
m1 = {
|
|
name = "management-1";
|
|
description = "Management node 1";
|
|
machineClass = "nixos";
|
|
tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity:critical" "" ];
|
|
};
|
|
c1 = {
|
|
name = "compute-1";
|
|
description = "Compute node 1";
|
|
machineClass = "nixos";
|
|
tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ];
|
|
};
|
|
c2 = {
|
|
name = "compute-2";
|
|
description = "Compute node 2";
|
|
machineClass = "nixos";
|
|
tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ];
|
|
};
|
|
c3 = {
|
|
name = "compute-3";
|
|
description = "Compute node 3";
|
|
machineClass = "nixos";
|
|
tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ];
|
|
};
|
|
};
|
|
|
|
# Docs: See https://docs.clan.lol/reference/clanServices
|
|
inventory.instances = {
|
|
admin = {
|
|
roles.default.tags.all = { };
|
|
roles.default.settings.allowedKeys = {
|
|
"chris" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE+TFkjJ8p8fMOddvg/waKAjKJ6DRvvouj1MdXc1Taj";
|
|
};
|
|
};
|
|
|
|
internet = {
|
|
roles.default.machines = {
|
|
m1.settings.host = "192.168.1.223";
|
|
c1.settings.host = "192.168.1.224";
|
|
c2.settings.host = "192.168.1.225";
|
|
c3.settings.host = "192.168.1.226";
|
|
};
|
|
};
|
|
|
|
zerotier = {
|
|
roles.controller.machines."m1" = { };
|
|
roles.peer.tags.all = { };
|
|
};
|
|
|
|
# certificates = {
|
|
# module = {
|
|
# name = "certificates";
|
|
# input = "clan-core";
|
|
# };
|
|
|
|
# roles.ca = {
|
|
# settings = {
|
|
# tlds = [ "amarth.local" "amarth.cloud" ];
|
|
# acmeEmail = "info@amarth.cloud";
|
|
# };
|
|
|
|
# machines.m1 = {};
|
|
# };
|
|
|
|
# roles.default = {
|
|
# settings.acmeEmail = "info@amarth.cloud";
|
|
|
|
# tags.all = {};
|
|
# };
|
|
# };
|
|
|
|
zitadel = {
|
|
module = {
|
|
name = "zitadel";
|
|
input = "amarth-services";
|
|
};
|
|
|
|
roles.controller = {
|
|
machines.m1 = {};
|
|
settings = {
|
|
hostName = "auth.amarth.cloud";
|
|
displayName = "Amarth";
|
|
emergencyAccessPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE+TFkjJ8p8fMOddvg/waKAjKJ6DRvvouj1MdXc1Taj";
|
|
};
|
|
};
|
|
};
|
|
|
|
k3s = {
|
|
module = {
|
|
name = "k3s";
|
|
input = "amarth-services";
|
|
};
|
|
|
|
roles.server.machines.c1 = {
|
|
settings = {
|
|
crossplane = {
|
|
enable = true;
|
|
|
|
resources.composite = [
|
|
./resources/composite/app/definition.yml
|
|
./resources/composite/app/function.yml
|
|
./resources/composite/app/composite.yml
|
|
|
|
{
|
|
apiVersion = "example.crossplane.io/v1";
|
|
kind = "App";
|
|
metadata = { namespace = "default"; name = "example-app"; };
|
|
spec.image = "nginx";
|
|
}
|
|
|
|
# {
|
|
# apiVersion = "v1";
|
|
# kind = "CompositeResourceDefinition";
|
|
# metadata.name = "container.resources.amarth.cloud";
|
|
|
|
# spec = {
|
|
# scope = "Namespaced";
|
|
# group = "resources.amarth.cloud";
|
|
# names = { kind = "Container"; plural = "containers"; };
|
|
|
|
# versions = [
|
|
# {
|
|
# name = "v1";
|
|
# served = true;
|
|
# referenceable = true;
|
|
|
|
# schema.openAPIV3Schema = {
|
|
# type = "object";
|
|
# properties = {
|
|
# spec = {
|
|
# type = "object";
|
|
# properties.image = { type = "string"; description = "OCI container image"; };
|
|
# required = [ "image" ];
|
|
# };
|
|
|
|
# status = {
|
|
# type = "object";
|
|
# properties = {
|
|
# replicas = { type = "integer"; description = "How many instances of the image to spin up"; };
|
|
# address = { type = "string"; description = "The app's IP address"; };
|
|
# };
|
|
# };
|
|
# };
|
|
# };
|
|
# }
|
|
# ];
|
|
# };
|
|
# }
|
|
|
|
# {
|
|
# apiVersion = "pkg.crossplane.io/v1";
|
|
# kind = "Function";
|
|
# metadata.name = "crossplane-contrib-function-patch-and-transform";
|
|
# spec.package = "xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2";
|
|
# }
|
|
|
|
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
roles.agent.machines.c2 = {};
|
|
roles.agent.machines.c3 = {};
|
|
};
|
|
|
|
customer-portal = {
|
|
module = {
|
|
name = "customer-portal";
|
|
input = "amarth-services";
|
|
};
|
|
|
|
roles.server.machines.m1 = {};
|
|
};
|
|
};
|
|
|
|
# Additional NixOS configuration can be added here.
|
|
# machines/jon/configuration.nix will be automatically imported.
|
|
# See: https://docs.clan.lol/guides/more-machines/#automatic-registration
|
|
machines = {
|
|
m1 = {
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
networking.domain = "amarth.local";
|
|
|
|
# security.acme.acceptTerms = true;
|
|
|
|
# networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
# services.caddy = {
|
|
# enable = true;
|
|
|
|
# virtualHosts = {
|
|
# "auth.amarth.cloud".extraConfig = ''
|
|
# reverse_proxy http://::1:9092
|
|
# '';
|
|
|
|
# "amarth.cloud".extraConfig = ''
|
|
# reverse_proxy http://::1:8080
|
|
# '';
|
|
# };
|
|
# };
|
|
};
|
|
c1 = {
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
networking.domain = "amarth.local";
|
|
};
|
|
c2 = {
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
networking.domain = "amarth.local";
|
|
};
|
|
c3 = {
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
networking.domain = "amarth.local";
|
|
};
|
|
};
|
|
}
|