diff --git a/flake.lock b/flake.lock index e8719c2..6dce783 100644 --- a/flake.lock +++ b/flake.lock @@ -148,17 +148,16 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1716901339, - "narHash": "sha256-LGlFJ0+bydJdbvLLkfUx95mYMNHewyN3daq+UfhhRLs=", - "ref": "refs/heads/main", - "rev": "52584662a8b8217e11b6e057bcca1846b4cb2934", - "revCount": 2887, + "dirtyRev": "594563087080cb7b7eeefa72d8950606bcd5a8d4-dirty", + "dirtyShortRev": "59456308-dirty", + "lastModified": 1716997734, + "narHash": "sha256-roe466ziVbGxr/UIRXMLpHCEC5Qj0Yyl9Dh+XOX6JmU=", "type": "git", - "url": "https://git.clan.lol/clan/clan-core" + "url": "file:///home/palo/dev/nixos/clan-core" }, "original": { "type": "git", - "url": "https://git.clan.lol/clan/clan-core" + "url": "file:///home/palo/dev/nixos/clan-core" } }, "disko": { @@ -169,11 +168,11 @@ ] }, "locked": { - "lastModified": 1716394172, - "narHash": "sha256-B+pNhV8GFeCj9/MoH+qtGqKbgv6fU4hGaw2+NoYYtB0=", + "lastModified": 1716773194, + "narHash": "sha256-rskkGmWlvYFb+CXedBiL8eWEuED0Es0XR4CkJ11RQKY=", "owner": "nix-community", "repo": "disko", - "rev": "23c63fb09334c3e8958b57e2ddc3870b75b9111d", + "rev": "10986091e47fb1180620b78438512b294b7e8f67", "type": "github" }, "original": { @@ -542,11 +541,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1716847642, - "narHash": "sha256-rjEswRV0o23eBBils8lJXyIGha+l/VjV73IPg+ztxgk=", + "lastModified": 1716930911, + "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=", "owner": "nix-community", "repo": "home-manager", - "rev": "10c7c219b7dae5795fb67f465a0d86cbe29f25fa", + "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086", "type": "github" }, "original": { @@ -651,11 +650,11 @@ }, "nixos-2311": { "locked": { - "lastModified": 1715818734, - "narHash": "sha256-WvAJWCwPj/6quKcsgsvQYyZRxV8ho/yUzj0HZQ34DVU=", + "lastModified": 1716767563, + "narHash": "sha256-xaSLDTqKIU55HsCkDnzFKmPiJO2z1xAAvrhUlwlmT2M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "95742536dc6debb5a8b8b78b27001c38f369f1e7", + "rev": "0c007b36981bdbd69ccf0c7df30a174e63660667", "type": "github" }, "original": { @@ -697,11 +696,11 @@ ] }, "locked": { - "lastModified": 1716123454, - "narHash": "sha256-U2o4UPM/UsEyIX2p11+YEQgR9HY3PmjZ2mRl/x5e4xo=", + "lastModified": 1716210724, + "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "a63e0c83dd83fe28cc571b97129e13373436bd82", + "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94", "type": "github" }, "original": { @@ -734,11 +733,11 @@ ] }, "locked": { - "lastModified": 1716132123, - "narHash": "sha256-rATSWbPaKQfZGaemu0tHL2xfCzVIVwpuTjk+KSBC+k4=", + "lastModified": 1716786664, + "narHash": "sha256-iszhOLhxnv+TX/XM2gAX4LhTCoMzLuG51ObZq/eyDx8=", "owner": "nix-community", "repo": "nixos-images", - "rev": "8c9cab8c44434c12dafc465fbf61a710c5bceb08", + "rev": "2478833ef8cc6de3d9e331f53b6f3682e425f207", "type": "github" }, "original": { @@ -1275,11 +1274,11 @@ ] }, "locked": { - "lastModified": 1716087663, - "narHash": "sha256-zuSAGlx8Qk0OILGCC2GUyZ58/SJ5R3GZdeUNQ6IS0fQ=", + "lastModified": 1716692524, + "narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "0bf1808e70ce80046b0cff821c019df2b19aabf5", + "rev": "962797a8d7f15ed7033031731d0bb77244839960", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7f4934f..40cf7fb 100644 --- a/flake.nix +++ b/flake.nix @@ -10,7 +10,8 @@ flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; clan-core = { - url = "git+https://git.clan.lol/clan/clan-core"; + #url = "git+https://git.clan.lol/clan/clan-core"; + url = "git+file:///home/palo/dev/nixos/clan-core"; inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable. inputs.flake-parts.follows = "flake-parts"; }; @@ -183,21 +184,27 @@ { name , host , modules - #, nixpackages ? meta.nixpkgs }: { clan.networking.targetHost = lib.mkDefault "root@${host}"; - - #nixpkgs.pkgs = nixpackages; nixpkgs.pkgs = meta.pkgs; nixpkgs.hostPlatform = meta.system; + clanCore.facts.secretStore = "password-store"; + imports = modules ++ defaultModules ++ [ + ./nixos/machines/${name}/configuration.nix + (sopsModule name) { imports = [ - ./nixos/machines/${name}/configuration.nix - (sopsModule name) + # this magically adds all my machines in the zero tier network + # and makes the controller accept them. + # will automatic look into `/machines//facts/zerotier-ip + inputs.clan-core.clanModules.zerotier-static-peers + # Statically configure the host names of machines based on their respective zerotier-ip. + inputs.clan-core.clanModules.static-hosts ]; + clan.static-hosts.topLevelDomain = "bear"; } ]; }; @@ -294,7 +301,7 @@ # Define your clan clan = { - # Clan wide settings. (Required) + # Clan wide settings. clanName = "gummybears"; # Ensure to choose a unique name. specialArgs = meta.specialArgs; @@ -372,8 +379,8 @@ homeManagerModules retiolum.nixosModules.retiolum private_assets.nixosModules.chungus - srvos.nixosModules.server - srvos.nixosModules.mixins-terminfo + #srvos.nixosModules.server + #srvos.nixosModules.mixins-terminfo { home-manager.users.mainUser = import ./nixos/homes/palo; home-manager.users.root = import ./nixos/homes/root; @@ -389,6 +396,12 @@ host = "orbi.private"; # host = "95.216.66.212"; modules = [ + { + clan.networking.zerotier.controller = { + enable = true; + public = false; + }; + } homeManagerModules srvos.nixosModules.hardware-hetzner-online-intel srvos.nixosModules.server diff --git a/nixos/components/network/hosts.nix b/nixos/components/network/hosts.nix index 0202aab..cda10f4 100644 --- a/nixos/components/network/hosts.nix +++ b/nixos/components/network/hosts.nix @@ -1,6 +1,5 @@ { networking.extraHosts = '' - 144.76.13.147 robi - 95.216.66.212 orbi + 95.216.66.212 orbi.public ''; } diff --git a/nixos/components/network/sshd/default.nix b/nixos/components/network/sshd/default.nix index 5f5779c..b92a6d2 100644 --- a/nixos/components/network/sshd/default.nix +++ b/nixos/components/network/sshd/default.nix @@ -82,7 +82,8 @@ in users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles; - services.openssh.banner = builtins.readFile sshBanner; + # todo enable again when I can it's possible to set the `-q` ssh option in clan + #services.openssh.banner = builtins.readFile sshBanner; }) diff --git a/nixos/machines/cherry/hardware-configuration/default.nix b/nixos/machines/cherry/hardware-configuration/default.nix index a1d76e6..ffe7de7 100644 --- a/nixos/machines/cherry/hardware-configuration/default.nix +++ b/nixos/machines/cherry/hardware-configuration/default.nix @@ -5,9 +5,9 @@ ./hardware-configuration.nix ]; - boot.tmp.useTmpfs = true; - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; + boot.tmp.useTmpfs = true; # ZFS stuff # --------- diff --git a/nixos/machines/chungus/configuration.nix b/nixos/machines/chungus/configuration.nix index 155170f..1e12b0a 100644 --- a/nixos/machines/chungus/configuration.nix +++ b/nixos/machines/chungus/configuration.nix @@ -35,7 +35,7 @@ ./telemetry/telegraf.nix #./telemetry/opentelemetry-hass.nix ./telemetry/prometheus.nix - ./telemetry/loki.nix + #./telemetry/loki.nix # todo enable this one again ./sync-rbackup.nix ./sync-syncoid.nix diff --git a/nixos/machines/chungus/hardware-configuration/default.nix b/nixos/machines/chungus/hardware-configuration/default.nix index 07fd309..d6e867a 100644 --- a/nixos/machines/chungus/hardware-configuration/default.nix +++ b/nixos/machines/chungus/hardware-configuration/default.nix @@ -12,8 +12,8 @@ kernelModules = [ "e1000e" ]; }; - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.enable = true; boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) boot.supportedFilesystems = [ "zfs" ]; diff --git a/nixos/machines/chungus/telemetry/loki.nix b/nixos/machines/chungus/telemetry/loki.nix index da030b3..d161207 100644 --- a/nixos/machines/chungus/telemetry/loki.nix +++ b/nixos/machines/chungus/telemetry/loki.nix @@ -61,7 +61,7 @@ max_chunk_age = "1h"; chunk_target_size = 999999; chunk_retain_period = "30s"; - max_transfer_retries = 0; + #max_transfer_retries = 0; }; schema_config = { @@ -82,7 +82,7 @@ active_index_directory = "/var/lib/loki/boltdb-shipper-active"; cache_location = "/var/lib/loki/boltdb-shipper-cache"; cache_ttl = "24h"; - shared_store = "filesystem"; + #shared_store = "filesystem"; }; filesystem = { @@ -95,9 +95,9 @@ reject_old_samples_max_age = "168h"; }; - chunk_store_config = { - max_look_back_period = "0s"; - }; + #chunk_store_config = { + # max_look_back_period = "0s"; + #}; table_manager = { retention_deletes_enabled = false; @@ -106,7 +106,7 @@ compactor = { working_directory = "/var/lib/loki"; - shared_store = "filesystem"; + #shared_store = "filesystem"; compactor_ring = { kvstore = { store = "inmemory";