use zerotier with clan
This commit is contained in:
parent
59c0f5d4ed
commit
70f8da231e
8 changed files with 59 additions and 47 deletions
49
flake.lock
49
flake.lock
|
@ -148,17 +148,16 @@
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716901339,
|
"dirtyRev": "594563087080cb7b7eeefa72d8950606bcd5a8d4-dirty",
|
||||||
"narHash": "sha256-LGlFJ0+bydJdbvLLkfUx95mYMNHewyN3daq+UfhhRLs=",
|
"dirtyShortRev": "59456308-dirty",
|
||||||
"ref": "refs/heads/main",
|
"lastModified": 1716997734,
|
||||||
"rev": "52584662a8b8217e11b6e057bcca1846b4cb2934",
|
"narHash": "sha256-roe466ziVbGxr/UIRXMLpHCEC5Qj0Yyl9Dh+XOX6JmU=",
|
||||||
"revCount": 2887,
|
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.clan.lol/clan/clan-core"
|
"url": "file:///home/palo/dev/nixos/clan-core"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.clan.lol/clan/clan-core"
|
"url": "file:///home/palo/dev/nixos/clan-core"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"disko": {
|
"disko": {
|
||||||
|
@ -169,11 +168,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716394172,
|
"lastModified": 1716773194,
|
||||||
"narHash": "sha256-B+pNhV8GFeCj9/MoH+qtGqKbgv6fU4hGaw2+NoYYtB0=",
|
"narHash": "sha256-rskkGmWlvYFb+CXedBiL8eWEuED0Es0XR4CkJ11RQKY=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "23c63fb09334c3e8958b57e2ddc3870b75b9111d",
|
"rev": "10986091e47fb1180620b78438512b294b7e8f67",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -542,11 +541,11 @@
|
||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": "nixpkgs_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716847642,
|
"lastModified": 1716930911,
|
||||||
"narHash": "sha256-rjEswRV0o23eBBils8lJXyIGha+l/VjV73IPg+ztxgk=",
|
"narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "10c7c219b7dae5795fb67f465a0d86cbe29f25fa",
|
"rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -651,11 +650,11 @@
|
||||||
},
|
},
|
||||||
"nixos-2311": {
|
"nixos-2311": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715818734,
|
"lastModified": 1716767563,
|
||||||
"narHash": "sha256-WvAJWCwPj/6quKcsgsvQYyZRxV8ho/yUzj0HZQ34DVU=",
|
"narHash": "sha256-xaSLDTqKIU55HsCkDnzFKmPiJO2z1xAAvrhUlwlmT2M=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "95742536dc6debb5a8b8b78b27001c38f369f1e7",
|
"rev": "0c007b36981bdbd69ccf0c7df30a174e63660667",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -697,11 +696,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716123454,
|
"lastModified": 1716210724,
|
||||||
"narHash": "sha256-U2o4UPM/UsEyIX2p11+YEQgR9HY3PmjZ2mRl/x5e4xo=",
|
"narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "a63e0c83dd83fe28cc571b97129e13373436bd82",
|
"rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -734,11 +733,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716132123,
|
"lastModified": 1716786664,
|
||||||
"narHash": "sha256-rATSWbPaKQfZGaemu0tHL2xfCzVIVwpuTjk+KSBC+k4=",
|
"narHash": "sha256-iszhOLhxnv+TX/XM2gAX4LhTCoMzLuG51ObZq/eyDx8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-images",
|
"repo": "nixos-images",
|
||||||
"rev": "8c9cab8c44434c12dafc465fbf61a710c5bceb08",
|
"rev": "2478833ef8cc6de3d9e331f53b6f3682e425f207",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1275,11 +1274,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716087663,
|
"lastModified": 1716692524,
|
||||||
"narHash": "sha256-zuSAGlx8Qk0OILGCC2GUyZ58/SJ5R3GZdeUNQ6IS0fQ=",
|
"narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "0bf1808e70ce80046b0cff821c019df2b19aabf5",
|
"rev": "962797a8d7f15ed7033031731d0bb77244839960",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
31
flake.nix
31
flake.nix
|
@ -10,7 +10,8 @@
|
||||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||||
|
|
||||||
clan-core = {
|
clan-core = {
|
||||||
url = "git+https://git.clan.lol/clan/clan-core";
|
#url = "git+https://git.clan.lol/clan/clan-core";
|
||||||
|
url = "git+file:///home/palo/dev/nixos/clan-core";
|
||||||
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
|
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
|
||||||
inputs.flake-parts.follows = "flake-parts";
|
inputs.flake-parts.follows = "flake-parts";
|
||||||
};
|
};
|
||||||
|
@ -183,21 +184,27 @@
|
||||||
{ name
|
{ name
|
||||||
, host
|
, host
|
||||||
, modules
|
, modules
|
||||||
#, nixpackages ? meta.nixpkgs
|
|
||||||
}: {
|
}: {
|
||||||
|
|
||||||
clan.networking.targetHost = lib.mkDefault "root@${host}";
|
clan.networking.targetHost = lib.mkDefault "root@${host}";
|
||||||
|
|
||||||
#nixpkgs.pkgs = nixpackages;
|
|
||||||
nixpkgs.pkgs = meta.pkgs;
|
nixpkgs.pkgs = meta.pkgs;
|
||||||
nixpkgs.hostPlatform = meta.system;
|
nixpkgs.hostPlatform = meta.system;
|
||||||
|
clanCore.facts.secretStore = "password-store";
|
||||||
|
|
||||||
|
|
||||||
imports = modules ++ defaultModules ++ [
|
imports = modules ++ defaultModules ++ [
|
||||||
|
./nixos/machines/${name}/configuration.nix
|
||||||
|
(sopsModule name)
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./nixos/machines/${name}/configuration.nix
|
# this magically adds all my machines in the zero tier network
|
||||||
(sopsModule name)
|
# and makes the controller accept them.
|
||||||
|
# will automatic look into `/machines/<name>/facts/zerotier-ip
|
||||||
|
inputs.clan-core.clanModules.zerotier-static-peers
|
||||||
|
# Statically configure the host names of machines based on their respective zerotier-ip.
|
||||||
|
inputs.clan-core.clanModules.static-hosts
|
||||||
];
|
];
|
||||||
|
clan.static-hosts.topLevelDomain = "bear";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -294,7 +301,7 @@
|
||||||
|
|
||||||
# Define your clan
|
# Define your clan
|
||||||
clan = {
|
clan = {
|
||||||
# Clan wide settings. (Required)
|
# Clan wide settings.
|
||||||
clanName = "gummybears"; # Ensure to choose a unique name.
|
clanName = "gummybears"; # Ensure to choose a unique name.
|
||||||
specialArgs = meta.specialArgs;
|
specialArgs = meta.specialArgs;
|
||||||
|
|
||||||
|
@ -372,8 +379,8 @@
|
||||||
homeManagerModules
|
homeManagerModules
|
||||||
retiolum.nixosModules.retiolum
|
retiolum.nixosModules.retiolum
|
||||||
private_assets.nixosModules.chungus
|
private_assets.nixosModules.chungus
|
||||||
srvos.nixosModules.server
|
#srvos.nixosModules.server
|
||||||
srvos.nixosModules.mixins-terminfo
|
#srvos.nixosModules.mixins-terminfo
|
||||||
{
|
{
|
||||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||||
home-manager.users.root = import ./nixos/homes/root;
|
home-manager.users.root = import ./nixos/homes/root;
|
||||||
|
@ -389,6 +396,12 @@
|
||||||
host = "orbi.private";
|
host = "orbi.private";
|
||||||
# host = "95.216.66.212";
|
# host = "95.216.66.212";
|
||||||
modules = [
|
modules = [
|
||||||
|
{
|
||||||
|
clan.networking.zerotier.controller = {
|
||||||
|
enable = true;
|
||||||
|
public = false;
|
||||||
|
};
|
||||||
|
}
|
||||||
homeManagerModules
|
homeManagerModules
|
||||||
srvos.nixosModules.hardware-hetzner-online-intel
|
srvos.nixosModules.hardware-hetzner-online-intel
|
||||||
srvos.nixosModules.server
|
srvos.nixosModules.server
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{
|
{
|
||||||
networking.extraHosts = ''
|
networking.extraHosts = ''
|
||||||
144.76.13.147 robi
|
95.216.66.212 orbi.public
|
||||||
95.216.66.212 orbi
|
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -82,7 +82,8 @@ in
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
|
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
|
||||||
|
|
||||||
services.openssh.banner = builtins.readFile sshBanner;
|
# todo enable again when I can it's possible to set the `-q` ssh option in clan
|
||||||
|
#services.openssh.banner = builtins.readFile sshBanner;
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.tmp.useTmpfs = true;
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.tmp.useTmpfs = true;
|
||||||
|
|
||||||
# ZFS stuff
|
# ZFS stuff
|
||||||
# ---------
|
# ---------
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
./telemetry/telegraf.nix
|
./telemetry/telegraf.nix
|
||||||
#./telemetry/opentelemetry-hass.nix
|
#./telemetry/opentelemetry-hass.nix
|
||||||
./telemetry/prometheus.nix
|
./telemetry/prometheus.nix
|
||||||
./telemetry/loki.nix
|
#./telemetry/loki.nix # todo enable this one again
|
||||||
|
|
||||||
./sync-rbackup.nix
|
./sync-rbackup.nix
|
||||||
./sync-syncoid.nix
|
./sync-syncoid.nix
|
||||||
|
|
|
@ -12,8 +12,8 @@
|
||||||
kernelModules = [ "e1000e" ];
|
kernelModules = [ "e1000e" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
|
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
|
||||||
|
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
|
@ -61,7 +61,7 @@
|
||||||
max_chunk_age = "1h";
|
max_chunk_age = "1h";
|
||||||
chunk_target_size = 999999;
|
chunk_target_size = 999999;
|
||||||
chunk_retain_period = "30s";
|
chunk_retain_period = "30s";
|
||||||
max_transfer_retries = 0;
|
#max_transfer_retries = 0;
|
||||||
};
|
};
|
||||||
|
|
||||||
schema_config = {
|
schema_config = {
|
||||||
|
@ -82,7 +82,7 @@
|
||||||
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
|
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
|
||||||
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
||||||
cache_ttl = "24h";
|
cache_ttl = "24h";
|
||||||
shared_store = "filesystem";
|
#shared_store = "filesystem";
|
||||||
};
|
};
|
||||||
|
|
||||||
filesystem = {
|
filesystem = {
|
||||||
|
@ -95,9 +95,9 @@
|
||||||
reject_old_samples_max_age = "168h";
|
reject_old_samples_max_age = "168h";
|
||||||
};
|
};
|
||||||
|
|
||||||
chunk_store_config = {
|
#chunk_store_config = {
|
||||||
max_look_back_period = "0s";
|
# max_look_back_period = "0s";
|
||||||
};
|
#};
|
||||||
|
|
||||||
table_manager = {
|
table_manager = {
|
||||||
retention_deletes_enabled = false;
|
retention_deletes_enabled = false;
|
||||||
|
@ -106,7 +106,7 @@
|
||||||
|
|
||||||
compactor = {
|
compactor = {
|
||||||
working_directory = "/var/lib/loki";
|
working_directory = "/var/lib/loki";
|
||||||
shared_store = "filesystem";
|
#shared_store = "filesystem";
|
||||||
compactor_ring = {
|
compactor_ring = {
|
||||||
kvstore = {
|
kvstore = {
|
||||||
store = "inmemory";
|
store = "inmemory";
|
||||||
|
|
Loading…
Reference in a new issue