use zerotier with clan

This commit is contained in:
Ingolf Wagner 2024-05-29 20:16:04 +02:00
parent 59c0f5d4ed
commit 70f8da231e
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
8 changed files with 59 additions and 47 deletions

View file

@ -148,17 +148,16 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1716901339, "dirtyRev": "594563087080cb7b7eeefa72d8950606bcd5a8d4-dirty",
"narHash": "sha256-LGlFJ0+bydJdbvLLkfUx95mYMNHewyN3daq+UfhhRLs=", "dirtyShortRev": "59456308-dirty",
"ref": "refs/heads/main", "lastModified": 1716997734,
"rev": "52584662a8b8217e11b6e057bcca1846b4cb2934", "narHash": "sha256-roe466ziVbGxr/UIRXMLpHCEC5Qj0Yyl9Dh+XOX6JmU=",
"revCount": 2887,
"type": "git", "type": "git",
"url": "https://git.clan.lol/clan/clan-core" "url": "file:///home/palo/dev/nixos/clan-core"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.clan.lol/clan/clan-core" "url": "file:///home/palo/dev/nixos/clan-core"
} }
}, },
"disko": { "disko": {
@ -169,11 +168,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716394172, "lastModified": 1716773194,
"narHash": "sha256-B+pNhV8GFeCj9/MoH+qtGqKbgv6fU4hGaw2+NoYYtB0=", "narHash": "sha256-rskkGmWlvYFb+CXedBiL8eWEuED0Es0XR4CkJ11RQKY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "23c63fb09334c3e8958b57e2ddc3870b75b9111d", "rev": "10986091e47fb1180620b78438512b294b7e8f67",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -542,11 +541,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1716847642, "lastModified": 1716930911,
"narHash": "sha256-rjEswRV0o23eBBils8lJXyIGha+l/VjV73IPg+ztxgk=", "narHash": "sha256-t4HT5j3Jy7skRB5PINnxcEBCkgE89rGBpwTI7YS4Ffo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "10c7c219b7dae5795fb67f465a0d86cbe29f25fa", "rev": "a9b36cbe9292a649222b89fdb9ae9907e9c74086",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -651,11 +650,11 @@
}, },
"nixos-2311": { "nixos-2311": {
"locked": { "locked": {
"lastModified": 1715818734, "lastModified": 1716767563,
"narHash": "sha256-WvAJWCwPj/6quKcsgsvQYyZRxV8ho/yUzj0HZQ34DVU=", "narHash": "sha256-xaSLDTqKIU55HsCkDnzFKmPiJO2z1xAAvrhUlwlmT2M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "95742536dc6debb5a8b8b78b27001c38f369f1e7", "rev": "0c007b36981bdbd69ccf0c7df30a174e63660667",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -697,11 +696,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716123454, "lastModified": 1716210724,
"narHash": "sha256-U2o4UPM/UsEyIX2p11+YEQgR9HY3PmjZ2mRl/x5e4xo=", "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "a63e0c83dd83fe28cc571b97129e13373436bd82", "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -734,11 +733,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716132123, "lastModified": 1716786664,
"narHash": "sha256-rATSWbPaKQfZGaemu0tHL2xfCzVIVwpuTjk+KSBC+k4=", "narHash": "sha256-iszhOLhxnv+TX/XM2gAX4LhTCoMzLuG51ObZq/eyDx8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-images", "repo": "nixos-images",
"rev": "8c9cab8c44434c12dafc465fbf61a710c5bceb08", "rev": "2478833ef8cc6de3d9e331f53b6f3682e425f207",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1275,11 +1274,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716087663, "lastModified": 1716692524,
"narHash": "sha256-zuSAGlx8Qk0OILGCC2GUyZ58/SJ5R3GZdeUNQ6IS0fQ=", "narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "0bf1808e70ce80046b0cff821c019df2b19aabf5", "rev": "962797a8d7f15ed7033031731d0bb77244839960",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -10,7 +10,8 @@
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
clan-core = { clan-core = {
url = "git+https://git.clan.lol/clan/clan-core"; #url = "git+https://git.clan.lol/clan/clan-core";
url = "git+file:///home/palo/dev/nixos/clan-core";
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable. inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
inputs.flake-parts.follows = "flake-parts"; inputs.flake-parts.follows = "flake-parts";
}; };
@ -183,21 +184,27 @@
{ name { name
, host , host
, modules , modules
#, nixpackages ? meta.nixpkgs
}: { }: {
clan.networking.targetHost = lib.mkDefault "root@${host}"; clan.networking.targetHost = lib.mkDefault "root@${host}";
#nixpkgs.pkgs = nixpackages;
nixpkgs.pkgs = meta.pkgs; nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system; nixpkgs.hostPlatform = meta.system;
clanCore.facts.secretStore = "password-store";
imports = modules ++ defaultModules ++ [ imports = modules ++ defaultModules ++ [
./nixos/machines/${name}/configuration.nix
(sopsModule name)
{ {
imports = [ imports = [
./nixos/machines/${name}/configuration.nix # this magically adds all my machines in the zero tier network
(sopsModule name) # and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
]; ];
clan.static-hosts.topLevelDomain = "bear";
} }
]; ];
}; };
@ -294,7 +301,7 @@
# Define your clan # Define your clan
clan = { clan = {
# Clan wide settings. (Required) # Clan wide settings.
clanName = "gummybears"; # Ensure to choose a unique name. clanName = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs; specialArgs = meta.specialArgs;
@ -372,8 +379,8 @@
homeManagerModules homeManagerModules
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
private_assets.nixosModules.chungus private_assets.nixosModules.chungus
srvos.nixosModules.server #srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo #srvos.nixosModules.mixins-terminfo
{ {
home-manager.users.mainUser = import ./nixos/homes/palo; home-manager.users.mainUser = import ./nixos/homes/palo;
home-manager.users.root = import ./nixos/homes/root; home-manager.users.root = import ./nixos/homes/root;
@ -389,6 +396,12 @@
host = "orbi.private"; host = "orbi.private";
# host = "95.216.66.212"; # host = "95.216.66.212";
modules = [ modules = [
{
clan.networking.zerotier.controller = {
enable = true;
public = false;
};
}
homeManagerModules homeManagerModules
srvos.nixosModules.hardware-hetzner-online-intel srvos.nixosModules.hardware-hetzner-online-intel
srvos.nixosModules.server srvos.nixosModules.server

View file

@ -1,6 +1,5 @@
{ {
networking.extraHosts = '' networking.extraHosts = ''
144.76.13.147 robi 95.216.66.212 orbi.public
95.216.66.212 orbi
''; '';
} }

View file

@ -82,7 +82,8 @@ in
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles; users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
services.openssh.banner = builtins.readFile sshBanner; # todo enable again when I can it's possible to set the `-q` ssh option in clan
#services.openssh.banner = builtins.readFile sshBanner;
}) })

View file

@ -5,9 +5,9 @@
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
boot.tmp.useTmpfs = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
boot.tmp.useTmpfs = true;
# ZFS stuff # ZFS stuff
# --------- # ---------

View file

@ -35,7 +35,7 @@
./telemetry/telegraf.nix ./telemetry/telegraf.nix
#./telemetry/opentelemetry-hass.nix #./telemetry/opentelemetry-hass.nix
./telemetry/prometheus.nix ./telemetry/prometheus.nix
./telemetry/loki.nix #./telemetry/loki.nix # todo enable this one again
./sync-rbackup.nix ./sync-rbackup.nix
./sync-syncoid.nix ./sync-syncoid.nix

View file

@ -12,8 +12,8 @@
kernelModules = [ "e1000e" ]; kernelModules = [ "e1000e" ];
}; };
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];

View file

@ -61,7 +61,7 @@
max_chunk_age = "1h"; max_chunk_age = "1h";
chunk_target_size = 999999; chunk_target_size = 999999;
chunk_retain_period = "30s"; chunk_retain_period = "30s";
max_transfer_retries = 0; #max_transfer_retries = 0;
}; };
schema_config = { schema_config = {
@ -82,7 +82,7 @@
active_index_directory = "/var/lib/loki/boltdb-shipper-active"; active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache"; cache_location = "/var/lib/loki/boltdb-shipper-cache";
cache_ttl = "24h"; cache_ttl = "24h";
shared_store = "filesystem"; #shared_store = "filesystem";
}; };
filesystem = { filesystem = {
@ -95,9 +95,9 @@
reject_old_samples_max_age = "168h"; reject_old_samples_max_age = "168h";
}; };
chunk_store_config = { #chunk_store_config = {
max_look_back_period = "0s"; # max_look_back_period = "0s";
}; #};
table_manager = { table_manager = {
retention_deletes_enabled = false; retention_deletes_enabled = false;
@ -106,7 +106,7 @@
compactor = { compactor = {
working_directory = "/var/lib/loki"; working_directory = "/var/lib/loki";
shared_store = "filesystem"; #shared_store = "filesystem";
compactor_ring = { compactor_ring = {
kvstore = { kvstore = {
store = "inmemory"; store = "inmemory";