add minio

2021-11-22 00:10:21 +01:00 · 2021-11-22 00:10:21 +01:00 · 8a246bd25d
commit 8a246bd25d
parent f2ccda12b9
6 changed files with 79 additions and 20 deletions
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@ -0,0 +1,9 @@
+{
+    "recommendations": [
+        "hashicorp.terraform",
+        "ms-kubernetes-tools.vscode-kubernetes-tools",
+        "jnoortheen.nix-ide",
+        "brettm12345.nixfmt-vscode",
+        "redhat.vscode-yaml"
+    ]
+}
--- a/flake.lock
+++ b/flake.lock
@ -196,11 +196,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1637469704,
-        "narHash": "sha256-tNbrZZDHCLBw5/3REe8Dm/WMYiAXgXy7n5GuhRn5lI0=",
+        "lastModified": 1637509688,
+        "narHash": "sha256-NcKdyLZflWeSrwgavNGIG7LcP6XBcYGne04HIzWP1D4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "296032dd5ff5e4c266782e73f9c00ee044f19c70",
+        "rev": "53edfe1d1c51c38e2adc4d8eb37a7a2657e3fe01",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -25,7 +25,7 @@
        "${profile}" = lib.nixosSystem {
          inherit system;
          modules =
-            [ "${./.}/nixos/hosts/${profile}/configuration.nix" ./nixos/common ]
+            [ ./nixos/common ./nixos/hosts/${profile}/configuration.nix  ]
            ++ (if lxc then [
              "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
              ./nixos/common/generic-lxc.nix
@ -50,21 +50,28 @@

      # Import all nixos host definitions that are actual nix machines
      nixHosts = filter ({ nix ? true, ... }: nix) hosts;
+
+      pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system}
+        [ vault-secrets.overlay ];
    in {
      # Make the config and deploy sets
-      nixosConfigurations =
-        lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
-
+      nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
      deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;

+      apps.x86_64-linux.vault-push-approles = {
+        type = "app";
+        program = "${pkgs.vault-push-approles self}/bin/vault-push-approles";
+      };
+      apps.x86_64-linux.vault-push-approle-envs = {
+        type = "app";
+        program =
+          "${pkgs.vault-push-approle-envs self}/bin/vault-push-approle-envs";
+      };
+
      # Use by running `nix develop`
-      devShell.${system} = let
-        pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system}
-          [ vault-secrets.overlay ];
-      in pkgs.mkShell {
+      devShell.${system} = pkgs.mkShell {
        VAULT_ADDR = "http://10.42.42.6:8200/";
        # This only support bash so just execute zsh in bash as a workaround :/
-        shellHook = "${pkgs.zsh}/bin/zsh; exit";
        buildInputs = with pkgs; [
          deploy-rs.packages.${system}.deploy-rs
          fluxcd
@ -75,8 +82,8 @@
          nixfmt
          nixUnstable
          vault
-          (vault-push-approle-envs self)
-          (vault-push-approles self)
+          (vault-push-approle-envs self { })
+          (vault-push-approles self { })
        ];
      };

--- a/hosts.nix
+++ b/hosts.nix
@ -70,4 +70,10 @@
    ip = "10.42.42.16";
    mac = "B6:04:0B:CD:0F:9F";
  }
+  {
+    hostname = "minio";
+    profile = "dns";
+    ip = "10.42.42.17";
+    mac = "0A:06:5E:E7:9A:0C";
+  }
 ]
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@ -18,8 +18,11 @@
  nix = {
    package = pkgs.nixUnstable;
    autoOptimiseStore = true;
-    binaryCaches =
-      [ "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" ];
+    binaryCaches = [
+      "https://cachix.cachix.org"
+      "https://nix-community.cachix.org"
+      "https://nixpkgs-review-bot.cachix.org"
+    ];
    binaryCachePublicKeys = [
      "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
@ -45,8 +48,9 @@
  services.openssh.enable = true;

  vault-secrets = {
-        vaultPrefix = "nixos/${config.networking.hostName}";
-        vaultAddress = "http://10.42.42.6:8200/";
-        approlePrefix = "olympus-${config.networking.hostName}";
-    };
+    vaultPrefix = "nixos/${config.networking.hostName}";
+    vaultAddress = "http://10.42.42.6:8200/";
+    approlePrefix = "olympus-${config.networking.hostName}";
+  };
+
 }
--- a/nixos/hosts/minio/configuration.nix
+++ b/nixos/hosts/minio/configuration.nix
@ -0,0 +1,33 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+let 
+vs = config.vault-secrets.secrets;
+in
+{
+  imports = [ ];
+
+  networking.hostName = "minio";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [ ];
+
+  networking.firewall.allowedTCPPorts = [ 9000 9001 ];
+
+  vault-secrets.secrets.minio = { };
+
+  services.minio = {
+    enable = true;
+    rootCredentialsFile = "${vs.minio}/environment";
+  };
+}