v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

add minio

Browse source
This commit is contained in:
Vivian 2021-11-22 00:10:21 +01:00
parent f2ccda12b9
commit 8a246bd25d
6 changed files with 79 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.vscode/extensions.json vendored Normal file
View file

@ -0,0 +1,9 @@
{
"recommendations": [
"hashicorp.terraform",
"ms-kubernetes-tools.vscode-kubernetes-tools",
"jnoortheen.nix-ide",
"brettm12345.nixfmt-vscode",
"redhat.vscode-yaml"
]
}

6
flake.lock generated
View file

@ -196,11 +196,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1637469704, "lastModified": 1637509688,
"narHash": "sha256-tNbrZZDHCLBw5/3REe8Dm/WMYiAXgXy7n5GuhRn5lI0=", "narHash": "sha256-NcKdyLZflWeSrwgavNGIG7LcP6XBcYGne04HIzWP1D4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "296032dd5ff5e4c266782e73f9c00ee044f19c70", "rev": "53edfe1d1c51c38e2adc4d8eb37a7a2657e3fe01",
"type": "github" "type": "github"
}, },
"original": { "original": {

33
flake.nix
View file

@ -25,7 +25,7 @@
"${profile}" = lib.nixosSystem { "${profile}" = lib.nixosSystem {
inherit system; inherit system;
modules = modules =
[ "${./.}/nixos/hosts/${profile}/configuration.nix" ./nixos/common ] [ ./nixos/common ./nixos/hosts/${profile}/configuration.nix ]
++ (if lxc then [ ++ (if lxc then [
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
./nixos/common/generic-lxc.nix ./nixos/common/generic-lxc.nix
@ -50,21 +50,28 @@
# Import all nixos host definitions that are actual nix machines # Import all nixos host definitions that are actual nix machines
nixHosts = filter ({ nix ? true, ... }: nix) hosts; nixHosts = filter ({ nix ? true, ... }: nix) hosts;
in {
# Make the config and deploy sets
nixosConfigurations =
lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;
# Use by running `nix develop`
devShell.${system} = let
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system}
[ vault-secrets.overlay ]; [ vault-secrets.overlay ];
in pkgs.mkShell { in {
# Make the config and deploy sets
nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;
apps.x86_64-linux.vault-push-approles = {
type = "app";
program = "${pkgs.vault-push-approles self}/bin/vault-push-approles";
};
apps.x86_64-linux.vault-push-approle-envs = {
type = "app";
program =
"${pkgs.vault-push-approle-envs self}/bin/vault-push-approle-envs";
};
# Use by running `nix develop`
devShell.${system} = pkgs.mkShell {
VAULT_ADDR = "http://10.42.42.6:8200/"; VAULT_ADDR = "http://10.42.42.6:8200/";
# This only support bash so just execute zsh in bash as a workaround :/ # This only support bash so just execute zsh in bash as a workaround :/
shellHook = "${pkgs.zsh}/bin/zsh; exit";
buildInputs = with pkgs; [ buildInputs = with pkgs; [
deploy-rs.packages.${system}.deploy-rs deploy-rs.packages.${system}.deploy-rs
fluxcd fluxcd
@ -75,8 +82,8 @@
nixfmt nixfmt
nixUnstable nixUnstable
vault vault
(vault-push-approle-envs self) (vault-push-approle-envs self { })
(vault-push-approles self) (vault-push-approles self { })
]; ];
}; };

6
hosts.nix
View file

@ -70,4 +70,10 @@
ip = "10.42.42.16"; ip = "10.42.42.16";
mac = "B6:04:0B:CD:0F:9F"; mac = "B6:04:0B:CD:0F:9F";
} }
{
hostname = "minio";
profile = "dns";
ip = "10.42.42.17";
mac = "0A:06:5E:E7:9A:0C";
}
] ]

8
nixos/common/default.nix
View file

@ -18,8 +18,11 @@
nix = { nix = {
package = pkgs.nixUnstable; package = pkgs.nixUnstable;
autoOptimiseStore = true; autoOptimiseStore = true;
binaryCaches = binaryCaches = [
[ "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" ]; "https://cachix.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
];
binaryCachePublicKeys = [ binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
@ -49,4 +52,5 @@
vaultAddress = "http://10.42.42.6:8200/"; vaultAddress = "http://10.42.42.6:8200/";
approlePrefix = "olympus-${config.networking.hostName}"; approlePrefix = "olympus-${config.networking.hostName}";
}; };
} }

33
nixos/hosts/minio/configuration.nix Normal file
View file

@ -0,0 +1,33 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let
vs = config.vault-secrets.secrets;
in
{
imports = [ ];
networking.hostName = "minio";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
# Additional packages
environment.systemPackages = with pkgs; [ ];
networking.firewall.allowedTCPPorts = [ 9000 9001 ];
vault-secrets.secrets.minio = { };
services.minio = {
enable = true;
rootCredentialsFile = "${vs.minio}/environment";
};
}