add minio
This commit is contained in:
parent
f2ccda12b9
commit
8a246bd25d
6 changed files with 79 additions and 20 deletions
9
.vscode/extensions.json
vendored
Normal file
9
.vscode/extensions.json
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"recommendations": [
|
||||
"hashicorp.terraform",
|
||||
"ms-kubernetes-tools.vscode-kubernetes-tools",
|
||||
"jnoortheen.nix-ide",
|
||||
"brettm12345.nixfmt-vscode",
|
||||
"redhat.vscode-yaml"
|
||||
]
|
||||
}
|
6
flake.lock
generated
6
flake.lock
generated
|
@ -196,11 +196,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1637469704,
|
||||
"narHash": "sha256-tNbrZZDHCLBw5/3REe8Dm/WMYiAXgXy7n5GuhRn5lI0=",
|
||||
"lastModified": 1637509688,
|
||||
"narHash": "sha256-NcKdyLZflWeSrwgavNGIG7LcP6XBcYGne04HIzWP1D4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "296032dd5ff5e4c266782e73f9c00ee044f19c70",
|
||||
"rev": "53edfe1d1c51c38e2adc4d8eb37a7a2657e3fe01",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
33
flake.nix
33
flake.nix
|
@ -25,7 +25,7 @@
|
|||
"${profile}" = lib.nixosSystem {
|
||||
inherit system;
|
||||
modules =
|
||||
[ "${./.}/nixos/hosts/${profile}/configuration.nix" ./nixos/common ]
|
||||
[ ./nixos/common ./nixos/hosts/${profile}/configuration.nix ]
|
||||
++ (if lxc then [
|
||||
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
|
||||
./nixos/common/generic-lxc.nix
|
||||
|
@ -50,21 +50,28 @@
|
|||
|
||||
# Import all nixos host definitions that are actual nix machines
|
||||
nixHosts = filter ({ nix ? true, ... }: nix) hosts;
|
||||
in {
|
||||
# Make the config and deploy sets
|
||||
nixosConfigurations =
|
||||
lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
|
||||
|
||||
deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;
|
||||
|
||||
# Use by running `nix develop`
|
||||
devShell.${system} = let
|
||||
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system}
|
||||
[ vault-secrets.overlay ];
|
||||
in pkgs.mkShell {
|
||||
in {
|
||||
# Make the config and deploy sets
|
||||
nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
|
||||
deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;
|
||||
|
||||
apps.x86_64-linux.vault-push-approles = {
|
||||
type = "app";
|
||||
program = "${pkgs.vault-push-approles self}/bin/vault-push-approles";
|
||||
};
|
||||
apps.x86_64-linux.vault-push-approle-envs = {
|
||||
type = "app";
|
||||
program =
|
||||
"${pkgs.vault-push-approle-envs self}/bin/vault-push-approle-envs";
|
||||
};
|
||||
|
||||
# Use by running `nix develop`
|
||||
devShell.${system} = pkgs.mkShell {
|
||||
VAULT_ADDR = "http://10.42.42.6:8200/";
|
||||
# This only support bash so just execute zsh in bash as a workaround :/
|
||||
shellHook = "${pkgs.zsh}/bin/zsh; exit";
|
||||
buildInputs = with pkgs; [
|
||||
deploy-rs.packages.${system}.deploy-rs
|
||||
fluxcd
|
||||
|
@ -75,8 +82,8 @@
|
|||
nixfmt
|
||||
nixUnstable
|
||||
vault
|
||||
(vault-push-approle-envs self)
|
||||
(vault-push-approles self)
|
||||
(vault-push-approle-envs self { })
|
||||
(vault-push-approles self { })
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -70,4 +70,10 @@
|
|||
ip = "10.42.42.16";
|
||||
mac = "B6:04:0B:CD:0F:9F";
|
||||
}
|
||||
{
|
||||
hostname = "minio";
|
||||
profile = "dns";
|
||||
ip = "10.42.42.17";
|
||||
mac = "0A:06:5E:E7:9A:0C";
|
||||
}
|
||||
]
|
||||
|
|
|
@ -18,8 +18,11 @@
|
|||
nix = {
|
||||
package = pkgs.nixUnstable;
|
||||
autoOptimiseStore = true;
|
||||
binaryCaches =
|
||||
[ "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" ];
|
||||
binaryCaches = [
|
||||
"https://cachix.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
"https://nixpkgs-review-bot.cachix.org"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
|
@ -49,4 +52,5 @@
|
|||
vaultAddress = "http://10.42.42.6:8200/";
|
||||
approlePrefix = "olympus-${config.networking.hostName}";
|
||||
};
|
||||
|
||||
}
|
||||
|
|
33
nixos/hosts/minio/configuration.nix
Normal file
33
nixos/hosts/minio/configuration.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
vs = config.vault-secrets.secrets;
|
||||
in
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
networking.hostName = "minio";
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.11"; # Did you read the comment?
|
||||
|
||||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 9000 9001 ];
|
||||
|
||||
vault-secrets.secrets.minio = { };
|
||||
|
||||
services.minio = {
|
||||
enable = true;
|
||||
rootCredentialsFile = "${vs.minio}/environment";
|
||||
};
|
||||
}
|
Loading…
Add table
Reference in a new issue