diff --git a/flake.lock b/flake.lock index 42c869e..56dff22 100644 --- a/flake.lock +++ b/flake.lock @@ -271,6 +271,22 @@ } }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1627913399, @@ -433,11 +449,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1672780900, - "narHash": "sha256-DxuSn6BdkZapIbg76xzYx1KhVPEZeBexMkt1q/sMVPA=", + "lastModified": 1673343300, + "narHash": "sha256-5Xdj6kpXYMie0MlnGwqK5FaMdsedxvyuakWtyKB3zaQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "54245e1820caabd8a0b53ce4d47e4d0fefe04cd4", + "rev": "176e455371a8371586e8a3ff0d56ee9f3ca2324e", "type": "github" }, "original": { @@ -454,11 +470,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1672757503, - "narHash": "sha256-2MKfXQ9f2GUYEt+Yht/Qp5JpkamRu5pqRGX0HVwe13Q=", + "lastModified": 1673295979, + "narHash": "sha256-8x+awd811HWf3ipRq680WZhaU6UUjCjyJj8PgCEMgoo=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "0e3547e0f6b4016aa308292a86c43cd47dd206fd", + "rev": "20a1a47e665da336a87caa3036682bd142aa02b8", "type": "github" }, "original": { @@ -468,29 +484,18 @@ } }, "hyprland-protocols": { - "flake": false, - "locked": { - "lastModified": 1670703428, - "narHash": "sha256-4KUW5SKR0Y9uaYGcYwy53YJ3B/sgiprCL4fRGO+mpOA=", - "owner": "hyprwm", - "repo": "hyprland-protocols", - "rev": "d0d6db8cb5bef6d93ca3ad8fb2124964173396da", - "type": "github" + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-protocols", - "type": "github" - } - }, - "hyprland-protocols_2": { - "flake": false, "locked": { - "lastModified": 1670703428, - "narHash": "sha256-4KUW5SKR0Y9uaYGcYwy53YJ3B/sgiprCL4fRGO+mpOA=", + "lastModified": 1671839510, + "narHash": "sha256-+PY1qqJfmZzzROgcIY4I7AkCwpnC+qBIYk2eFoA9RWc=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "d0d6db8cb5bef6d93ca3ad8fb2124964173396da", + "rev": "b8f55e02a328c47ed373133c52483bbfa20a1b75", "type": "github" }, "original": { @@ -506,11 +511,11 @@ ] }, "locked": { - "lastModified": 1672869224, - "narHash": "sha256-LqyBdWSQDDuNUdgJGlLOVcXFKaHeWOBfWtTEfqqQxQc=", + "lastModified": 1672925969, + "narHash": "sha256-d94BZH6gJ6s3GmudyKc4XleARpLnYkxhxa6YMb7yKAw=", "owner": "hyprwm", "repo": "hyprpaper", - "rev": "1c19aa2b4f2b9e70dd9a3d2105f396cf094b0e82", + "rev": "50852e531987d20c432122fbec7f1f089bc2dc09", "type": "github" }, "original": { @@ -553,6 +558,7 @@ "mailserver": { "inputs": { "blobs": "blobs", + "flake-compat": "flake-compat_3", "nixpkgs": [ "nixpkgs" ], @@ -560,11 +566,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1671659164, - "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", + "lastModified": 1671738303, + "narHash": "sha256-PRgqtaWf2kMSYqVmcnmhTh+UsC0RmvXRTr+EOw5VZUA=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", + "rev": "6d0d9fb966cc565a3df74d3b686f924c7615118c", "type": "gitlab" }, "original": { @@ -735,11 +741,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1672644464, - "narHash": "sha256-RYlvRMcQNT7FDoDkViijQBHg9g+blsB+U6AvL/gAsPI=", + "lastModified": 1673336835, + "narHash": "sha256-HMJ/Nt3+0MtgKfPfJSrC3/6yVAPQvZgv/7V9b49dG/c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ca29e25c39b8e117d4d76a81f1e229824a9b3a26", + "rev": "df029cfefc7494b399966cbb6b4fd692fa294fa3", "type": "github" }, "original": { @@ -751,11 +757,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1671722432, - "narHash": "sha256-ojcZUekIQeOZkHHzR81st7qxX99dB1Eaaq6PU5MNeKc=", + "lastModified": 1672791794, + "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "652e92b8064949a11bc193b90b74cb727f2a1405", + "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", "type": "github" }, "original": { @@ -800,11 +806,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1672897942, - "narHash": "sha256-5RijBVaikhHgBMaoZ3kG6W1QjPKcnHmJGJgY0TfzUIE=", + "lastModified": 1673296385, + "narHash": "sha256-zlDgiHh0k1GtB8g6wrBzWBDZIBoCNYXfI5+qWE5Rrjk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c575c59f986548cc3ecaf870f4d4d4791a175f4", + "rev": "92c151047e978f2e6abc809c20fb701b5b2d78b0", "type": "github" }, "original": { @@ -854,11 +860,11 @@ ] }, "locked": { - "lastModified": 1672434283, - "narHash": "sha256-AltegOzuCjlernfEGWQYmle1yGiDBaky+u35DhJvxqI=", + "lastModified": 1673354542, + "narHash": "sha256-T6U/1QQ1Pp1Y94SI5DuZCDTSWigQDSV7KV4fRw1/0Fc=", "owner": "pta2002", "repo": "nixvim", - "rev": "125ed74a423429e5af6796334b68400c78ac26b7", + "rev": "02f28c7b48b7ae6a7304b3d3bc649c25fb26817a", "type": "github" }, "original": { @@ -869,11 +875,11 @@ }, "nur": { "locked": { - "lastModified": 1672908458, - "narHash": "sha256-M/sq9vN+O1fFlAEwCS+plJuLmbDy8K3ULh1SSysbDf4=", + "lastModified": 1673362655, + "narHash": "sha256-pPp/Xzae8sVkzNrZK7nWKQyunelF6aw2AfmzR2lRDzI=", "owner": "nix-community", "repo": "NUR", - "rev": "b25df321856354c521b793ad3b7c30e77e15c93a", + "rev": "bf8b8390f15f9bcfbb46b540e17ed5e6eb4ed4ec", "type": "github" }, "original": { @@ -1125,7 +1131,7 @@ }, "vault-secrets": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_4", "nix": "nix", "nixpkgs": [ @@ -1186,11 +1192,11 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1671723353, - "narHash": "sha256-G1jiI0SA7eiZusO+iJytErMRNbKbwqJJJGL+sNoBNoQ=", + "lastModified": 1671183014, + "narHash": "sha256-oMWT5Zbe/3HFINAk38jNVxiZ4PCYvPJj2Jo4iiyBtm0=", "owner": "wlroots", "repo": "wlroots", - "rev": "b28a9afd4b0b86e9a66a40f6b44b69f59947b7d6", + "rev": "dc7cc98cf21a8dc19ab8895505500e3700646af0", "type": "gitlab" }, "original": { @@ -1202,18 +1208,21 @@ }, "xdph": { "inputs": { - "hyprland-protocols": "hyprland-protocols_2", + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], "nixpkgs": [ "hyprland", "nixpkgs" ] }, "locked": { - "lastModified": 1671837878, - "narHash": "sha256-OmFDyktTc/l+3wHboHeFpAQgPt3r7jjqZf8MrwuUGMo=", + "lastModified": 1673116118, + "narHash": "sha256-eR0yDSkR2XYMesfdRWJs25kAdXET2mbNNHu5t+KUcKA=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "e47f4cec698080768821b271510985ab94a37e91", + "rev": "d479c846531fd0e1d2357c9588b8310a2b859ef2", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 44d8b52..1499a9c 100644 --- a/flake.nix +++ b/flake.nix @@ -77,7 +77,9 @@ nixHosts = util.filter_nix_hosts flat_hosts; # Define args each module gets access to (access to hosts is useful for DNS/DHCP) - specialArgs = { inherit hosts flat_hosts inputs; }; + specialArgs = { + inherit hosts flat_hosts inputs; + }; pkgs = import nixpkgs { inherit system; overlays = [ diff --git a/nixos/common/users/victor.nix b/nixos/common/users/victor.nix index 76e69c9..6b6149a 100644 --- a/nixos/common/users/victor.nix +++ b/nixos/common/users/victor.nix @@ -14,6 +14,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 victor@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB victor@bastion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh victor@aoife" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc victor@nord" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le" ]; diff --git a/nixos/hosts/hades/overseerr/configuration.nix b/nixos/hosts/hades/overseerr/configuration.nix index 81a28b1..76ff579 100644 --- a/nixos/hosts/hades/overseerr/configuration.nix +++ b/nixos/hosts/hades/overseerr/configuration.nix @@ -16,7 +16,7 @@ system.stateVersion = "22.11"; # Did you read the comment? # Additional packages - environment.systemPackages = with pkgs; [ ]; + # environment.systemPackages = with pkgs; [ ]; networking.firewall.allowedTCPPorts = [ 5055 ]; diff --git a/nixos/hosts/olympus/kubernetes/README.md b/nixos/hosts/olympus/kubernetes/README.md new file mode 100644 index 0000000..216bd4b --- /dev/null +++ b/nixos/hosts/olympus/kubernetes/README.md @@ -0,0 +1,9 @@ +# Kubernetes NixOS LXC Container + +## Required proxmox config +```ini +lxc.apparmor.profile: unconfined +lxc.cgroup.devices.allow: a +lxc.cap.drop: +lxc.mount.auto: proc:rw sys:rw +``` diff --git a/nixos/hosts/olympus/kubernetes/configuration.nix b/nixos/hosts/olympus/kubernetes/configuration.nix index 7b6c670..1d0bc6c 100644 --- a/nixos/hosts/olympus/kubernetes/configuration.nix +++ b/nixos/hosts/olympus/kubernetes/configuration.nix @@ -2,10 +2,37 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +{ config, pkgs, hosts, ... }: +let + kubeMasterIP = config.deployment.targetHost; # TODO: set more reliably + kubeMasterHostname = + "${config.networking.hostName}.${config.networking.domain}"; + kubeMasterAPIServerPort = 6443; +in { + # resolve master hostname always + networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}"; -{ - imports = [ ]; + # packages for administration tasks + environment.systemPackages = with pkgs; [ kompose kubectl kubernetes k9s ]; + + # Kubernetes itself + services.kubernetes = { + roles = [ "master" "node" ]; + masterAddress = kubeMasterHostname; + apiserverAddress = + "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}"; + easyCerts = true; + apiserver = { + securePort = kubeMasterAPIServerPort; + advertiseAddress = kubeMasterIP; + }; + + # use coredns + addons.dns.enable = true; + + # needed if you use swap + kubelet.extraOpts = "--fail-swap-on=false"; + }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions @@ -15,8 +42,5 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? - # Additional packages - environment.systemPackages = with pkgs; [ ]; - networking.firewall.allowedTCPPorts = [ ]; } diff --git a/nixos/hosts/thalassa/default.nix b/nixos/hosts/thalassa/default.nix index 61fc396..44e6cfb 100644 --- a/nixos/hosts/thalassa/default.nix +++ b/nixos/hosts/thalassa/default.nix @@ -1,4 +1,4 @@ { - "null" = { type = "local"; }; + # "null" = { type = "local"; }; "aoife" = { type = "local"; }; }