colmena + multi location #64
7 changed files with 14 additions and 18 deletions
|
@ -71,9 +71,10 @@
|
||||||
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
|
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# Make the config and deploy sets
|
# Make the nixosConfigurations, mostly for vault-secrets
|
||||||
nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
|
nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
|
||||||
|
|
||||||
|
# Make the coleman configuration
|
||||||
colmena = lib.foldr (el: acc: acc // mkColmenaHost el)
|
colmena = lib.foldr (el: acc: acc // mkColmenaHost el)
|
||||||
{
|
{
|
||||||
meta = {
|
meta = {
|
||||||
|
@ -104,8 +105,8 @@
|
||||||
nixfmt
|
nixfmt
|
||||||
nixUnstable
|
nixUnstable
|
||||||
vault
|
vault
|
||||||
# (vault-push-approle-envs self)
|
(vault-push-approle-envs self)
|
||||||
# (vault-push-approle-approles self)
|
(vault-push-approle-approles self)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, inputs, ... }:
|
{ config, lib, pkgs, inputs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -32,11 +32,7 @@
|
||||||
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
|
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
|
||||||
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
|
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
|
||||||
];
|
];
|
||||||
};
|
# Also use zsh for root;
|
||||||
gc = {
|
|
||||||
dates = "weekly";
|
|
||||||
automatic = true;
|
|
||||||
randomizedDelaySec = "45min";
|
|
||||||
};
|
};
|
||||||
optimise = {
|
optimise = {
|
||||||
automatic = true;
|
automatic = true;
|
||||||
|
@ -63,8 +59,7 @@
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: Location dependent
|
vault-secrets = lib.mkIf (config.networking.domain == "olympus") {
|
||||||
vault-secrets = {
|
|
||||||
vaultPrefix = "secrets/nixos";
|
vaultPrefix = "secrets/nixos";
|
||||||
vaultAddress = "http://vault.olympus:8200/";
|
vaultAddress = "http://vault.olympus:8200/";
|
||||||
approlePrefix = "olympus-${config.networking.hostName}";
|
approlePrefix = "olympus-${config.networking.hostName}";
|
||||||
|
|
|
@ -54,7 +54,7 @@
|
||||||
# Configure the root account
|
# Configure the root account
|
||||||
users.extraUsers.root = {
|
users.extraUsers.root = {
|
||||||
# Allow my SSH keys for logging in as root.
|
# Allow my SSH keys for logging in as root.
|
||||||
openssh.authorizedKeys.keys = config.users.users.victor.openssh.authorizedKeys.keys;
|
openssh.authorizedKeys.keys = config.users.extraUsers.victor.openssh.authorizedKeys.keys;
|
||||||
# Also use zsh for root
|
# Also use zsh for root
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{
|
{
|
||||||
|
hades = import ./hades;
|
||||||
olympus = import ./olympus;
|
olympus = import ./olympus;
|
||||||
hades = [];
|
|
||||||
}
|
}
|
||||||
|
|
1
nixos/hosts/hades/default.nix
Normal file
1
nixos/hosts/hades/default.nix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
[]
|
|
@ -7,8 +7,6 @@
|
||||||
{
|
{
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
networking.hostName = "template";
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
|
@ -5,7 +5,8 @@ let
|
||||||
hostName = hostname;
|
hostName = hostname;
|
||||||
ipAddress = ip;
|
ipAddress = ip;
|
||||||
};
|
};
|
||||||
hosts' = hosts.olympus;
|
localDomain = config.networking.domain;
|
||||||
|
hosts' = hosts.${localDomain};
|
||||||
in {
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
|
@ -41,8 +42,8 @@ in {
|
||||||
option broadcast-address 10.42.43.255;
|
option broadcast-address 10.42.43.255;
|
||||||
option routers 10.42.42.1;
|
option routers 10.42.42.1;
|
||||||
option domain-name-servers 10.42.42.15, 10.42.42.16;
|
option domain-name-servers 10.42.42.15, 10.42.42.16;
|
||||||
option domain-name "olympus";
|
option domain-name "${localDomain}";
|
||||||
option domain-search "olympus";
|
option domain-search "${localDomain}";
|
||||||
subnet 10.42.42.0 netmask 255.255.254.0 {
|
subnet 10.42.42.0 netmask 255.255.254.0 {
|
||||||
range 10.42.43.1 10.42.43.254;
|
range 10.42.43.1 10.42.43.254;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue