home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Refactor storage module

Browse source 
Add talos and pikvm machines
This commit is contained in:
Pim Kunis 2024-08-24 22:30:46 +02:00
parent 0539d35678
commit 55b18ef450
12 changed files with 234 additions and 123 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -5,6 +5,8 @@ keys:
- &server_jefke age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
- &server_lewis age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
- &server_warwick age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
- &server_talos age1h5q9ul9f8vd7w7s2fvmpytaghgpv97a9r237agwzc52c76xsdegsugml73
- &server_pikvm age1smqas3tre2hptnyn72fdzghqcnej48066l4hp6y98n8lkpm3ds4s8t8s0w
creation_rules:
- path_regex: secrets/(kubernetes|serverKeys).yaml$
@ -21,3 +23,5 @@ creation_rules:
- *server_jefke
- *server_lewis
- *server_warwick
- *server_talos
- *server_pikvm

2
configuration.nix
View file

@ -107,7 +107,7 @@
};
loader = {
systemd-boot.enable = true;
systemd-boot.enable = lib.mkDefault true;
efi.canTouchEfiVariables = true;
};
};

2
machines/atlas.nix
View file

@ -4,6 +4,8 @@
kubernetesNodeLabels.storageType = "slow";
nixosModule.lab = {
storage.profile = "kubernetes";
k3s = {
enable = true;
serverAddr = "https://jefke.dmz:6443";

2
machines/default.nix
View file

@ -39,6 +39,8 @@ in
./atlas.nix
./jefke.nix
./lewis.nix
./talos.nix
./pikvm.nix
];
options = {

2
machines/jefke.nix
View file

@ -4,6 +4,8 @@
kubernetesNodeLabels.storageType = "fast";
nixosModule.lab = {
storage.profile = "kubernetes";
k3s = {
enable = true;
clusterInit = true;

1
machines/lewis.nix
View file

@ -8,6 +8,7 @@
nixosModule = {
lab = {
storage.profile = "kubernetes";
backups.enable = true;
data-sharing.enable = true;

23
machines/pikvm.nix Normal file
View file

@ -0,0 +1,23 @@
{
machines.pikvm = {
arch = "aarch64-linux";
isRaspberryPi = true;
nixosModule = { config, inputs, lib, ... }: {
# imports = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ];
lab = {
storage.profile = "pi";
};
environment.systemPackages = with inputs.nixpkgs.legacyPackages.aarch64-linux; [
(mplayer.override {
v4lSupport = true;
})
ffmpeg
v4l-utils
];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
};
};
}

11
machines/talos.nix Normal file
View file

@ -0,0 +1,11 @@
{
machines.talos = {
arch = "x86_64-linux";
nixosModule = { lib, ... }: {
lab.storage.profile = "normal";
# boot.loader.systemd-boot.enable = lib.mkForce false;
};
};
}

1
machines/warwick.nix
View file

@ -5,6 +5,7 @@
nixosModule = { lib, ... }: {
lab = {
storage.profile = "pi";
monitoring.server.enable = true;
tailscale.advertiseExitNode = true;
};

77
nixos-modules/storage.nix
View file

@ -1,24 +1,20 @@
{ lib, config, machine, ... }:
let cfg = config.lab.storage;
in {
options.lab.storage = {
osDisk = lib.mkOption {
type = with lib.types; nullOr str;
description = ''
The disk to be used for the machine's operating system.
'';
};
};
config = {
fileSystems."/" = lib.mkIf machine.isRaspberryPi {
{ lib, config, ... }:
let
cfg = config.lab.storage;
modules = [
{
config = lib.mkIf (cfg.profile == "pi") {
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
}
disko = lib.mkIf (! machine.isRaspberryPi) {
devices = {
{
config = lib.mkIf (cfg.profile == "kubernetes") {
disko.devices = {
disk = {
nvme = {
device = "/dev/nvme0n1";
@ -118,5 +114,54 @@ in {
};
};
};
}
{
config = lib.mkIf (cfg.profile == "normal") {
disko.devices = {
disk.sata = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
};
};
};
}
];
in
{
imports = modules;
options.lab.storage = {
profile = lib.mkOption {
type = lib.types.str;
};
};
}

78
secrets/nixos.yaml
View file

@ -22,56 +22,74 @@ sops:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByOVluY3hiZXVNNnlINHRG
K2Fwa0VIWDlETmZwUzNFbkNHZSttNHhUbnlVCjVVdWZHVzJCTkQyS3VlSXA0WFhY
TnR0TEZBQWwzNlVVdVl2K1RnUzE0UG8KLS0tIHhoU0xGM0xJR3ZwbHJNaTlPUHBQ
VzJCQjQ0NG5sbWFLK2phM2lEdlpuMG8Kw8ftkoEbYrA++cJSfUZRthK2cU+iIzNy
oYxlHm5va6JVZ/Sg05mxBB8kWX410/yCW9nH6ZkLrJ5YmpugePzr2g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc244cytDZ29QSG5LMzlU
RXBwZ2FWcGJTMCs2R0o5R2YyRXZOUklIc2hBCjJVS2l0bG1SK3Z4MWpYUWxaWXgv
ZWVYeCt2NFZGME5mYTVycUloZ09wYkUKLS0tIEtPMzRpamc0dkFoZS9JZzNEbzFI
MlBUT1RJanNzcTJkb25rWjZwbW0zeW8KsbrRPWw1qMOBCXZWkgdlVR1+tEqXYix2
sOV5n3DmeljL2NrKX8j4qRTuxpPQKuJ9FU7DAF8HRWRkyXTnGJ79ow==
-----END AGE ENCRYPTED FILE-----
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bXZMZlVRNWIydFdUcE9T
c0FMN3AvWXUyTUQ4U0VJL3IzcVpXTnVGOTBNCk5rWFlWeVA4b0JRZXY3NHhSbEVp
RlA5cGs0SVg1Rk4xZXBVdWtUcHFURjgKLS0tIHlwTWJQR09DZnBUTWY2NWdFZWZN
RkxTQ1p4VG9sZ0UrWW9ZWnZLNjZtQW8Kax+WCtGOaNYdkmV/Ty2pP9JFgRaHe/Xn
C1o5W2hMBSoLcC14mlokdVKp81dPDQuuxLtDcCgCQU7aOzvWO3CqKg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJblNBTTFuNFNVSkhFRkhq
ZmlPU1ptRm9VblB6di9LeStVcDV4VGZ6cEYwCngrVVVqdUxVY0RrWFRCK3FxTWh4
cEhHOGM2Z09CREZSVnFRSnVVQW51M1UKLS0tIEl1K1VoMjhpeUg5UXBsQWNiU0FP
UFE3RDF1bXBZOVVFbVBBWWs5RlZOdDQK6LXDGPl9HBmbYgVlmtjiT2BmQXJ/3K7e
2eFhmEzFzpE8DS0X7pIV6dSYWHku1CslwlsQK60rJr2ipve6u62sdA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMkNqQnY2TkZRaUJaTjAz
TUxVSUhyMzRsMm1OYVllM001UmpvL2lNcXhNCkRxQlMxZHBrNlNlNnIrQUY1NHpn
dzNFeGhlbE1wMlBwN3RxWUZyT1kyYUkKLS0tIGhpRGN5WFRCT1I5eGlhdUhWc3FR
WHZKWTlmN2llUndzeEdGV0xDSGZqZ2sKlZ0CGVfCtDdRl2vW7BxVkrBMFOZ5Fdk6
9Z9oqBOde0Mp9FGEwnt+IC79FKIknIyYfMf9tpo9Is85/IvyDHTMwA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJK0Mrc2pnZGZxSW16Tk1j
dE9WaXdUYmtjMVIrdHQ1VkRJSWlhVm5kdzFjCjhkZGNqTEdVblFMdm0yRjZ0TkFz
UWxIL2JEajRXYmhBb1ZFQ3VzQzRsaGsKLS0tIGgvcXVocnlNWGJGaXZ6cXJ3Mmla
U3h5dnlXRnFYQUlYNG5wWTNsSGU1UUkKc5jEmW19ST7/MgR4igBhuB6ic93Qy6GP
jtpUMeH0DDU3Z1/f5400DrHwWgUQRb3Gv8zV1LndzqJMaXL1Afiwdg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIT1VNTTVjcy9rakUwVFBY
UGh6L2l0Q2I1bFlWcG1XYVJiMkhYMnA4YlFzCnRXVmZDWnY4Zi9TK3NCc3huaC9W
dDQ5ek5EY2FQeTVhUWpHVkV3TXhxbncKLS0tIDNKN0hYNjVUdHNaMXYzdUE5Mm85
NSt2OGp4VENRS1pLWHNQVFdhRU9STXMKXfcamWoU/bz39wstSEEuIJZknZpoOPzE
W/kDJ5xytfydUkYqoIiGH7s1JyHyCpqbRplPrjQZCmNDvXtcq3L/uQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOMXorems4ZVh4T2NQZFFj
a1psYXBFZ3ZXWnYxRnQzOHB5dDlKS2RaKzFNCnpwekhESGMzSzFYVEU3a3V5c2Rq
OGpZa0I5RVVQSzhZZkFlY3FjMXlXV00KLS0tIGRNODFGT2swb0FOZzRDR1FFbzZ5
VzQ3bUkxeTlLZnNCd1lKc2h4enI1SzgK7vhR+pyRiVFgyt75MYt84pqjoUHsPj1k
42d2AKB1ZWiD98/vN8LOAGlIyfRCUJB1j9rw3W/PkFs08qvHRLqy3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZS1hHTTJudnUrQzJDYUh6
ZEhjYTFaeXRwQXRrL3g1b05LaXdWMit6M2t3Ck81NVZyTUE0RVo5ZmdRcUZ0ZTBx
MkdUVDRyZ3Bmd21FZkdzckp3eGp1bmMKLS0tIFk5blFPMUlPdXJ2NThYME8reGxv
cXlZMTMvcFhScVBObXZRQXQ4WkI2d1EKFYLSfJlDx2BlBWUebBOy/PV0gu0KyhY8
WSYL992HR043ENrbmkfbpVHaOZi8imyNKa7FWpLaj/Nuwv/Kfvy7uQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjeG9KTkd6UysxaG8rV0I3
ODFKOWFBaXZpNEdCSXZxeDBFM2xVSjVsdjFVClhxV2lLaCt3cDNMS3ltQUNBTFBX
NWZqRGU3NzdBNzhHcGFDQ2syT0NRZmsKLS0tIG1oZ2dtV2tkbURUTUE2RlJZaXky
VlFCdENqUnFJOVFVMHRXQ05RZUVnUTgKESkjiK2JwEGyXtET794bzGkURLix4kkP
JB57xHBf4B1/UXu+h+jWQAotQSOFFa7IbtDOVejqT8dHqGDs+16HeQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZU9Wb0JLTG1kOWZ1YjJQ
SUh1NWxqS0ZGa0xEOHFUOWpYR3hTM2dQRWdZCklBb25LajV6RnZhOUVKLzJjY3lz
MTYvNmRPTEgrc0dJK0g5N2RkdEt0RUUKLS0tIHdxcFJCaTg4ZE5TQVVKS3k5K3Bo
Q0VudEFzRUFGWlNJcHc0VzZJUVRwbHMKjTMUFFbHhDeP7QLmR64yqDEh4naazL9f
etbOvYUkgj4IaB9UgDerG4MjyyHiVVY9Md8Jqe3dOQN0rqXRxNOW1g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4SFpkRlNQcjBFUkRjRjhk
TW5kQzhTbE1wSmFTZ3l0cTNPSmdydC9nRTBjCmxneSt3TGhzYzhjb0tEY2xMT2tC
bE4wOUgzMFR1dTVOUDFRUXdWOFZQcFEKLS0tIHR5cHBwQkN1d3ZMYitWOG9JRVJh
ZU5tMTM5L3c4QVN6YjZBZEJkRk5yYWcK7TW19C9wI9FMWIDhn8otcNjLwNh1n5lr
f92zaPrmHWC6JVxeKmm3wB3uvONvW0v82DKZJI/gxl41zJTXsapT+Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1h5q9ul9f8vd7w7s2fvmpytaghgpv97a9r237agwzc52c76xsdegsugml73
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWUZMVEsxQVFnYWhiZjFQ
bTQxaC9odHpXS0F5VHBrRVZ0UE1yZnJmTVRBCm9Uc2hTdUNOQU9JYVV6MHNiTmor
SUJrOXhta2lqMERWaVNseEpIaDNubEEKLS0tIFBiUG9CaEF0NzhaRm45MUUyYW1L
TnZGZVZONkFZWDZpNGtSek5Ka25PSUUKEXTRK8MsGnSkT5tPX+nFYN1Mons+nEZu
EFCtGzSuAeZWCW4We+264dDZjwlfdj47oBPCk8iwx9N1yoR1BF4LfQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1smqas3tre2hptnyn72fdzghqcnej48066l4hp6y98n8lkpm3ds4s8t8s0w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cG9WMzJRbXFXS2JyTzY5
clh5QmZXc0dYcEU5UkRzMkZKczQwelVhYWhNCi9md3hwSnVRMVU5TU5UZjBWcG52
WTZRNVlXOXgrcXdKeTNDTEpYcXdrMkEKLS0tIFIwMW5BV1pSWUF3UW5DaHUvVm1Q
dUZJVWRLeFFnV1ZpVThBZGtxai9oMlkKja55rkW/ZthR2AbscOIgHRfYDUCxIAm0
HKgELNQDz2QXFwS98aHeelLCLufb/hyWBn1y4kx+WWppAtQewByhkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-22T20:27:25Z"
mac: ENC[AES256_GCM,data:zIY2DotoqnJmz/aBRHq+4ZLi/Smi1Bn4phmFsngMY1w0LVauKX95jwKwOhE0PfvIyd8E54N+BoCQ3QmRMv3uvBddScPNSGJgdgDRn8LDWol4/8avDoPFISpNvdS32Ac00UDnMeBEkW4S/oo9CwYHCpEsiwjL6FgjCX/KOK++kzA=,iv:sGCFNJ6gsEOskMlLWUnR9Gnsp8Emc0vdBAl4WN2A1f8=,tag:fHi4CR+exp1roW7UOzhMmQ==,type:str]

6
secrets/serverKeys.yaml
View file

@ -2,6 +2,8 @@ atlas: ENC[AES256_GCM,data:TgYf6Jck5L2feQyvyUb2FcLm2M3aSwN0W0xdH6qLU3L4q7LSeB0yB
jefke: ENC[AES256_GCM,data:PH+4rNhATssck8cmKZrhw4VoyHtkqKlRt1wH+BlOvxdhw5GNDsiT4DOf0cveJ090XcOpkAxEf2yqnpIiZhallKVMJS3aFxpNpNw=,iv:QJQZo6x4PE3mNIK8KaQ16BlJeZsdorX683lpf2FjAJk=,tag:rljZMJ/xv7kbkPKP/pqZ9A==,type:str]
lewis: ENC[AES256_GCM,data:rdm5YMnWkg2MpY2ZGYi11HHGJzY/ssKA5DCv/wbcf8qIXRhRt5heA1un1zCJdYBKlxsVGOuQEtHMKuA/vLYqNnIXxr5NxDxhgIo=,iv:y+fyLns2B/JDuumHIuk4p9PybXf8isd7Ve+1gcX0mp8=,tag:VoAORxiU+6WbhAgkm9lAgQ==,type:str]
warwick: ENC[AES256_GCM,data:8ABH+BMdKjLaVG1FkLWksJRtIO8Vu/j1USLGaAAFi6KA/o/S2X936doUl3/D6MKz71i8FwEH410K4JcGJXVboY45Dfp2g1/6bog=,iv:pvXBQcWs/dFSEVe807bpQQKI9n0A/IUxSG0Z1Sl00/Y=,tag:l/sTOe6sNJ34Z2UmmBBBNw==,type:str]
talos: ENC[AES256_GCM,data:DD70h1qX06cuQ+2S6EIxdBWqkECZFO3UmusKvLKXoocuJfA7CU4sM03GJxnlff26mv53LyMUtZsPWgWWQNrwrICXmhg/I4CDAuA=,iv:zoWlL1SjyxXjemnkbQBtgutfXL41/eqpLk6l/fXntmQ=,tag:v64nkexcG9Y2gCqAE8kcwA==,type:str]
pikvm: ENC[AES256_GCM,data:CrOdqkb+MJK7t6+3mkm+MdUqwBRtYY1jMsQvtBOoZYF3h1vPidJRAHZvX5n5aBsbf5DFCcWXRs5v7I18ANyA1TbkZVKLS0PsrQU=,iv:LMo9zpoRF3EEtQ7GtmIVRNsyVFga7Vcvpv7DxHQRhjo=,tag:Ca3KqKmZJzyEcs6SAiuJZg==,type:str]
sops:
kms: []
gcp_kms: []
@ -26,8 +28,8 @@ sops:
eDdFZERVZUJ2QmYvTUlGMlFFNTlna00KLil0QQySKHDAdFxIZAlWvkCRT2v8RNL7
CWIs/HhjmGk0BEoXIVlmbnAVNATABCCWnUTHFKvvW/8KIDhwgu72Eg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-15T19:19:59Z"
mac: ENC[AES256_GCM,data:Y+aBXyowjQTXgteYLU2j1I5cv9UFU/ylrVy9QQub3NLzBbpW4pb+oI2wVcZI0K40jwSX7xOEjgGOtjdLRGTG8/xHm/yf+R0Wgs7fyIxOzcZv8XBadR6f2jUnAPA74ZDQ9ngwh1xyJteQPLwr+XPuGNlylYn/mj/EcwFs1SCok5A=,iv:/7XR2P/nfEicarsCALXhKIbvzsqUYhg9SgT2Z7P3W20=,tag:+uHRHU+WVfWefjHcH/C4fA==,type:str]
lastmodified: "2024-08-20T20:59:29Z"
mac: ENC[AES256_GCM,data:KFBbDkz2ZhG+j/yGVK6spADmNM0t73C0QyD7/KoV/gLCD4jwWRxfAxCAUNlBeHIFrZDfyW2KR04oPA2LBDqASnQcITgRYhbNj51wFjiU6kCT0LK9uIx+hNo3RuAtw21/2qsg9Xf0PvAC33yB+iaNrDDBtiWyg2Aq+q0wdMzXRfU=,iv:MIF4iqOCSaoLyFuyZ32rCN6qCGtlWoNtkt7mXE/njVQ=,tag:rCsyRPNSAam65zarTKLnHg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1