sstent/nixos-cluster
1
0
Fork 0
mirror of https://github.com/sstent/nixos-cluster.git synced 2026-04-05 12:32:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

finish nomad, add consul, sops

Browse Source
This commit is contained in:
sstent
2023-11-19 21:19:58 +00:00
parent b6798b62b5
commit b741a36211
12 changed files with 476 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
flake.lock generated
View File

@@ -16,9 +16,61 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1700342017,
"narHash": "sha256-HaibwlWH5LuqsaibW3sIVjZQtEM/jWtOHX4Nk93abGE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "decdf666c833a325cb4417041a90681499e06a41",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1700108881,
"narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1700362823,
"narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "49a87c6c827ccd21c225531e30745a9a6464775c",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
} }
} }
}, },

21
flake.nix
View File

@@ -1,27 +1,32 @@
{ {
description = "nix-configurations"; description = "nix-configurations";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
sops-nix.url = github:Mic92/sops-nix;
}; };
outputs = { self, nixpkgs, ... }@inputs: outputs = {
let self,
nixpkgs,
...
} @ inputs: let
globalModules = [ globalModules = [
{ {
system.configurationRevision = self.rev or self.dirtyRev or null; system.configurationRevision = self.rev or self.dirtyRev or null;
} }
./modules/common.nix ./modules/common.nix
]; ];
in in {
{ formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
nixosConfigurations = { nixosConfigurations = {
odroid8 = nixpkgs.lib.nixosSystem { odroid8 = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
modules = globalModules modules =
++ [ ./hosts/odroid8 ]; globalModules
++ [./hosts/odroid8];
}; };
}; };
}; };
} }

10
hosts/odroid8/default.nix
View File

@@ -1,10 +1,14 @@
{ lib, pkgs, config, inputs, ... }: { {
lib,
pkgs,
config,
inputs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
nixpkgs.hostPlatform.system = "aarch64-linux"; nixpkgs.hostPlatform.system = "aarch64-linux";
networking.hostName = "odroid8"; networking.hostName = "odroid8";
} }

232
hosts/odroid8/hardware-configuration.nix
View File

@@ -1,149 +1,153 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" ]; boot.initrd.availableKernelModules = ["nvme"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ ]; boot.kernelModules = [];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/mnt/Public" = fileSystems."/mnt/Public" = {
{ device = "//192.168.1.109/Public"; device = "//192.168.1.109/Public";
fsType = "cifs"; fsType = "cifs";
}; };
fileSystems."/var/lib/nomad/alloc/c745de59-e3b3-18ef-df73-6fc001bb9dd0/init/secrets" = fileSystems."/var/lib/nomad/alloc/c745de59-e3b3-18ef-df73-6fc001bb9dd0/init/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/c745de59-e3b3-18ef-df73-6fc001bb9dd0/init/private" = fileSystems."/var/lib/nomad/alloc/c745de59-e3b3-18ef-df73-6fc001bb9dd0/init/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/c745de59-e3b3-18ef-df73-6fc001bb9dd0/finalsync/secrets" = fileSystems."/var/lib/nomad/alloc/c745de59-e3b3-18ef-df73-6fc001bb9dd0/finalsync/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/c745de59-e3b3-18ef-df73-6fc001bb9dd0/finalsync/private" = fileSystems."/var/lib/nomad/alloc/c745de59-e3b3-18ef-df73-6fc001bb9dd0/finalsync/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/d54a8ecf-1c4d-5fdf-f2c7-aa3992474498/setup/secrets" = fileSystems."/var/lib/nomad/alloc/d54a8ecf-1c4d-5fdf-f2c7-aa3992474498/setup/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/d54a8ecf-1c4d-5fdf-f2c7-aa3992474498/setup/private" = fileSystems."/var/lib/nomad/alloc/d54a8ecf-1c4d-5fdf-f2c7-aa3992474498/setup/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/d54a8ecf-1c4d-5fdf-f2c7-aa3992474498/tidy/secrets" = fileSystems."/var/lib/nomad/alloc/d54a8ecf-1c4d-5fdf-f2c7-aa3992474498/tidy/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/d54a8ecf-1c4d-5fdf-f2c7-aa3992474498/tidy/private" = fileSystems."/var/lib/nomad/alloc/d54a8ecf-1c4d-5fdf-f2c7-aa3992474498/tidy/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/d42e04fb-40c1-09a1-5470-ccde18a4f712/setup/secrets" = fileSystems."/var/lib/nomad/alloc/d42e04fb-40c1-09a1-5470-ccde18a4f712/setup/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/d42e04fb-40c1-09a1-5470-ccde18a4f712/setup/private" = fileSystems."/var/lib/nomad/alloc/d42e04fb-40c1-09a1-5470-ccde18a4f712/setup/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/d42e04fb-40c1-09a1-5470-ccde18a4f712/tidy/secrets" = fileSystems."/var/lib/nomad/alloc/d42e04fb-40c1-09a1-5470-ccde18a4f712/tidy/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/d42e04fb-40c1-09a1-5470-ccde18a4f712/tidy/private" = fileSystems."/var/lib/nomad/alloc/d42e04fb-40c1-09a1-5470-ccde18a4f712/tidy/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/280583b0-7b32-da09-5b6a-959362990ff8/setup/secrets" = fileSystems."/var/lib/nomad/alloc/280583b0-7b32-da09-5b6a-959362990ff8/setup/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/280583b0-7b32-da09-5b6a-959362990ff8/setup/private" = fileSystems."/var/lib/nomad/alloc/280583b0-7b32-da09-5b6a-959362990ff8/setup/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/280583b0-7b32-da09-5b6a-959362990ff8/tidy/secrets" = fileSystems."/var/lib/nomad/alloc/280583b0-7b32-da09-5b6a-959362990ff8/tidy/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/280583b0-7b32-da09-5b6a-959362990ff8/tidy/private" = fileSystems."/var/lib/nomad/alloc/280583b0-7b32-da09-5b6a-959362990ff8/tidy/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/0dc89489-57e5-a625-2771-023ee19d9e95/setup/secrets" = fileSystems."/var/lib/nomad/alloc/0dc89489-57e5-a625-2771-023ee19d9e95/setup/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/0dc89489-57e5-a625-2771-023ee19d9e95/setup/private" = fileSystems."/var/lib/nomad/alloc/0dc89489-57e5-a625-2771-023ee19d9e95/setup/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/0dc89489-57e5-a625-2771-023ee19d9e95/tidy/secrets" = fileSystems."/var/lib/nomad/alloc/0dc89489-57e5-a625-2771-023ee19d9e95/tidy/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/0dc89489-57e5-a625-2771-023ee19d9e95/tidy/private" = fileSystems."/var/lib/nomad/alloc/0dc89489-57e5-a625-2771-023ee19d9e95/tidy/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/9afdf338-fcbd-d955-f3fe-5d0e45f25a5c/setup/secrets" = fileSystems."/var/lib/nomad/alloc/9afdf338-fcbd-d955-f3fe-5d0e45f25a5c/setup/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/9afdf338-fcbd-d955-f3fe-5d0e45f25a5c/setup/private" = fileSystems."/var/lib/nomad/alloc/9afdf338-fcbd-d955-f3fe-5d0e45f25a5c/setup/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/9afdf338-fcbd-d955-f3fe-5d0e45f25a5c/tidy/secrets" = fileSystems."/var/lib/nomad/alloc/9afdf338-fcbd-d955-f3fe-5d0e45f25a5c/tidy/secrets" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/var/lib/nomad/alloc/9afdf338-fcbd-d955-f3fe-5d0e45f25a5c/tidy/private" = fileSystems."/var/lib/nomad/alloc/9afdf338-fcbd-d955-f3fe-5d0e45f25a5c/tidy/private" = {
{ device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

57
modules/common.nix
View File

@@ -1,23 +1,42 @@
{ lib, pkgs, config, inputs, ... }: { {
lib,
imports = [ pkgs,
./mnt-public.nix config,
./nomad.nix inputs,
./odroid-m1-setleds.nix ...
./odroid-m1.nix }: {
]; imports = [
./mnt-public.nix
./nomad.nix
./odroid-m1-setleds.nix
environment.systemPackages = [ ./odroid-m1.nix
pkgs.git inputs.sops-nix.nixosModules.sops
pkgs.ncdu
]; ];
###secretstore path variable
options._secretstore = lib.mkOption {
type = lib.types.str;
default = "${inputs.self}/secrets";
description = "Path to the Secrets storage";
};
services.openssh = { config = {
enable = true; system.stateVersion = "23.11"; # Did you read the comment?
settings.PermitRootLogin = "yes";
}; sops = {
users.extraUsers.root.initialPassword = lib.mkForce "odroid"; defaultSopsFile = "${config._secretstore}/host-secrets.yaml";
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
};
environment.systemPackages = [
pkgs.git
pkgs.ncdu
];
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.extraUsers.root.initialPassword = lib.mkForce "odroid";
};
} }

37
modules/consul.nix Normal file
View File

@@ -0,0 +1,37 @@
{
lib,
pkgs,
config,
inputs,
...
}: {
# virtualisation.docker.enable = true;
services.consul = {
package = pkgs.consul_1_9;
enable = true;
webUi = true;
extra_config = {
bootstrap = false;
bootstrap_expect = 7;
encrypt = config.sops.secrets.consul_encrypt;
performance = {
raft_multiplier = 5;
};
recursors = [
"192.168.1.1"
"8.8.8.8"
];
retry_join = [
"192.168.1.221"
"192.168.1.222"
"192.168.1.225"
"192.168.1.226"
"192.168.1.227"
"192.168.1.223"
"192.168.1.224"
];
};
};
}

26
modules/kboot-conf/default.nix
View File

@@ -1,8 +1,10 @@
{ config, lib, pkgs, ... }: {
config,
with lib; lib,
pkgs,
let ...
}:
with lib; let
cfg = config.boot.loader.kboot-conf; cfg = config.boot.loader.kboot-conf;
# The builder used to write during system activation # The builder used to write during system activation
@@ -19,8 +21,7 @@ let
path = with pkgs.buildPackages; [coreutils gnused gnugrep]; path = with pkgs.buildPackages; [coreutils gnused gnugrep];
inherit (pkgs.buildPackages) bash; inherit (pkgs.buildPackages) bash;
}; };
in in {
{
options = { options = {
boot.loader.kboot-conf = { boot.loader.kboot-conf = {
enable = mkOption { enable = mkOption {
@@ -52,9 +53,10 @@ in
}; };
config = let config = let
args = "-g ${toString cfg.configurationLimit} -n ${config.hardware.deviceTree.name}"; args = "-g ${toString cfg.configurationLimit} -n ${config.hardware.deviceTree.name}";
in mkIf cfg.enable { in
system.build.installBootLoader = lib.mkForce "${builder} ${args} -c"; mkIf cfg.enable {
system.boot.loader.id = "kboot-conf"; system.build.installBootLoader = lib.mkForce "${builder} ${args} -c";
boot.loader.kboot-conf.populateCmd = "${populateBuilder} ${args}"; system.boot.loader.id = "kboot-conf";
}; boot.loader.kboot-conf.populateCmd = "${populateBuilder} ${args}";
};
} }

22
modules/mnt-public.nix
View File

@@ -1,10 +1,14 @@
{ lib, pkgs, config, inputs, ... }: { {
lib,
fileSystems."/mnt/Public" = { pkgs,
device = "//192.168.1.109/Public"; config,
fsType = "cifs"; inputs,
# options = ["uid=0,gid=1000"]; ...
options = ["guest" "uid=1000"]; }: {
}; fileSystems."/mnt/Public" = {
device = "//192.168.1.109/Public";
fsType = "cifs";
# options = ["uid=0,gid=1000"];
options = ["guest" "uid=1000"];
};
} }

98
modules/nomad.nix
View File

@@ -1,42 +1,66 @@
{ lib, pkgs, config, inputs, ... }: { {
lib,
pkgs,
config,
inputs,
...
}: {
virtualisation.docker.enable = true;
services.nomad = {
package = pkgs.nomad_1_6;
dropPrivileges = false;
enableDocker = true;
enable = true;
settings = {
server = {
enabled = true;
bootstrap_expect = 3;
start_join = ["192.168.1.221" "192.168.1.225" "192.168.1.226" "192.168.1.227" "192.168.1.222" "192.168.1.223" "192.168.1.224"];
rejoin_after_leave = false;
enabled_schedulers = ["service" "batch" "system"];
num_schedulers = 4;
node_gc_threshold = "24h";
eval_gc_threshold = "1h";
job_gc_threshold = "4h";
deployment_gc_threshold = "1h";
encrypt = "";
raft_protocol = 3;
};
virtualisation.docker.enable = true; client = {
enabled = true;
node_class = "";
no_host_uuid = false;
servers = ["192.168.1.221:4647" "192.168.1.225:4647" "192.168.1.226:4647" "192.168.1.227:4647" "192.168.1.222:4647" "192.168.1.223:4647" "192.168.1.224:4647"];
max_kill_timeout = "30s";
network_speed = 0;
cpu_total_compute = 0;
gc_interval = "1m";
gc_disk_usage_threshold = 80;
gc_inode_usage_threshold = 70;
gc_parallel_destroys = 2;
reserved = {
cpu = 0;
memory = 200;
disk = 0;
};
options = {
"docker.caps.whitelist" = "SYS_ADMIN,NET_ADMIN,chown,dac_override,fsetid,fowner,mknod,net_raw,setgid,setuid,setfcap,setpcap,net_bind_service,sys_chroot,kill,audit_write,sys_module";
"driver.raw_exec.enable" = "1";
"docker.volumes.enabled" = "True";
"docker.privileged.enabled" = "true";
"docker.auth.config" = "/root/.docker/config.json";
};
};
services.nomad = { custom = {
package = pkgs.nomad_1_6; "telemetry" = {
dropPrivileges = false; "prometheus_metrics" = true;
enableDocker = true; "publish_allocation_metrics" = true;
enable = true; "publish_node_metrics" = true;
settings = { };
client = { };
enabled = true;
node_class = "";
no_host_uuid = false;
servers = ["192.168.1.221:4647" "192.168.1.225:4647" "192.168.1.226:4647" "192.168.1.227:4647" "192.168.1.222:4647" "192.168.1.223:4647" "192.168.1.224:4647"];
max_kill_timeout = "30s";
network_speed = 0;
cpu_total_compute = 0;
gc_interval = "1m";
gc_disk_usage_threshold = 80;
gc_inode_usage_threshold = 70;
gc_parallel_destroys = 2;
reserved = {
cpu = 0;
memory = 200;
disk = 0;
}; };
options = { };
"docker.caps.whitelist" = "SYS_ADMIN,NET_ADMIN,chown,dac_override,fsetid,fowner,mknod,net_raw,setgid,setuid,setfcap,setpcap,net_bind_service,sys_chroot,kill,audit_write,sys_module";
"driver.raw_exec.enable" = "1";
"docker.volumes.enabled" = "True";
"docker.privileged.enabled" = "true";
"docker.auth.config" = "/root/.docker/config.json";
};
};
};
};
} }

27
modules/odroid-m1-setleds.nix
View File

@@ -1,13 +1,16 @@
{ lib, pkgs, config, inputs, ... }: { {
lib,
pkgs,
systemd.services.setleds = { config,
script = '' inputs,
echo "Setting Odroid LEDs" ...
echo none > /sys/class/leds/blue\:heartbeat/trigger }: {
cat /sys/class/leds/blue\:heartbeat/trigger systemd.services.setleds = {
''; script = ''
wantedBy = [ "multi-user.target" ]; echo "Setting Odroid LEDs"
}; echo none > /sys/class/leds/blue\:heartbeat/trigger
cat /sys/class/leds/blue\:heartbeat/trigger
'';
wantedBy = ["multi-user.target"];
};
} }

66
modules/odroid-m1.nix
View File

@@ -1,36 +1,38 @@
{ lib, pkgs, config, inputs, ... }: { {
lib,
pkgs,
config,
inputs,
...
}: {
imports = [
./kboot-conf
];
imports = [ boot.loader.grub.enable = false;
./kboot-conf boot.loader.kboot-conf.enable = true;
]; # Use kernel >6.6
boot.kernelPackages = pkgs.linuxPackages_latest;
# Stop ZFS breasking the build
boot.supportedFilesystems = lib.mkForce ["btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
boot.loader.grub.enable = false; # I'm not completely sure if some of these could be omitted,
boot.loader.kboot-conf.enable = true; # but want to make sure disk access works
# Use kernel >6.6 boot.initrd.availableKernelModules = [
boot.kernelPackages = pkgs.linuxPackages_latest; "nvme"
# Stop ZFS breasking the build "nvme-core"
boot.supportedFilesystems = lib.mkForce [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ]; "phy-rockchip-naneng-combphy"
"phy-rockchip-snps-pcie3"
# I'm not completely sure if some of these could be omitted, ];
# but want to make sure disk access works # Petitboot uses this port and baud rate on the boards serial port,
boot.initrd.availableKernelModules = [ # it's probably good to keep the options same for the running
"nvme" # kernel for serial console access to work well
"nvme-core" boot.kernelParams = ["console=ttyS2,1500000"];
"phy-rockchip-naneng-combphy" hardware.deviceTree.name = "rockchip/rk3568-odroid-m1.dtb";
"phy-rockchip-snps-pcie3"
];
# Petitboot uses this port and baud rate on the boards serial port,
# it's probably good to keep the options same for the running
# kernel for serial console access to work well
boot.kernelParams = [ "console=ttyS2,1500000" ];
hardware.deviceTree.name = "rockchip/rk3568-odroid-m1.dtb";
# Turn on flakes.
##nix.package = pkgs.nixVersions.stable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
system.stateVersion = "23.11"; # Did you read the comment?
# Turn on flakes.
##nix.package = pkgs.nixVersions.stable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
} }

57
secrets/host-secrets.yaml Normal file
View File

@@ -0,0 +1,57 @@
consul_encrypt: ENC[AES256_GCM,data:SXOUCI7VytPdTffb/QLjEu+eu3bKim7Hqk5cQHWPBhs0ludnWsivL076vYY=,iv:lSAANYT33+qnQKuKnQ8Yl1mjGsRuDLFCr+dlxXxyflA=,tag:OQg/AM7MN4xY/ELwZl4ikw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArcGNQbHNXZFQ3bTZYUHNW
bWUyMElwcVBqTFJFV1Q2Mm1YSW8wR3NnbWxZCnkxRDRuWCtBTjB3MlpNZTZsYmx1
SkVOUDd6RFRxVHBla2xUV1lwYXJ1WFUKLS0tIFEwVkJqYmRBclBTR0NyUW9wMXE3
NVNFa1I3Y0RFYW1lei9JOVp3eDVkc0EKpd8JLzE+XTJcRhT1kwF0SQTt7QmOWpLF
C2+J/gFf/8H43tRD6MxpzgSTJ/480mshnrlnAX6yqgn/CMEP/XrEVA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadXR3OCtWRXZTRW5jaFVQ
RTZpa05nVHIxS2FYaW10TWxnYlpxc3BENWlnCnFXL1FZanJvc0FmZnVYcXlVS29Y
dHdHY2dENSt1NGl0QzlxQkZCLzkyUEUKLS0tIDRNMXowUmZmZkdvUjhaVjdQWnBF
N1E0djlJVDdjK0hCbTdZSSthWityUFUKhAj6O0Ss+ZzJ65as8WT++9VIErPRs7hX
w9cMAzuaq2BJrYuZqbMdbDqmgMoBMu3CX2TieIjCsX/5IGr8mqxH2Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1t6zzuxzzlfvqfhcvj3vyngfguxrw960c5u9hjwd05k5q9zp7l3gqyjatew
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSXlxalMwcDdtcUllY1Rn
U0JEYk5UL29qdzFkTTNHQXdFSWZWWE1YaDJrCjB5T0ZEM3dYMjlOZ3IyRGRrZng1
cndYRENOT0Q2VFg1WDF5UG1zLzQzVEkKLS0tIENoeGxyS1dlbGF4d053ZlVTTE1v
elN4aWU1cVN5OXNobDhWN1pMelp5YTgKZXi4Sru1X9QMQPT2f7ryas/WmB+etVN3
/liTOTpUP/Ea7n1T0blO3XvDqLeKHLhKUwQ0S6JTAPZxMRL16ia/sA==
-----END AGE ENCRYPTED FILE-----
- recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YkM1LzlCWEFUZmQwcEtQ
eVBaV2lNeFlTajRHZWU3ZWNXYUNMbUxMRlFJCjJBLzQ1bEptYVYvbzhKKzhuTi9k
Wk1kWlpINS9NYWFRajFKWGNkL1hBU2sKLS0tIGU4cVVIVTluOTRUdE5GbXRTVlhT
dUszUWNQUzJxdndJTUlGS1g0amdjb0EKz4Uem2Z5lj5LJcOOFMy8HQWQSMVRiXwm
UeqbLYqgQ74ThpQoH2HfBIjCoacK1u1+StEzOeVXaT+o+a0WtOfnIA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m3zny0wn4smrwhjrvw8qay8438l06v49h0fg4s3c6mpjyuq28vwsp5wvdk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcW9xOVd0YnVkL0JheHI0
WTBoOFVzTzhZS1MxT1hFWEZ1cUl3QzFZeWljCmpGWUh1UHVpTXJ5dWd1OVQvNllj
QXg0MTFuY1NaRXdyWVc3M2M1alc3dFkKLS0tIHE1SytvR3Z6MWZjNzhBY2pRU3NU
bVo5cFZ1L2dSaThjemtsMUcrcURla2sKM+nUlPzQwdCK/8gt19qi6PX0tMEWuol+
5QOPqkjklkFoiBFKtpHOpW/xnzUQWo86HM84G1NiMsAotWblGEPK1A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-19T21:14:46Z"
mac: ENC[AES256_GCM,data:TeiGhX9oHxtSSxXxYJORFVxfam8rBtyu4+1w/uj8lzTwJKE9+fxQipMC0hKxiBR478Wxf22RSlkMR0Pb5x09FLWwFJcBmh7W5C4tYmAjM+Fo+ACK/lJndavbE0EFcWLhbm6RYRg86J/vxcyxNVJ8/gc0IE228p2EuqrtfnI87SQ=,iv:dJTSgnriZ9dHfzV4yFt0mjcq2vplTnmTTx3XCdTECBM=,tag:aWQH7y7Jcn+FoylF3IXpsg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3