sstent/nixos-cluster
1
0
Fork 0
mirror of https://github.com/sstent/nixos-cluster.git synced 2026-02-18 21:25:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync

Browse Source
This commit is contained in:
sstent
2025-07-01 16:32:59 +00:00
parent de3b3aea49
commit eb1a74d694
7 changed files with 41 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1712696601, "lastModified": 1751285371,
"narHash": "sha256-puFPFSa/RC83JilUgB48/VL387eu2QN066Jv6X971LY=", "narHash": "sha256-/hDU+2AUeFFu5qGHO/UyFMc4UG/x5Cw5uXO36KGTk6c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "062fc6cf99d809921ecef47317752fc92468e6ae", "rev": "b9c03fbbaf84d85bb28eee530c7e9edc4021ca1b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -16,29 +16,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1712437997,
"narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1712420723, "lastModified": 1744868846,
"narHash": "sha256-VnG0Eu394Ga2FCe8Q66m6OEQF8iAqjDYsjmtl+N2omk=", "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9e7f26f82acb057498335362905fde6fea4ca50a", "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -56,15 +40,14 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2"
"nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1712617241, "lastModified": 1750119275,
"narHash": "sha256-a4hbls4vlLRMciv62YrYT/Xs/3Cubce8WFHPUDWwzf8=", "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "538c114cfdf1f0458f507087b1dcf018ce1c0c4c", "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
"type": "github" "type": "github"
}, },
"original": { "original": {

6
hosts/odroid8/default.nix
View File

@@ -14,11 +14,11 @@
networking.interfaces.end0.ipv4.addresses = [ networking.interfaces.end0.ipv4.addresses = [
{ {
address = "192.168.1.228"; address = "192.168.4.228";
prefixLength = 24; prefixLength = 24;
} }
]; ];
networking.defaultGateway = "192.168.1.1"; networking.defaultGateway = "192.168.4.1";
networking.nameservers = ["192.168.1.1" "8.8.8.8"]; networking.nameservers = ["192.168.4.1" "8.8.8.8"];
} }

5
justfile
View File

@@ -1,5 +1,8 @@
deploy NODE: deploy NODE:
nixos-rebuild --flake .#{{NODE}} --fast --target-host root@{{NODE}}.node.dc1.consul --build-host root@{{NODE}}.node.dc1.consul switch nixos-rebuild --flake .#{{NODE}} --add-root --fast --target-host root@{{NODE}}.node.dc1.consul --build-host root@{{NODE}}.node.dc1.consul switch
deploy-dry NODE:
nixos-rebuild --flake .#{{NODE}} --fast --target-host root@{{NODE}}.node.dc1.consul --build-host root@{{NODE}}.node.dc1.consul dry-activate
deploy-all: deploy-all:
just deploy odroid5 just deploy odroid5

36
modules/cifs.nix
View File

@@ -6,7 +6,6 @@
... ...
}: { }: {
services.samba.openFirewall = true; services.samba.openFirewall = true;
#services.samba-wsdd.enable = true; # make shares visible for windows 10 clients #services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
5357 # wsdd 5357 # wsdd
@@ -14,29 +13,26 @@
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
3702 # wsdd 3702 # wsdd
]; ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /shares/Public 0777 root root - -" "d /shares/Public 0777 root root - -"
]; ];
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user"; settings = {
extraConfig = '' global = {
workgroup = WORKGROUP workgroup = "WORKGROUP";
server string = smbnix "server string" = "smbnix";
netbios name = smbnix "netbios name" = "smbnix";
disable netbios = yes "disable netbios" = "yes";
security = user security = "user";
#use sendfile = yes #"use sendfile" = "yes";
#max protocol = smb2 #"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1 # note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.1. 127.0.0.1 localhost "hosts allow" = "192.168.1. 127.0.0.1 localhost";
hosts deny = 0.0.0.0/0 "hosts deny" = "0.0.0.0/0";
guest account = nobody "guest account" = "nobody";
map to guest = bad user "map to guest" = "bad user";
''; };
shares = {
public = { public = {
path = "/shares/Public"; path = "/shares/Public";
browseable = "no"; browseable = "no";
@@ -48,8 +44,8 @@
"force group" = "samba-guest"; "force group" = "samba-guest";
}; };
}; };
};
};
users.users.samba-guest = { users.users.samba-guest = {
isSystemUser = true; isSystemUser = true;
description = "Residence of our Samba guest users"; description = "Residence of our Samba guest users";

3
modules/common.nix
View File

@@ -32,7 +32,8 @@
}; };
# Enable nix flakes # Enable nix flakes
nix.package = pkgs.nixFlakes; # nix.package = pkgs.nixFlakes; #Deprecated
nix.package = pkgs.nixVersions.stable;
nix.extraOptions = '' nix.extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';

10
modules/kboot-conf/default.nix
View File

@@ -8,16 +8,14 @@ with lib; let
cfg = config.boot.loader.kboot-conf; cfg = config.boot.loader.kboot-conf;
# The builder used to write during system activation # The builder used to write during system activation
builder = pkgs.substituteAll { # The builder used to write during system activation
src = ./generate-kboot-conf.sh; builder = pkgs.replaceVars ./generate-kboot-conf.sh {
isExecutable = true;
path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep]; path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
inherit (pkgs) bash; inherit (pkgs) bash;
}; };
# The builder exposed in populateCmd, which runs on the build architecture # The builder exposed in populateCmd, which runs on the build architecture
populateBuilder = pkgs.buildPackages.substituteAll { populateBuilder = pkgs.buildPackages.replaceVars ./generate-kboot-conf.sh {
src = ./generate-kboot-conf.sh;
isExecutable = true;
path = with pkgs.buildPackages; [coreutils gnused gnugrep]; path = with pkgs.buildPackages; [coreutils gnused gnugrep];
inherit (pkgs.buildPackages) bash; inherit (pkgs.buildPackages) bash;
}; };

2
modules/nomad.nix
View File

@@ -58,7 +58,7 @@
]; ];
services.nomad = { services.nomad = {
package = pkgs.nomad_1_6; package = pkgs.nomad_1_9;
dropPrivileges = false; dropPrivileges = false;
enableDocker = true; enableDocker = true;
enable = true; enable = true;