rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move clan config to its own directory

Browse Source
This commit is contained in:
Romain Paquet
2025-11-03 23:51:20 +01:00
parent a680d58664
commit 740ed6725a
5 changed files with 272 additions and 255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

223
clan/flake-module.nix Normal file
View File

@@ -0,0 +1,223 @@
{ self, lib, ... }:
{
imports = [
./machines.nix
./network.nix
];
clan.meta.name = "blossom";
clan.inventory.instances."rpqt-admin" = {
module.input = "clan-core";
module.name = "admin";
roles.default.tags.server = { };
roles.default.machines.haze = { };
roles.default.settings.allowedKeys = {
rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
nixbld_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyNC2sn5m7m52r4kVZqg0T7abqdz5xh/blU3cYtHKAE nixbld@haze";
};
};
clan.inventory.instances."sshd" = {
module.input = "clan-core";
module.name = "sshd";
roles.server.tags.all = { };
roles.server.extraModules = [
self.nixosModules.hardened-ssh-server
];
roles.server.settings = {
certificate.searchDomains = [
"home.rpqt.fr"
];
};
roles.client.tags.all = { };
roles.client.settings = {
certificate.searchDomains = [
"home.rpqt.fr"
];
};
};
clan.inventory.instances.user-rpqt = {
module.input = "clan-core";
module.name = "users";
roles.default.machines.haze = {
settings = {
user = "rpqt";
};
};
roles.default.extraModules = [
self.nixosModules.user-rpqt
];
};
clan.inventory.instances.common-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.all = { };
roles.default.extraModules = [ self.nixosModules.common ];
};
clan.inventory.instances.server-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.server = { };
roles.default.extraModules = [
{
nix.gc.automatic = lib.mkDefault true;
nix.gc.dates = lib.mkDefault "Mon 3:15";
nix.gc.randomizedDelaySec = lib.mkDefault "30min";
nix.gc.options = lib.mkDefault "--delete-older-than 30d";
}
];
};
clan.inventory.instances."garage" = {
module.input = "clan-core";
module.name = "garage";
roles.default.tags.garage = { };
};
clan.inventory.instances."garage-config" = {
module.input = "clan-core";
module.name = "importer";
roles.default.tags.garage = { };
roles.default.extraModules = [ ../modules/garage.nix ];
};
clan.inventory.instances."trusted-nix-caches" = {
module.input = "clan-core";
module.name = "trusted-nix-caches";
roles.default.tags.all = { };
};
clan.inventory.instances."borgbackup-storagebox" = {
module.input = "clan-core";
module.name = "borgbackup";
roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] (
machine:
let
config = self.nixosConfigurations.${machine}.config;
user = "u422292";
host = "${user}.your-storagebox.de";
in
{
settings.destinations."storagebox-${config.networking.hostName}" = {
repo = "${user}@${host}:./borgbackup/${config.networking.hostName}";
rsh = "ssh -oPort=23 -i ${
config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path
} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
};
}
);
roles.client.extraModules = [
../modules/storagebox.nix
];
roles.server.machines = { };
};
clan.inventory.instances.prometheus = {
module.input = "self";
module.name = "@rpqt/prometheus";
roles.scraper.machines.genepi = { };
roles.scraper.settings = {
extraScrapeConfigs = [
{
job_name = "garage";
static_configs = [
{
labels.instance = "crocus";
targets = [ "crocus.home.rpqt.fr:3903" ];
}
{
labels.instance = "genepi";
targets = [ "genepi.home.rpqt.fr:3903" ];
}
{
labels.instance = "verbena";
targets = [ "verbena.home.rpqt.fr:3903" ];
}
];
authorization = {
type = "Bearer";
credentials_file =
self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path;
};
}
];
};
roles.target.tags.server = { };
roles.target.settings = {
exporters = {
node = {
enabledCollectors = [
"systemd"
];
};
};
};
};
clan.inventory.instances.syncthing = {
roles.peer.tags.syncthing = { };
roles.peer.settings.folders = {
Documents = {
path = "~/Documents";
};
Music = {
path = "~/Music";
};
Pictures = {
path = "~/Pictures";
};
Videos = {
path = "~/Videos";
};
};
roles.peer.settings.extraDevices = {
pixel-7a = {
id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
name = "Pixel 7a";
addresses = [ "dynamic" ];
};
};
};
clan.inventory.instances.buildbot = {
module.input = "self";
module.name = "@rpqt/buildbot";
roles.master.machines.verbena = {
settings = {
domain = "buildbot.turifer.dev";
admins = [ "rpqt" ];
topic = "buildbot-nix";
gitea.instanceUrl = "https://git.turifer.dev";
};
};
roles.master.extraModules = [
{
services.nginx.virtualHosts."buildbot.turifer.dev" = {
enableACME = true;
forceSSL = true;
};
security.acme.certs."buildbot.turifer.dev" = {
email = "admin@turifer.dev";
};
}
];
roles.worker.machines.verbena = { };
};
}

28
clan/machines.nix Normal file
View File

@@ -0,0 +1,28 @@
{
clan.inventory.machines = {
crocus = {
tags = [
"garage"
"server"
];
};
genepi = {
tags = [
"garage"
"server"
"syncthing"
];
};
haze = {
tags = [
"syncthing"
];
};
verbena = {
tags = [
"garage"
"server"
];
};
};
}

20
clan/network.nix Normal file
View File

@@ -0,0 +1,20 @@
{
clan.inventory.instances.zerotier = {
roles.controller.machines.crocus = { };
roles.moon.machines.crocus = {
settings = {
stableEndpoints = [
"116.203.18.122"
"2a01:4f8:1c1e:e415::/64"
];
};
};
roles.peer.tags."all" = { };
};
clan.inventory.instances.internet = {
roles.default.machines.verbena = {
settings.host = "git.turifer.dev";
};
};
}

3
flake.nix
View File

@@ -15,11 +15,10 @@
flake-parts.lib.mkFlake { inherit inputs; } ({
imports = [
inputs.clan-core.flakeModules.default
./clan/flake-module.nix
./clanServices/flake-module.nix
./devShells/flake-module.nix
./home-manager/flake-module.nix
./machines/flake-module.nix
./modules/flake-module.nix
./packages/flake-module.nix
];

253
machines/flake-module.nix
View File

@@ -1,253 +0,0 @@
{ self, lib, ... }:
{
clan = {
meta.name = "blossom";
inventory.machines = {
crocus = {
tags = [
"garage"
"server"
];
};
genepi = {
tags = [
"garage"
"server"
"syncthing"
];
};
haze = {
tags = [
"syncthing"
];
};
verbena = {
tags = [
"garage"
"server"
];
};
};
inventory.instances = {
"rpqt-admin" = {
module.input = "clan-core";
module.name = "admin";
roles.default.tags.server = { };
roles.default.machines.haze = { };
roles.default.settings.allowedKeys = {
rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
};
};
zerotier = {
roles.controller.machines.crocus = { };
roles.moon.machines.crocus = {
settings = {
stableEndpoints = [
"116.203.18.122"
"2a01:4f8:1c1e:e415::/64"
];
};
};
roles.peer.tags."all" = { };
};
internet = {
roles.default.machines.verbena = {
settings.host = "git.turifer.dev";
};
};
"sshd" = {
module.input = "clan-core";
module.name = "sshd";
roles.server.tags.all = { };
roles.server.extraModules = [
self.nixosModules.hardened-ssh-server
];
};
user-rpqt = {
module.input = "clan-core";
module.name = "users";
roles.default.machines.haze = {
settings = {
user = "rpqt";
};
};
roles.default.extraModules = [
self.nixosModules.user-rpqt
];
};
common-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.all = { };
roles.default.extraModules = [ self.nixosModules.common ];
};
server-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.server = { };
roles.default.extraModules = [
{
nix.gc.automatic = lib.mkDefault true;
nix.gc.dates = lib.mkDefault "Mon 3:15";
nix.gc.randomizedDelaySec = lib.mkDefault "30min";
nix.gc.options = lib.mkDefault "--delete-older-than 30d";
}
];
};
"garage" = {
module.input = "clan-core";
module.name = "garage";
roles.default.tags.garage = { };
};
"garage-config" = {
module.input = "clan-core";
module.name = "importer";
roles.default.tags.garage = { };
roles.default.extraModules = [ ../modules/garage.nix ];
};
"trusted-nix-caches" = {
module.input = "clan-core";
module.name = "trusted-nix-caches";
roles.default.tags.all = { };
};
"borgbackup-storagebox" = {
module.input = "clan-core";
module.name = "borgbackup";
roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] (
machine:
let
config = self.nixosConfigurations.${machine}.config;
user = "u422292";
host = "${user}.your-storagebox.de";
in
{
settings.destinations."storagebox-${config.networking.hostName}" = {
repo = "${user}@${host}:./borgbackup/${config.networking.hostName}";
rsh = "ssh -oPort=23 -i ${
config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path
} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
};
}
);
roles.client.extraModules = [
../modules/storagebox.nix
];
roles.server.machines = { };
};
prometheus = {
module.input = "self";
module.name = "@rpqt/prometheus";
roles.scraper.machines.genepi = { };
roles.scraper.settings = {
extraScrapeConfigs = [
{
job_name = "garage";
static_configs = [
{
labels.instance = "crocus";
targets = [ "crocus.home.rpqt.fr:3903" ];
}
{
labels.instance = "genepi";
targets = [ "genepi.home.rpqt.fr:3903" ];
}
{
labels.instance = "verbena";
targets = [ "verbena.home.rpqt.fr:3903" ];
}
];
authorization = {
type = "Bearer";
credentials_file =
self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path;
};
}
];
};
roles.target.tags.server = { };
roles.target.settings = {
exporters = {
node = {
enabledCollectors = [
"systemd"
];
};
};
};
};
syncthing = {
roles.peer.tags.syncthing = { };
roles.peer.settings.folders = {
Documents = {
path = "~/Documents";
};
Music = {
path = "~/Music";
};
Pictures = {
path = "~/Pictures";
};
Videos = {
path = "~/Videos";
};
};
roles.peer.settings.extraDevices = {
pixel-7a = {
id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
name = "Pixel 7a";
addresses = [ "dynamic" ];
};
};
};
buildbot = {
module.input = "self";
module.name = "@rpqt/buildbot";
roles.master.machines.verbena = {
settings = {
domain = "buildbot.turifer.dev";
admins = [ "rpqt" ];
topic = "buildbot-nix";
gitea.instanceUrl = "https://git.turifer.dev";
};
};
roles.master.extraModules = [
{
services.nginx.virtualHosts."buildbot.turifer.dev" = {
enableACME = true;
forceSSL = true;
};
security.acme.certs."buildbot.turifer.dev" = {
email = "admin@turifer.dev";
};
}
];
roles.worker.machines.verbena = { };
};
};
};
}