Compare commits
10 commits
bff2e68267
...
73e7e895c1
| Author | SHA1 | Date | |
|---|---|---|---|
| 73e7e895c1 | |||
| ded6dff0af | |||
| 8eb2164759 | |||
| ffcb415b0b | |||
| 3e37e4049d | |||
e1f3e6ec8d
|
|||
|
2570711ed4
|
|||
| b0fcd44752 | |||
| d1122ba5bb | |||
| 75c135f267 |
2 changed files with 100 additions and 42 deletions
72
flake.lock
72
flake.lock
|
|
@ -9,11 +9,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714479410,
|
||||
"narHash": "sha256-wmE6mn3Bxui9AcQogJ8Q3fjGz56cBq7At41hhcLsGL4=",
|
||||
"lastModified": 1715663764,
|
||||
"narHash": "sha256-gNRzpFMYImLTompPQC4mULq2N1rENCSHiz1XW0K+RQU=",
|
||||
"owner": "atuinsh",
|
||||
"repo": "atuin",
|
||||
"rev": "d1ce01679b22b99321fe7407e8ee35de8cf99bd5",
|
||||
"rev": "34265613b80d1d2249d276da5fcd5e4c274af357",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -43,11 +43,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1712014858,
|
||||
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
|
||||
"lastModified": 1714606777,
|
||||
"narHash": "sha256-bMkNmAXLj8iyTvxaaD/StcLSadbj1chPcJOjtuVnLmA=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
|
||||
"rev": "4d34ce6412bc450b1d4208c953dc97c7fc764f1a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -96,11 +96,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714043624,
|
||||
"narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
|
||||
"lastModified": 1715381426,
|
||||
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
|
||||
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -117,11 +117,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714515075,
|
||||
"narHash": "sha256-azMK7aWH0eUc3IqU4Fg5rwZdB9WZBvimOGG3piqvtsY=",
|
||||
"lastModified": 1715486357,
|
||||
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "6d3b6dc9222c12b951169becdf4b0592ee9576ef",
|
||||
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -283,11 +283,11 @@
|
|||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714060055,
|
||||
"narHash": "sha256-j43TS9wv9luaAlpxcxw0sjxkbcc2mGANVR2RYgo3RCw=",
|
||||
"lastModified": 1715788457,
|
||||
"narHash": "sha256-32HOkjSIyANphV0p5gIwP4ONU/CcinhwOyVFB+tL/d0=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "xdg-desktop-portal-hyprland",
|
||||
"rev": "0fe840441e43da12cd7865ed9aa8cdc35a8da85a",
|
||||
"rev": "af7c87a32f5d67eb2ada908a6a700f4e74831943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -372,11 +372,11 @@
|
|||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714455472,
|
||||
"narHash": "sha256-XotANaTYWoxQGZ3/cR0FKUB1UHZ85mIYlwcweBbBe+w=",
|
||||
"lastModified": 1714622771,
|
||||
"narHash": "sha256-fZs0u4ep+RH7U69Jo/GAjwd1iSVFSByeAOju8ucsPx8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixd",
|
||||
"rev": "349be908d5473e922f43227d0b5840c6c55e231b",
|
||||
"rev": "af6bb716038eecf5bad0ead6ed14a4c1e5b74c13",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -404,11 +404,11 @@
|
|||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"dir": "lib",
|
||||
"lastModified": 1711703276,
|
||||
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
|
||||
"lastModified": 1714253743,
|
||||
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
|
||||
"rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -437,11 +437,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1714409183,
|
||||
"narHash": "sha256-Wacm/DrzLD7mjFGnSxxyGkJgg2unU/dNdNgdngBH+RU=",
|
||||
"lastModified": 1715668745,
|
||||
"narHash": "sha256-xp62OkRkbUDNUc6VSqH02jB0FbOS+MsfMb7wL1RJOfA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "576ecd43d3b864966b4423a853412d6177775e8b",
|
||||
"rev": "9ddcaffecdf098822d944d4147dd8da30b4e6843",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -453,11 +453,11 @@
|
|||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1713638189,
|
||||
"narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=",
|
||||
"lastModified": 1715458492,
|
||||
"narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "74574c38577914733b4f7a775dd77d24245081dd",
|
||||
"rev": "8e47858badee5594292921c2668c11004c3b0142",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -469,11 +469,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1714253743,
|
||||
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
|
||||
"lastModified": 1715534503,
|
||||
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
|
||||
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -517,11 +517,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1713596654,
|
||||
"narHash": "sha256-LJbHQQ5aX1LVth2ST+Kkse/DRzgxlVhTL1rxthvyhZc=",
|
||||
"lastModified": 1714562304,
|
||||
"narHash": "sha256-Mr3U37Rh6tH0FbaDFu0aZDwk9mPAe7ASaqDOGgLqqLU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "fd16bb6d3bcca96039b11aa52038fafeb6e4f4be",
|
||||
"rev": "bcd44e224fd68ce7d269b4f44d24c2220fd821e7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -576,11 +576,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1713892811,
|
||||
"narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=",
|
||||
"lastModified": 1715482972,
|
||||
"narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd",
|
||||
"rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -83,11 +83,10 @@
|
|||
# ALSO
|
||||
# point ipxe tagged requests to the matchbox iPXE boot script (via HTTP)
|
||||
# pxe-service="tag:ipxe,0,matchbox,http://10.1.1.57:8080/boot.ipxe";
|
||||
# also this double pxe-service config hack sucks, but it works.
|
||||
pxe-service=''
|
||||
tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe
|
||||
pxe-service=tag:ipxe,0,matchbox,http://10.1.1.57:8086/boot.ipxe
|
||||
'';
|
||||
pxe-service = [
|
||||
"tag:#ipxe,x86PC,\"PXE chainload to iPXE\",undionly.kpxe"
|
||||
"tag:ipxe,0,matchbox,http://10.1.1.57:8086/boot.ipxe"
|
||||
];
|
||||
log-queries = true;
|
||||
log-dhcp = true;
|
||||
};
|
||||
|
|
@ -114,6 +113,65 @@
|
|||
};
|
||||
};
|
||||
|
||||
# haproxy for load balancing talos and kubernetes api.
|
||||
services.haproxy = {
|
||||
enable = true;
|
||||
config = ''
|
||||
global
|
||||
log /dev/log local0
|
||||
log /dev/log local1 notice
|
||||
daemon
|
||||
|
||||
defaults
|
||||
mode http
|
||||
log global
|
||||
option httplog
|
||||
option dontlognull
|
||||
option http-server-close
|
||||
option redispatch
|
||||
retries 3
|
||||
timeout http-request 10s
|
||||
timeout queue 20s
|
||||
timeout connect 10s
|
||||
timeout client 1h
|
||||
timeout server 1h
|
||||
timeout http-keep-alive 10s
|
||||
timeout check 10s
|
||||
|
||||
frontend k8s_apiserver
|
||||
bind *:6443
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend k8s_controlplane
|
||||
|
||||
frontend talos_apiserver
|
||||
bind *:50000
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend talos_controlplane
|
||||
|
||||
backend k8s_controlplane
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
mode tcp
|
||||
option ssl-hello-chk
|
||||
balance roundrobin
|
||||
server worker1 10.1.1.61:6443 check
|
||||
server worker2 10.1.1.62:6443 check
|
||||
server worker3 10.1.1.63:6443 check
|
||||
|
||||
backend talos_controlplane
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
mode tcp
|
||||
option ssl-hello-chk
|
||||
balance roundrobin
|
||||
server worker1 10.1.1.61:50000 check
|
||||
server worker2 10.1.1.62:50000 check
|
||||
server worker3 10.1.1.63:50000 check
|
||||
'';
|
||||
};
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
programs.mtr.enable = true;
|
||||
|
|
@ -172,4 +230,4 @@
|
|||
networking.firewall.enable = false;
|
||||
system.stateVersion = "24.05"; # Did you read the comment?
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue