Compare commits
10 commits
bff2e68267
...
73e7e895c1
Author | SHA1 | Date | |
---|---|---|---|
73e7e895c1 | |||
ded6dff0af | |||
8eb2164759 | |||
ffcb415b0b | |||
3e37e4049d | |||
e1f3e6ec8d | |||
2570711ed4 | |||
b0fcd44752 | |||
d1122ba5bb | |||
75c135f267 |
2 changed files with 100 additions and 42 deletions
72
flake.lock
72
flake.lock
|
@ -9,11 +9,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714479410,
|
"lastModified": 1715663764,
|
||||||
"narHash": "sha256-wmE6mn3Bxui9AcQogJ8Q3fjGz56cBq7At41hhcLsGL4=",
|
"narHash": "sha256-gNRzpFMYImLTompPQC4mULq2N1rENCSHiz1XW0K+RQU=",
|
||||||
"owner": "atuinsh",
|
"owner": "atuinsh",
|
||||||
"repo": "atuin",
|
"repo": "atuin",
|
||||||
"rev": "d1ce01679b22b99321fe7407e8ee35de8cf99bd5",
|
"rev": "34265613b80d1d2249d276da5fcd5e4c274af357",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -43,11 +43,11 @@
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712014858,
|
"lastModified": 1714606777,
|
||||||
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
|
"narHash": "sha256-bMkNmAXLj8iyTvxaaD/StcLSadbj1chPcJOjtuVnLmA=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
|
"rev": "4d34ce6412bc450b1d4208c953dc97c7fc764f1a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -96,11 +96,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714043624,
|
"lastModified": 1715381426,
|
||||||
"narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
|
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
|
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -117,11 +117,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714515075,
|
"lastModified": 1715486357,
|
||||||
"narHash": "sha256-azMK7aWH0eUc3IqU4Fg5rwZdB9WZBvimOGG3piqvtsY=",
|
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "6d3b6dc9222c12b951169becdf4b0592ee9576ef",
|
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -283,11 +283,11 @@
|
||||||
"systems": "systems_5"
|
"systems": "systems_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714060055,
|
"lastModified": 1715788457,
|
||||||
"narHash": "sha256-j43TS9wv9luaAlpxcxw0sjxkbcc2mGANVR2RYgo3RCw=",
|
"narHash": "sha256-32HOkjSIyANphV0p5gIwP4ONU/CcinhwOyVFB+tL/d0=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "xdg-desktop-portal-hyprland",
|
"repo": "xdg-desktop-portal-hyprland",
|
||||||
"rev": "0fe840441e43da12cd7865ed9aa8cdc35a8da85a",
|
"rev": "af7c87a32f5d67eb2ada908a6a700f4e74831943",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -372,11 +372,11 @@
|
||||||
"nixpkgs": "nixpkgs_4"
|
"nixpkgs": "nixpkgs_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714455472,
|
"lastModified": 1714622771,
|
||||||
"narHash": "sha256-XotANaTYWoxQGZ3/cR0FKUB1UHZ85mIYlwcweBbBe+w=",
|
"narHash": "sha256-fZs0u4ep+RH7U69Jo/GAjwd1iSVFSByeAOju8ucsPx8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixd",
|
"repo": "nixd",
|
||||||
"rev": "349be908d5473e922f43227d0b5840c6c55e231b",
|
"rev": "af6bb716038eecf5bad0ead6ed14a4c1e5b74c13",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -404,11 +404,11 @@
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "lib",
|
"dir": "lib",
|
||||||
"lastModified": 1711703276,
|
"lastModified": 1714253743,
|
||||||
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
|
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
|
"rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -437,11 +437,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714409183,
|
"lastModified": 1715668745,
|
||||||
"narHash": "sha256-Wacm/DrzLD7mjFGnSxxyGkJgg2unU/dNdNgdngBH+RU=",
|
"narHash": "sha256-xp62OkRkbUDNUc6VSqH02jB0FbOS+MsfMb7wL1RJOfA=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "576ecd43d3b864966b4423a853412d6177775e8b",
|
"rev": "9ddcaffecdf098822d944d4147dd8da30b4e6843",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -453,11 +453,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable_2": {
|
"nixpkgs-stable_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713638189,
|
"lastModified": 1715458492,
|
||||||
"narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=",
|
"narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "74574c38577914733b4f7a775dd77d24245081dd",
|
"rev": "8e47858badee5594292921c2668c11004c3b0142",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -469,11 +469,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714253743,
|
"lastModified": 1715534503,
|
||||||
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
|
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
|
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -517,11 +517,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713596654,
|
"lastModified": 1714562304,
|
||||||
"narHash": "sha256-LJbHQQ5aX1LVth2ST+Kkse/DRzgxlVhTL1rxthvyhZc=",
|
"narHash": "sha256-Mr3U37Rh6tH0FbaDFu0aZDwk9mPAe7ASaqDOGgLqqLU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "fd16bb6d3bcca96039b11aa52038fafeb6e4f4be",
|
"rev": "bcd44e224fd68ce7d269b4f44d24c2220fd821e7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -576,11 +576,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713892811,
|
"lastModified": 1715482972,
|
||||||
"narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=",
|
"narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd",
|
"rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -83,11 +83,10 @@
|
||||||
# ALSO
|
# ALSO
|
||||||
# point ipxe tagged requests to the matchbox iPXE boot script (via HTTP)
|
# point ipxe tagged requests to the matchbox iPXE boot script (via HTTP)
|
||||||
# pxe-service="tag:ipxe,0,matchbox,http://10.1.1.57:8080/boot.ipxe";
|
# pxe-service="tag:ipxe,0,matchbox,http://10.1.1.57:8080/boot.ipxe";
|
||||||
# also this double pxe-service config hack sucks, but it works.
|
pxe-service = [
|
||||||
pxe-service=''
|
"tag:#ipxe,x86PC,\"PXE chainload to iPXE\",undionly.kpxe"
|
||||||
tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe
|
"tag:ipxe,0,matchbox,http://10.1.1.57:8086/boot.ipxe"
|
||||||
pxe-service=tag:ipxe,0,matchbox,http://10.1.1.57:8086/boot.ipxe
|
];
|
||||||
'';
|
|
||||||
log-queries = true;
|
log-queries = true;
|
||||||
log-dhcp = true;
|
log-dhcp = true;
|
||||||
};
|
};
|
||||||
|
@ -114,6 +113,65 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# haproxy for load balancing talos and kubernetes api.
|
||||||
|
services.haproxy = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
global
|
||||||
|
log /dev/log local0
|
||||||
|
log /dev/log local1 notice
|
||||||
|
daemon
|
||||||
|
|
||||||
|
defaults
|
||||||
|
mode http
|
||||||
|
log global
|
||||||
|
option httplog
|
||||||
|
option dontlognull
|
||||||
|
option http-server-close
|
||||||
|
option redispatch
|
||||||
|
retries 3
|
||||||
|
timeout http-request 10s
|
||||||
|
timeout queue 20s
|
||||||
|
timeout connect 10s
|
||||||
|
timeout client 1h
|
||||||
|
timeout server 1h
|
||||||
|
timeout http-keep-alive 10s
|
||||||
|
timeout check 10s
|
||||||
|
|
||||||
|
frontend k8s_apiserver
|
||||||
|
bind *:6443
|
||||||
|
mode tcp
|
||||||
|
option tcplog
|
||||||
|
default_backend k8s_controlplane
|
||||||
|
|
||||||
|
frontend talos_apiserver
|
||||||
|
bind *:50000
|
||||||
|
mode tcp
|
||||||
|
option tcplog
|
||||||
|
default_backend talos_controlplane
|
||||||
|
|
||||||
|
backend k8s_controlplane
|
||||||
|
option httpchk GET /healthz
|
||||||
|
http-check expect status 200
|
||||||
|
mode tcp
|
||||||
|
option ssl-hello-chk
|
||||||
|
balance roundrobin
|
||||||
|
server worker1 10.1.1.61:6443 check
|
||||||
|
server worker2 10.1.1.62:6443 check
|
||||||
|
server worker3 10.1.1.63:6443 check
|
||||||
|
|
||||||
|
backend talos_controlplane
|
||||||
|
option httpchk GET /healthz
|
||||||
|
http-check expect status 200
|
||||||
|
mode tcp
|
||||||
|
option ssl-hello-chk
|
||||||
|
balance roundrobin
|
||||||
|
server worker1 10.1.1.61:50000 check
|
||||||
|
server worker2 10.1.1.62:50000 check
|
||||||
|
server worker3 10.1.1.63:50000 check
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
# started in user sessions.
|
# started in user sessions.
|
||||||
programs.mtr.enable = true;
|
programs.mtr.enable = true;
|
||||||
|
|
Reference in a new issue