this repo has no description
refactor(staging): switch to single Hetzner node
Home ISP IPv6 unstability is fucking annoying.
+45
-206
+2
-91
infra/_modules/nixos/flake.nix
+2
-91
infra/_modules/nixos/flake.nix
···
23
23
];
24
24
};
25
25
kube-1 = nixpkgs.lib.nixosSystem {
26
-
system = "x86_64-linux";
26
+
system = "aarch64-linux";
27
27
modules = [
28
28
disko.nixosModules.disko
29
29
sops-nix.nixosModules.sops
···
34
34
{
35
35
networking.hostName = "kube-1";
36
36
systemd.network.networks."30-wan" = {
37
-
matchConfig.Name = "ens18";
37
+
matchConfig.Name = "enp1s0";
38
38
networkConfig.DHCP = "ipv4";
39
39
address = [
40
40
hosts.kube-1.ipv6_address
···
47
47
clusterInit = true;
48
48
extraFlags = nixpkgs.lib.mkAfter [
49
49
"--node-external-ip=${hosts.kube-1.ipv6_address}"
50
-
];
51
-
};
52
-
}
53
-
];
54
-
};
55
-
kube-2 = nixpkgs.lib.nixosSystem {
56
-
system = "x86_64-linux";
57
-
modules = [
58
-
disko.nixosModules.disko
59
-
sops-nix.nixosModules.sops
60
-
./configuration.nix
61
-
./disks.nix
62
-
./profiles/k3s-server.nix
63
-
./profiles/k3s-addons.nix
64
-
{
65
-
networking.hostName = "kube-2";
66
-
systemd.network.networks."30-wan" = {
67
-
matchConfig.Name = "ens18";
68
-
networkConfig.DHCP = "ipv4";
69
-
address = [
70
-
hosts.kube-2.ipv6_address
71
-
];
72
-
routes = [
73
-
{ Gateway = "fe80::1"; }
74
-
];
75
-
};
76
-
services.k3s = {
77
-
serverAddr = "https://[${hosts.kube-1.ipv6_address}]:6443";
78
-
extraFlags = nixpkgs.lib.mkAfter [
79
-
"--node-external-ip=${hosts.kube-2.ipv6_address}"
80
-
];
81
-
};
82
-
}
83
-
];
84
-
};
85
-
kube-3 = nixpkgs.lib.nixosSystem {
86
-
system = "x86_64-linux";
87
-
modules = [
88
-
disko.nixosModules.disko
89
-
sops-nix.nixosModules.sops
90
-
./configuration.nix
91
-
./disks.nix
92
-
./profiles/k3s-server.nix
93
-
./profiles/k3s-addons.nix
94
-
{
95
-
networking.hostName = "kube-3";
96
-
systemd.network.networks."30-wan" = {
97
-
matchConfig.Name = "ens18";
98
-
networkConfig.DHCP = "ipv4";
99
-
address = [
100
-
hosts.kube-3.ipv6_address
101
-
];
102
-
routes = [
103
-
{ Gateway = "fe80::1"; }
104
-
];
105
-
};
106
-
services.k3s = {
107
-
serverAddr = "https://[${hosts.kube-1.ipv6_address}]:6443";
108
-
extraFlags = nixpkgs.lib.mkAfter [
109
-
"--node-external-ip=${hosts.kube-3.ipv6_address}"
110
-
];
111
-
};
112
-
}
113
-
];
114
-
};
115
-
kube-4 = nixpkgs.lib.nixosSystem {
116
-
system = "aarch64-linux";
117
-
modules = [
118
-
disko.nixosModules.disko
119
-
sops-nix.nixosModules.sops
120
-
./configuration.nix
121
-
./disks.nix
122
-
./profiles/k3s-agent.nix
123
-
{
124
-
networking.hostName = "kube-4";
125
-
systemd.network.networks."30-wan" = {
126
-
matchConfig.Name = "enp1s0";
127
-
networkConfig.DHCP = "ipv4";
128
-
address = [
129
-
hosts.kube-4.ipv6_address
130
-
];
131
-
routes = [
132
-
{ Gateway = "fe80::1"; }
133
-
];
134
-
};
135
-
services.k3s = {
136
-
serverAddr = "https://[${hosts.kube-1.ipv6_address}]:6443";
137
-
extraFlags = nixpkgs.lib.mkAfter [
138
-
"--node-external-ip=${hosts.kube-4.ipv6_address}"
139
50
];
140
51
};
141
52
}
+1
-1
infra/_modules/nixos/hosts.json
+1
-1
infra/_modules/nixos/hosts.json
···
1
-
{"kube-1":{"ipv6_address":"2402:800:634b:c202:be24:11ff:fe3a:aaa0"},"kube-2":{"ipv6_address":"2402:800:634b:c202:be24:11ff:fec0:7ba3"},"kube-3":{"ipv6_address":"2402:800:634b:c202:be24:11ff:fe75:57f4"},"kube-4":{"ipv6_address":"2a01:4f9:c014:85b7::1"}}
1
+
{"kube-1":{"ipv6_address":"2a01:4f9:c013:e5ee::1"}}
+23
infra/staging/hetzner/.terraform.lock.hcl
+23
infra/staging/hetzner/.terraform.lock.hcl
···
1
+
# This file is maintained automatically by "tofu init".
2
+
# Manual edits may be lost in future updates.
3
+
4
+
provider "registry.opentofu.org/hetznercloud/hcloud" {
5
+
version = "1.60.1"
6
+
constraints = "~> 1.45"
7
+
hashes = [
8
+
"h1:Yn/7M+RswavjNlD0nPMUayi76qyu3jkKf4h1UczNqkc=",
9
+
"zh:0a746671e3f149b998a2abf730a5401a07305c67f93d5bbfdcf60aa19fdebb4d",
10
+
"zh:156273b900a006253841727387671dd67c7c5c502998d6a9af5a5abbf5717fdf",
11
+
"zh:2daa1290c50c081bb6a6cfa76b2872ea9fd9658eb3f2e81deab58b1ee48cf348",
12
+
"zh:36d6dac96ac6389f35bb1f19f40c4263bf78fa36fa7468971cf646c69eeae663",
13
+
"zh:5d0040a11470ced3eddf7d3e8e823982f80f8eb127cf285cd351bfc26a4d1108",
14
+
"zh:60ac7d3d948d7280a6e53088d5c41c444712f05e4274e37b0f4a81da9dcd1edb",
15
+
"zh:9fe5dd114ebb6f8da0dc9b5485c42d01cd41ed61a6fe2fc92bb3038fe4d708ea",
16
+
"zh:ae755ea4faca6ee410a397702a2c74f10ea28ec1ab95e1656be7a6f5908d1d23",
17
+
"zh:b3edcf6ea0f6498bcbdcbac8ec69dfb79278c64c7ea46c3050cd361a603302b0",
18
+
"zh:c6059fad0c4d2ecc3475c1767779a8e8adfcb1168101aae57ba7783510a24ae2",
19
+
"zh:dfdeb297e97d5b97b04d16ded3f8ef6779fc22cbd0322a16aeff3b5feee36fe2",
20
+
"zh:e38d04e7a5d0dbc3858eaa678167b6ec5e73035dae3479c7a61e6d971e58c765",
21
+
"zh:fd60acd9f16b4eb7b442a557d19294a89f6a8a05f7ca57f4aa689a2a554e74bd",
22
+
]
23
+
}
-25
infra/staging/hetzner/compute/.terraform.lock.hcl
-25
infra/staging/hetzner/compute/.terraform.lock.hcl
···
1
-
# This file is maintained automatically by "tofu init".
2
-
# Manual edits may be lost in future updates.
3
-
4
-
provider "registry.opentofu.org/hetznercloud/hcloud" {
5
-
version = "1.52.0"
6
-
constraints = "~> 1.45"
7
-
hashes = [
8
-
"h1:8Juiz/B0XWpSCJmIYLBoGqU14R0W9rudwVInfd7jBt0=",
9
-
"h1:LTjrLuC+4F1Kv4TxS9e7LVVkG8/S4QQ7X4ORblvKTbc=",
10
-
"zh:1e9bb6b6a2ea5f441638dbae2d60fbe04ff455f58a18c740b8b7913e2197d875",
11
-
"zh:29c122e404ba331cfbadacc7f1294de5a31c9dfd60bdfe3e1b402271fc8e419c",
12
-
"zh:2bd0ae2f0bb9f16b7753f59a08e57ac7230f9c471278d7882f81406b9426c8c7",
13
-
"zh:4383206971873f6b5d81580a9a36e0158924f5816ebb6206b0cf2430e4e6a609",
14
-
"zh:47e2ca1cfa18500e4952ab51dc357a0450d00a92da9ea03e452f1f3efe6bbf75",
15
-
"zh:8e9fe90e3cea29bb7892b64da737642fc22b0106402df76c228a3cbe99663278",
16
-
"zh:a2d69350a69c471ddb63bcc74e105e585319a0fc0f4d1b7f70569f6d2ece5824",
17
-
"zh:a97abcc254e21c294e2d6b0fc9068acfd63614b097dda365f1c56ea8b0fd5f6b",
18
-
"zh:aba8d72d4fe2e89c922d5446d329e5c23d00b28227b4666e6486ba18ea2ec278",
19
-
"zh:ad36c333978c2d9e4bc43dcadcbff42fe771a8c5ef53d028bcacec8287bf78a7",
20
-
"zh:cdb1e6903b9d2f0ad8845d4eb390fbe724ee2435fb045baeab38d4319e637682",
21
-
"zh:df77b08757f3f36b8aadb33d73362320174047044414325c56a87983f48b5186",
22
-
"zh:e07513d5ad387247092b5ae1c87e21a387fc51873b3f38eee616187e38b090a7",
23
-
"zh:e2be02bdc59343ff4b9e26c3b93db7680aaf3e6ed13c8c4c4b144c74c2689915",
24
-
]
25
-
}
+1
-4
infra/staging/hetzner/compute/terragrunt.hcl
infra/staging/hetzner/terragrunt.hcl
+1
-4
infra/staging/hetzner/compute/terragrunt.hcl
infra/staging/hetzner/terragrunt.hcl
+17
-15
infra/staging/nixos/.terraform.lock.hcl
+17
-15
infra/staging/nixos/.terraform.lock.hcl
···
5
5
version = "2.3.5"
6
6
hashes = [
7
7
"h1:VsIY+hWGvWHaGvGTSKZslY13lPeAtSTxfZRPbpLMMhs=",
8
-
"h1:jcVmeuuz74tdRt2kj0MpUG9AORdlAlRRQ3k61y0r5Vc=",
9
8
"zh:1fb9aca1f068374a09d438dba84c9d8ba5915d24934a72b6ef66ef6818329151",
10
9
"zh:3eab30e4fcc76369deffb185b4d225999fc82d2eaaa6484d3b3164a4ed0f7c49",
11
10
"zh:4f8b7a4832a68080f0bf4f155b56a691832d8a91ce8096dac0f13a90081abc50",
···
20
19
}
21
20
22
21
provider "registry.opentofu.org/hashicorp/local" {
23
-
version = "2.5.3"
22
+
version = "2.8.0"
24
23
hashes = [
25
-
"h1:31Clmfoe7hzkcdgwuhUuGuPGfeG2Ksk+YWcJgzBTN7M=",
26
-
"h1:mC9+u1eaUILTjxey6Ivyf/3djm//RNNze9kBVX/trng=",
27
-
"zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf",
28
-
"zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991",
29
-
"zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd",
30
-
"zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764",
31
-
"zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf",
32
-
"zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096",
33
-
"zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0",
34
-
"zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3",
35
-
"zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3",
36
-
"zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5",
24
+
"h1:XybiBEkq4bcztcMIb1YZJo33oFgx40i63lhPG0TmiRU=",
25
+
"zh:0aaa04a29638eb2f84145aeec030ed4b469980c51f60f7f72ddbd705e0c9ceea",
26
+
"zh:1d2f29cdfdc607f6b6b641e8bc7b00c73ac29f572ae8aa9b18fd068c107a7315",
27
+
"zh:3cba45610ee2abbbe73694f5604d6628b036cee35d5e77f2353043088e950ff2",
28
+
"zh:435fca586d45fcf200974d90962fa4cffaf761bad4c774bd34d1b92463a9887f",
29
+
"zh:662748c6ad1e3d64500b70d3e2ccd5d2b04471dfd687c524f15bf3dbe68954a2",
30
+
"zh:68f3a6dd1a6ddb7f4935ce894861740dd39f2202c5ba4aebc217c742e426a80c",
31
+
"zh:75267c8b3d693125e7c6814058fef6189e0dae6c44c47cd63109d919b35e665e",
32
+
"zh:88a1e4c13876774fae1ae20129a328cb6031e3aca00435bc7899e4038c2f43f7",
33
+
"zh:8b8bffe1adeedf13a5c4af7b208b47ca5d4cac09ff51028962a3465e26830fef",
34
+
"zh:b99ddf3c8fb730e4a9e4ded4c5706bcca3b7b8d2f2ea458f01a4dda26c78fdd3",
35
+
"zh:d08174d23b2fe4a53b7f81f32ff0089e6ca76162a9de3c411deff7eb45d3d677",
36
+
"zh:d220cd9f2ea3426ab5e2c528700c15d8fbcd4254496a84945b38885c6e4b18d3",
37
+
"zh:de1e7f2ec372aaf717a26017e25f24bc22cbfc0e1691711484df26d828c6f8a0",
38
+
"zh:e1b7c0ccaea53904b999a0d3993e86b97766eaa3698040c0bbe14b453cefd91a",
39
+
"zh:e7eacd0e7a223fee0ac1fee5f032199219fde3cf0db43ad9d31b75a122f440ae",
37
40
]
38
41
}
39
42
···
41
44
version = "3.2.4"
42
45
hashes = [
43
46
"h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=",
44
-
"h1:jsKjBiLb+v3OIC3xuDiY4sR0r1OHUMSWPYKult9MhT0=",
45
47
"zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3",
46
48
"zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb",
47
49
"zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2",
+1
-6
infra/staging/nixos/terragrunt.hcl
+1
-6
infra/staging/nixos/terragrunt.hcl
···
7
7
source = "${find_in_parent_folders("_modules")}//nixos"
8
8
}
9
9
10
-
dependency "proxmox" {
11
-
config_path = "../proxmox/compute"
12
-
}
13
-
14
10
dependency "hetzner" {
15
-
config_path = "../hetzner/compute"
11
+
config_path = "../hetzner"
16
12
}
17
13
18
14
inputs = {
19
15
flake = "${find_in_parent_folders("_modules")}//nixos"
20
16
hosts = merge(
21
-
dependency.proxmox.outputs.hosts,
22
17
dependency.hetzner.outputs.hosts,
23
18
)
24
19
sops_file = find_in_parent_folders("secrets.yaml")
-44
infra/staging/proxmox/compute/.terraform.lock.hcl
-44
infra/staging/proxmox/compute/.terraform.lock.hcl
···
1
-
# This file is maintained automatically by "tofu init".
2
-
# Manual edits may be lost in future updates.
3
-
4
-
provider "registry.opentofu.org/bpg/proxmox" {
5
-
version = "0.57.1"
6
-
constraints = "~> 0.57.0"
7
-
hashes = [
8
-
"h1:Eymic2/G7vKM5DSiRvN8VFQ979oBpq1IxweEzWu3kvc=",
9
-
"h1:F6o5o32V+mE96gHUppHI0U+olrEtxtr23fwUigtQ/Wk=",
10
-
"zh:220c75d76e8779970d4e01effdb3073a24139f5065397dae1347710e80b69865",
11
-
"zh:271d71cb39225a4efd4b6e0cbb2cba50f89006a353db932969deed5db07cdd9b",
12
-
"zh:28c4f33a1b888f488f1a557d21a1383eb9f9bff77d6ed0643b393c02135436bd",
13
-
"zh:2c468cb678cdd44f896b531fc09f7a68b16dde298bfded89ee94b792233ddbf1",
14
-
"zh:3329ce5f7bd96233cf75a633f9b0927295083cc365a4324294dc8bfbcd4bb2a3",
15
-
"zh:5d5c99f763488c30fbab66b6c68adac1f9d41b8439a7201d826351353c452470",
16
-
"zh:6a67c621b0bd8c54037ea93273d78308f0a7d2c8b5316def4245c58686639818",
17
-
"zh:8d64bbc24008d507608e53d1e9d09705710a07ba5b5fe3b5c5cce51ddd0fa6ac",
18
-
"zh:99395ff6c92d49033ba5426c0f3a07c893354883e86d9000692907150a3c096c",
19
-
"zh:b03996ae36df1181af784ed57267f8761092400018d40ae2649fa8ec9cabef96",
20
-
"zh:be6eb719192e228905a556e59d2814da2d26e512c9b0b2f04b224a7e80d2a017",
21
-
"zh:c3c1f9c94ad381a1e1d022f1d02bc446ea47563eb6573c40471c6b0e6293c20c",
22
-
"zh:cad37192fb69db274fa053564502077cedc7c8679373a3a8c35da91ed8988a19",
23
-
"zh:eabc19a8e0d287bb1abbde3d331fc5ca27943dae24cca8d8812b66fd9c8ed4d3",
24
-
"zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
25
-
]
26
-
}
27
-
28
-
provider "registry.opentofu.org/hashicorp/time" {
29
-
version = "0.13.1"
30
-
hashes = [
31
-
"h1:3X1jTAlLJV6G9AylC+BgX7WrKFcZYHqA+Z4JwB+v7as=",
32
-
"h1:ueilLAoXlZPufdJYuPFeqznwP39ZwLsRcQtqow+NUiI=",
33
-
"zh:10f32af8b544a039f19abd546e345d056a55cb7bdd69d5bbd7322cbc86883848",
34
-
"zh:35dd5beb34a9f73de8d0fed332814c69acae69397c9c065ce63ccd8315442bef",
35
-
"zh:56545d1dd5f2e7262e0c0c124264974229ec9cc234d0d7a0e36e14b869590f4a",
36
-
"zh:8d7259c3f819fd3470ff933c904b6a549502a8351feb1b5c040a4560decaf7e0",
37
-
"zh:a40f26878826b142e26fe193f7e3e14fc97f615cd6af140e88ce5bc25f3fcf50",
38
-
"zh:b2e82f25fecff172a9a9e24ea37d37e4fc630ee9245617cb40b10e66a6b979c8",
39
-
"zh:d4b699850a40ed07ef83c6b827605d24050b2732646ee017bda278e4ddf01c91",
40
-
"zh:e4e6a5e5614b6a54557400aabb748ebd57e947cdbd21ad1c7602c51368a80559",
41
-
"zh:eb78fb97bca22931e730487a20a90f5a6221ddfb3138aaf070737ea2b7c9c885",
42
-
"zh:faba366a1352ee679bba2a5b09c073c6854721db94b191d49b620b60946a065f",
43
-
]
44
-
}
-20
infra/staging/proxmox/compute/terragrunt.hcl
-20
infra/staging/proxmox/compute/terragrunt.hcl
···
1
-
include "root" {
2
-
path = find_in_parent_folders("root.hcl")
3
-
expose = true
4
-
}
5
-
6
-
terraform {
7
-
source = "${find_in_parent_folders("_modules")}//proxmox-vm"
8
-
}
9
-
10
-
inputs = {
11
-
hosts = {
12
-
"kube-1" = { cpu = 4, memory = 12, disk = 128 }
13
-
"kube-2" = { cpu = 4, memory = 12, disk = 128 }
14
-
"kube-3" = { cpu = 4, memory = 12, disk = 128 }
15
-
}
16
-
17
-
tags = [
18
-
"staging"
19
-
]
20
-
}