khuedoan.com / cloudlab
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix(infra): separate k3s ARM NixOS profile for Hetzner VM

Khue Doan 945c74a4 c3f52799

+30 -20
+4 -4
infra/_modules/bootstrap/vault.tf
··· 134 134 roles = [ 135 135 { 136 136 # TODO optimize this 137 - name = "default" 138 - bound_service_account_names = ["default"] 137 + name = "default" 138 + bound_service_account_names = ["default"] 139 139 bound_service_account_namespaces = ["default"] 140 - policies = ["allow_secrets"] 141 - ttl = "1h" 140 + policies = ["allow_secrets"] 141 + ttl = "1h" 142 142 } 143 143 ] 144 144 }
+3 -3
infra/_modules/hetzner-nixos/main.tf
··· 23 23 module "nixos" { 24 24 for_each = hcloud_server.nodes 25 25 26 - source = "github.com/nix-community/nixos-anywhere//terraform/all-in-one" 26 + source = "git::https://github.com/nix-community/nixos-anywhere//terraform/all-in-one?ref=main" 27 27 nixos_system_attr = "${var.nixos.flake}#nixosConfigurations.${var.nixos.host}.config.system.build.toplevel" 28 28 nixos_partitioner_attr = "${var.nixos.flake}#nixosConfigurations.${var.nixos.host}.config.system.build.diskoScript" 29 - target_host = each.value.ipv6_address 29 + target_host = each.value.ipv4_address # TODO switch to IPv6, see https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud 30 30 instance_id = each.value.name 31 - build_on_remote = true 31 + 32 32 # extra_files_script = "${path.module}/decrypt-ssh-secrets.sh" 33 33 # disk_encryption_key_scripts = [{ 34 34 # path = "/tmp/secret.key"
+1 -1
infra/_modules/hetzner-nixos/variables.tf
··· 7 7 variable "nixos" { 8 8 type = object({ 9 9 flake = string 10 - host = string 10 + host = string 11 11 }) 12 12 }
+1 -1
infra/_modules/nixos/configuration.nix
··· 63 63 }; 64 64 }; 65 65 66 - system.stateVersion = "24.11"; 66 + system.stateVersion = "25.05"; 67 67 }
+4 -4
infra/_modules/nixos/flake.lock
··· 22 22 }, 23 23 "nixpkgs": { 24 24 "locked": { 25 - "lastModified": 1737672001, 26 - "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", 25 + "lastModified": 1755922037, 26 + "narHash": "sha256-wY1+2JPH0ZZC4BQefoZw/k+3+DowFyfOxv17CN/idKs=", 27 27 "owner": "NixOS", 28 28 "repo": "nixpkgs", 29 - "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", 29 + "rev": "b1b3291469652d5a2edb0becc4ef0246fff97a7c", 30 30 "type": "github" 31 31 }, 32 32 "original": { 33 33 "id": "nixpkgs", 34 - "ref": "nixos-24.11", 34 + "ref": "nixos-25.05", 35 35 "type": "indirect" 36 36 } 37 37 },
+10 -1
infra/_modules/nixos/flake.nix
··· 1 1 { 2 2 inputs = { 3 - nixpkgs.url = "nixpkgs/nixos-24.11"; 3 + nixpkgs.url = "nixpkgs/nixos-25.05"; 4 4 disko = { 5 5 url = "github:nix-community/disko"; 6 6 inputs.nixpkgs.follows = "nixpkgs"; ··· 27 27 }; 28 28 k3s = nixpkgs.lib.nixosSystem { 29 29 system = "x86_64-linux"; 30 + modules = [ 31 + disko.nixosModules.disko 32 + ./configuration.nix 33 + ./disks.nix 34 + ./profiles/k3s.nix 35 + ]; 36 + }; 37 + k3s-arm = nixpkgs.lib.nixosSystem { 38 + system = "aarch64-linux"; 30 39 modules = [ 31 40 disko.nixosModules.disko 32 41 ./configuration.nix
+1 -2
infra/_modules/proxmox-nixos/main.tf
··· 59 59 } 60 60 61 61 module "main" { 62 - source = "github.com/nix-community/nixos-anywhere//terraform/all-in-one?ref=1.11.0" 62 + source = "git::https://github.com/nix-community/nixos-anywhere//terraform/all-in-one?ref=main" 63 63 nixos_system_attr = "${var.nixos.flake}#nixosConfigurations.${var.nixos.host}.config.system.build.toplevel" 64 64 nixos_partitioner_attr = "${var.nixos.flake}#nixosConfigurations.${var.nixos.host}.config.system.build.diskoScript" 65 65 target_host = proxmox_virtual_environment_vm.main.ipv6_addresses[1][0] 66 66 instance_id = proxmox_virtual_environment_vm.main.id 67 - build_on_remote = true 68 67 69 68 depends_on = [time_sleep.wait_for_ip] 70 69 }
+6 -4
infra/production/hetzner/compute/terragrunt.hcl
··· 1 + include "root" { 2 + path = find_in_parent_folders("root.hcl") 3 + expose = true 4 + } 5 + 1 6 terraform { 2 7 source = "${find_in_parent_folders("_modules")}//hetzner-nixos" 3 8 } 4 - 5 - # TODO temp skip 6 - skip = true 7 9 8 10 inputs = { 9 11 nodes = { ··· 19 21 } 20 22 nixos = { 21 23 flake = "${find_in_parent_folders("_modules")}/nixos" 22 - host = "k3s" 24 + host = "k3s-arm" 23 25 } 24 26 }