Use fork of nixpkgs to allow sops-managed k3s config
This commit is contained in:
parent
eff63a4415
commit
3f64793cea
24
flake.lock
24
flake.lock
|
@ -60,27 +60,27 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1675454231,
|
||||
"narHash": "sha256-5rgcWq1nFWlbR3NsLqY7i/7358uhkSeMQJ/LEHk3BWA=",
|
||||
"owner": "nixos",
|
||||
"lastModified": 1675634907,
|
||||
"narHash": "sha256-c8bc899hRk9AS39h9eerkfdLz2UkFLs0ezAI12dUR14=",
|
||||
"owner": "asonix",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "06999209d7a0043d4372e38f57cffae00223d592",
|
||||
"rev": "80ca273c4d540819dc82ec981c52e2539a16f1dd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"owner": "asonix",
|
||||
"ref": "asonix/nixos-unstable-pinned",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1675265860,
|
||||
"narHash": "sha256-PZNqc4ZnTRT34NsHJYbXn+Yhghh56l8HEXn39SMpGNc=",
|
||||
"lastModified": 1675556398,
|
||||
"narHash": "sha256-5Gf5KlmFXfIGVQb2hmiiE7FQHoLd4UtEhIolLQvNB/A=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a3a1400571e3b9ccc270c2e8d36194cf05aab6ce",
|
||||
"rev": "e32c33811815ca4a535a16faf1c83eeb4493145b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -106,11 +106,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1675288837,
|
||||
"narHash": "sha256-76s8TLENa4PzWDeuIpEF78gqeUrXi6rEJJaKEAaJsXw=",
|
||||
"lastModified": 1675566616,
|
||||
"narHash": "sha256-Wki1ffvQUIB044M9ltjOxpXJGsqnQiVQPvMpQ0RiEBE=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "a81ce6c961480b3b93498507074000c589bd9d60",
|
||||
"rev": "4d16c18787ba8ff80c1ff8db25c5ca56f68ceed3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
url = "git+https://git.asonix.dog/asonix/nixos-aarch64-images";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixpkgs.url = "github:asonix/nixpkgs/asonix/nixos-unstable-pinned";
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
server = { enable ? true }: { pkgs, ... }: {
|
||||
server = { enable ? true }: { config, pkgs, ... }: {
|
||||
networking.firewall.enable = false;
|
||||
|
||||
boot.kernelModules = [ "ceph" ];
|
||||
|
@ -9,8 +9,14 @@
|
|||
(writeShellScriptBin "kubectl" (builtins.readFile ./kubectl))
|
||||
];
|
||||
|
||||
sops.secrets.k3s_env = {
|
||||
format = "binary";
|
||||
sopsFile = ../../secrets/k3s_env.bin;
|
||||
};
|
||||
|
||||
services.k3s = {
|
||||
inherit enable;
|
||||
environmentFile = config.sops.secrets.k3s_env.path;
|
||||
extraFlags = "--disable traefik --disable servicelb";
|
||||
role = "server";
|
||||
};
|
||||
|
|
24
secrets/k3s_env.bin
Normal file
24
secrets/k3s_env.bin
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:fz/2OyrlzXP83EiBAzbZdwUdf1XdGojLgtJd1H2jBe+gotWF1Lp85yKRK+bnJaI53BJvEgUVi7+9RG/XAups0SGhMdS61/kF7QSrd77Rbm9MAvuUVtChWpQ058Z/Q/kksKXJMzMdGlC/KrBebKUAamiyV+ynoVVv6EllcHHHmTW6+Wrgs2sv1TayKGPE2g==,iv:RtkXTI0WP2Ri5bvclVP1i1JzeVOUM2wZ9IL+TJke3a0=,tag:m2R1ZZSWoFyZ3k5awIGSuA==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age17yhtwnhqjssghc5qqamt0fqdu27zpqms8d8ghrc0txeevywfp3ssklfy57",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTis3eDJ6OGZQK2FWZXZ0\nRHJNVHlULzBpM0RMbDJIYW5LSnp1R3d2SlJFCnR1Zm1ic05mUEtRTU5JeGtLYWhZ\nazBkQkVqQllydUJ3Unkwb2RTc3RpYW8KLS0tIEx6bzVOc2x1YTdXeEY1YUNOUWMv\nYkE1SGpwTU9LMHdYVmNDTldnVWQzcEUKkWETPro3eCiImwuODJgUu17rDAORf0MT\n43HgNAm/6FtNlj8kPZBHCt4K+7kySO4roL/5zDH9fGGfeTIiA0VJaQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age145uwrexj6ffaaxy7jg3j29gtchhwy0y0nttw06zeuxkqsy8rnpds7fh7xq",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBN2RlVXh0cHN0RjVtcHds\nTWxleGZpZHk0Sjl3L3NLSHA0NW1za3dLQlRVCjRCdXJiTjBJb1RoRlZqbUsrUWZE\neXgwRzg4clAyRUxWK1pPU3Z3Znpkb0UKLS0tIHd1Zy9yLysyWnJpNXg3a1FQYURN\nT1FnWXF0QmdGN0NvVm0yM2gzNHRCdm8K993lhwndBDaFKlpCOi5WSdIsTMvhoi83\n5eyiQYjhfILeJWIIzDHOMHcNqE6plei+bhFRY23dZft8IxQWcAQfOg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2023-02-05T22:37:54Z",
|
||||
"mac": "ENC[AES256_GCM,data:e2Sa0nox0yi69ARjy+zB50g9xa5lISLCw3YgAmou1YonK1GMG6IqyB0NiAEhxH158snVuXrp7wJU8cFRDTZ2RxPgIpEkb7dTFSDDvC/ZzkG7nK7DdIDLcMc7GNLOjCRqVwzssWLDoxJs0coZf5m9rUjX9DgKgAZ46H6ZhsLbYQY=,iv:WB4agP0mddVy+gLNdnz8jLtCpf/ETUsIXz3eEwjY09U=,tag:hurc9s8aXEQVLqEzlkPdFg==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue