yadunut/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

feat: update configs

Browse Source
This commit is contained in:
Yadunand Prem
2024-10-30 17:09:08 -04:00
parent c5e35d2407
commit 7ffc59bbaa
9 changed files with 133 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/configs/config-metallb.yaml
View File

@@ -6,7 +6,7 @@ metadata:
namespace: metallb-system
spec:
addresses:
- 10.0.1.0/24
- 10.222.1.0/24
avoidBuggyIPs: true
---
apiVersion: metallb.io/v1beta1

112
nixos/proxmox/zerotier.ts Normal file
View File

@@ -0,0 +1,112 @@
const BASE_URL = "http://localhost:9993";
const token = await Deno.readTextFile("/var/lib/zerotier-one/authtoken.secret");
async function main() {
const nodeId = (await get("/status")).address;
// check if networks exist
const networks = await getNetworks();
let networkId = "";
if (networks.length > 0) {
networkId = networks[0];
} else {
const network = await createNetwork(nodeId);
networkId = network.nwid;
}
console.log(
`Node should join the network ${networkId} Once joined, fill in the node address below`,
);
const nodeAddress = prompt("Node address")?.trim();
if (!nodeAddress) {
console.log("Node address is required");
return;
}
await authorizeNode(networkId, nodeAddress);
console.log("Node authorized");
}
async function getNetworks() {
const data = await get("/controller/network") as string[];
return data;
}
async function createNetwork(nodeId: string) {
const data = await post(`/controller/network/${nodeId}______`, {
name: "k3sNetwork",
"ipAssignmentPools": [{
"ipRangeStart": "10.222.0.0",
"ipRangeEnd": "10.222.0.254",
}],
"routes": [{ "target": "10.222.0.0/23", "via": null }],
"rules": [
{
"etherType": 2048,
"not": true,
"or": false,
"type": "MATCH_ETHERTYPE",
},
{
"etherType": 2054,
"not": true,
"or": false,
"type": "MATCH_ETHERTYPE",
},
{
"etherType": 34525,
"not": true,
"or": false,
"type": "MATCH_ETHERTYPE",
},
{ "type": "ACTION_DROP" },
{ "type": "ACTION_ACCEPT" },
],
"v4AssignMode": "zt",
"private": true,
}) as {
name: string;
nwid: string;
id: string;
};
// configure network routes
return data;
}
async function _getNetwork(id: string) {
const data = await get(`/controller/network/${id}`);
return data;
}
async function authorizeNode(networkId: string, nodeId: string) {
const data = await post(`/controller/network/${networkId}/member/${nodeId}`, {
authorized: true,
});
return data;
}
async function get(url: string) {
console.log(`getting ${url}`);
const res = await fetch(`${BASE_URL}${url}`, {
headers: {
"X-ZT1-AUTH": token,
},
});
const json = await res.json();
console.log(`Response: ${JSON.stringify(json)}`);
return json;
}
async function post(url: string, body?: unknown) {
console.log(`post: ${url}, body: ${JSON.stringify(body)}`);
const res = await fetch(`${BASE_URL}${url}`, {
method: "POST",
body: JSON.stringify(body),
headers: {
"X-ZT1-AUTH": token,
},
});
const json = res.json();
console.log(`Response: ${JSON.stringify(json)}`);
return json;
}
await main();

BIN
nixos/secrets/flux.age
View File

Binary file not shown.

20
nixos/secrets/k3s.age
View File

@@ -1,13 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 TEybzA WElD26CepschVmgze6GNQeZlgdOaySiNw06wktNTbFk
SIb18FmD/yGtC/Ky4R3NRIOm3VZQZm+3bYJ79kB4mbc
-> ssh-ed25519 wohlGw c02F2dRflBTCBw6sCZOICdkG/HG88cYMMQKue23tYn0
j4KW08uNVGIhUhXZpyPMUK05pOqTnI7SOYJYzxVWxPg
-> ssh-ed25519 OV7A4A IsGHN5oTMPfH8akGyK7uYnhc2UieOA2XsSsbISuG/lA
qt5P0EpwuZ+jrYauw8zKJqiWTPgXO5R0HMuf1V+asnY
-> ssh-ed25519 Gc/MTQ 1cL0ci2bDO2fiWrde8aF8qUfbiBgHuyMM0i7jph6AyU
LVXTNf2bOL1dHfk7DO7j2FsQ46RUF3uPq0NjQCCIJRk
-> ssh-ed25519 0ckKSg Z69TeUDHKXE1c75pn6WZRW+tMIkBaPCeyyR82F6qXi4
5tpLGKjPhpeGbK935ZnfN1G0z+OOioSB807HNHJfBvo
--- AroBvuyy4pwXSOySuKi9sVVVMUOzx7e2+Stx2NSWDK4
<EFBFBD>g<EFBFBD>\<1C><><EFBFBD><EFBFBD>A<EFBFBD><41>N~<7E><><EFBFBD>'XY<58>.?<3F><><EFBFBD><EFBFBD>p<EFBFBD>Y<><59>=|xO<>yKI<4B>C<EFBFBD><43>ì<EFBFBD>
-> ssh-ed25519 zrKLhg 9/gnI4CpuOgmTdzV8WCjIw0EbyvxXhgzxzoOaCyuYyo
a2BSn5SdJ2m8n7uV8fxVPgXVenno5p/NFhxh3rBVSps
-> ssh-ed25519 Gc/MTQ YUvXIDeHGbWzY4zMIr/CYjygnzICgFzGqAFqJq6/oBo
xNA+WzCNoO/FFfbuzgbcVR8iAGLfH1rVBPVcVlcWCME
-> ssh-ed25519 0ckKSg A9fln5d975BsASiit3UZ6xxy0LwOiIASSvYfEnFHDns
0ZD9aGK69MsbOYVvNqOzwH9F/1kPlGaxjTltBcibjcY
--- TZA2jaNy4LbBaabmkWpKhuVJ6Zhyz4U28OeTsfZ2ls0
<EFBFBD>!<21><><EFBFBD>ɑ<EFBFBD>-<2D><><EFBFBD>|\<5C><>⻠_<E2BBA0>k%<25>p<EFBFBD><70><EFBFBD>2<>Cr+_՟,+<2B>7`wl<77>$<24>

4
nixos/secrets/keys.nix
View File

@@ -1,7 +1,5 @@
{
yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG";
yadunut-mbp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlXV+TevruoYChk2XbqG5+yqEklRJvOx7YdTGFfXY/f yadunut@yadunut-mbp";
premhome-gc1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3I/bCyi6rBzgJkfCFa8T9F+y1eOuZDB7l2Ly67slX3 yadunut@premhome-gc1";
premhome-falcon-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6r2gtUjYtKFBN9CWQi/1/MEnahgxRECoCG9hg4d/lV yadunut@premhome-falcon-1";
premhome-eagle-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA+fmLaC+zuwYmDZHhykE7II8ShXeHgHEEL7MzJELcI yadunut@premhome-eagle-1";
premhome-gc1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCEuV81mMpBCGkVniZ9MFUPv7Wls3tQs2eZsXmWYtfo yadunut@premhome-gc1";
}

BIN
nixos/secrets/tailscale.age
View File

Binary file not shown.

20
nixos/secrets/zerotier-network.age
View File

@@ -1,13 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 TEybzA qz1zHPOGLrL9s11kpeypgRh2J6j2VnvAR8+o0YIr0VM
+HKwF2CITJTcB7Q68Bbx0kMIAbmHvwGvrGV9fWXFfrY
-> ssh-ed25519 wohlGw +2ptx4kTE1UTeIRUGuqsPA+5aHtBs87e9lBcOLWwmyI
q3oXhIm9adphSaYu7Y8nbvIEC26GUwK5GIwHKbhBdA4
-> ssh-ed25519 OV7A4A IW+DKEy7u8dlNzqh5op69ZeLn0SLC/l8+eyeln2OFSg
B7xv1DNVf1Z2qZ8Z3U/JPUZ6T+y+zyOtXnHCzBEeOPM
-> ssh-ed25519 Gc/MTQ AypTDuWOedCsvcF4dVkFWLWnazTfNGT7k6VQIfltwBI
6XXLmk+wZ3peUxdHcGyZ/mog6Mzkb8732TWO7EfyOOA
-> ssh-ed25519 0ckKSg bWks4r22jN6wEo/zTc3RTSezU23QxT2c8b1wyKeS5Bg
39x+2W12v0oYQjOImt+b+vDZnGM+N+PHQW8fZLP8yWg
--- CUnSAFmoVHiLi5A2uZyvwMC+OjOODZjUKkkYrcNQubU
<EFBFBD>֒|<7C><>V<02>[)#{<7B><>-<2D>] 6/S<>=<3D>Lyݱb<DDB1>o<EFBFBD><6F>@u<>|<7C><>ND<4E>`<60>#<23>J
-> ssh-ed25519 zrKLhg Vgi+pQP4WCb1rwNVoUBxF9ph1cdCPoH8dUmOll762DQ
1QQBVmUi5BpGY//pDdhm3A+zV0wTv/jr0ULup4zLwL4
-> ssh-ed25519 Gc/MTQ Gk+rz4VSk97N+y78fNxQhkPJhHi9/2PVf2OllmfjFgI
QyeGHBcptm8287xkixlXSPLX8mqfNV/Es5aVm9qwAL4
-> ssh-ed25519 0ckKSg 1o8JhWGQZvjEAGLCVE73jn5wpsv0RbPejYr0mQXszEc
ehOMfrTeWnrU5Mw0SqGj1droDLK9on1AO4MhmPEnEK8
--- iSiOddVkv0alfius/pcK9RMWrpZz3SvjZvQtIClrLvs
<EFBFBD><EFBFBD><EFBFBD>v<EFBFBD><EFBFBD>UWP<><50><EFBFBD><EFBFBD>0<EFBFBD>ѕ<1C>3<11>^M<><4D>u<EFBFBD>^4<><34><EFBFBD>3}<7D><>:J;<3B><>4

4
nixos/server/premhome-gc1/configuration.nix
View File

@@ -36,11 +36,9 @@
];
networking = {
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [22 80 443];
trustedInterfaces = ["zts23oi5io"];
};
};
@@ -58,7 +56,7 @@
role = "server";
tokenFile = config.age.secrets.k3s.path;
clusterInit = true;
extraFlags = ["--disable=servicelb" "--disable=traefik" "--node-ip ${meta.zt-ip}" "--flannel-iface zts23oi5io"];
extraFlags = ["--disable=servicelb" "--disable=traefik" "--node-ip ${meta.zt-ip}" "--flannel-iface ztxh6lvd6t" "--tls-san ${meta.zt-ip}"];
};
system.stateVersion = "24.11";

6
nixos/server/proxmox/configuration.nix
View File

@@ -38,21 +38,19 @@
];
networking = {
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [22];
trustedInterfaces = ["zts23oi5io"];
};
};
services.k3s = {
enable = true;
enable = false;
role = meta.role;
tokenFile = config.age.secrets.k3s.path;
clusterInit = false;
serverAddr = "https://${meta.server-addr}:6443";
extraFlags = ["--disable=servicelb" "--disable=traefik" "--node-ip ${meta.zt-ip}" "--flannel-iface zts23oi5io"];
extraFlags = ["--disable=servicelb" "--disable=traefik" "--node-ip ${meta.zt-ip}" "--flannel-iface ztxh6lvd6t" "--tls-san ${meta.zt-ip}"];
};
system.stateVersion = "24.11";