diff --git a/Makefile b/Makefile index 5a6435ab..75d72d06 100644 --- a/Makefile +++ b/Makefile @@ -1,16 +1,33 @@ SHELL:=/usr/bin/env bash MAKEFLAGS += --no-builtin-rules --no-builtin-variables -# Consider adding a valid email in an environment variable +# Consider adding a valid email in an environment variable TF_VAR_cert_manager_email # of your shell profile -CERT_MANAGER_EMAIL?=test@k3s.test +TF_VAR_cert_manager_email?=test@k3s.test + +UNAME_S := $(shell uname -s) + +BUILDER_EXEC:= +ADD_CERT_CMD:=cp /tmp/pebble-ca.pem /etc/ssl/certs/pebble-ca.pem +ifeq ($(UNAME_S),Darwin) + # set variable for Darwin + BUILDER_EXEC:=nix develop .\#builder --extra-experimental-features flakes --extra-experimental-features nix-command --command + ADD_CERT_CMD:=sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/pebble-ca.pem +endif + +start: + @$(BUILDER_EXEC) echo 'Started required daemons' init: @echo "Initializing" @terraform -chdir=libvirt init -upgrade @terraform init -upgrade -vm: +build: + @echo "Building VM" + @$(BUILDER_EXEC) nix build .#nixosConfigurations.aarch64-darwin.default --system aarch64-linux + +vm: start @echo "Creating VM" @terraform -chdir=libvirt apply -auto-approve @ssh zizou@localhost -p 2222 'sudo cat /etc/rancher/k3s/k3s.yaml' > ~/.kube/config @@ -31,4 +48,4 @@ infra-destroy: trust-ca: @curl -k https://localhost:15000/intermediates/0 > /tmp/pebble-ca.pem - @sudo security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /tmp/pebble-ca.pem + @$(ADD_CERT_CMD) diff --git a/docs/images/archi.mdj b/docs/images/archi.mdj index d6dc8ab5..56be1e61 100644 --- a/docs/images/archi.mdj +++ b/docs/images/archi.mdj @@ -242,7 +242,7 @@ "top": 625, "width": 60.68359375, "height": 13, - "text": "ory hydra" + "text": "Dex" }, { "_type": "LabelView", @@ -4010,8 +4010,7 @@ }, "visible": false, "font": "Arial;13;0", - "left": -48, - "top": 32, + "top": -16, "height": 13 }, { @@ -4021,8 +4020,8 @@ "$ref": "AAAAAAGHR0G4b/iwwNA=" }, "font": "Arial;13;1", - "left": 765, - "top": 737, + "left": 789, + "top": 713, "width": 51.314453125, "height": 13, "text": "tailscale" @@ -4035,8 +4034,7 @@ }, "visible": false, "font": "Arial;13;0", - "left": -48, - "top": 32, + "top": -16, "width": 73.67724609375, "height": 13, "text": "(from Model)" @@ -4049,15 +4047,14 @@ }, "visible": false, "font": "Arial;13;0", - "left": -48, - "top": 32, + "top": -16, "height": 13, "horizontalAlignment": 1 } ], "font": "Arial;13;0", - "left": 760, - "top": 730, + "left": 784, + "top": 706, "width": 61.314453125, "height": 25, "stereotypeLabel": { @@ -4084,8 +4081,7 @@ }, "visible": false, "font": "Arial;13;0", - "left": -24, - "top": 16, + "top": -8, "width": 10, "height": 10 }, @@ -4100,8 +4096,7 @@ }, "visible": false, "font": "Arial;13;0", - "left": -24, - "top": 16, + "top": -8, "width": 10, "height": 10 }, @@ -4116,8 +4111,7 @@ }, "visible": false, "font": "Arial;13;0", - "left": -24, - "top": 16, + "top": -8, "width": 10, "height": 10 }, @@ -4132,16 +4126,15 @@ }, "visible": false, "font": "Arial;13;0", - "left": -24, - "top": 16, + "top": -8, "width": 10, "height": 10 } ], "font": "Arial;13;0", "containerChangeable": true, - "left": 760, - "top": 720, + "left": 784, + "top": 696, "width": 71.314453125, "height": 45, "nameCompartment": { @@ -4981,8 +4974,8 @@ }, "visible": false, "font": "Arial;13;0", - "left": 820, - "top": 775, + "left": 832, + "top": 767, "height": 13, "alpha": 1.5707963267948966, "distance": 15, @@ -5002,8 +4995,8 @@ }, "visible": null, "font": "Arial;13;0", - "left": 834, - "top": 771, + "left": 847, + "top": 767, "height": 13, "alpha": 1.5707963267948966, "distance": 30, @@ -5023,8 +5016,8 @@ }, "visible": false, "font": "Arial;13;0", - "left": 791, - "top": 784, + "left": 803, + "top": 768, "height": 13, "alpha": -1.5707963267948966, "distance": 15, @@ -5044,8 +5037,8 @@ }, "visible": false, "font": "Arial;13;0", - "left": 822, - "top": 780, + "left": 833, + "top": 761, "height": 13, "alpha": 0.5235987755982988, "distance": 30, @@ -5065,8 +5058,8 @@ }, "visible": false, "font": "Arial;13;0", - "left": 835, - "top": 779, + "left": 846, + "top": 763, "height": 13, "alpha": 0.7853981633974483, "distance": 40, @@ -5086,8 +5079,8 @@ }, "visible": false, "font": "Arial;13;0", - "left": 794, - "top": 783, + "left": 806, + "top": 756, "height": 13, "alpha": -0.5235987755982988, "distance": 25, @@ -5107,8 +5100,8 @@ }, "visible": false, "font": "Arial;13;0", - "left": 819, - "top": 772, + "left": 833, + "top": 775, "height": 13, "alpha": -0.5235987755982988, "distance": 30, @@ -5127,8 +5120,8 @@ }, "visible": false, "font": "Arial;13;0", - "left": 832, - "top": 766, + "left": 846, + "top": 773, "height": 13, "alpha": -0.7853981633974483, "distance": 40, @@ -5147,8 +5140,8 @@ }, "visible": false, "font": "Arial;13;0", - "left": 794, - "top": 783, + "left": 805, + "top": 779, "height": 13, "alpha": 0.5235987755982988, "distance": 25, @@ -5195,7 +5188,7 @@ "$ref": "AAAAAAGHR0G4b/ivmr0=" }, "lineStyle": 1, - "points": "801:765;812:807", + "points": "819:741;818:807", "showVisibility": true, "nameLabel": { "$ref": "AAAAAAGHR0wlnOrQ03k=" @@ -6173,7 +6166,7 @@ "_parent": { "$ref": "AAAAAAFF+qBWK6M3Z8Y=" }, - "name": "ory hydra", + "name": "Dex", "ownedElements": [ { "_type": "UMLCommunicationPath", diff --git a/flake.nix b/flake.nix index a36c2b0e..90363040 100644 --- a/flake.nix +++ b/flake.nix @@ -117,10 +117,6 @@ linux = builtins.replaceStrings ["darwin"] ["linux"] system; legacyPackages = import inputs.nixpkgs-srvos (nixpkgsDefaults // { inherit system; }); stableLegacyPackages = import inputs.nixpkgs-stable (nixpkgsDefaults // { inherit system; }); - # letsEncrypt = import ./nixos/letsencrypt.nix { - # pkgs = stableLegacyPackages; - # config = import ./nixos/k3s-paas.nix; - # }; in { # Re-export `nixpkgs-stable` with overlays. # This is handy in combination with setting `nix.registry.my.flake = inputs.self`. @@ -135,9 +131,6 @@ system = linux; modules = attrValues self.nixosModules; format = "qcow"; - # specialArgs = { - # inherit letsEncrypt; - # }; }; contabo = self.nixosConfigurations.${system}.qcow.override { diff --git a/k8s/waypoint/main.tf b/k8s/waypoint/main.tf index 8ddc8c17..2a4bba2a 100644 --- a/k8s/waypoint/main.tf +++ b/k8s/waypoint/main.tf @@ -37,7 +37,6 @@ resource "kubernetes_manifest" "cert" { } } -# Install the Helm chart resource "helm_release" "waypoint" { name = "waypoint" repository = "https://helm.releases.hashicorp.com" diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 19e03e63..a592439e 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -8,8 +8,7 @@ let dex_hostname = "${config.k3s-paas.dex.http_scheme}://dex.${config.k3s-paas.dns.name}"; k3sTokenFile = pkgs.writeText "token" config.k3s-paas.k3s.token; certManagerYaml = pkgs.writeText "cert-manager" (builtins.readFile ./cert-manager.yaml); - letsEncryptCa = with config.k3s-paas.letsencrypt; (if crt != "" then - [pkgs.writeText "ca" (builtins.readFile crt)] else []); + letsEncryptCa = with config.k3s-paas.letsencrypt; if crt != "" then [crt] else []; in { imports = [ ./k3s-paas.nix ]; @@ -152,7 +151,7 @@ in { wait-online.anyInterface = true; networks = { "10-dhcp" = { - matchConfig.Name = "enp*"; + matchConfig.Name = "eth*"; networkConfig = { DHCP = "ipv4"; IPv6AcceptRA = true; diff --git a/nixos/darwin.nix b/nixos/darwin.nix index e61b8840..801f4b18 100644 --- a/nixos/darwin.nix +++ b/nixos/darwin.nix @@ -24,7 +24,7 @@ KeepAlive = true; RunAtLoad = true; ProgramArguments = [ - "${pkgs.libvirt}/bin/libvirtd" "-f" "/etc/libvirt/libvirtd.conf" + "${pkgs.libvirt}/bin/libvirtd" "-f" "/etc/libvirt/libvirtd.conf" "-v" ]; StandardOutPath = "/var/log/libvirt.log"; StandardErrorPath = "/var/log/libvirt-error.log"; @@ -78,8 +78,7 @@ externalAccountBindingRequired = false; }; }; - - environment.etc.${config.k3s-paas.dns.name}.text = "nameserver ${config.k3s-paas.dns.dest-ip}"; + environment.etc."resolver/${config.k3s-paas.dns.name}".text = "nameserver ${config.k3s-paas.dns.dest-ip}"; nix.settings = { trusted-users = [ "staff" "admin" "nixbld"]; keep-derivations = true; diff --git a/nixos/k3s-paas.nix b/nixos/k3s-paas.nix index 5d93d1e5..769e208a 100644 --- a/nixos/k3s-paas.nix +++ b/nixos/k3s-paas.nix @@ -4,8 +4,8 @@ options.k3s-paas = { letsencrypt.crt = lib.mkOption { - default = "./certs/local.pem"; - type = lib.types.str; + default = ./certs/local.pem; + type = lib.types.path; description = "Lets encrypt root ca"; };