diff --git a/0-hardware/servernames.md b/0-hardware/servernames.md
index c87515d..5f236ff 100644
--- a/0-hardware/servernames.md
+++ b/0-hardware/servernames.md
@@ -1,33 +1,40 @@
# Server Names
+
From https://namingschemes.com/Hitchhikers_Guide_Planets.
Was [google sheet](https://docs.google.com/spreadsheets/d/1aLb14nme9gprYzWOEo5IadG1vKEtf8VQk0tkCBGz9KA/edit#gid=0).
-
-| Name | Hostname | Use |
-| ---------------------- | ----------------------- | ------------------------------------------------------------- |
-| Antares | antares-win | Win11 PC |
-| Barteldan | barteldan-linux | Fedora Linux PC |
-| Betelgeuse Seven | betelgeuse-seven-unraid | Unraid Storage Host |
-| Bethselamin | | |
-| Damogran | | |
-| Eadrax | | |
-| Earth | | Home Assistant Server? |
-| Eroticon 6 | | |
-| Frogstar A & B | | |
-| Golgafrincham | | |
-| Han Wavel | | |
-| Jaglan Beta | | Compute Cluster Hosts |
-| - Moon 1 | jaglan-beta-m01 | NUC Cluster Host
(Intel \| N5105 [4/4], 16GB ram, 1TB SSD) |
-| - Moon 42 (Test moon) | jaglan-beta-m42 | Test server (VM) |
-| Krikkit | | |
-| Lamuella | | |
-| Magrathea | | |
-| Maximegalon | | |
-| Oglarun | | |
-| Rupert (Persephone) | | |
-| Saqua Pilia Hensha | | |
-| Ursa Minor Beta | | |
-| Viltvodl VI | | |
-| Vogosphere | | |
-| Ysolldins | | |
-| | | |
\ No newline at end of file
+| Name | Hostname | Use |
+| --------------------- | ----------------------- | ----------------------------------------------------------------------- |
+| Antares | antares-win | Win11 PC |
+| Barteldan | barteldan-linux | Fedora Linux PC |
+| Betelgeuse Seven | betelgeuse-seven-unraid | Unraid Storage Host |
+| Bethselamin | | |
+| Damogran | | |
+| Eadrax | | |
+| Earth | | Home Assistant Server? |
+| Eroticon 6 | | |
+| Frogstar A & B | | |
+| Golgafrincham | | |
+| Han Wavel | | |
+| Jaglan Beta | | Compute Cluster Hosts |
+| - Moon 1 | jaglan-beta-m01 | NUC Cluster Host
(Intel \| N5105 [4/4], 16GB, 1TB SSD) |
+| - Moon 2 | jaglan-beta-m02 | LattePanda IOTA Cluster Host
(Intel \| N150 [4/4], 16GB, 129GB eMMC) |
+| - Moon 3 | jaglan-beta-m03 | LattePanda IOTA Cluster Host
(Intel \| N150 [4/4], 16GB, 129GB eMMC) |
+| - Moon 4 | jaglan-beta-m04 | LattePanda IOTA Cluster Host
(Intel \| N150 [4/4], 16GB, 129GB eMMC) |
+| - Moon 5 | jaglan-beta-m05 | LattePanda IOTA Cluster Host
(Intel \| N150 [4/4], 16GB, 129GB eMMC) |
+| - Moon 20 | jaglan-beta-m20 | VM on unraid |
+| - Moon 21 | jaglan-beta-m21 | VM on unraid |
+| - Moon 22 | jaglan-beta-m22 | VM on unraid |
+| - Moon 42 (Test moon) | jaglan-beta-m42 | Test server (VM) |
+| Krikkit | | |
+| Lamuella | | |
+| Magrathea | | |
+| Maximegalon | | |
+| Oglarun | | |
+| Rupert (Persephone) | | |
+| Saqua Pilia Hensha | | |
+| Ursa Minor Beta | | |
+| Viltvodl VI | | |
+| Vogosphere | | |
+| Ysolldins | | |
+| | | |
diff --git a/1-nixos-node/0-install-nixos.md b/1-nixos-node/0-install-nixos.md
index c792e70..f5703fa 100644
--- a/1-nixos-node/0-install-nixos.md
+++ b/1-nixos-node/0-install-nixos.md
@@ -1,19 +1,42 @@
-Follow steps at https://nixos.org/manual/nixos/stable/#sec-installation-manual-summary
+Determine the correct device to install to
-Note: run `lsblk` to determine correct device to install to.
-
-Set the hostname when editing `/mnt/etc/nixos/configuration.nix` before the installation:
-`networking.hostName = "jaglan-beta-mNN";`
-
-Once `nixos-install` is complete and the root password is set and saved edit the `(/mnt)/etc/nixos/configuration.nix` again to enable ssh and run `nixos-rebuild switch`
-
-```
-services.openssh.enable = true;
-services.openssh.settings.PermitRootLogin = "yes";
+```sh
+lsblk
```
-Upgrade the OS
-`nix-channel --list`
-`nix-channel --add https://channels.nixos.org/nixos-25.05 nixos`
-`nix-channel --list`
-`nixos-rebuild switch --upgrade`
+Steps based on https://nixos.org/manual/nixos/stable/#sec-installation-manual-summary for UEFI
+
+```sh
+parted /dev/mmcblk0 -- mklabel gpt
+parted /dev/mmcblk0 -- mkpart root ext4 512MB -8GB
+parted /dev/mmcblk0 -- mkpart swap linux-swap -8GB 100%
+parted /dev/mmcblk0 -- mkpart ESP fat32 1MB 512MB
+parted /dev/mmcblk0 -- set 3 esp on
+
+mkfs.ext4 -L nixos /dev/mmcblk0p1
+mkswap -L swap /dev/mmcblk0p2
+swapon /dev/mmcblk0p2
+mkfs.fat -F 32 -n boot /dev/mmcblk0p3
+mount /dev/disk/by-label/nixos /mnt
+mkdir -p /mnt/boot
+mount -o umask=077 /dev/disk/by-label/boot /mnt/boot
+nixos-generate-config --root /mnt
+nano /mnt/etc/nixos/configuration.nix
+# Set hostname networking.hostName = "jaglan-beta-mNN";
+nixos-install
+# Set the root password
+nano /mnt/etc/nixos/configuration.nix
+# Enable ssh access
+# services.openssh.enable = true;
+# services.openssh.settings.PermitRootLogin = "yes";
+reboot
+```
+
+If starting from older nixos, upgrade the OS
+
+```sh
+nix-channel --list
+nix-channel --add https://channels.nixos.org/nixos-25.05 nixos
+nix-channel --list
+nixos-rebuild switch --upgrade
+```
diff --git a/1-nixos-node/configuration.nix b/1-nixos-node/configuration.nix
index e184679..c7d2963 100644
--- a/1-nixos-node/configuration.nix
+++ b/1-nixos-node/configuration.nix
@@ -46,6 +46,9 @@
};
client = {
enabled = true;
+%{if cpu_total_compute != null ~}
+ cpu_total_compute = ${cpu_total_compute};
+%{endif ~}
host_volume = {
%{ for volume in host_volumes ~}
${volume} = {
diff --git a/1-nixos-node/node.tf b/1-nixos-node/node.tf
index ff0dbed..2901ce9 100644
--- a/1-nixos-node/node.tf
+++ b/1-nixos-node/node.tf
@@ -16,21 +16,23 @@ provider "template" {}
variable "nodes" {
description = "Map of nodes with host, password, bind interface, and host volumes"
type = map(object({
- host = string
- password = string
- bind_interface = string
- bootstrap = optional(bool, false) # Optional field for bootstrap nodes
- host_volumes = list(string)
+ host = string
+ password = string
+ bind_interface = string
+ bootstrap = optional(bool, false) # Optional field for bootstrap nodes
+ cpu_total_compute = optional(number, null) # Optional field for CPU total compute
+ host_volumes = list(string)
}))
}
locals {
config_files = { for k, v in var.nodes :
k => templatefile("${path.module}/configuration.nix", {
- hostname = v.host
- bind_interface = v.bind_interface
- bootstrap = v.bootstrap
- host_volumes = v.host_volumes
+ hostname = v.host
+ bind_interface = v.bind_interface
+ bootstrap = v.bootstrap
+ cpu_total_compute = v.cpu_total_compute
+ host_volumes = v.host_volumes
})
}
}
diff --git a/1-nixos-node/terraform.tfstate b/1-nixos-node/terraform.tfstate
index 83a2642..9acd2ab 100644
--- a/1-nixos-node/terraform.tfstate
+++ b/1-nixos-node/terraform.tfstate
@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.13.0",
- "serial": 278,
+ "serial": 292,
"lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
"outputs": {},
"resources": [
@@ -11,13 +11,25 @@
"name": "deploy_nixos",
"provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
"instances": [
+ {
+ "index_key": "jaglan-beta-m02",
+ "schema_version": 0,
+ "attributes": {
+ "id": "3524369886551085918",
+ "triggers": {
+ "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m02\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n };\n client = {\n enabled = true;\n cpu_total_compute = 7200;\n host_volume = {\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"enp1s0\";\n interface.advertise = \"enp1s0\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+ }
+ },
+ "sensitive_attributes": [],
+ "identity_schema_version": 0
+ },
{
"index_key": "jaglan-beta-m20",
"schema_version": 0,
"attributes": {
- "id": "1521310958736582307",
+ "id": "5322153075189025733",
"triggers": {
- "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m20\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n host_volume = {\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n bootstrap_expect = 1;\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+ "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m20\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n cpu_total_compute = 10000;\n host_volume = {\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n bootstrap_expect = 1;\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
}
},
"sensitive_attributes": [],
@@ -27,9 +39,9 @@
"index_key": "jaglan-beta-m21",
"schema_version": 0,
"attributes": {
- "id": "8863603003911062019",
+ "id": "5140276628215625536",
"triggers": {
- "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m21\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n };\n client = {\n enabled = true;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n postgres = {\n path = \"/opt/postgres\";\n read_only = false;\n };\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for traefik to store its data\n \"d /opt/traefik 0755 root root -\"\n # Create a directory for postgres to store its data\n \"d /opt/postgres 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+ "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m21\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n };\n client = {\n enabled = true;\n cpu_total_compute = 10000;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n postgres = {\n path = \"/opt/postgres\";\n read_only = false;\n };\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for traefik to store its data\n \"d /opt/traefik 0755 root root -\"\n # Create a directory for postgres to store its data\n \"d /opt/postgres 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
}
},
"sensitive_attributes": [],
@@ -39,9 +51,9 @@
"index_key": "jaglan-beta-m22",
"schema_version": 0,
"attributes": {
- "id": "6319172431738426418",
+ "id": "1381056892788237526",
"triggers": {
- "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m22\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n };\n client = {\n enabled = true;\n host_volume = {\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+ "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m22\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n };\n client = {\n enabled = true;\n cpu_total_compute = 10000;\n host_volume = {\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
}
},
"sensitive_attributes": [],
diff --git a/1-nixos-node/terraform.tfstate.backup b/1-nixos-node/terraform.tfstate.backup
index 61709c5..d15a944 100644
--- a/1-nixos-node/terraform.tfstate.backup
+++ b/1-nixos-node/terraform.tfstate.backup
@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.13.0",
- "serial": 275,
+ "serial": 289,
"lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
"outputs": {},
"resources": [
@@ -11,13 +11,25 @@
"name": "deploy_nixos",
"provider": "provider[\"registry.terraform.io/hashicorp/null\"]",
"instances": [
+ {
+ "index_key": "jaglan-beta-m02",
+ "schema_version": 0,
+ "attributes": {
+ "id": "3524369886551085918",
+ "triggers": {
+ "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m02\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n };\n client = {\n enabled = true;\n cpu_total_compute = 7200;\n host_volume = {\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"enp1s0\";\n interface.advertise = \"enp1s0\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+ }
+ },
+ "sensitive_attributes": [],
+ "identity_schema_version": 0
+ },
{
"index_key": "jaglan-beta-m20",
"schema_version": 0,
"attributes": {
- "id": "1521310958736582307",
+ "id": "5322153075189025733",
"triggers": {
- "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m20\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n host_volume = {\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n bootstrap_expect = 1;\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+ "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m20\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n cpu_total_compute = 10000;\n host_volume = {\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n bootstrap_expect = 1;\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
}
},
"sensitive_attributes": [],
@@ -27,9 +39,9 @@
"index_key": "jaglan-beta-m21",
"schema_version": 0,
"attributes": {
- "id": "8793571600250298680",
+ "id": "5140276628215625536",
"triggers": {
- "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m21\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n };\n client = {\n enabled = true;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for traefik to store its data\n \"d /opt/traefik 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
+ "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m21\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n };\n client = {\n enabled = true;\n cpu_total_compute = 10000;\n host_volume = {\n traefik = {\n path = \"/opt/traefik\";\n read_only = false;\n };\n postgres = {\n path = \"/opt/postgres\";\n read_only = false;\n };\n };\n cni_path = \"${pkgs.cni-plugins}/bin\";\n };\n plugin.docker.config.allow_privileged = true;\n };\n extraPackages = with pkgs; [\n cni-plugins\n consul\n ];\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"ens2\";\n interface.advertise = \"ens2\";\n extraConfig = {\n client_addr = \"{{ GetPrivateInterfaces | exclude \\\"type\\\" \\\"ipv6\\\" | join \\\"address\\\" \\\" \\\" }} {{ GetAllInterfaces | include \\\"flags\\\" \\\"loopback\\\" | join \\\"address\\\" \\\" \\\" }}\";\n server = true;\n retry_join = [\n \"jaglan-beta-m01\"\n \"jaglan-beta-m20\"\n \"jaglan-beta-m21\"\n \"jaglan-beta-m22\"\n ];\n datacenter = \"jaglan-beta\";\n connect.enabled = true;\n ports.grpc = 8502;\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n systemd.tmpfiles.rules = [\n # Fix issue where nomad needs alloc_mounts to be writable\n \"d /var/lib/alloc_mounts 0755 root root -\"\n # Create a directory for traefik to store its data\n \"d /opt/traefik 0755 root root -\"\n # Create a directory for postgres to store its data\n \"d /opt/postgres 0755 root root -\"\n ];\n\n # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.\n networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];\n networking.firewall.allowedUDPPorts = [ 8301 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n \n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
}
},
"sensitive_attributes": [],