Machine options

User to connect to the upstream machine and patch the kubeconfig secret of the downstream cluster

Declared in modules/fleet/default.nix.

Enable fleet.

By default, fleet is enabled if kubernetes is enabled.

Declared in modules/fleet/default.nix.

Namespace where fleet will run

Declared in modules/fleet/default.nix.

Fleet Helm chart version

Declared in modules/fleet/default.nix.

Labels to add to the cluster

Declared in modules/fleet/default.nix.

Namespace where the clusters are defined.

Declared in modules/fleet/upstream.nix.

Enable the upstream mode for the fleet

Declared in modules/fleet/upstream.nix.

Template values of the cluster

Declared in modules/fleet/default.nix.

Enable services related to better filesystem management, for instance fstrim and udisks2.

Declared in modules/fs/default.nix.

Set of local git repositories to be committed locally on each activation.

Declared in modules/git/default.nix.

Whether to enable impermanence.

true

Declared in modules/impermanence/default.nix.

Path to where the persisted part of the system lies

Declared in modules/impermanence/default.nix.

Run a k3s Kubernetes node on the machine.

Declared in modules/kubernetes/default.nix.

Group that has access to the k3s config and data.

Declared in modules/kubernetes/default.nix.

CIDR that defines the VPN network of the Kubernetes cluster.

Declared in modules/kubernetes/vpn.nix.

Domain name of the cluster.

The clusters will then be accessible through hostname.domain.

Declared in modules/kubernetes/vpn.nix.

Label this machine as a local server.

Declared in modules/local-server/default.nix.

IP of the machine in the local network

Declared in modules/networking/default.nix.

Enable mDNS service (avahi).

Declared in modules/mdns/default.nix.

Whether to enable the machine as a Nix builder for the other machines.

true

Declared in modules/nix-builder/default.nix.

The maximum number of jobs that can be run in parallel on the builder. The default is nix.settings.cores if it is greater than 0, otherwise 1

Declared in modules/nix-builder/default.nix.

The speed factor of the builder. The speed factor is used to prioritize builders when multiple builders are available. The higher the speed factor, the more likely it is that the builder will be used.

Declared in modules/nix-builder/default.nix.

The private key file of the Nix builder.

Declared in modules/nix-builder/default.nix.

The public key of the Nix builder.

Declared in modules/nix-builder/default.nix.

The user name of the Nix builder.

Declared in modules/nix-builder/default.nix.

A list of features that the builder supports

Declared in modules/nix-builder/default.nix.

Label the machine as using the Prometheus monitoring system.

By default, the machine is labeled when the Kubernetes cluster is enabled.

Declared in modules/prometheus/default.nix.

Label the machine as using Prometheus in a federation of multiple Prometheus instances.

Declared in modules/prometheus/default.nix.

Label the machine as being the upstream Prometheus instance in a federation.

Declared in modules/prometheus/default.nix.

Public IP of the machine

Declared in modules/networking/default.nix.

Enable fail2ban to block SSH brute force attacks.

By default, Fail2ban is enabled if sshguard is disabled.

Declared in modules/ssh/default.nix.

Enable sshguard to block SSH brute force attacks.

Declared in modules/ssh/default.nix.

SSH public key of the machine.

This option is required to decode the secrets defined in the main features like users, wireless networks, vpn, etc.

Declared in modules/ssh/default.nix.

Enable a swap file on the root partition.

Declared in modules/swap/default.nix.

Size of the swap file in GiB.

Declared in modules/swap/default.nix.

Enable a swap file in a zram device.

Declared in modules/swap/default.nix.

Enable timesyncd and htpdate.

Declared in modules/time/default.nix.

Set of users to create and configure.

Declared in modules/users/default.nix.

Whether the user is enabled in the machine.

Declared in modules/users/default.nix.

Whether the user is an admin of the machine.

Declared in modules/users/default.nix.

Whether the user is a system user.

Declared in modules/users/default.nix.

Public keys of the user, without the comment (user@host) part.

Declared in modules/users/default.nix.

CIDR that defines the VPN network.

It is also required to determine the machine IP address from the machine ID on the VPN.

For instance, if the CIDR is 10.100.0.0/24 and settings.vpn.id is 5, then the machine IP address will be 10.100.0.5.

Declared in modules/vpn/bastion.nix.

Domain name of the VPN.

The machines will then be accessible through hostname.domain.

Declared in modules/vpn/bastion.nix.

Whether to enable the Wireguard VPN server on this machine.

Declared in modules/vpn/bastion.nix.

External interface of the bastion for NAT.

Declared in modules/vpn/bastion.nix.

Extra machines to add to the VPN.

This is useful when you want to add a machine to the VPN that is not part of the cluster.

Declared in modules/vpn/bastion.nix.

Id of the machine. Each machine must have an unique value.

This id will be translated into an IP with settings.vpn.bastion.cidr when using the VPN module.

Declared in modules/vpn/bastion.nix.

Wireguard public key of the machine.

This value is required when the VPN is enabled.

Declared in modules/vpn/bastion.nix.

This port must not be block by an external firewall so clients can reach it.

Declared in modules/vpn/bastion.nix.

Whether to enable the Wireguard VPN.

true

Declared in modules/vpn/default.nix.

Id of the machine. Each machine must have an unique value.

This id will be translated into an IP with settings.vpn.bastion.cidr when using the VPN module.

Declared in modules/vpn/default.nix.

Wireguard public key of the machine.

This value is required when the VPN is enabled.

Declared in modules/vpn/default.nix.