torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

homelab-deploy: add NATS-based deployment system
Some checks failed
Run nix flake check / flake-check (push) Failing after 3m45s
Details

Browse Source 
Add homelab-deploy flake input and NixOS module for message-based
deployments across the fleet. Configure DEPLOY account in NATS with
tiered access control (listener, test-deployer, admin-deployer).
Enable listener on vaulttest01 as initial test host.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-07 05:22:06 +01:00
parent 2f195d26d3
commit ad8570f8db
7 changed files with 139 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/vaulttest01/configuration.nix
View File

@@ -101,6 +101,22 @@ in
services = [ "vault-test" ];
};
# Homelab-deploy listener NKey
vault.secrets.homelab-deploy-nkey = {
secretPath = "shared/homelab-deploy/listener-nkey";
extractKey = "nkey";
};
# Enable homelab-deploy listener
services.homelab-deploy.listener = {
enable = true;
tier = "test";
role = "vault";
natsUrl = "nats://nats1.home.2rjus.net:4222";
nkeyFile = "/run/secrets/homelab-deploy-nkey";
flakeUrl = "git+https://git.t-juice.club/torjus/nixos-servers.git";
};
# Create a test service that uses the secret
systemd.services.vault-test = {
description = "Test Vault secret fetching";