cluster/nix: update nodes
- we update NixOS to 20.09pre
- we fix an ACME option that's now required
- we switch from systemd-timesyncd to chrony (as timesyncd took a long
time to sync clocks after restart, leading to MON_CLOCK_SKEW errors
from ceph)
This has been deployed in production.
Change-Id: Ibfcd41567235bae3e3d8abeeed61f4694ae614ad
diff --git a/cluster/nix/default.nix b/cluster/nix/default.nix
index 48690d4..a5f5082 100644
--- a/cluster/nix/default.nix
+++ b/cluster/nix/default.nix
@@ -1,8 +1,8 @@
let
pkgs = import (fetchGit {
- name = "nixos-unstable-2020-02-12";
+ name = "nixos-unstable-2020-08-22";
url = https://github.com/nixos/nixpkgs-channels/;
- rev = "a21c2fa3ea2b88e698db6fc151d9c7259ae14d96";
+ rev = "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38";
});
cfg = {
diff --git a/cluster/nix/module-base.nix b/cluster/nix/module-base.nix
index e9da99a..cd7c2d9 100644
--- a/cluster/nix/module-base.nix
+++ b/cluster/nix/module-base.nix
@@ -42,6 +42,9 @@
# Otherwise fetchGit nixpkgs pin fails.
systemd.services.nixos-upgrade.path = [ pkgs.git ];
+ # Use Chrony instead of systemd-timesyncd
+ services.chrony.enable = true;
+
# Enable the OpenSSH daemon.
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
diff --git a/cluster/nix/module-kubernetes.nix b/cluster/nix/module-kubernetes.nix
index 420b32d..6338f5e 100644
--- a/cluster/nix/module-kubernetes.nix
+++ b/cluster/nix/module-kubernetes.nix
@@ -55,6 +55,7 @@
127.0.0.1 ${k8sapi}
'';
+ security.acme.acceptTerms = true;
security.acme.certs = {
host = {
email = acmeEmail;