v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

refactor flake

Browse source
This commit is contained in:
Vivian 2022-08-21 11:42:17 +02:00
parent bc118b064b
commit 1bbb1d5d90
7 changed files with 75 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
flake.nix
View file

@ -31,73 +31,30 @@
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit (builtins) filter mapAttrs attrValues concatLists; inherit (builtins) filter mapAttrs attrValues concatLists;
util = import ./util.nix inputs;
system = "x86_64-linux"; system = "x86_64-linux";
# import and add location qualifier to all hosts # import and add realm to list of tags
hosts = mapAttrs (location: lhosts: map ({ tags ? [ ], ... }@x: x // { tags = [ location ] ++ tags; inherit location; }) lhosts) (import ./nixos/hosts); hosts = mapAttrs util.add_realm_to_tags (import ./nixos/hosts);
# flatten hosts to single list # flatten hosts to single list
flat_hosts = concatLists (attrValues hosts); flat_hosts = util.flatten_hosts hosts;
# Filter all nixos host definitions that are actual nix machines # Filter out all non-nixos hosts
nixHosts = filter ({ nix ? true, ... }: nix) flat_hosts; nixHosts = util.filter_nix_hosts flat_hosts;
# Define args each module gets access to (access to hosts is useful for DNS/DHCP) # Define args each module gets access to (access to hosts is useful for DNS/DHCP)
specialArgs = { inherit hosts flat_hosts inputs; }; specialArgs = { inherit hosts flat_hosts inputs; };
# Resolve imports based on a foldername (nixname) and if the host is an LXC container or a VM.
resolveImports = { hostname, location, profile ? hostname, lxc ? true, ... }: [
./nixos/common
"${./.}/nixos/hosts/${location}/${profile}/configuration.nix"
] ++ (if lxc then [
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
./nixos/common/generic-lxc.nix
]
else [ ./nixos/common/generic-vm.nix ]);
mkConfig = { hostname, location, ... }@host: {
"${hostname}.${location}" = lib.nixosSystem {
inherit system specialArgs;
modules = resolveImports host;
};
};
mkColmenaHost = { ip, hostname, tags, location, ... }@host: {
"${hostname}.${location}" = {
imports = resolveImports host;
networking = {
hostName = hostname;
domain = location;
};
deployment = {
inherit tags;
targetHost = ip;
targetUser = null; # Defaults to $USER
};
};
};
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ]; pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
in in
{ {
# Make the nixosConfigurations, mostly for vault-secrets # Make the nixosConfigurations, mostly for vault-secrets
nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts; nixosConfigurations = util.mkNixosConfigurations specialArgs hosts;
# Make the coleman configuration # Make the coleman configuration
colmena = lib.foldr (el: acc: acc // mkColmenaHost el) colmena = lib.foldr (el: acc: acc // util.mkColmenaHost el)
{ {
null = { ... }: {
networking.hostName = "null";
imports = [
./nixos/common
./nixos/hosts/thalassa/null/configuration.nix
home-manager.nixosModules.home-manager
];
deployment = {
allowLocalDeployment = true;
targetHost = null;
};
};
meta = { meta = {
inherit specialArgs;
nixpkgs = import nixpkgs { nixpkgs = import nixpkgs {
inherit system; inherit system;
overlays = [ overlays = [
@ -105,7 +62,6 @@
minecraft-servers.overlays.default minecraft-servers.overlays.default
]; ];
}; };
inherit specialArgs;
}; };
} }
nixHosts; nixHosts;

1
nixos/hosts/default.nix
View file

@ -1,4 +1,5 @@
{ {
hades = import ./hades; hades = import ./hades;
olympus = import ./olympus; olympus = import ./olympus;
thalassa = import ./thalassa;
} }

4
nixos/hosts/olympus/default.nix
View file

@ -22,7 +22,7 @@
ip = "10.42.42.4"; ip = "10.42.42.4";
ip6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d"; ip6 = "2001:41f0:9639:1:80f0:7cff:fecb:bd6d";
mac = "82:F0:7C:CB:BD:6D"; mac = "82:F0:7C:CB:BD:6D";
lxc = false; type = "vm";
} }
{ {
hostname = "vault"; hostname = "vault";
@ -53,7 +53,7 @@
profile = "k3s"; profile = "k3s";
ip = "10.42.42.10"; ip = "10.42.42.10";
mac = "2E:F8:55:23:D9:9B"; mac = "2E:F8:55:23:D9:9B";
lxc = false; type = "vm";
} }
{ {
hostname = "WoolooTV"; hostname = "WoolooTV";

2
nixos/hosts/olympus/dhcp/configuration.nix
View file

@ -6,7 +6,7 @@ let
ipAddress = ip; ipAddress = ip;
}; };
localDomain = config.networking.domain; localDomain = config.networking.domain;
hosts' = hosts.${localDomain}; hosts' = builtins.filter (builtins.hasAttr "ip") hosts.${localDomain};
in { in {
imports = [ ]; imports = [ ];

17
nixos/hosts/olympus/dns/configuration.nix
View file

@ -1,15 +1,14 @@
{ config, pkgs, hosts, flat_hosts, ... }: { config, pkgs, hosts, flat_hosts, ... }:
let let
inherit (builtins) filter hasAttr attrNames; inherit (builtins) filter hasAttr attrNames;
hosts' = flat_hosts;
domains = attrNames hosts; domains = attrNames hosts;
ipv4Host = filter (hasAttr "ip") flat_hosts;
ipv6Hosts = filter (hasAttr "ip6") flat_hosts;
ipv6Hosts = filter (hasAttr "ip6") hosts'; localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"'';
local6Data = { hostname, realm, ip6, ... }: ''"${hostname}.${realm}. AAAA ${ip6}"'';
localData = { hostname, location, ip, ... }: ''"${hostname}.${location}. A ${ip}"''; ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"'';
local6Data = { hostname, location, ip6, ... }: ''"${hostname}.${location}. AAAA ${ip6}"''; ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
ptrData = { hostname, location, ip, ... }: ''"${ip} ${hostname}.${location}"'';
ptr6Data = { hostname, location, ip6, ... }: ''"${ip6} ${hostname}.${location}"'';
in { in {
imports = [ ]; imports = [ ];
@ -38,8 +37,8 @@ in {
interface = [ "0.0.0.0" "::0" ]; interface = [ "0.0.0.0" "::0" ];
local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains; local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains;
local-data = (map localData hosts') ++ (map local6Data ipv6Hosts); local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData hosts') ++ (map ptr6Data ipv6Hosts); local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts);
access-control = [ access-control = [
"127.0.0.1/32 allow_snoop" "127.0.0.1/32 allow_snoop"

1
nixos/hosts/thalassa/default.nix
View file

@ -1,7 +1,6 @@
[ [
{ {
hostname = "null"; hostname = "null";
mac = "";
type = "local"; type = "local";
} }
] ]

51
util.nix Normal file
View file

@ -0,0 +1,51 @@
{ nixpkgs, home-manager, ... }:
let
inherit (nixpkgs) lib;
inherit (builtins) filter mapAttrs attrValues concatLists;
import_cases = {
"lxc" = [
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
./nixos/common/generic-lxc.nix
];
"vm" = [
./nixos/common/generic-vm.nix
];
"local" = [
home-manager.nixosModules.home-manager
];
};
resolve_imports = { hostname, realm, profile ? hostname, type ? "lxc", ... }: [
./nixos/common
"${./.}/nixos/hosts/${realm}/${profile}/configuration.nix"
] ++ import_cases.${type};
in
rec {
add_realm_to_tags = realm: hosts: map ({ tags ? [ ], ... }@host: host // { tags = [ realm ] ++ tags; inherit realm; }) hosts;
flatten_hosts = hosts: concatLists (attrValues hosts);
filter_nix_hosts = hosts: filter ({ nix ? true, ... }: nix) hosts;
mkNixosSystem = specialArgs: { hostname, realm, system ? "x86_64-linux", ... }@host: {
"${hostname}.${realm}" = lib.nixosSystem {
inherit system specialArgs;
modules = resolve_imports host;
};
};
mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host: {
"${hostname}.${realm}" = {
imports = resolve_imports host;
networking = {
hostName = hostname;
domain = realm;
};
deployment = {
inherit tags;
targetHost = ip;
allowLocalDeployment = (type == "local");
targetUser = null; # Defaults to $USER
};
};
};
mkNixosConfigurations = specialArgs: hosts: lib.foldr (el: acc: acc // mkNixosSystem specialArgs el) { } hosts;
}