From 8a1538dde9caf342ffae1166d98d9e95522b6b0c Mon Sep 17 00:00:00 2001 From: Victor Date: Sun, 25 Sep 2022 23:49:26 +0200 Subject: [PATCH] added docs --- README.md | 4 +- flake.lock | 12 +- nixos/hosts/README.md | 2 + .../olympus/mailserver/configuration.nix | 17 +- nixos/hosts/olympus/outline/configuration.nix | 9 + nixos/hosts/olympus/synapse/configuration.nix | 100 ++++--- nixos/hosts/thalassa/null/README.md | 10 +- terraform/.gitignore | 33 --- terraform/.terraform.lock.hcl | 41 --- terraform/hosts.auto.tfvars.json | 73 ----- terraform/main.tf | 34 --- terraform/proxmox_lxc.tf | 277 ------------------ terraform/proxmox_vm_qemu.tf | 77 ----- terraform/versions.tf | 12 - util.nix | 49 ++-- 15 files changed, 120 insertions(+), 630 deletions(-) create mode 100644 nixos/hosts/README.md delete mode 100644 terraform/.gitignore delete mode 100644 terraform/.terraform.lock.hcl delete mode 100644 terraform/hosts.auto.tfvars.json delete mode 100644 terraform/main.tf delete mode 100644 terraform/proxmox_lxc.tf delete mode 100644 terraform/proxmox_vm_qemu.tf delete mode 100644 terraform/versions.tf diff --git a/README.md b/README.md index 6d1f8d2..7c7b5b7 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,12 @@ # 0x76's Infrastructure [![NixOS](https://github.com/NULLx76/infrastructure/actions/workflows/nixos.yml/badge.svg)](https://github.com/NULLx76/infrastructure/actions/workflows/nixos.yml) -This repository contains my IaC and GitOps code. +This repository contains my fleet of VMs, Containers and Bare Metal machines. ## Directory Structure `flake.nix` is a NixOS flake which is the entrypoint for my NixOS config, it also contains a 'DevShell' containing all the tools needed to deploy the infrastructure, this can be accessed running `nix develop`. * **flux**: Kubernetes manifests as managed by [Flux] * **nixos**: Nix configurations for my NixOS LXCs and VMs, deployed using [colmena]. -* **terraform**: Terraform config for deploying said VMs and Containers onto Proxmox, using [terraform-provider-proxmox] [Flux]: https://github.com/fluxcd/flux2 [deploy-rs]: https://colmena.cli.rs/unstable/ -[terraform-provider-proxmox]: https://github.com/Telmate/terraform-provider-proxmox diff --git a/flake.lock b/flake.lock index b0c845f..a9a7206 100644 --- a/flake.lock +++ b/flake.lock @@ -400,11 +400,11 @@ "wlroots": "wlroots" }, "locked": { - "lastModified": 1664050038, - "narHash": "sha256-Q+dLA0bPW0RqYs9ONiu5/KalJYVjoFX2kG6p9G/hzDc=", + "lastModified": 1664130744, + "narHash": "sha256-zM+4pgzsYKS0EuQ3i0Epaq6Gb9xLo4wzxK/WZAw+lpM=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "fad5fc587d4281a5d399e61dc1243bc333d94d4d", + "rev": "f70b57f360f8117ecca67d6d7f75c1f87b098794", "type": "github" }, "original": { @@ -637,11 +637,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1664101652, - "narHash": "sha256-cgr3fHJxF59yz3zVMsQYf4PuGEnDOAOIPUltsMFNRWE=", + "lastModified": 1664138822, + "narHash": "sha256-5iwjo+UlQrT984yS+fz4f/JmpSZzJQnj99e7FhRCunk=", "owner": "NULLx76", "repo": "nixpkgs", - "rev": "e64f013182bc9003121a03de0a0af30cf3ffe762", + "rev": "6c63bf7a0a683985316bf415676ceb4a3a4edac4", "type": "github" }, "original": { diff --git a/nixos/hosts/README.md b/nixos/hosts/README.md new file mode 100644 index 0000000..52fd7fc --- /dev/null +++ b/nixos/hosts/README.md @@ -0,0 +1,2 @@ +# NixOS Hosts +Each folder here is a seperate geographical location, with `thalassa` being for roaming devices like laptops diff --git a/nixos/hosts/olympus/mailserver/configuration.nix b/nixos/hosts/olympus/mailserver/configuration.nix index e84c125..780413f 100644 --- a/nixos/hosts/olympus/mailserver/configuration.nix +++ b/nixos/hosts/olympus/mailserver/configuration.nix @@ -32,18 +32,29 @@ let vs = config.vault-secrets.secrets; in mailserver = { enable = true; fqdn = "mail.0x76.dev"; - domains = [ "0x76.dev" ]; + domains = [ "0x76.dev" "meowy.tech" ]; certificateScheme = 3; loginAccounts = { "v@0x76.dev" = { hashedPasswordFile = "${vs.mailserver}/v@0x76.dev"; + aliases = [ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ]; }; "keycloak@0x76.dev" = { hashedPasswordFile = "${vs.mailserver}/keycloak@0x76.dev"; + sendOnly = true; }; "gitea@0x76.dev" = { hashedPasswordFile = "${vs.mailserver}/gitea@0x76.dev"; + sendOnly = true; + }; + "matrix@meowy.tech" = { + hashedPasswordFile = "${vs.mailserver}/matrix@meowy.tech"; + sendOnly = true; + }; + "outline@0x76.dev" = { + hashedPasswordFile = "${vs.mailserver}/outline@0x76.dev"; + sendOnly = true; }; }; @@ -68,8 +79,8 @@ let vs = config.vault-secrets.secrets; in package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]); plugins = [ "archive" - "enigma" - "markasjunk" + # "enigma" + # "markasjunk" "persistent_login" ]; # this is the url of the vhost, not necessarily the same as the fqdn of diff --git a/nixos/hosts/olympus/outline/configuration.nix b/nixos/hosts/olympus/outline/configuration.nix index c705c2b..4536240 100644 --- a/nixos/hosts/olympus/outline/configuration.nix +++ b/nixos/hosts/olympus/outline/configuration.nix @@ -51,5 +51,14 @@ let vs = config.vault-secrets.secrets; in authUrl = "https://id.0x76.dev/realms/master/protocol/openid-connect/auth"; clientSecretFile = "${vs.outline}/keycloakClientSecret"; }; + smtp = rec { + username = "outline@0x76.dev"; + fromEmail = username; + replyEmail = username; + secure = true; + port = 465; + host = "mail.0x76.dev"; + passwordFile = "${vs.outline}/mailPassword"; + }; }; } diff --git a/nixos/hosts/olympus/synapse/configuration.nix b/nixos/hosts/olympus/synapse/configuration.nix index bb7dbff..0e812da 100644 --- a/nixos/hosts/olympus/synapse/configuration.nix +++ b/nixos/hosts/olympus/synapse/configuration.nix @@ -41,58 +41,56 @@ in ''; }; - services.matrix-synapse = - let - extraConfig = builtins.toFile "extraConfig.yaml" '' - registration_requires_token: true - ''; - in - { - enable = true; - withJemalloc = true; + services.matrix-synapse = { + enable = true; + withJemalloc = true; - extraConfigFiles = [ - "${vs.synapse}/macaroon_secret_key" - "${vs.synapse}/registration_shared_secret" - "${vs.synapse}/form_secret" - "${vs.synapse}/turn_shared_secret" - extraConfig - ]; + extraConfigFiles = [ + "${vs.synapse}/macaroon_secret_key" + "${vs.synapse}/registration_shared_secret" + "${vs.synapse}/form_secret" + "${vs.synapse}/turn_shared_secret" + "${vs.synapse}/email_password" # Also contains the rest of the email config + ]; - settings = - { - server_name = "meowy.tech"; - enable_registration = true; - public_baseurl = "https://chat.meowy.tech"; - enable_metrics = true; - # max_upload_size = "100m"; - listeners = [ - { - inherit port; - bind_addresses = [ "0.0.0.0" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = true; - } - ]; - } - { - port = metricsPort; - bind_addresses = [ "0.0.0.0" ]; - type = "metrics"; - tls = false; - resources = [ - { - names = [ "metrics" ]; - compress = false; - } - ]; - } - ]; + settings = + { + server_name = "meowy.tech"; + enable_registration = true; + public_baseurl = "https://chat.meowy.tech"; + enable_metrics = true; + max_upload_size = "100M"; + registration_requires_token = true; + media_retention = { + remote_media_lifetime = "90d"; }; - }; + listeners = [ + { + inherit port; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + { + port = metricsPort; + bind_addresses = [ "0.0.0.0" ]; + type = "metrics"; + tls = false; + resources = [ + { + names = [ "metrics" ]; + compress = false; + } + ]; + } + ]; + }; + }; } diff --git a/nixos/hosts/thalassa/null/README.md b/nixos/hosts/thalassa/null/README.md index 446bf7b..bd765da 100644 --- a/nixos/hosts/thalassa/null/README.md +++ b/nixos/hosts/thalassa/null/README.md @@ -1,2 +1,10 @@ # null -This folder contains the NixOS configuration for my laptop, with hostname `null`. \ No newline at end of file +This folder contains the NixOS configuration for my laptop, with hostname `null`. + +## Information +* OS: NixOS +* WM: hyprland +* Terminal: foot +* Shell: zsh +* Theme: Captuccin Pink Dark +* Launcher: wofi diff --git a/terraform/.gitignore b/terraform/.gitignore deleted file mode 100644 index d9548c9..0000000 --- a/terraform/.gitignore +++ /dev/null @@ -1,33 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log - -# Exclude all .tfvars files, which are likely to contain sentitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -# -*.tfvars - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Include override files you do wish to add to version control using negated pattern -# -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl deleted file mode 100644 index 5172ff1..0000000 --- a/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,41 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/vault" { - version = "3.8.0" - constraints = "3.8.0" - hashes = [ - "h1:7fwbqW8EpFSgGmp23JCn01OSzjp/bJA5jCXqaAMpfIs=", - "h1:8lg4gIGn8DCwvJHAJEFfQNVzYOZO7f6y7o4hEvvGZXM=", - "h1:AdhWQXOClR+vhEw086YTTfqGh2KrBwqZQQETTugQ2hA=", - "h1:F+1vJ14D9nNx3sNrCbKxvpJZ+QnVmD1p/ITbYPlkRg4=", - "h1:PpBRbK394epLJrYBANF5AsmqN3OPsDxk15NGS1Q2LIs=", - "h1:T4UoPuJbAio9ZML6vpNV4bIe5Tp6f5UFGTRBtkEv/vM=", - "h1:WL4JpK+LTxmTaNNXKprpHrMMzENYyQTBLal0fHVweE4=", - "h1:eHd28140YcjNCU9HtdZ8M1Mdb17XroVUoI2UIyqo7hE=", - "h1:luFm8DTlv6WPReGc3LDMCwt6LfBuHXJL4AV2ET4gNJQ=", - "h1:vsEgjE+Rad+XqL1Xav3WJyw1+A4dxl30pWwX2+y4I9k=", - "h1:yUcSQPjRUtow4vSEjM3a7ZhxAXXuehBXMQE4X2BKk3w=", - ] -} - -provider "registry.terraform.io/telmate/proxmox" { - version = "2.9.10" - constraints = "2.9.10" - hashes = [ - "h1:/5Yci1cg4jZL2aya/cG8evNOgHwonYuuC6p1O07FhTc=", - "h1:/A5aHl/Ip3RkJ7abHIP33Hcf4kF2to3cA9PAp1f92Pk=", - "h1:/yUt/okb+f5dPxfaOUdvGikZhphX85kqGxzhPWHKQu0=", - "h1:87Zg9ZYrIh4Ed5KdsUPhGrXfeLQSZgU3OolWShQ2GXE=", - "h1:Al8lODr0F0ERJcwDNLTGzy0k8EidSZ5F/SYU9AfwtFU=", - "h1:VGqwHu3t75A4yup/Axvuh0X1mPTgh+TJn0ZGaObdne8=", - "h1:e1ncMGe7uwGibNXnt0h/M1SbIZGRiSHVFLzmrzQulYQ=", - "h1:mKgUaboSiulLR8RAHHr7w/VapyEKyQFzj8G+LjOjaLs=", - "h1:nd095azyjqcSPMfzFereNWKMBrBlnN12IYfOVt3eMR4=", - "h1:qkLV8lRnu69eYjBfaXeBRVCNqZnMdoLnsdxK3zEnacY=", - "h1:skq+tLPQ7FF2olylHwmYYxsj/lIoGrbiNjpOjYBlfQI=", - "h1:uOEAJ+AFin0XMlo0IcdKH5RVvTs1E8FCUPPnTWp+sbs=", - "h1:xZ731FmD4jCWlS2ralf1BX1pu/NKnM8u8zpBeFOhvnk=", - "h1:yPqHOIhTyxt8c1WVWB6Qv2TZfG2R5NCQdnLGKAQZox0=", - ] -} diff --git a/terraform/hosts.auto.tfvars.json b/terraform/hosts.auto.tfvars.json deleted file mode 100644 index 2ac54e1..0000000 --- a/terraform/hosts.auto.tfvars.json +++ /dev/null @@ -1,73 +0,0 @@ -{ - "hosts": { - "WoolooTV": { - "mac": "74:40:be:48:85:a4" - }, - "bastion": { - "mac": "82:F0:7C:CB:BD:6D" - }, - "consul": { - "mac": "D6:DE:07:41:73:81" - }, - "dhcp": { - "mac": "3E:2D:E8:AA:E2:81" - }, - "dns-1": { - "mac": "5E:F6:36:23:16:E3" - }, - "dns-2": { - "mac": "B6:04:0B:CD:0F:9F" - }, - "edgerouter": { - "mac": "B4:FB:E4:53:9C:0A" - }, - "eevee": { - "mac": "34:97:f6:93:9A:AA" - }, - "gitea": { - "mac": "DE:5F:B0:83:6F:34" - }, - "home-assistant": { - "mac": "9E:60:78:ED:81:B4" - }, - "k3s-node1": { - "mac": "2E:F8:55:23:D9:9B" - }, - "minecraft": { - "mac": "EA:30:73:E4:B6:69" - }, - "minio": { - "mac": "0A:06:5E:E7:9A:0C" - }, - "mosquitto": { - "mac": "C6:F9:8B:3D:9E:37" - }, - "nginx": { - "mac": "6A:C2:89:85:CF:A6" - }, - "nuc": { - "mac": "1C:69:7A:62:30:88" - }, - "plausible": { - "mac": "82:34:70:FA:44:6F" - }, - "unifi": { - "mac": "1A:88:A0:B0:65:B4" - }, - "unifi-ap": { - "mac": "b4:fb:e4:f3:ff:1b" - }, - "vault": { - "mac": "16:2B:87:55:0C:0C" - }, - "victoriametrics": { - "mac": "9E:91:61:35:84:1F" - }, - "wireguard": { - "mac": "1E:ED:97:2C:C3:9D" - }, - "zmeura": { - "mac": "b8:27:eb:d5:e0:f5" - } - } -} diff --git a/terraform/main.tf b/terraform/main.tf deleted file mode 100644 index 49f13aa..0000000 --- a/terraform/main.tf +++ /dev/null @@ -1,34 +0,0 @@ -terraform { - backend "s3" { - bucket = "terraform" - key = "terraform.tfstate" - region = "us-east-1" - endpoint = "http://minio:9000" - force_path_style = true - skip_requesting_account_id = true - skip_credentials_validation = true - skip_get_ec2_platforms = true - skip_metadata_api_check = true - skip_region_validation = true - } -} - -provider "proxmox" { - pm_api_url = "https://10.42.42.42:8006/api2/json" - pm_user = data.vault_generic_secret.proxmox_auth.data["user"] - pm_password = data.vault_generic_secret.proxmox_auth.data["pass"] - pm_tls_insecure = true -} - -provider "vault" { - address = "http://vault:8200" - skip_tls_verify = true -} - -# Proxmox authentication for terraform -data "vault_generic_secret" "proxmox_auth" { - path = "secrets/terraform/proxmox_credentials" -} - -# Imported from hosts.auto.tfvars.json -variable "hosts" { } diff --git a/terraform/proxmox_lxc.tf b/terraform/proxmox_lxc.tf deleted file mode 100644 index 6b16501..0000000 --- a/terraform/proxmox_lxc.tf +++ /dev/null @@ -1,277 +0,0 @@ -# For full info see: https://blog.xirion.net/posts/nixos-proxmox-lxc/ -resource "proxmox_lxc" "nixos-template" { - target_node = "nuc" - description = "NixOS LXC Template" - hostname = "nixos-template" - ostemplate = "local:vztmpl/nixos-unstable-default_156198829_amd64.tar.xz" - ostype = "unmanaged" - unprivileged = true - vmid = 101 - template = true - - memory = 1024 - - features { - nesting = true - } - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = "22:D7:C1:FF:9D:5F" - } -} - -resource "proxmox_lxc" "nixos-template-2" { - target_node = "nuc" - description = "NixOS LXC Template" - hostname = "nixos-template" - ostype = "unmanaged" - unprivileged = true - vmid = 108 - template = true - cores = 1 - - memory = 512 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - features { - nesting = true - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = "FA:71:3F:31:34:41" - } -} - -resource "proxmox_lxc" "vault" { - target_node = "nuc" - description = "Vault Secrets Management" - hostname = "vault" - unprivileged = false # needed for mlock - vmid = 102 - clone = "101" - onboot = true - - memory = 1024 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = var.hosts.vault.mac - } -} - -resource "proxmox_lxc" "mosquitto" { - target_node = "nuc" - description = "mosquitto mqtt broker" - hostname = "mosquitto" - vmid = 104 - clone = 101 - unprivileged = true - onboot = true - - memory = 1024 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = var.hosts.mosquitto.mac - } -} - -resource "proxmox_lxc" "nginx" { - target_node = "nuc" - hostname = "nginx" - vmid = 106 - clone = 101 - unprivileged = true - onboot = true - - memory = 512 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = var.hosts.nginx.mac - } -} - -resource "proxmox_lxc" "consul" { - target_node = "nuc" - description = "consul service mesh" - hostname = "consul" - vmid = 107 - unprivileged = true - onboot = true - - memory = 512 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = var.hosts.consul.mac - } -} - -resource "proxmox_lxc" "dns-1" { - target_node = "nuc" - hostname = "dns" - vmid = 109 - unprivileged = true - onboot = true - startup = "order=1" - cores = 1 - - memory = 512 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = var.hosts.dns-1.mac - } -} - -resource "proxmox_lxc" "dns-2" { - target_node = "nuc" - hostname = "dns" - vmid = 110 - unprivileged = true - onboot = true - startup = "order=1" - cores = 1 - - memory = 512 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = var.hosts.dns-2.mac - } -} - -resource "proxmox_lxc" "minio" { - target_node = "nuc" - hostname = "minio" - vmid = 111 - unprivileged = true - onboot = true - cores = 1 - - memory = 512 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - ip = "dhcp" - ip6 = "auto" - hwaddr = var.hosts.minio.mac - } -} - -resource "proxmox_lxc" "dhcp" { - target_node = "nuc" - hostname = "dhcp" - vmid = 112 - unprivileged = true - onboot = true - cores = 1 - - memory = 512 - - rootfs { - storage = "local-zfs" - size = "8G" - } - - network { - name = "eth0" - bridge = "vmbr0" - hwaddr = var.hosts.dhcp.mac - } -} - -# resource "proxmox_lxc" "victoriametrics" { -# target_node = "nuc" -# hostname = "victoriametrics" -# vmid = 113 -# clone = 108 -# unprivileged = true -# onboot = true -# cores = 1 - -# memory = 512 - -# rootfs { -# storage = "local-zfs" -# size = "25G" -# } - -# network { -# name = "eth0" -# bridge = "vmbr0" -# hwaddr = var.hosts.victoriametrics.mac -# } -# } diff --git a/terraform/proxmox_vm_qemu.tf b/terraform/proxmox_vm_qemu.tf deleted file mode 100644 index 3d50563..0000000 --- a/terraform/proxmox_vm_qemu.tf +++ /dev/null @@ -1,77 +0,0 @@ -resource "proxmox_vm_qemu" "bastion" { - name = "bastion" - vmid = 100 - target_node = "nuc" - onboot = true - tablet = false - full_clone = false - - memory = 4096 - cores = 4 - - agent = 1 - boot = "order=scsi0;ide2;net0" - - disk { - size = "64G" - storage = "local-zfs" - type = "scsi" - ssd = 1 - } - - network { - model = "virtio" - macaddr = var.hosts.bastion.mac - bridge = "vmbr0" - } -} - -resource "proxmox_vm_qemu" "k3s-node1" { - name = "k3s-node1" - target_node = "nuc" - vmid = 103 - clone = "bastion" - tablet = false - onboot = true - - memory = 8192 - cores = 4 - - agent = 1 - boot = "order=scsi0;ide2;net0" - - network { - model = "virtio" - macaddr = var.hosts.k3s-node1.mac - bridge = "vmbr0" - } - - disk { - type = "scsi" - storage = "local-zfs" - size = "64G" - ssd = 1 - } -} - -resource "proxmox_vm_qemu" "home-assistant" { - name = "home-assistant" - vmid = 105 - target_node = "nuc" - onboot = true - tablet = false - full_clone = false - bios = "ovmf" - - memory = 2048 - cores = 4 - - agent = 1 - boot = "order=sata0" - - network { - model = "virtio" - macaddr = var.hosts.home-assistant.mac - bridge = "vmbr0" - } -} diff --git a/terraform/versions.tf b/terraform/versions.tf deleted file mode 100644 index 0dc7edd..0000000 --- a/terraform/versions.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - proxmox = { - source = "telmate/proxmox" - version = "2.9.10" - } - vault = { - source = "hashicorp/vault" - version = "3.8.0" - } - } -} diff --git a/util.nix b/util.nix index 78c9d65..ed5cbfc 100644 --- a/util.nix +++ b/util.nix @@ -2,32 +2,43 @@ let inherit (nixpkgs) lib; inherit (builtins) filter mapAttrs attrValues concatLists; - import_cases = { - "lxc" = [ - "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" - ./nixos/common/generic-lxc.nix - ]; - "vm" = [ - ./nixos/common/generic-vm.nix - ]; - "local" = [ - home-manager.nixosModules.home-manager - hyprland.nixosModules.default - ]; - }; - resolve_imports = { hostname, realm, profile ? hostname, type ? "lxc", ... }: [ - mailserver.nixosModules.mailserver - ./nixos/common - "${./.}/nixos/hosts/${realm}/${profile}/configuration.nix" - ] ++ import_cases.${type}; + + # Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal) + resolve_imports = + let + # lookup table + import_cases = { + "lxc" = [ + "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" + ./nixos/common/generic-lxc.nix + ]; + "vm" = [ + ./nixos/common/generic-vm.nix + ]; + "local" = [ + home-manager.nixosModules.home-manager + hyprland.nixosModules.default + ]; + }; + in + { hostname, realm, profile ? hostname, type ? "lxc", ... }: [ + mailserver.nixosModules.mailserver + ./nixos/common + "${./.}/nixos/hosts/${realm}/${profile}/configuration.nix" + ] ++ import_cases.${type}; in -rec { +{ + # Add to whatever realm a host belong to its list of tags add_realm_to_tags = realm: hosts: map ({ tags ? [ ], ... }@host: host // { tags = [ realm ] ++ tags; inherit realm; }) hosts; + # Flatten all hosts to a single list flatten_hosts = hosts: concatLists (attrValues hosts); + # Filter out all hosts which aren't nixos filter_nix_hosts = hosts: filter ({ nix ? true, ... }: nix) hosts; + # Helper function to build a colmena host definition mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host: let + # this makes local apply work a bit nicer name = if realm == "thalassa" then hostname else "${hostname}.${realm}"; in {