v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

nixos: invert common dependency

Browse source
This commit is contained in:
Vivian 2021-11-21 14:35:09 +01:00
parent 9cde99ce16
commit 91c59b132e
11 changed files with 25 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
flake.nix
View file

@ -17,10 +17,12 @@
mkSystem = { host, lxc ? true }:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./nixos/hosts/${host}/configuration.nix ./nixos/common.nix ] ++ (if lxc then
[ "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" ]
else
[ ]);
modules = [ ./nixos/hosts/${host}/configuration.nix ./nixos/common ]
++ (if lxc then [
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
./nixos/common/generic-lxc.nix
] else
[ ./nixos/common/generic-vm.nix ]);
specialArgs.inputs = inputs;
};
mkDeploy = hostname: profile: {
@ -33,8 +35,14 @@
};
in {
# VMs
nixosConfigurations.bastion = mkSystem { host = "bastion"; lxc = false; };
nixosConfigurations.k3s = mkSystem { host = "k3s"; lxc = false; };
nixosConfigurations.bastion = mkSystem {
host = "bastion";
lxc = false;
};
nixosConfigurations.k3s = mkSystem {
host = "k3s";
lxc = false;
};
# LXCs
nixosConfigurations.vault = mkSystem { host = "vault"; };

12
nixos/common.nix
View file

@ -1,12 +0,0 @@
{ config, inputs, ... }:
{
imports = [
inputs.vault-secrets.nixosModules.vault-secrets
];
vault-secrets = {
vaultPrefix = "nixos/${config.networking.hostName}";
vaultAddress = "http://10.42.42.6:8200/";
approlePrefix = "olympus-${config.networking.hostName}";
};
}

12
nixos/common/default.nix
View file

@ -1,7 +1,8 @@
{ pkgs, ... }:
{ config, inputs, pkgs, ... }:
{
imports = [
inputs.vault-secrets.nixosModules.vault-secrets
# User account definitions
./users
./services
@ -38,4 +39,13 @@
SystemMaxUse=100M
MaxFileSec=7day
'';
# Enable SSH daemon support.
services.openssh.enable = true;
vault-secrets = {
vaultPrefix = "nixos/${config.networking.hostName}";
vaultAddress = "http://10.42.42.6:8200/";
approlePrefix = "olympus-${config.networking.hostName}";
};
}

3
nixos/common/generic-lxc.nix
View file

@ -3,7 +3,4 @@
# Supress systemd services that don't work (correctly) on LXC
systemd.suppressedSystemUnits = [ "dev-mqueue.mount" "sys-kernel-debug.mount" "sys-fs-fuse-connections.mount" ];
# Enable SSH daemon support.
services.openssh.enable = true;
}

4
nixos/common/generic-vm.nix
View file

@ -5,10 +5,6 @@
networking.useDHCP = false;
networking.interfaces.ens18.useDHCP = lib.mkDefault true;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = lib.mkDefault "yes";
# Enable qemu guest agent
services.qemuGuest.enable = true;
}

3
nixos/hosts/bastion/configuration.nix
View file

@ -17,9 +17,6 @@ in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Import common config
../../common/generic-vm.nix
../../common
];
# Use the GRUB 2 boot loader.

3
nixos/hosts/consul/configuration.nix
View file

@ -6,9 +6,6 @@
{
imports = [
# Import common config
../../common/generic-lxc.nix
../../common
];
networking.hostName = "consul";

3
nixos/hosts/k3s/configuration.nix
View file

@ -2,9 +2,6 @@
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Import common config
../../common/generic-vm.nix
../../common
];
# Use the GRUB 2 boot loader.

3
nixos/hosts/mosquitto/configuration.nix
View file

@ -6,9 +6,6 @@
let mosquittoPort = 1883;
in {
imports = [
# Import common config
../../common/generic-lxc.nix
../../common
];
networking.hostName = "mosquitto";

3
nixos/hosts/nginx/configuration.nix
View file

@ -14,9 +14,6 @@ let
};
in {
imports = [
# Import common config
../../common/generic-lxc.nix
../../common
];
networking.hostName = "nginx";

3
nixos/hosts/vault/configuration.nix
View file

@ -6,9 +6,6 @@
{
imports = [
# Import common config
../../common/generic-lxc.nix
../../common
];
networking.hostName = "vault";