From fa5bda60be86d161e30af677c12e1687876051f9 Mon Sep 17 00:00:00 2001 From: Victor Date: Thu, 4 May 2023 15:14:36 +0200 Subject: [PATCH] simple impl of exposes thingy --- .woodpecker.yml | 2 +- flake.nix | 8 +--- nixos/common/modules/default.nix | 2 +- nixos/common/modules/meta.nix | 42 +++++++++++++++++++ nixos/hosts/olympus/default.nix | 6 +++ .../hosts/olympus/hedgedoc/configuration.nix | 3 +- nixos/hosts/olympus/nginx/configuration.nix | 6 ++- nixos/hosts/thalassa/aoife/configuration.nix | 3 +- nixos/hosts/thalassa/default.nix | 6 ++- nixos/hosts/thalassa/eevee/configuration.nix | 3 +- nixos/util.nix | 17 ++++++-- 11 files changed, 78 insertions(+), 20 deletions(-) create mode 100644 nixos/common/modules/meta.nix diff --git a/.woodpecker.yml b/.woodpecker.yml index 0a8e125..0a65993 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -5,5 +5,5 @@ pipeline: - NIX_CONFIG=experimental-features = nix-command flakes commands: - nix run 'nixpkgs#statix' check - - nix run 'github:astro/deadnix' -- -f + - nix run 'nixpkgs#deadnix' -- -f - nix run 'nixpkgs#yamllint' . diff --git a/flake.nix b/flake.nix index 56f99e5..1783aa7 100644 --- a/flake.nix +++ b/flake.nix @@ -46,14 +46,9 @@ inherit (nixpkgs) lib; util = import ./nixos/util.nix inputs; + inherit (util) hosts flat_hosts nixHosts; system = "x86_64-linux"; - # import and add realm to list of tags - hosts = util.add_realm_to_tags (import ./nixos/hosts); - # flatten hosts to single list - flat_hosts = util.flatten_hosts hosts; - # Filter out all non-nixos hosts - nixHosts = util.filter_nix_hosts flat_hosts; pkgs = import nixpkgs { inherit system; @@ -137,6 +132,7 @@ apply-local colmena.packages.${system}.colmena cachix + deadnix fluxcd k9s kubectl diff --git a/nixos/common/modules/default.nix b/nixos/common/modules/default.nix index 4b66a5b..32e5402 100644 --- a/nixos/common/modules/default.nix +++ b/nixos/common/modules/default.nix @@ -1,3 +1,3 @@ { ... }: { - imports = [ ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ]; + imports = [ ./meta.nix ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ]; } diff --git a/nixos/common/modules/meta.nix b/nixos/common/modules/meta.nix new file mode 100644 index 0000000..63585fa --- /dev/null +++ b/nixos/common/modules/meta.nix @@ -0,0 +1,42 @@ +{ lib, ... }: +with lib; +let + exposesOpts = { + options = { + domain = mkOption { + type = types.str; + example = ".example.com"; + description = '' + The domain under which this service should be available + ''; + }; + port = mkOption { + type = types.int; + example = 4242; + description = '' + The port under which the service runs on the host + ''; + }; + }; + }; +in { + options = { + meta.exposes = mkOption { + type = with types; attrsOf (submodule exposesOpts); + description = '' + Exposed services + ''; + }; + + meta.ipv4 = mkOption { + type = types.str; + description = '' + Own IPv4 Address + ''; + }; + }; + + config = { + + }; +} diff --git a/nixos/hosts/olympus/default.nix b/nixos/hosts/olympus/default.nix index 62f5c09..0adce81 100644 --- a/nixos/hosts/olympus/default.nix +++ b/nixos/hosts/olympus/default.nix @@ -100,6 +100,12 @@ "hedgedoc" = { ip = "10.42.42.23"; mac = "86:BC:0C:18:BC:9B"; + exposes = { + md = { + domain = "md.0x76.dev"; + port = 3000; + }; + }; }; "zmeura" = { ip = "10.42.42.24"; diff --git a/nixos/hosts/olympus/hedgedoc/configuration.nix b/nixos/hosts/olympus/hedgedoc/configuration.nix index c11021c..87e19bd 100644 --- a/nixos/hosts/olympus/hedgedoc/configuration.nix +++ b/nixos/hosts/olympus/hedgedoc/configuration.nix @@ -6,6 +6,7 @@ let db_name = "hedgedoc"; db_user = "hedgedoc"; + inherit (config.meta.exposes.md) port; vs = config.vault-secrets.secrets; in { imports = [ ]; @@ -40,7 +41,7 @@ in { environmentFile = "${vs.hedgedoc}/environment"; settings = { host = "0.0.0.0"; - port = 3000; + inherit port; sessionSecret = "$SESSION_SECRET"; domain = "md.0x76.dev"; protocolUseSSL = true; diff --git a/nixos/hosts/olympus/nginx/configuration.nix b/nixos/hosts/olympus/nginx/configuration.nix index 5d21f76..2e926c7 100644 --- a/nixos/hosts/olympus/nginx/configuration.nix +++ b/nixos/hosts/olympus/nginx/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, hosts, ... }: let proxy = url: { enableACME = true; @@ -44,9 +44,11 @@ in { package = pkgs.nginxMainline; + # Templated + virtualHosts.${hosts.olympus.hedgedoc.exposes.md.domain} = proxy "http://hedgedoc.olympus:${toString hosts.olympus.hedgedoc.exposes.md.port}/"; + # 0x76.dev virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/"; - virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/"; virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000"; virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000"; virtualHosts."grafana.0x76.dev" = diff --git a/nixos/hosts/thalassa/aoife/configuration.nix b/nixos/hosts/thalassa/aoife/configuration.nix index 7699dcc..75ceeb5 100644 --- a/nixos/hosts/thalassa/aoife/configuration.nix +++ b/nixos/hosts/thalassa/aoife/configuration.nix @@ -4,7 +4,6 @@ { inputs, ... }: { imports = [ - ../../../common/desktop ./hardware-configuration.nix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z ./hardware.nix @@ -26,6 +25,8 @@ # Enable Ozone rendering for Chromium and Electron apps. environment.sessionVariables.NIXOS_OZONE_WL = "1"; + # environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName}; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nixos/hosts/thalassa/default.nix b/nixos/hosts/thalassa/default.nix index 68de75d..d0c4725 100644 --- a/nixos/hosts/thalassa/default.nix +++ b/nixos/hosts/thalassa/default.nix @@ -1,5 +1,7 @@ { - # "null" = { type = "local"; }; - "aoife" = { type = "local"; }; + "aoife" = { + type = "local"; + mac = "04:7b:cb:b6:2d:88"; + }; "eevee" = { type = "local"; }; } diff --git a/nixos/hosts/thalassa/eevee/configuration.nix b/nixos/hosts/thalassa/eevee/configuration.nix index eccf3cf..e74c1a1 100644 --- a/nixos/hosts/thalassa/eevee/configuration.nix +++ b/nixos/hosts/thalassa/eevee/configuration.nix @@ -3,8 +3,7 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { pkgs, inputs, ... }: { - imports = - [ ../../../common/desktop ./hardware-configuration.nix ./hardware.nix ]; + imports = [ ./hardware-configuration.nix ./hardware.nix ]; # Bootloader. boot = { diff --git a/nixos/util.nix b/nixos/util.nix index e36ec67..8519414 100644 --- a/nixos/util.nix +++ b/nixos/util.nix @@ -13,7 +13,7 @@ let ./common/generic-lxc.nix ]; "vm" = [ ./common/generic-vm.nix ]; - "local" = [ ]; + "local" = [ ./common/desktop ]; }; in type: import_cases.${type} ++ base_imports; # Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal) @@ -21,8 +21,6 @@ let type_import type ++ [ ./common "${./.}/hosts/${realm}/${profile}/configuration.nix" ]; -in { - inherit base_imports type_import resolve_imports; # Add to whatever realm a host belong to its list of tags add_realm_to_tags = mapAttrs (realm: mapAttrs (_hostname: @@ -40,8 +38,10 @@ in { # Filter out all hosts which aren't nixos filter_nix_hosts = filter ({ nix ? true, ... }: nix); + # outputs + # Helper function to build a colmena host definition - mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host: + mkColmenaHost = { ip ? null, exposes ? null, hostname, tags, realm, type ? "lxc", ... }@host: let # this makes local apply work a bit nicer name = if type == "local" then hostname else "${hostname}.${realm}"; @@ -52,6 +52,10 @@ in { hostName = hostname; domain = realm; }; + meta = { + inherit exposes; + ipv4 = ip; + }; deployment = { inherit tags; targetHost = ip; @@ -60,4 +64,9 @@ in { }; }; }; + hosts = add_realm_to_tags (import ./hosts); + flat_hosts = flatten_hosts hosts; + nixHosts = filter_nix_hosts flat_hosts; +in { + inherit base_imports mkColmenaHost hosts flat_hosts nixHosts; }