simple impl of exposes thingy
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
2c16870d66
commit
fa5bda60be
|
@ -5,5 +5,5 @@ pipeline:
|
||||||
- NIX_CONFIG=experimental-features = nix-command flakes
|
- NIX_CONFIG=experimental-features = nix-command flakes
|
||||||
commands:
|
commands:
|
||||||
- nix run 'nixpkgs#statix' check
|
- nix run 'nixpkgs#statix' check
|
||||||
- nix run 'github:astro/deadnix' -- -f
|
- nix run 'nixpkgs#deadnix' -- -f
|
||||||
- nix run 'nixpkgs#yamllint' .
|
- nix run 'nixpkgs#yamllint' .
|
||||||
|
|
|
@ -46,14 +46,9 @@
|
||||||
inherit (nixpkgs) lib;
|
inherit (nixpkgs) lib;
|
||||||
|
|
||||||
util = import ./nixos/util.nix inputs;
|
util = import ./nixos/util.nix inputs;
|
||||||
|
inherit (util) hosts flat_hosts nixHosts;
|
||||||
|
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
# import and add realm to list of tags
|
|
||||||
hosts = util.add_realm_to_tags (import ./nixos/hosts);
|
|
||||||
# flatten hosts to single list
|
|
||||||
flat_hosts = util.flatten_hosts hosts;
|
|
||||||
# Filter out all non-nixos hosts
|
|
||||||
nixHosts = util.filter_nix_hosts flat_hosts;
|
|
||||||
|
|
||||||
pkgs = import nixpkgs {
|
pkgs = import nixpkgs {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
@ -137,6 +132,7 @@
|
||||||
apply-local
|
apply-local
|
||||||
colmena.packages.${system}.colmena
|
colmena.packages.${system}.colmena
|
||||||
cachix
|
cachix
|
||||||
|
deadnix
|
||||||
fluxcd
|
fluxcd
|
||||||
k9s
|
k9s
|
||||||
kubectl
|
kubectl
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
imports = [ ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ];
|
imports = [ ./meta.nix ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ];
|
||||||
}
|
}
|
||||||
|
|
42
nixos/common/modules/meta.nix
Normal file
42
nixos/common/modules/meta.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
exposesOpts = {
|
||||||
|
options = {
|
||||||
|
domain = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "<name>.example.com";
|
||||||
|
description = ''
|
||||||
|
The domain under which this service should be available
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
example = 4242;
|
||||||
|
description = ''
|
||||||
|
The port under which the service runs on the host
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
meta.exposes = mkOption {
|
||||||
|
type = with types; attrsOf (submodule exposesOpts);
|
||||||
|
description = ''
|
||||||
|
Exposed services
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
meta.ipv4 = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Own IPv4 Address
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -100,6 +100,12 @@
|
||||||
"hedgedoc" = {
|
"hedgedoc" = {
|
||||||
ip = "10.42.42.23";
|
ip = "10.42.42.23";
|
||||||
mac = "86:BC:0C:18:BC:9B";
|
mac = "86:BC:0C:18:BC:9B";
|
||||||
|
exposes = {
|
||||||
|
md = {
|
||||||
|
domain = "md.0x76.dev";
|
||||||
|
port = 3000;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
"zmeura" = {
|
"zmeura" = {
|
||||||
ip = "10.42.42.24";
|
ip = "10.42.42.24";
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
let
|
let
|
||||||
db_name = "hedgedoc";
|
db_name = "hedgedoc";
|
||||||
db_user = "hedgedoc";
|
db_user = "hedgedoc";
|
||||||
|
inherit (config.meta.exposes.md) port;
|
||||||
vs = config.vault-secrets.secrets;
|
vs = config.vault-secrets.secrets;
|
||||||
in {
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
@ -40,7 +41,7 @@ in {
|
||||||
environmentFile = "${vs.hedgedoc}/environment";
|
environmentFile = "${vs.hedgedoc}/environment";
|
||||||
settings = {
|
settings = {
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
port = 3000;
|
inherit port;
|
||||||
sessionSecret = "$SESSION_SECRET";
|
sessionSecret = "$SESSION_SECRET";
|
||||||
domain = "md.0x76.dev";
|
domain = "md.0x76.dev";
|
||||||
protocolUseSSL = true;
|
protocolUseSSL = true;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, hosts, ... }:
|
||||||
let
|
let
|
||||||
proxy = url: {
|
proxy = url: {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
@ -44,9 +44,11 @@ in {
|
||||||
|
|
||||||
package = pkgs.nginxMainline;
|
package = pkgs.nginxMainline;
|
||||||
|
|
||||||
|
# Templated
|
||||||
|
virtualHosts.${hosts.olympus.hedgedoc.exposes.md.domain} = proxy "http://hedgedoc.olympus:${toString hosts.olympus.hedgedoc.exposes.md.port}/";
|
||||||
|
|
||||||
# 0x76.dev
|
# 0x76.dev
|
||||||
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
|
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
|
||||||
virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/";
|
|
||||||
virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
|
virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
|
||||||
virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
|
virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
|
||||||
virtualHosts."grafana.0x76.dev" =
|
virtualHosts."grafana.0x76.dev" =
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
|
|
||||||
{ inputs, ... }: {
|
{ inputs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../../../common/desktop
|
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z
|
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
|
@ -26,6 +25,8 @@
|
||||||
# Enable Ozone rendering for Chromium and Electron apps.
|
# Enable Ozone rendering for Chromium and Electron apps.
|
||||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||||
|
|
||||||
|
# environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
{
|
{
|
||||||
# "null" = { type = "local"; };
|
"aoife" = {
|
||||||
"aoife" = { type = "local"; };
|
type = "local";
|
||||||
|
mac = "04:7b:cb:b6:2d:88";
|
||||||
|
};
|
||||||
"eevee" = { type = "local"; };
|
"eevee" = { type = "local"; };
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,8 +3,7 @@
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ pkgs, inputs, ... }: {
|
{ pkgs, inputs, ... }: {
|
||||||
imports =
|
imports = [ ./hardware-configuration.nix ./hardware.nix ];
|
||||||
[ ../../../common/desktop ./hardware-configuration.nix ./hardware.nix ];
|
|
||||||
|
|
||||||
# Bootloader.
|
# Bootloader.
|
||||||
boot = {
|
boot = {
|
||||||
|
|
|
@ -13,7 +13,7 @@ let
|
||||||
./common/generic-lxc.nix
|
./common/generic-lxc.nix
|
||||||
];
|
];
|
||||||
"vm" = [ ./common/generic-vm.nix ];
|
"vm" = [ ./common/generic-vm.nix ];
|
||||||
"local" = [ ];
|
"local" = [ ./common/desktop ];
|
||||||
};
|
};
|
||||||
in type: import_cases.${type} ++ base_imports;
|
in type: import_cases.${type} ++ base_imports;
|
||||||
# Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal)
|
# Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal)
|
||||||
|
@ -21,8 +21,6 @@ let
|
||||||
type_import type
|
type_import type
|
||||||
++ [ ./common "${./.}/hosts/${realm}/${profile}/configuration.nix" ];
|
++ [ ./common "${./.}/hosts/${realm}/${profile}/configuration.nix" ];
|
||||||
|
|
||||||
in {
|
|
||||||
inherit base_imports type_import resolve_imports;
|
|
||||||
# Add to whatever realm a host belong to its list of tags
|
# Add to whatever realm a host belong to its list of tags
|
||||||
add_realm_to_tags = mapAttrs (realm:
|
add_realm_to_tags = mapAttrs (realm:
|
||||||
mapAttrs (_hostname:
|
mapAttrs (_hostname:
|
||||||
|
@ -40,8 +38,10 @@ in {
|
||||||
# Filter out all hosts which aren't nixos
|
# Filter out all hosts which aren't nixos
|
||||||
filter_nix_hosts = filter ({ nix ? true, ... }: nix);
|
filter_nix_hosts = filter ({ nix ? true, ... }: nix);
|
||||||
|
|
||||||
|
# outputs
|
||||||
|
|
||||||
# Helper function to build a colmena host definition
|
# Helper function to build a colmena host definition
|
||||||
mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
mkColmenaHost = { ip ? null, exposes ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
||||||
let
|
let
|
||||||
# this makes local apply work a bit nicer
|
# this makes local apply work a bit nicer
|
||||||
name = if type == "local" then hostname else "${hostname}.${realm}";
|
name = if type == "local" then hostname else "${hostname}.${realm}";
|
||||||
|
@ -52,6 +52,10 @@ in {
|
||||||
hostName = hostname;
|
hostName = hostname;
|
||||||
domain = realm;
|
domain = realm;
|
||||||
};
|
};
|
||||||
|
meta = {
|
||||||
|
inherit exposes;
|
||||||
|
ipv4 = ip;
|
||||||
|
};
|
||||||
deployment = {
|
deployment = {
|
||||||
inherit tags;
|
inherit tags;
|
||||||
targetHost = ip;
|
targetHost = ip;
|
||||||
|
@ -60,4 +64,9 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
hosts = add_realm_to_tags (import ./hosts);
|
||||||
|
flat_hosts = flatten_hosts hosts;
|
||||||
|
nixHosts = filter_nix_hosts flat_hosts;
|
||||||
|
in {
|
||||||
|
inherit base_imports mkColmenaHost hosts flat_hosts nixHosts;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue