colmena + multi location #64
23 changed files with 26 additions and 12 deletions
19
flake.nix
19
flake.nix
|
@ -25,17 +25,21 @@
|
||||||
{ self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, colmena, ... }@inputs:
|
{ self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, colmena, ... }@inputs:
|
||||||
let
|
let
|
||||||
inherit (nixpkgs) lib;
|
inherit (nixpkgs) lib;
|
||||||
inherit (builtins) filter mapAttrs;
|
inherit (builtins) filter mapAttrs attrValues concatLists;
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
hosts = import ./hosts.nix;
|
# import and add location qualifier to all hosts
|
||||||
specialArgs = { inherit hosts inputs; };
|
hosts = mapAttrs (location: lhosts: map ({ tags ? [ ], ... }@x: x // { tags = [ location ] ++ tags; inherit location; }) lhosts) (import ./nixos/hosts);
|
||||||
|
# flatten hosts to single list
|
||||||
|
flat_hosts = concatLists (attrValues hosts);
|
||||||
# Filter all nixos host definitions that are actual nix machines
|
# Filter all nixos host definitions that are actual nix machines
|
||||||
nixHosts = filter ({ nix ? true, ... }: nix) hosts;
|
nixHosts = filter ({ nix ? true, ... }: nix) flat_hosts;
|
||||||
|
# Define args each module gets access to (access to hosts is useful for DNS/DHCP)
|
||||||
|
specialArgs = { inherit hosts flat_hosts inputs; };
|
||||||
|
|
||||||
# Resolve imports based on a foldername (nixname) and if the host is an LXC container or a VM.
|
# Resolve imports based on a foldername (nixname) and if the host is an LXC container or a VM.
|
||||||
resolveImports = { hostname, profile ? hostname, lxc ? true, ... }: [
|
resolveImports = { hostname, location, profile ? hostname, lxc ? true, ... }: [
|
||||||
./nixos/common
|
./nixos/common
|
||||||
"${./.}/nixos/hosts/${profile}/configuration.nix"
|
"${./.}/nixos/hosts/${location}/${profile}/configuration.nix"
|
||||||
] ++ (if lxc then [
|
] ++ (if lxc then [
|
||||||
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
|
"${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
|
||||||
./nixos/common/generic-lxc.nix
|
./nixos/common/generic-lxc.nix
|
||||||
|
@ -49,10 +53,11 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mkColmenaHost = { ip, hostname, ... }@host: {
|
mkColmenaHost = { ip, hostname, tags, ... }@host: {
|
||||||
"${hostname}" = {
|
"${hostname}" = {
|
||||||
imports = resolveImports host;
|
imports = resolveImports host;
|
||||||
deployment = {
|
deployment = {
|
||||||
|
inherit tags;
|
||||||
targetHost = ip;
|
targetHost = ip;
|
||||||
targetUser = null; # Defaults to $USER
|
targetUser = null; # Defaults to $USER
|
||||||
};
|
};
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
};
|
};
|
||||||
optimise = {
|
optimise = {
|
||||||
automatic = true;
|
automatic = true;
|
||||||
dates = "weekly";
|
dates = [ "weekly" ];
|
||||||
};
|
};
|
||||||
extraOptions = ''
|
extraOptions = ''
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
|
@ -63,6 +63,7 @@
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# TODO: Location dependent
|
||||||
vault-secrets = {
|
vault-secrets = {
|
||||||
vaultPrefix = "secrets/nixos";
|
vaultPrefix = "secrets/nixos";
|
||||||
vaultAddress = "http://vault.olympus:8200/";
|
vaultAddress = "http://vault.olympus:8200/";
|
||||||
|
|
4
nixos/hosts/default.nix
Normal file
4
nixos/hosts/default.nix
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
{
|
||||||
|
olympus = import ./olympus;
|
||||||
|
hades = [];
|
||||||
|
}
|
|
@ -46,6 +46,7 @@
|
||||||
ip = "10.42.42.9";
|
ip = "10.42.42.9";
|
||||||
ip6 = "2001:41f0:9639:1:68c2:89ff:fe85:cfa6";
|
ip6 = "2001:41f0:9639:1:68c2:89ff:fe85:cfa6";
|
||||||
mac = "6A:C2:89:85:CF:A6";
|
mac = "6A:C2:89:85:CF:A6";
|
||||||
|
tags = [ "web" ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "k3s-node1";
|
hostname = "k3s-node1";
|
|
@ -5,6 +5,7 @@ let
|
||||||
hostName = hostname;
|
hostName = hostname;
|
||||||
ipAddress = ip;
|
ipAddress = ip;
|
||||||
};
|
};
|
||||||
|
hosts' = hosts.olympus;
|
||||||
in {
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
|
@ -47,6 +48,6 @@ in {
|
||||||
range 10.42.43.1 10.42.43.254;
|
range 10.42.43.1 10.42.43.254;
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
machines = map hostToDhcp hosts;
|
machines = map hostToDhcp hosts';
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -2,7 +2,9 @@
|
||||||
let
|
let
|
||||||
inherit (builtins) filter hasAttr;
|
inherit (builtins) filter hasAttr;
|
||||||
localdomain = "olympus";
|
localdomain = "olympus";
|
||||||
ipv6Hosts = filter (hasAttr "ip6") hosts;
|
# TODO: use location attr in hosts
|
||||||
|
hosts' = hosts.${localdomain};
|
||||||
|
ipv6Hosts = filter (hasAttr "ip6") hosts';
|
||||||
|
|
||||||
localData = { hostname, ip, ... }: ''"${hostname}.${localdomain}. A ${ip}"'';
|
localData = { hostname, ip, ... }: ''"${hostname}.${localdomain}. A ${ip}"'';
|
||||||
local6Data = { hostname, ip6, ... }: ''"${hostname}.${localdomain}. AAAA ${ip6}"'';
|
local6Data = { hostname, ip6, ... }: ''"${hostname}.${localdomain}. AAAA ${ip6}"'';
|
||||||
|
@ -38,8 +40,8 @@ in {
|
||||||
interface = [ "0.0.0.0" "::0" ];
|
interface = [ "0.0.0.0" "::0" ];
|
||||||
|
|
||||||
local-zone = ''"${localdomain}." transparent'';
|
local-zone = ''"${localdomain}." transparent'';
|
||||||
local-data = (map localData hosts) ++ (map local6Data ipv6Hosts);
|
local-data = (map localData hosts') ++ (map local6Data ipv6Hosts);
|
||||||
local-data-ptr = (map ptrData hosts) ++ (map ptr6Data ipv6Hosts);
|
local-data-ptr = (map ptrData hosts') ++ (map ptr6Data ipv6Hosts);
|
||||||
|
|
||||||
access-control = [
|
access-control = [
|
||||||
"127.0.0.1/32 allow_snoop"
|
"127.0.0.1/32 allow_snoop"
|
Loading…
Reference in a new issue