v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions 1

colmena + multi location #64

Merged
v merged 8 commits from colmena into main 2022-07-31 10:51:26 +02:00
Conversation 0 Commits 8 Files changed 26 +26 -29
4 changed files with 26 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 34dd2d5984 - Show all commits

36
flake.nix
View file

@ -22,7 +22,7 @@
}; };
outputs = outputs =
{ self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, ... }@inputs: { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, colmena, ... }@inputs:
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit (builtins) filter mapAttrs; inherit (builtins) filter mapAttrs;
@ -32,8 +32,8 @@
# Filter all nixos host definitions that are actual nix machines # Filter all nixos host definitions that are actual nix machines
nixHosts = filter ({ nix ? true, ... }: nix) hosts; nixHosts = filter ({ nix ? true, ... }: nix) hosts;
# Resolve imports based on a foldername (nixname) and if the host is an LXC container or a VM.
resolveImports = { hostname, profile ? hostname, lxc ? true, ... }: [ resolveImports = { hostname, profile ? hostname, lxc ? true, ... }: [
vault-secrets.nixosModules.vault-secrets
./nixos/common ./nixos/common
"${./.}/nixos/hosts/${profile}/configuration.nix" "${./.}/nixos/hosts/${profile}/configuration.nix"
] ++ (if lxc then [ ] ++ (if lxc then [
@ -42,16 +42,14 @@
] ]
else [ ./nixos/common/generic-vm.nix ]); else [ ./nixos/common/generic-vm.nix ]);
# Create a nixosConfiguration based on a foldername (nixname) and if the host is an LXC container or a VM. mkConfig = { hostname, ... }@host: {
mkConfig = { hostname, profile ? hostname, lxc ? true, ... }@host: { "${hostname}" = lib.nixosSystem {
"${profile}" = lib.nixosSystem { inherit system specialArgs;
inherit system;
inherit specialArgs;
modules = resolveImports host; modules = resolveImports host;
}; };
}; };
mkColmenaHost = { ip, hostname, profile ? hostname, lxc ? true, ... }@host: { mkColmenaHost = { ip, hostname, ... }@host: {
"${hostname}" = { "${hostname}" = {
imports = resolveImports host; imports = resolveImports host;
deployment = { deployment = {
@ -61,7 +59,7 @@
}; };
}; };
legacyPackages = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ]; pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
in in
{ {
# Make the config and deploy sets # Make the config and deploy sets
@ -74,7 +72,6 @@
inherit system; inherit system;
overlays = [ overlays = [
(import ./nixos/pkgs) (import ./nixos/pkgs)
vault-secrets.overlay
minecraft-servers.overlays.default minecraft-servers.overlays.default
]; ];
}; };
@ -83,25 +80,12 @@
} }
nixHosts; nixHosts;
apps.${system} = rec {
vault-push-approles = {
type = "app";
program = "${legacyPackages.vault-push-approles self}/bin/vault-push-approles";
};
vault-push-approle-envs = {
type = "app";
program =
"${legacyPackages.vault-push-approle-envs self}/bin/vault-push-approle-envs";
};
};
# Use by running `nix develop` # Use by running `nix develop`
devShells.${system}.default = legacyPackages.mkShell { devShells.${system}.default = pkgs.mkShell {
VAULT_ADDR = "http://vault.olympus:8200/"; VAULT_ADDR = "http://vault.olympus:8200/";
# This only support bash so just execute zsh in bash as a workaround :/ # This only support bash so just execute zsh in bash as a workaround :/
shellHook = "zsh; exit $?"; shellHook = "zsh; exit $?";
buildInputs = with legacyPackages; [ buildInputs = with pkgs; [
colmena
fluxcd fluxcd
k9s k9s
kubectl kubectl
@ -110,6 +94,8 @@
nixfmt nixfmt
nixUnstable nixUnstable
vault vault
(vault-push-approle-envs self)
(vault-push-approle-approles self)
]; ];
}; };
}; };

14
nixos/common/default.nix
View file

@ -1,7 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, inputs, ... }:
{ {
imports = [ imports = [
inputs.vault-secrets.nixosModules.vault-secrets
# User account definitions # User account definitions
./users ./users
./services ./services
@ -23,13 +24,24 @@
"https://cachix.cachix.org" "https://cachix.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org" "https://nixpkgs-review-bot.cachix.org"
"https://colmena.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
]; ];
}; };
gc = {
dates = "weekly";
automatic = true;
randomizedDelaySec = "45min";
};
optimise = {
automatic = true;
dates = "weekly";
};
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';

2
nixos/common/users/default.nix
View file

@ -48,7 +48,7 @@
]; ];
# Make me admin # Make me admin
extraGroups = [ "wheel" ]; extraGroups = [ "systemd-journal" "wheel" ];
}; };
# Configure the root account # Configure the root account

1
nixos/hosts/bastion/configuration.nix
View file

@ -45,7 +45,6 @@ in {
# Additional packages # Additional packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
binutils binutils
colmena
fix-vscode fix-vscode
fluxcd fluxcd
k9s k9s