kevin/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Make vm*/default.nix resources

Browse source
This commit is contained in:
Nicolas Jeannerod 2025-01-31 15:11:56 +01:00
parent 4f761bfc1f
commit dedd70dc0e
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
7 changed files with 151 additions and 134 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
infra/fedi300/default.nix
View file

@ -1,33 +1,41 @@
{ lib, ... }: { lib, ... }:
let
inherit (lib) mkForce;
in
{ {
imports = [ procolixVm.host = "95.215.187.30";
./forgejo-actions-runner.nix
];
procolix.vm = { nixos.module = {
name = "fedi300"; imports = [
ip4 = "95.215.187.30"; ./forgejo-actions-runner.nix
ip6 = "2a00:51c0:12:1305::30";
};
## FIXME: We should just have an option under `procolix.vm` to distinguish
## between Procolix VMs and Fediversity ones.
networking.domain = lib.mkForce "fediversity.eu";
networking.defaultGateway.address = lib.mkForce "95.215.187.1";
networking.defaultGateway6.address = lib.mkForce "2a00:51c0:13:1305::1";
fileSystems."/" = {
device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1A4E-07F4";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
]; ];
procolix.vm = {
name = "fedi300";
ip4 = "95.215.187.30";
ip6 = "2a00:51c0:12:1305::30";
};
## FIXME: We should just have an option under `procolix.vm` to distinguish
## between Procolix VMs and Fediversity ones.
networking.domain = mkForce "fediversity.eu";
networking.defaultGateway.address = mkForce "95.215.187.1";
networking.defaultGateway6.address = mkForce "2a00:51c0:13:1305::1";
fileSystems."/" = {
device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1A4E-07F4";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
}; };
} }

3
infra/flake-part.nix
View file

@ -14,12 +14,11 @@ let
{ providers, ... }: { providers, ... }:
{ {
_module.args = { inherit self inputs providers; }; _module.args = { inherit self inputs providers; };
imports = [ imports = [
inputs.nixops4-nixos.modules.nixops4Resource.nixos inputs.nixops4-nixos.modules.nixops4Resource.nixos
./procolixResource.nix ./procolixResource.nix
(./. + "/${vmName}")
]; ];
procolixVm.name = vmName; procolixVm.name = vmName;
}; };

62
infra/procolixResource.nix
View file

@ -13,42 +13,36 @@ let
in in
{ {
options = { options = {
procolixVm.name = mkOption { }; procolixVm = {
name = mkOption { };
host = mkOption { };
};
}; };
config = config = {
let type = providers.local.exec;
vmConfig = import (./. + "/${config.procolixVm.name}");
in
{
type = providers.local.exec;
ssh = { ssh = {
host = vmConfig.procolix.vm.ip4; host = config.procolixVm.host;
opts = ""; opts = "";
hostPublicKey = self.keys.systems.${config.procolixVm.name}; hostPublicKey = self.keys.systems.${config.procolixVm.name};
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
## NOTE: We import an attrset as a NixOS module, for convenience, so
## as to be able to use it in NixOps4 and to grab information from it
## (eg. the IP) without evaluating the whole configuration first.
vmConfig
./common
self.nixosModules.ageSecrets
];
## Necessary to filter Age secrets.
fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};
## FIXME: Remove direct root authentication once the NixOps4 NixOS
## provider supports users with password-less sudo.
users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
};
}; };
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
./common
self.nixosModules.ageSecrets
];
## Necessary to filter Age secrets.
fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};
## FIXME: Remove direct root authentication once the NixOps4 NixOS
## provider supports users with password-less sudo.
users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
};
};
} }

44
infra/vm02116/default.nix
View file

@ -1,27 +1,31 @@
{ {
imports = [ procolixVm.host = "185.206.232.34";
./forgejo.nix
];
procolix.vm = { nixos.module = {
name = "vm02116"; imports = [
ip4 = "185.206.232.34"; ./forgejo.nix
ip6 = "2a00:51c0:12:1201::20"; ];
};
## vm02116 is running on old hardware based on a Xen VM environment, so it procolix.vm = {
## needs these extra options. Once the VM gets moved to a newer node, these name = "vm02116";
## two options can safely be removed. ip4 = "185.206.232.34";
boot.initrd.availableKernelModules = [ "xen_blkfront" ]; ip6 = "2a00:51c0:12:1201::20";
services.xe-guest-utilities.enable = true; };
fileSystems."/" = { ## vm02116 is running on old hardware based on a Xen VM environment, so it
device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853"; ## needs these extra options. Once the VM gets moved to a newer node, these
fsType = "ext4"; ## two options can safely be removed.
}; boot.initrd.availableKernelModules = [ "xen_blkfront" ];
services.xe-guest-utilities.enable = true;
fileSystems."/boot" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/2CE2-1173"; device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853";
fsType = "vfat"; fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2CE2-1173";
fsType = "vfat";
};
}; };
} }

36
infra/vm02179/default.nix
View file

@ -1,21 +1,25 @@
{ {
procolix.vm = { procolixVm.host = "185.206.232.179";
name = "vm02179";
ip4 = "185.206.232.179";
ip6 = "2a00:51c0:12:1201::179";
};
fileSystems."/" = { nixos.module = {
device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241"; procolix.vm = {
fsType = "ext4"; name = "vm02179";
}; ip4 = "185.206.232.179";
ip6 = "2a00:51c0:12:1201::179";
};
fileSystems."/boot" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/D9F4-9BF0"; device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241";
fsType = "vfat"; fsType = "ext4";
options = [ };
"fmask=0022"
"dmask=0022" fileSystems."/boot" = {
]; device = "/dev/disk/by-uuid/D9F4-9BF0";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
}; };
} }

36
infra/vm02186/default.nix
View file

@ -1,21 +1,25 @@
{ {
procolix.vm = { procolixVm.host = "185.206.232.186";
name = "vm02186";
ip4 = "185.206.232.186";
ip6 = "2a00:51c0:12:1201::186";
};
fileSystems."/" = { nixos.module = {
device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a"; procolix.vm = {
fsType = "ext4"; name = "vm02186";
}; ip4 = "185.206.232.186";
ip6 = "2a00:51c0:12:1201::186";
};
fileSystems."/boot" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/B4D5-3AF9"; device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a";
fsType = "vfat"; fsType = "ext4";
options = [ };
"fmask=0022"
"dmask=0022" fileSystems."/boot" = {
]; device = "/dev/disk/by-uuid/B4D5-3AF9";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
}; };
} }

44
infra/vm02187/default.nix
View file

@ -1,25 +1,29 @@
{ {
imports = [ procolixVm.host = "185.206.232.187";
./wiki.nix
];
procolix.vm = { nixos.module = {
name = "vm02187"; imports = [
ip4 = "185.206.232.187"; ./wiki.nix
ip6 = "2a00:51c0:12:1201::187";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6AB5-4FA8";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
]; ];
procolix.vm = {
name = "vm02187";
ip4 = "185.206.232.187";
ip6 = "2a00:51c0:12:1201::187";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6AB5-4FA8";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
}; };
} }