kevin/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Make vm*/default.nix resources

Browse source
This commit is contained in:
Nicolas Jeannerod 2025-01-31 15:11:56 +01:00
parent 4f761bfc1f
commit dedd70dc0e
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
7 changed files with 151 additions and 134 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
infra/fedi300/default.nix
View file

@ -1,33 +1,41 @@
{ lib, ... }:
let
inherit (lib) mkForce;
in
{
imports = [
./forgejo-actions-runner.nix
];
procolixVm.host = "95.215.187.30";
procolix.vm = {
name = "fedi300";
ip4 = "95.215.187.30";
ip6 = "2a00:51c0:12:1305::30";
};
## FIXME: We should just have an option under `procolix.vm` to distinguish
## between Procolix VMs and Fediversity ones.
networking.domain = lib.mkForce "fediversity.eu";
networking.defaultGateway.address = lib.mkForce "95.215.187.1";
networking.defaultGateway6.address = lib.mkForce "2a00:51c0:13:1305::1";
fileSystems."/" = {
device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1A4E-07F4";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
nixos.module = {
imports = [
./forgejo-actions-runner.nix
];
procolix.vm = {
name = "fedi300";
ip4 = "95.215.187.30";
ip6 = "2a00:51c0:12:1305::30";
};
## FIXME: We should just have an option under `procolix.vm` to distinguish
## between Procolix VMs and Fediversity ones.
networking.domain = mkForce "fediversity.eu";
networking.defaultGateway.address = mkForce "95.215.187.1";
networking.defaultGateway6.address = mkForce "2a00:51c0:13:1305::1";
fileSystems."/" = {
device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1A4E-07F4";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
};
}

3
infra/flake-part.nix
View file

@ -14,12 +14,11 @@ let
{ providers, ... }:
{
_module.args = { inherit self inputs providers; };
imports = [
inputs.nixops4-nixos.modules.nixops4Resource.nixos
./procolixResource.nix
(./. + "/${vmName}")
];
procolixVm.name = vmName;
};

62
infra/procolixResource.nix
View file

@ -13,42 +13,36 @@ let
in
{
options = {
procolixVm.name = mkOption { };
procolixVm = {
name = mkOption { };
host = mkOption { };
};
};
config =
let
vmConfig = import (./. + "/${config.procolixVm.name}");
in
{
type = providers.local.exec;
config = {
type = providers.local.exec;
ssh = {
host = vmConfig.procolix.vm.ip4;
opts = "";
hostPublicKey = self.keys.systems.${config.procolixVm.name};
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
## NOTE: We import an attrset as a NixOS module, for convenience, so
## as to be able to use it in NixOps4 and to grab information from it
## (eg. the IP) without evaluating the whole configuration first.
vmConfig
./common
self.nixosModules.ageSecrets
];
## Necessary to filter Age secrets.
fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};
## FIXME: Remove direct root authentication once the NixOps4 NixOS
## provider supports users with password-less sudo.
users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
};
ssh = {
host = config.procolixVm.host;
opts = "";
hostPublicKey = self.keys.systems.${config.procolixVm.name};
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
./common
self.nixosModules.ageSecrets
];
## Necessary to filter Age secrets.
fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};
## FIXME: Remove direct root authentication once the NixOps4 NixOS
## provider supports users with password-less sudo.
users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
};
};
}

44
infra/vm02116/default.nix
View file

@ -1,27 +1,31 @@
{
imports = [
./forgejo.nix
];
procolixVm.host = "185.206.232.34";
procolix.vm = {
name = "vm02116";
ip4 = "185.206.232.34";
ip6 = "2a00:51c0:12:1201::20";
};
nixos.module = {
imports = [
./forgejo.nix
];
## vm02116 is running on old hardware based on a Xen VM environment, so it
## needs these extra options. Once the VM gets moved to a newer node, these
## two options can safely be removed.
boot.initrd.availableKernelModules = [ "xen_blkfront" ];
services.xe-guest-utilities.enable = true;
procolix.vm = {
name = "vm02116";
ip4 = "185.206.232.34";
ip6 = "2a00:51c0:12:1201::20";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853";
fsType = "ext4";
};
## vm02116 is running on old hardware based on a Xen VM environment, so it
## needs these extra options. Once the VM gets moved to a newer node, these
## two options can safely be removed.
boot.initrd.availableKernelModules = [ "xen_blkfront" ];
services.xe-guest-utilities.enable = true;
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2CE2-1173";
fsType = "vfat";
fileSystems."/" = {
device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2CE2-1173";
fsType = "vfat";
};
};
}

36
infra/vm02179/default.nix
View file

@ -1,21 +1,25 @@
{
procolix.vm = {
name = "vm02179";
ip4 = "185.206.232.179";
ip6 = "2a00:51c0:12:1201::179";
};
procolixVm.host = "185.206.232.179";
fileSystems."/" = {
device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241";
fsType = "ext4";
};
nixos.module = {
procolix.vm = {
name = "vm02179";
ip4 = "185.206.232.179";
ip6 = "2a00:51c0:12:1201::179";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D9F4-9BF0";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
fileSystems."/" = {
device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D9F4-9BF0";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
};
}

36
infra/vm02186/default.nix
View file

@ -1,21 +1,25 @@
{
procolix.vm = {
name = "vm02186";
ip4 = "185.206.232.186";
ip6 = "2a00:51c0:12:1201::186";
};
procolixVm.host = "185.206.232.186";
fileSystems."/" = {
device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a";
fsType = "ext4";
};
nixos.module = {
procolix.vm = {
name = "vm02186";
ip4 = "185.206.232.186";
ip6 = "2a00:51c0:12:1201::186";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B4D5-3AF9";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
fileSystems."/" = {
device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B4D5-3AF9";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
};
}

44
infra/vm02187/default.nix
View file

@ -1,25 +1,29 @@
{
imports = [
./wiki.nix
];
procolixVm.host = "185.206.232.187";
procolix.vm = {
name = "vm02187";
ip4 = "185.206.232.187";
ip6 = "2a00:51c0:12:1201::187";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6AB5-4FA8";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
nixos.module = {
imports = [
./wiki.nix
];
procolix.vm = {
name = "vm02187";
ip4 = "185.206.232.187";
ip6 = "2a00:51c0:12:1201::187";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6AB5-4FA8";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
};
}