From dedd70dc0e2c8fdbeab16bdc4aae72331a6adf7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Fri, 31 Jan 2025 15:11:56 +0100 Subject: [PATCH] Make `vm*/default.nix` resources --- infra/fedi300/default.nix | 60 ++++++++++++++++++++---------------- infra/flake-part.nix | 3 +- infra/procolixResource.nix | 62 +++++++++++++++++--------------------- infra/vm02116/default.nix | 44 +++++++++++++++------------ infra/vm02179/default.nix | 36 ++++++++++++---------- infra/vm02186/default.nix | 36 ++++++++++++---------- infra/vm02187/default.nix | 44 +++++++++++++++------------ 7 files changed, 151 insertions(+), 134 deletions(-) diff --git a/infra/fedi300/default.nix b/infra/fedi300/default.nix index 642423d8..e1cfd1db 100644 --- a/infra/fedi300/default.nix +++ b/infra/fedi300/default.nix @@ -1,33 +1,41 @@ { lib, ... }: +let + inherit (lib) mkForce; + +in { - imports = [ - ./forgejo-actions-runner.nix - ]; + procolixVm.host = "95.215.187.30"; - procolix.vm = { - name = "fedi300"; - ip4 = "95.215.187.30"; - ip6 = "2a00:51c0:12:1305::30"; - }; - - ## FIXME: We should just have an option under `procolix.vm` to distinguish - ## between Procolix VMs and Fediversity ones. - networking.domain = lib.mkForce "fediversity.eu"; - networking.defaultGateway.address = lib.mkForce "95.215.187.1"; - networking.defaultGateway6.address = lib.mkForce "2a00:51c0:13:1305::1"; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1A4E-07F4"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" + nixos.module = { + imports = [ + ./forgejo-actions-runner.nix ]; + + procolix.vm = { + name = "fedi300"; + ip4 = "95.215.187.30"; + ip6 = "2a00:51c0:12:1305::30"; + }; + + ## FIXME: We should just have an option under `procolix.vm` to distinguish + ## between Procolix VMs and Fediversity ones. + networking.domain = mkForce "fediversity.eu"; + networking.defaultGateway.address = mkForce "95.215.187.1"; + networking.defaultGateway6.address = mkForce "2a00:51c0:13:1305::1"; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1A4E-07F4"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; }; } diff --git a/infra/flake-part.nix b/infra/flake-part.nix index bacbfd3d..c588b529 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -14,12 +14,11 @@ let { providers, ... }: { _module.args = { inherit self inputs providers; }; - imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ./procolixResource.nix + (./. + "/${vmName}") ]; - procolixVm.name = vmName; }; diff --git a/infra/procolixResource.nix b/infra/procolixResource.nix index 811be602..ab665547 100644 --- a/infra/procolixResource.nix +++ b/infra/procolixResource.nix @@ -13,42 +13,36 @@ let in { options = { - procolixVm.name = mkOption { }; + procolixVm = { + name = mkOption { }; + host = mkOption { }; + }; }; - config = - let - vmConfig = import (./. + "/${config.procolixVm.name}"); - in - { - type = providers.local.exec; + config = { + type = providers.local.exec; - ssh = { - host = vmConfig.procolix.vm.ip4; - opts = ""; - hostPublicKey = self.keys.systems.${config.procolixVm.name}; - }; - - nixpkgs = inputs.nixpkgs; - - nixos.module = { - imports = [ - ## NOTE: We import an attrset as a NixOS module, for convenience, so - ## as to be able to use it in NixOps4 and to grab information from it - ## (eg. the IP) without evaluating the whole configuration first. - vmConfig - - ./common - - self.nixosModules.ageSecrets - ]; - - ## Necessary to filter Age secrets. - fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name}; - - ## FIXME: Remove direct root authentication once the NixOps4 NixOS - ## provider supports users with password-less sudo. - users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors; - }; + ssh = { + host = config.procolixVm.host; + opts = ""; + hostPublicKey = self.keys.systems.${config.procolixVm.name}; }; + + nixpkgs = inputs.nixpkgs; + + nixos.module = { + imports = [ + ./common + + self.nixosModules.ageSecrets + ]; + + ## Necessary to filter Age secrets. + fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name}; + + ## FIXME: Remove direct root authentication once the NixOps4 NixOS + ## provider supports users with password-less sudo. + users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors; + }; + }; } diff --git a/infra/vm02116/default.nix b/infra/vm02116/default.nix index 34f7a24f..1ef947d3 100644 --- a/infra/vm02116/default.nix +++ b/infra/vm02116/default.nix @@ -1,27 +1,31 @@ { - imports = [ - ./forgejo.nix - ]; + procolixVm.host = "185.206.232.34"; - procolix.vm = { - name = "vm02116"; - ip4 = "185.206.232.34"; - ip6 = "2a00:51c0:12:1201::20"; - }; + nixos.module = { + imports = [ + ./forgejo.nix + ]; - ## vm02116 is running on old hardware based on a Xen VM environment, so it - ## needs these extra options. Once the VM gets moved to a newer node, these - ## two options can safely be removed. - boot.initrd.availableKernelModules = [ "xen_blkfront" ]; - services.xe-guest-utilities.enable = true; + procolix.vm = { + name = "vm02116"; + ip4 = "185.206.232.34"; + ip6 = "2a00:51c0:12:1201::20"; + }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853"; - fsType = "ext4"; - }; + ## vm02116 is running on old hardware based on a Xen VM environment, so it + ## needs these extra options. Once the VM gets moved to a newer node, these + ## two options can safely be removed. + boot.initrd.availableKernelModules = [ "xen_blkfront" ]; + services.xe-guest-utilities.enable = true; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2CE2-1173"; - fsType = "vfat"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/2CE2-1173"; + fsType = "vfat"; + }; }; } diff --git a/infra/vm02179/default.nix b/infra/vm02179/default.nix index fbf2027e..d743fe08 100644 --- a/infra/vm02179/default.nix +++ b/infra/vm02179/default.nix @@ -1,21 +1,25 @@ { - procolix.vm = { - name = "vm02179"; - ip4 = "185.206.232.179"; - ip6 = "2a00:51c0:12:1201::179"; - }; + procolixVm.host = "185.206.232.179"; - fileSystems."/" = { - device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241"; - fsType = "ext4"; - }; + nixos.module = { + procolix.vm = { + name = "vm02179"; + ip4 = "185.206.232.179"; + ip6 = "2a00:51c0:12:1201::179"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/D9F4-9BF0"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; + fileSystems."/" = { + device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D9F4-9BF0"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; }; } diff --git a/infra/vm02186/default.nix b/infra/vm02186/default.nix index 032dc122..5f411fca 100644 --- a/infra/vm02186/default.nix +++ b/infra/vm02186/default.nix @@ -1,21 +1,25 @@ { - procolix.vm = { - name = "vm02186"; - ip4 = "185.206.232.186"; - ip6 = "2a00:51c0:12:1201::186"; - }; + procolixVm.host = "185.206.232.186"; - fileSystems."/" = { - device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a"; - fsType = "ext4"; - }; + nixos.module = { + procolix.vm = { + name = "vm02186"; + ip4 = "185.206.232.186"; + ip6 = "2a00:51c0:12:1201::186"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/B4D5-3AF9"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; + fileSystems."/" = { + device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/B4D5-3AF9"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; }; } diff --git a/infra/vm02187/default.nix b/infra/vm02187/default.nix index 70a0f0e6..fc0f5a1a 100644 --- a/infra/vm02187/default.nix +++ b/infra/vm02187/default.nix @@ -1,25 +1,29 @@ { - imports = [ - ./wiki.nix - ]; + procolixVm.host = "185.206.232.187"; - procolix.vm = { - name = "vm02187"; - ip4 = "185.206.232.187"; - ip6 = "2a00:51c0:12:1201::187"; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/6AB5-4FA8"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" + nixos.module = { + imports = [ + ./wiki.nix ]; + + procolix.vm = { + name = "vm02187"; + ip4 = "185.206.232.187"; + ip6 = "2a00:51c0:12:1201::187"; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6AB5-4FA8"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; }; }