forked from fediversity/fediversity
Compare commits
7 commits
f575e8cdea
...
d53dff003e
| Author | SHA1 | Date | |
|---|---|---|---|
d53dff003e
|
|||
|
604803aea3
|
|||
|
5d0ecc08c1
|
|||
|
c1141534a9
|
|||
|
441097a49b
|
|||
|
86bed1ced1
|
|||
|
721e0ae961
|
20 changed files with 35 additions and 66 deletions
|
|
@ -2,7 +2,6 @@
|
|||
self,
|
||||
inputs,
|
||||
lib,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -28,7 +27,7 @@ in
|
|||
../common/nixosTest.nix
|
||||
./nixosTest.nix
|
||||
];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit targetMachines pathToRoot pathFromRoot;
|
||||
};
|
||||
};
|
||||
|
|
@ -45,7 +44,7 @@ in
|
|||
inputs.nixops4-nixos.modules.nixops4Resource.nixos
|
||||
../common/targetResource.nix
|
||||
];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit nodeName pathToRoot pathFromRoot;
|
||||
nixos.module =
|
||||
{ pkgs, ... }:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
self,
|
||||
inputs,
|
||||
lib,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -32,7 +31,7 @@ in
|
|||
../common/nixosTest.nix
|
||||
./nixosTest.nix
|
||||
];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit
|
||||
targetMachines
|
||||
pathToRoot
|
||||
|
|
@ -46,7 +45,7 @@ in
|
|||
let
|
||||
makeTargetResource = nodeName: {
|
||||
imports = [ ../common/targetResource.nix ];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit
|
||||
nodeName
|
||||
pathToRoot
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -15,6 +14,8 @@ let
|
|||
types
|
||||
;
|
||||
|
||||
sources = import ../../../npins;
|
||||
|
||||
in
|
||||
{
|
||||
_class = "nixos";
|
||||
|
|
@ -79,7 +80,7 @@ in
|
|||
config.system.extraDependenciesFromModule
|
||||
{
|
||||
nixpkgs.hostPlatform = "x86_64-linux";
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
enableAcme = config.enableAcme;
|
||||
acmeNodeIP = config.acmeNodeIP;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
lib,
|
||||
config,
|
||||
hostPkgs,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -62,7 +61,7 @@ in
|
|||
{
|
||||
deployer = {
|
||||
imports = [ ./deployerNode.nix ];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
enableAcme = config.enableAcme;
|
||||
acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
|
||||
};
|
||||
|
|
@ -89,7 +88,7 @@ in
|
|||
|
||||
genAttrs config.targetMachines (_: {
|
||||
imports = [ ./targetNode.nix ];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
enableAcme = config.enableAcme;
|
||||
acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
|
||||
});
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
inputs,
|
||||
lib,
|
||||
config,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -41,7 +40,7 @@ in
|
|||
(lib.modules.importJSON (config.pathToCwd + "/${config.nodeName}-network.json"))
|
||||
];
|
||||
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
enableAcme = config.enableAcme;
|
||||
acmeNodeIP = trim (readFile (config.pathToCwd + "/acme_server_ip"));
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
self,
|
||||
inputs,
|
||||
lib,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -35,7 +34,7 @@ in
|
|||
../common/nixosTest.nix
|
||||
./nixosTest.nix
|
||||
];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit
|
||||
targetMachines
|
||||
pathToRoot
|
||||
|
|
@ -49,7 +48,7 @@ in
|
|||
let
|
||||
makeTargetResource = nodeName: {
|
||||
imports = [ ../common/targetResource.nix ];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit
|
||||
nodeName
|
||||
pathToRoot
|
||||
|
|
|
|||
|
|
@ -31,9 +31,6 @@
|
|||
inherit nixpkgs;
|
||||
};
|
||||
self = self';
|
||||
specialArgs = {
|
||||
inherit sources;
|
||||
};
|
||||
}
|
||||
(
|
||||
{ inputs, ... }:
|
||||
|
|
@ -51,8 +48,6 @@
|
|||
|
||||
./deployment/flake-part.nix
|
||||
./infra/flake-part.nix
|
||||
./keys/flake-part.nix
|
||||
./secrets/flake-part.nix
|
||||
];
|
||||
|
||||
perSystem =
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ in
|
|||
_class = "nixos";
|
||||
|
||||
imports = [
|
||||
./hardware.nix
|
||||
./networking.nix
|
||||
./users.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -15,6 +15,8 @@
|
|||
availableKernelModules = [
|
||||
"ata_piix"
|
||||
"uhci_hcd"
|
||||
"virtio_pci"
|
||||
"virtio_scsi"
|
||||
"sd_mod"
|
||||
"sr_mod"
|
||||
];
|
||||
|
|
@ -2,9 +2,6 @@
|
|||
inputs,
|
||||
lib,
|
||||
config,
|
||||
sources,
|
||||
keys,
|
||||
secrets,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -12,6 +9,12 @@ let
|
|||
inherit (lib) attrValues elem mkDefault;
|
||||
inherit (lib.attrsets) concatMapAttrs optionalAttrs;
|
||||
inherit (lib.strings) removeSuffix;
|
||||
sources = import ../../npins;
|
||||
inherit (sources) agenix disko vars;
|
||||
|
||||
secretsPrefix = ../../secrets;
|
||||
secrets = import (secretsPrefix + "/secrets.nix");
|
||||
keys = import ../../keys;
|
||||
|
||||
in
|
||||
{
|
||||
|
|
@ -32,7 +35,7 @@ in
|
|||
## options that really need to be injected from the resource. Everything else
|
||||
## should go into the `./nixos` subdirectory.
|
||||
nixos.module = {
|
||||
imports = with sources; [
|
||||
imports = [
|
||||
"${agenix}/modules/age.nix"
|
||||
"${disko}/module.nix"
|
||||
"${vars}/options.nix"
|
||||
|
|
@ -45,15 +48,15 @@ in
|
|||
## configuration.
|
||||
fediversityVm = config.fediversityVm;
|
||||
|
||||
## Read all the secrets, filter the ones that are supposed to be readable with
|
||||
## public key, and create a mapping from `<name>.file` to the absolute path of
|
||||
## the secret's file.
|
||||
## Read all the secrets, filter the ones that are supposed to be readable
|
||||
## with this host's public key, and add them correctly to the configuration
|
||||
## as `age.secrets.<name>.file`.
|
||||
age.secrets = concatMapAttrs (
|
||||
name: secret:
|
||||
optionalAttrs (elem config.fediversityVm.hostPublicKey secret.publicKeys) ({
|
||||
${removeSuffix ".age" name}.file = secrets.rootPath + "/${name}";
|
||||
${removeSuffix ".age" name}.file = secretsPrefix + "/${name}";
|
||||
})
|
||||
) secrets.mapping;
|
||||
) secrets;
|
||||
|
||||
## FIXME: Remove direct root authentication once the NixOps4 NixOS provider
|
||||
## supports users with password-less sudo.
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
{
|
||||
inputs,
|
||||
lib,
|
||||
sources,
|
||||
keys,
|
||||
secrets,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -16,6 +13,7 @@ let
|
|||
filterAttrs
|
||||
;
|
||||
inherit (lib.attrsets) genAttrs;
|
||||
sources = import ../../npins;
|
||||
|
||||
## Given a machine's name and whether it is a test VM, make a resource module,
|
||||
## except for its missing provider. (Depending on the use of that resource, we
|
||||
|
|
@ -24,14 +22,7 @@ let
|
|||
{ vmName, isTestVm }:
|
||||
{
|
||||
# TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch flake-parts and have our own data model for how the project is organised internally
|
||||
_module.args = {
|
||||
inherit
|
||||
inputs
|
||||
sources
|
||||
keys
|
||||
secrets
|
||||
;
|
||||
};
|
||||
_module.args = { inherit inputs; };
|
||||
|
||||
imports =
|
||||
[
|
||||
|
|
@ -40,12 +31,11 @@ let
|
|||
++ (
|
||||
if isTestVm then
|
||||
[
|
||||
./common/proxmox-qemu-vm.nix
|
||||
../machines/operator/${vmName}
|
||||
{
|
||||
nixos.module.users.users.root.openssh.authorizedKeys.keys = [
|
||||
# allow our panel vm access to the test machines
|
||||
keys.panel
|
||||
(import ../keys).panel
|
||||
];
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
_class = "flake";
|
||||
|
||||
_module.args.keys = import ./.;
|
||||
}
|
||||
|
|
@ -19,7 +19,6 @@
|
|||
|
||||
nixos.module = {
|
||||
imports = [
|
||||
../../../infra/common/proxmox-qemu-vm.nix
|
||||
./fedipanel.nix
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../../infra/common/proxmox-qemu-vm.nix
|
||||
./forgejo.nix
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../../infra/common/proxmox-qemu-vm.nix
|
||||
./wiki.nix
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ Currently, this repository keeps track of the following VMs:
|
|||
|
||||
Machine | Proxmox | Description
|
||||
--------|---------|-------------
|
||||
[`fedi200`](./dev/fedi200) | fediversity | Testing machine for Hans
|
||||
[`fedi201`](./dev/fedi201) | fediversity | FediPanel
|
||||
[`vm02116`](./dev/vm02116) | procolix | Forgejo
|
||||
[`vm02187`](./dev/vm02187) | procolix | Wiki
|
||||
[`fedi200`](./fedi200) | fediversity | Testing machine for Hans
|
||||
[`fedi201`](./fedi201) | fediversity | FediPanel
|
||||
[`vm02116`](./vm02116) | procolix | Forgejo
|
||||
[`vm02187`](./vm02187) | procolix | Wiki
|
||||
|
||||
This table excludes all machines with names starting with `test`.
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ for machine in $(echo "$vmOptions" | jq -r 'keys[]'); do
|
|||
description=$(echo "$vmOptions" | jq -r ".$machine.description" | head -n 1)
|
||||
|
||||
# shellcheck disable=SC2016
|
||||
printf '[`%s`](./dev/%s) | %s | %s\n' "$machine" "$machine" "$proxmox" "$description"
|
||||
printf '[`%s`](./%s) | %s | %s\n' "$machine" "$machine" "$proxmox" "$description"
|
||||
fi
|
||||
done
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
|
||||
nixos.module = {
|
||||
imports = [
|
||||
../../../infra/common/proxmox-qemu-vm.nix
|
||||
../../../services/fediversity/attic
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
{
|
||||
mapping = import ./secrets.nix;
|
||||
rootPath = ./.;
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
_class = "flake";
|
||||
|
||||
_module.args.secrets = import ./.;
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue