From d9ab6c7ea59d29af3ae8c29c7367fe0e8808f5db Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Wed, 25 Dec 2024 18:25:51 +0100 Subject: refactor(hosts): Use a `by-name` structure and construct all host depended values This allows us to outsource the host-handling from the `flake.nix` file. --- hosts/by-name/server1/configuration.nix | 46 ++++++++++++++++++++++++++++ hosts/by-name/server1/hardware.nix | 14 +++++++++ hosts/by-name/server1/networking.nix | 52 ++++++++++++++++++++++++++++++++ hosts/by-name/server2/configuration.nix | 41 +++++++++++++++++++++++++ hosts/by-name/server2/hardware.nix | 15 ++++++++++ hosts/by-name/server2/networking.nix | 53 +++++++++++++++++++++++++++++++++ hosts/default.nix | 41 +++++++++++++++++++++++++ hosts/host-names.toml | 2 ++ hosts/server1/configuration.nix | 34 --------------------- hosts/server1/hardware.nix | 14 --------- hosts/server1/networking.nix | 50 ------------------------------- 11 files changed, 264 insertions(+), 98 deletions(-) create mode 100644 hosts/by-name/server1/configuration.nix create mode 100644 hosts/by-name/server1/hardware.nix create mode 100644 hosts/by-name/server1/networking.nix create mode 100644 hosts/by-name/server2/configuration.nix create mode 100644 hosts/by-name/server2/hardware.nix create mode 100644 hosts/by-name/server2/networking.nix create mode 100644 hosts/default.nix create mode 100644 hosts/host-names.toml delete mode 100644 hosts/server1/configuration.nix delete mode 100644 hosts/server1/hardware.nix delete mode 100644 hosts/server1/networking.nix (limited to 'hosts') diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix new file mode 100644 index 0000000..6bb1067 --- /dev/null +++ b/hosts/by-name/server1/configuration.nix @@ -0,0 +1,46 @@ +{config, ...}: { + imports = [ + ./networking.nix # network configuration that just works + ./hardware.nix + + ../../../system + ]; + + vhack = { + back = { + enable = true; + repositories = { + "${config.services.gitolite.dataDir}/vhack.eu/nixos-config.git" = { + domain = "issues.vhack.eu"; + port = 9220; + }; + }; + }; + etesync.enable = true; + git-server.enable = true; + nginx.enable = true; + nix-sync.enable = true; + openssh.enable = true; + peertube.enable = true; + postgresql.enable = true; + redlib.enable = true; + users.enable = true; + persist = { + enable = true; + directories = [ + "/var/log" + + # TODO(@bpeetz): Instead of persisting that, encode each uid/gid directly in the + # config. <2024-12-24> + "/var/lib/nixos" + ]; + }; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + networking.hostName = "server1"; + networking.domain = "vhack.eu"; + + system.stateVersion = "22.11"; +} diff --git a/hosts/by-name/server1/hardware.nix b/hosts/by-name/server1/hardware.nix new file mode 100644 index 0000000..9abc64c --- /dev/null +++ b/hosts/by-name/server1/hardware.nix @@ -0,0 +1,14 @@ +{modulesPath, ...}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + (modulesPath + "/profiles/headless.nix") + ]; + + vhack.disko = { + enable = true; + # FIXME: Find a better way to specify the disk + disk = "/dev/vda"; + }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; +} diff --git a/hosts/by-name/server1/networking.nix b/hosts/by-name/server1/networking.nix new file mode 100644 index 0000000..dd9b9af --- /dev/null +++ b/hosts/by-name/server1/networking.nix @@ -0,0 +1,52 @@ +{lib, ...}: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ + "8.8.8.8" + ]; + defaultGateway = { + address = "89.58.56.1"; + interface = "eth0"; + }; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { + address = "89.58.58.33"; + prefixLength = 22; + } + ]; + ipv6.addresses = [ + { + address = "2a03:4000:6a:3f3::1"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "89.58.56.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + + # cat /sys/class/net/eth0/address + services.udev.extraRules = '' + ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0" + ''; +} diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix new file mode 100644 index 0000000..f385b55 --- /dev/null +++ b/hosts/by-name/server2/configuration.nix @@ -0,0 +1,41 @@ +{config, ...}: { + imports = [ + ./networking.nix # network configuration that just works + ./hardware.nix + ]; + + vhack = { + back = { + enable = true; + repositories = { + "${config.services.gitolite.dataDir}/vhack.eu/nixos-server.git" = { + domain = "issues.foss-syndicate.org"; + port = 9220; + }; + }; + }; + fail2ban.enable = true; + git-server = { + enable = true; + domain = "git.foss-syndicate.org"; + gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532"; + }; + nginx.enable = true; + openssh.enable = true; + persist = { + enable = true; + directories = [ + "/var/log" + ]; + }; + rust-motd.enable = true; + users.enable = true; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + networking.hostName = "server2"; + networking.domain = "vhack.eu"; + + system.stateVersion = "24.11"; +} diff --git a/hosts/by-name/server2/hardware.nix b/hosts/by-name/server2/hardware.nix new file mode 100644 index 0000000..a6e4e40 --- /dev/null +++ b/hosts/by-name/server2/hardware.nix @@ -0,0 +1,15 @@ +{modulesPath, ...}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + (modulesPath + "/profiles/headless.nix") + ]; + + vhack.disko = { + enable = true; + # FIXME: Find a better way to specify the disk + disk = "/dev/vda"; + }; + + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/hosts/by-name/server2/networking.nix b/hosts/by-name/server2/networking.nix new file mode 100644 index 0000000..6b7b0ee --- /dev/null +++ b/hosts/by-name/server2/networking.nix @@ -0,0 +1,53 @@ +{lib, ...}: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ + "46.38.225.230" + "46.38.252.230" + "2a03:4000:0:1::e1e6" + ]; + defaultGateway = "185.16.60.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { + address = "185.16.61.132"; + prefixLength = 23; + } + ]; + ipv6.addresses = [ + { + address = "2a03:4000:a:106:6478:8eff:fe15:332e"; + prefixLength = 64; + } + { + address = "fe80::6478:8eff:fe15:332e"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "185.16.60.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; + }; + }; + }; + services.udev.extraRules = '' + ATTR{address}=="66:78:8e:15:33:2e", NAME="eth0" + ''; +} diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..f53ee35 --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,41 @@ +{ + pkgs, + nixLib, + nixpkgs, + specialArgs, + extraModules, + deployPackage, +}: let + hostnames = builtins.fromTOML (builtins.readFile ./host-names.toml); + + hosts = nixLib.mkByName { + useShards = false; + baseDirectory = ./by-name; + fileName = "configuration.nix"; + finalizeFunction = name: value: value; + }; + + mkNixosConfiguration = _: value: + nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + inherit specialArgs; + modules = + extraModules + ++ [ + ../modules + value + ]; + }; + nixosConfigurations = builtins.mapAttrs mkNixosConfiguration hosts; + + mkDeploy = name: _: { + hostname = hostnames."${name}"; + profiles.system = { + user = "root"; + path = deployPackage.lib.activate.nixos nixosConfigurations."${name}"; + }; + }; + deploy = {nodes = builtins.mapAttrs mkDeploy hosts;}; +in { + inherit nixosConfigurations deploy; +} diff --git a/hosts/host-names.toml b/hosts/host-names.toml new file mode 100644 index 0000000..fd5b960 --- /dev/null +++ b/hosts/host-names.toml @@ -0,0 +1,2 @@ +server1 = "server1.vhack.eu" +server2 = "server2.vhack.eu" diff --git a/hosts/server1/configuration.nix b/hosts/server1/configuration.nix deleted file mode 100644 index e21327e..0000000 --- a/hosts/server1/configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -{config, ...}: { - imports = [ - ./networking.nix # network configuration that just works - ./hardware.nix - - ../../system - ]; - - vhack = { - back = { - enable = true; - repositories = { - "${config.services.gitolite.dataDir}/vhack.eu/nixos-config.git" = { - domain = "issues.vhack.eu"; - port = 9220; - }; - }; - }; - etesync.enable = true; - git-server.enable = true; - nginx.enable = true; - nix-sync.enable = true; - openssh.enable = true; - peertube.enable = true; - redlib.enable = true; - }; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - networking.hostName = "server1"; - networking.domain = "vhack.eu"; - - system.stateVersion = "22.11"; -} diff --git a/hosts/server1/hardware.nix b/hosts/server1/hardware.nix deleted file mode 100644 index 9abc64c..0000000 --- a/hosts/server1/hardware.nix +++ /dev/null @@ -1,14 +0,0 @@ -{modulesPath, ...}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/profiles/headless.nix") - ]; - - vhack.disko = { - enable = true; - # FIXME: Find a better way to specify the disk - disk = "/dev/vda"; - }; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; - boot.initrd.kernelModules = []; -} diff --git a/hosts/server1/networking.nix b/hosts/server1/networking.nix deleted file mode 100644 index cd0484f..0000000 --- a/hosts/server1/networking.nix +++ /dev/null @@ -1,50 +0,0 @@ -{lib, ...}: { - # This file was populated at runtime with the networking - # details gathered from the active system. - networking = { - nameservers = [ - "8.8.8.8" - ]; - defaultGateway = { - address = "89.58.56.1"; - interface = "eth0"; - }; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4.addresses = [ - { - address = "89.58.58.33"; - prefixLength = 22; - } - ]; - ipv6.addresses = [ - { - address = "2a03:4000:6a:3f3::1"; - prefixLength = 64; - } - ]; - ipv4.routes = [ - { - address = "89.58.56.1"; - prefixLength = 32; - } - ]; - ipv6.routes = [ - { - address = "fe80::1"; - prefixLength = 128; - } - ]; - }; - }; - }; - services.udev.extraRules = '' - ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0" - ''; -} -- cgit 1.4.1