nixos-servers/nixos/machines/default.nix

{ lib, ... }:
let
  machineOpts = { ... }: {
    options = {
      # TODO: rename to kind?
      kind = lib.mkOption {
        type = lib.types.enum [ "physical" "virtual" ];
        description = ''
          Whether this machine is physical or virtual.
        '';
      };

      hypervisorName = lib.mkOption {
        default = null;
        type = with lib.types; nullOr str;
        description = ''
          The host name of the hypervisor hosting this virtual machine.
        '';
      };

      arch = lib.mkOption {
        default = null;
        type = with lib.types; nullOr str;
        description = ''
          CPU architecture of this machine.
        '';
      };

      isRaspberryPi = lib.mkOption {
        default = false;
        type = lib.types.bool;
      };

      isHypervisor = lib.mkOption {
        default = false;
        type = lib.types.bool;
      };

      nixosModule = lib.mkOption {
        default = { ... }: { };
        type = lib.types.anything;
        description = ''
          Customized configuration for this machine in the form of a NixOS module.
        '';
      };
    };
  };
in
{
  options = {
    machines = lib.mkOption {
      type = with lib.types; attrsOf (submodule machineOpts);
    };
  };

  config = {
    machines = {
      warwick = {
        kind = "physical";
        arch = "aarch64-linux";
        isRaspberryPi = true;

        nixosModule.lab = {
          storage = {
            osDisk = "/dev/sda";
          };
        };
      };

      atlas = {
        kind = "physical";
        arch = "x86_64-linux";
        isHypervisor = true;

        nixosModule.lab = {
          storage = {
            osDisk = "/dev/sda";
            dataPartition = "/dev/nvme0n1p1";
          };

          ssh = {
            useCertificates = true;
            hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;
            userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;
          };
        };
      };

      jefke = {
        kind = "physical";
        arch = "x86_64-linux";
        isHypervisor = true;

        nixosModule.lab = {
          storage = {
            osDisk = "/dev/sda";
            dataPartition = "/dev/nvme0n1p1";
          };

          ssh = {
            useCertificates = true;
            hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;
            userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;
          };
        };
      };

      lewis = {
        kind = "physical";
        arch = "x86_64-linux";
        isHypervisor = true;

        nixosModule.lab = {
          backups.enable = true;
          data-sharing.enable = true;
          networking.dmz.allowConnectivity = true;

          storage = {
            osDisk = "/dev/sda";
            dataPartition = "/dev/nvme0n1p1";
          };

          ssh = {
            useCertificates = true;
            hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;
            userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;
          };
        };
      };

      hermes = {
        kind = "virtual";
        hypervisorName = "lewis";

        nixosModule = { hypervisorConfig, ... }: {
          lab = {
            networking = {
              dmz.services.enable = true;
              staticNetworking = true;
              staticIPv4 = hypervisorConfig.lab.networking.dmz.ipv4.services;
              staticIPv6 = hypervisorConfig.lab.networking.dmz.ipv6.services;
            };

            vm = {
              # TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
              # TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?
              id = 7;

              shares = [{
                name = "dnsmasq";
                mountPoint = "/var/lib/dnsmasq";
              }];
            };
          };
        };
      };

      maestro = {
        kind = "virtual";
        hypervisorName = "atlas";

        nixosModule = { config, ... }: {
          microvm.balloonMem = 7680;

          lab = {
            dockerSwarm.enable = true;

            vm = {
              id = 1;
            };
          };
        };
      };

      bancomart = {
        kind = "virtual";
        hypervisorName = "jefke";

        nixosModule = {
          microvm.balloonMem = 7680;

          lab = {
            dockerSwarm.enable = true;
            vm.id = 2;
          };
        };
      };

      vpay = {
        kind = "virtual";
        hypervisorName = "lewis";

        nixosModule = {
          microvm.balloonMem = 5120;

          lab = {
            dockerSwarm.enable = true;
            vm.id = 3;
          };
        };
      };
    };
  };
}
create module system for machines 2024-02-28 23:28:38 +00:00			`{ lib, ... }:`
			`let`
			`machineOpts = { ... }: {`
			`options = {`
			`# TODO: rename to kind?`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = lib.mkOption {`
create module system for machines 2024-02-28 23:28:38 +00:00			`type = lib.types.enum [ "physical" "virtual" ];`
			`description = ''`
			`Whether this machine is physical or virtual.`
			`'';`
WIP raspberry pi support 2024-02-26 22:08:12 +00:00			`};`

create module system for machines 2024-02-28 23:28:38 +00:00			`hypervisorName = lib.mkOption {`
			`default = null;`
			`type = with lib.types; nullOr str;`
			`description = ''`
			`The host name of the hypervisor hosting this virtual machine.`
			`'';`
remove dataHost option improve certificate directory structure 2024-01-31 21:11:28 +00:00			`};`

create module system for machines 2024-02-28 23:28:38 +00:00			`arch = lib.mkOption {`
			`default = null;`
			`type = with lib.types; nullOr str;`
			`description = ''`
			`CPU architecture of this machine.`
			`'';`
			`};`

			`isRaspberryPi = lib.mkOption {`
			`default = false;`
			`type = lib.types.bool;`
remove dataHost option improve certificate directory structure 2024-01-31 21:11:28 +00:00			`};`

create module system for machines 2024-02-28 23:28:38 +00:00			`isHypervisor = lib.mkOption {`
			`default = false;`
			`type = lib.types.bool;`
integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`};`
set hostName and domain in nixos config directly 2024-01-28 11:55:58 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`nixosModule = lib.mkOption {`
			`default = { ... }: { };`
			`type = lib.types.anything;`
			`description = ''`
			`Customized configuration for this machine in the form of a NixOS module.`
			`'';`
WIP: nixos-anywhere for virtual machines 2023-11-25 20:00:21 +00:00			`};`
			`};`
			`};`
create module system for machines 2024-02-28 23:28:38 +00:00			`in`
			`{`
			`options = {`
			`machines = lib.mkOption {`
			`type = with lib.types; attrsOf (submodule machineOpts);`
			`};`
			`};`
WIP: nixos-anywhere for virtual machines 2023-11-25 20:00:21 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`config = {`
			`machines = {`
			`warwick = {`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = "physical";`
create module system for machines 2024-02-28 23:28:38 +00:00			`arch = "aarch64-linux";`
			`isRaspberryPi = true;`

			`nixosModule.lab = {`
			`storage = {`
			`osDisk = "/dev/sda";`
			`};`
			`};`
improve networking templating and configuration 2024-01-30 21:32:09 +00:00			`};`
copy microvm config 2024-01-17 20:28:15 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`atlas = {`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = "physical";`
create module system for machines 2024-02-28 23:28:38 +00:00			`arch = "x86_64-linux";`
			`isHypervisor = true;`

			`nixosModule.lab = {`
			`storage = {`
			`osDisk = "/dev/sda";`
			`dataPartition = "/dev/nvme0n1p1";`
			`};`

			`ssh = {`
			`useCertificates = true;`
			`hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;`
			`userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;`
			`};`
			`};`
manage lewis with nix move docker swarm ansible to this repo move thecloud ansible to this repo support data disks in terraform 2023-12-25 18:22:22 +00:00			`};`

create module system for machines 2024-02-28 23:28:38 +00:00			`jefke = {`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = "physical";`
create module system for machines 2024-02-28 23:28:38 +00:00			`arch = "x86_64-linux";`
			`isHypervisor = true;`

			`nixosModule.lab = {`
			`storage = {`
			`osDisk = "/dev/sda";`
			`dataPartition = "/dev/nvme0n1p1";`
			`};`

			`ssh = {`
			`useCertificates = true;`
			`hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;`
			`userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;`
			`};`
integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`};`
create module system for machines 2024-02-28 23:28:38 +00:00			`};`
improve networking templating and configuration 2024-01-30 21:32:09 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`lewis = {`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = "physical";`
create module system for machines 2024-02-28 23:28:38 +00:00			`arch = "x86_64-linux";`
			`isHypervisor = true;`

			`nixosModule.lab = {`
			`backups.enable = true;`
			`data-sharing.enable = true;`
			`networking.dmz.allowConnectivity = true;`

			`storage = {`
			`osDisk = "/dev/sda";`
			`dataPartition = "/dev/nvme0n1p1";`
			`};`

			`ssh = {`
			`useCertificates = true;`
			`hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;`
			`userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;`
			`};`
			`};`
			`};`
modularize docker swarm config 2024-02-07 22:15:48 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`hermes = {`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = "virtual";`
create module system for machines 2024-02-28 23:28:38 +00:00			`hypervisorName = "lewis";`

fix use of globals within VM 2024-02-29 18:50:05 +00:00			`nixosModule = { hypervisorConfig, ... }: {`
create module system for machines 2024-02-28 23:28:38 +00:00			`lab = {`
			`networking = {`
			`dmz.services.enable = true;`
			`staticNetworking = true;`
fix use of globals within VM 2024-02-29 18:50:05 +00:00			`staticIPv4 = hypervisorConfig.lab.networking.dmz.ipv4.services;`
			`staticIPv6 = hypervisorConfig.lab.networking.dmz.ipv6.services;`
create module system for machines 2024-02-28 23:28:38 +00:00			`};`

			`vm = {`
fix use of globals within VM 2024-02-29 18:50:05 +00:00			`# TODO: would be cool to create a check that a mac address is only ever assigned to one VM.`
			`# TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?`
create module system for machines 2024-02-28 23:28:38 +00:00			`id = 7;`

			`shares = [{`
			`name = "dnsmasq";`
			`mountPoint = "/var/lib/dnsmasq";`
			`}];`
			`};`
			`};`
improve networking templating and configuration 2024-01-30 21:32:09 +00:00			`};`
add vm working with dhcp+dns 2024-01-29 21:21:15 +00:00			`};`
add two nixos-managed VMs for docker swarm change docker swarm ansible to target these vms 2024-02-04 16:16:41 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`maestro = {`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = "virtual";`
create module system for machines 2024-02-28 23:28:38 +00:00			`hypervisorName = "atlas";`
add two nixos-managed VMs for docker swarm change docker swarm ansible to target these vms 2024-02-04 16:16:41 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`nixosModule = { config, ... }: {`
			`microvm.balloonMem = 7680;`
manage vcpus and memory of VMs fix kitchenowl connectivity 2024-02-08 22:44:36 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`lab = {`
			`dockerSwarm.enable = true;`
add two nixos-managed VMs for docker swarm change docker swarm ansible to target these vms 2024-02-04 16:16:41 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`vm = {`
			`id = 1;`
			`};`
			`};`
modularize docker swarm config 2024-02-07 22:15:48 +00:00			`};`
add two nixos-managed VMs for docker swarm change docker swarm ansible to target these vms 2024-02-04 16:16:41 +00:00			`};`

create module system for machines 2024-02-28 23:28:38 +00:00			`bancomart = {`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = "virtual";`
create module system for machines 2024-02-28 23:28:38 +00:00			`hypervisorName = "jefke";`
add two nixos-managed VMs for docker swarm change docker swarm ansible to target these vms 2024-02-04 16:16:41 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`nixosModule = {`
			`microvm.balloonMem = 7680;`
manage vcpus and memory of VMs fix kitchenowl connectivity 2024-02-08 22:44:36 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`lab = {`
			`dockerSwarm.enable = true;`
			`vm.id = 2;`
			`};`
			`};`
create shadow docker swarm 2024-02-06 21:03:25 +00:00			`};`

create module system for machines 2024-02-28 23:28:38 +00:00			`vpay = {`
rename machine type -> kind 2024-02-29 19:13:28 +00:00			`kind = "virtual";`
create module system for machines 2024-02-28 23:28:38 +00:00			`hypervisorName = "lewis";`
create shadow docker swarm 2024-02-06 21:03:25 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`nixosModule = {`
			`microvm.balloonMem = 5120;`
manage vcpus and memory of VMs fix kitchenowl connectivity 2024-02-08 22:44:36 +00:00
create module system for machines 2024-02-28 23:28:38 +00:00			`lab = {`
			`dockerSwarm.enable = true;`
			`vm.id = 3;`
			`};`
			`};`
add two nixos-managed VMs for docker swarm change docker swarm ansible to target these vms 2024-02-04 16:16:41 +00:00			`};`
			`};`
			`};`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`}`