home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

use deploy-rs

Browse source 
closes #2
This commit is contained in:
Pim Kunis 2023-11-12 00:04:37 +01:00
parent 840628740b
commit 1faea2dd28
6 changed files with 151 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -16,4 +16,4 @@ Before a NixOS definition can be deployed, some prerequite preparational steps m
### NixOS deployment ### NixOS deployment
Finally, the NixOS definition can be deployed as follows: `nixos-rebuild switch -j auto --target-host root@jefke.hyp --flake ".#jefke"`. Finally, the NixOS definition can be deployed as follows: `nix run github:serokell/deploy-rs`.

35
configuration.nix
View file

@ -1,11 +1,5 @@
{ { pkgs, ... }: {
pkgs, imports = [ ./hardware-configuration.nix ];
server,
...
}: {
imports = [
server.hardware-configuration
];
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -56,14 +50,16 @@
programs.ssh = { programs.ssh = {
knownHosts = { knownHosts = {
dmz = { dmz = {
hostNames = ["*.dmz"]; hostNames = [ "*.dmz" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x"; publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
certAuthority = true; certAuthority = true;
}; };
hypervisors = { hypervisors = {
hostNames = ["*.hyp"]; hostNames = [ "*.hyp" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb"; publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
certAuthority = true; certAuthority = true;
}; };
}; };
@ -76,12 +72,7 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ vim neofetch cowsay python3 ];
vim
neofetch
cowsay
python3
];
networking.firewall.enable = false; networking.firewall.enable = false;
@ -115,12 +106,8 @@
networks = { networks = {
"30-main-nic" = { "30-main-nic" = {
matchConfig.Name = "en*"; matchConfig.Name = "en*";
networkConfig = { networkConfig = { DHCP = "yes"; };
DHCP = "yes"; vlan = [ "vlandmz" ];
};
vlan = [
"vlandmz"
];
}; };
"40-vlandmz" = { "40-vlandmz" = {
matchConfig.Name = "vlandmz"; matchConfig.Name = "vlandmz";

70
flake.lock
View file

@ -1,6 +1,58 @@
{ {
"nodes": { "nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1698921442,
"narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "660180bbbeae7d60dad5a92b30858306945fd427",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": {
"lastModified": 1671417167,
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1699169573, "lastModified": 1699169573,
"narHash": "sha256-cvUb1xZkvOp3W2SzylStrTirhVd9zCeo5utJl9nSIhw=", "narHash": "sha256-cvUb1xZkvOp3W2SzylStrTirhVd9zCeo5utJl9nSIhw=",
@ -18,7 +70,23 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_2"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
} }
} }
}, },

69
flake.nix
View file

@ -3,34 +3,49 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
deploy-rs.url = "github:serokell/deploy-rs";
}; };
outputs = {nixpkgs, ...}: let outputs = { self, nixpkgs, deploy-rs, ... }:
servers = { let
jefke = { system = "x86_64-linux";
hardware-configuration = import ./hardware-configuration/jefke.nix; pkgs = import nixpkgs { inherit system; };
system-arch = "x86_64-linux"; deployPkgs = import nixpkgs {
}; inherit system;
}; overlays = [
serverNames = builtins.attrNames servers; deploy-rs.overlay
serverWithNameAttr = name: (builtins.getAttr name servers) // {name = name;}; (self: super: {
deploy-rs = {
genNixosConfigurations = config: inherit (pkgs) deploy-rs;
nixpkgs.lib.genAttrs serverNames ( lib = super.deploy-rs.lib;
serverName: };
nixpkgs.lib.nixosSystem (config (serverWithNameAttr serverName)) })
);
in {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
nixosConfigurations = genNixosConfigurations (
server: {
system = server.system-arch;
specialArgs = {inherit server;};
modules = [
./configuration.nix
]; ];
} };
);
}; in {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
nixosConfigurations.hypervisor = nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./configuration.nix ];
};
deploy = {
sshUser = "root";
user = "root";
nodes.jefke = {
hostname = "jefke.hyp";
profiles.hypervisor = {
path = deployPkgs.deploy-rs.lib.activate.nixos
self.nixosConfigurations.hypervisor;
};
};
};
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
} }

28
hardware-configuration.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b78f591c-c9b6-4dae-9837-56716d38990b";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6936-84C2";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/79fbd322-e58d-4e45-8969-06ef494cefea"; }];
networking.useDHCP = false;
nixpkgs.hostPlatform = "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

35
hardware-configuration/jefke.nix
View file

@ -1,35 +0,0 @@
{
config,
lib,
modulesPath,
server,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b78f591c-c9b6-4dae-9837-56716d38990b";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6936-84C2";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/79fbd322-e58d-4e45-8969-06ef494cefea";}
];
networking.useDHCP = false;
nixpkgs.hostPlatform = server.system-arch;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}