home/nixos-servers
home/nixos-servers
Archived
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup after kubernetes deployment migration

Browse source
This commit is contained in:
Pim Kunis 2024-09-07 13:06:37 +02:00
parent a335dd4120
commit 660191ab42
57 changed files with 26 additions and 9097 deletions
Download patch file Download diff file Expand all files Collapse all files

9
flake-parts/checks.nix
View file

@ -1,12 +1,15 @@
{ self, pkgs, machines, flake-utils, deploy-rs, ... }: flake-utils.lib.eachDefaultSystem (system: {
{ self, nixpkgs, flake-utils, deploy-rs, ... }: flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
# Deploy-rs' flake checks seem broken for architectures different from the deployment machine.
# We skip these here.
checks = deploy-rs.lib.${system}.deployChecks (
pkgs.lib.attrsets.updateManyAttrsByPath [{
path = [ "nodes" ];
update = pkgs.lib.attrsets.filterAttrs (name: node:
machines.${name}.arch == system
self.machines.${name}.arch == system
);
}]
self.deploy

7
flake-parts/deploy.nix
View file

@ -1,9 +1,10 @@
{ self, pkgs, machines, deploy-rs, ... }:
{ self, deploy-rs, ... }:
let
deployArch = "x86_64-linux";
mkDeployNodes = nodeDef:
builtins.mapAttrs
(name: machine: nodeDef name machine)
machines;
self.machines.${deployArch};
in
{
deploy = {
@ -17,7 +18,7 @@ in
{
hostname = nixosConfiguration.config.networking.fqdn;
profiles.system = {
remoteBuild = machine.arch != pkgs.stdenv.hostPlatform.system;
remoteBuild = machine.arch != deployArch;
path = deploy-rs.lib.${machine.arch}.activate.nixos nixosConfiguration;
};
});

191
flake-parts/kubenix.nix
View file

@ -1,191 +0,0 @@
{ self, pkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
(system:
let
deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\npatchShebangs $out";
});
mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} {
specialArgs = { inherit namespace myLib blog-pim dns nixhelm system machines; };
module = { kubenix, ... }:
{
imports = [
kubenix.modules.k8s
kubenix.modules.helm
"${self}/kubenix-modules/custom"
"${self}/kubenix-modules/custom-types.nix"
module
];
config = {
kubenix.project = name;
kubernetes.namespace = namespace;
};
};
}).config.kubernetes;
mkManifest = name: { module, namespace }: {
name = "${name}-manifest";
value = (mkKubernetes name module namespace).result;
};
mkDeployApp = name: { module, namespace }:
let
kubernetes = mkKubernetes name module namespace;
kubeconfig = kubernetes.kubeconfig or "";
result = kubernetes.result or "";
wrappedDeployScript = pkgs.symlinkJoin
{
name = "applyset-deploy.sh";
paths = [ deployScript pkgs.vals pkgs.kubectl ];
buildInputs = [ pkgs.makeWrapper ];
passthru.manifest = result;
meta.mainProgram = "applyset-deploy.sh";
postBuild = ''
wrapProgram $out/bin/applyset-deploy.sh \
--suffix PATH : "$out/bin" \
--run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \
--set MANIFEST '${result}' \
--set APPLYSET 'applyset-${name}' \
--set NAMESPACE '${namespace}'
'';
};
in
{
name = "${name}-deploy";
value = wrappedDeployScript;
};
deployers = {
bootstrap-default = {
module = "${self}/kubenix-modules/bootstrap-default.nix";
namespace = "default";
};
bootstrap-kube-system = {
module = "${self}/kubenix-modules/bootstrap-kube-system.nix";
namespace = "kube-system";
};
cyberchef = {
module = "${self}/kubenix-modules/cyberchef.nix";
namespace = "static-websites";
};
freshrss = {
module = "${self}/kubenix-modules/freshrss.nix";
namespace = "freshrss";
};
radicale = {
module = "${self}/kubenix-modules/radicale.nix";
namespace = "radicale";
};
kms = {
module = "${self}/kubenix-modules/kms.nix";
namespace = "kms";
};
atuin = {
module = "${self}/kubenix-modules/atuin.nix";
namespace = "atuin";
};
blog = {
module = "${self}/kubenix-modules/blog.nix";
namespace = "static-websites";
};
nextcloud = {
module = "${self}/kubenix-modules/nextcloud.nix";
namespace = "nextcloud";
};
hedgedoc = {
module = "${self}/kubenix-modules/hedgedoc.nix";
namespace = "hedgedoc";
};
kitchenowl = {
module = "${self}/kubenix-modules/kitchenowl.nix";
namespace = "kitchenowl";
};
forgejo = {
module = "${self}/kubenix-modules/forgejo";
namespace = "forgejo";
};
paperless = {
module = "${self}/kubenix-modules/paperless.nix";
namespace = "paperless";
};
syncthing = {
module = "${self}/kubenix-modules/syncthing.nix";
namespace = "syncthing";
};
pihole = {
module = "${self}/kubenix-modules/pihole.nix";
namespace = "dns";
};
immich = {
module = "${self}/kubenix-modules/immich.nix";
namespace = "immich";
};
attic = {
module = "${self}/kubenix-modules/attic.nix";
namespace = "attic";
};
inbucket = {
module = "${self}/kubenix-modules/inbucket.nix";
namespace = "inbucket";
};
dnsmasq = {
module = "${self}/kubenix-modules/dnsmasq.nix";
namespace = "dns";
};
bind9 = {
module = "${self}/kubenix-modules/bind9";
namespace = "dns";
};
media = {
module = "${self}/kubenix-modules/media.nix";
namespace = "media";
};
traefik = {
module = "${self}/kubenix-modules/traefik.nix";
namespace = "kube-system";
};
minecraft = {
module = "${self}/kubenix-modules/minecraft.nix";
namespace = "minecraft";
};
tailscale = {
module = "${self}/kubenix-modules/tailscale.nix";
namespace = "tailscale";
};
ntfy = {
module = "${self}/kubenix-modules/ntfy.nix";
namespace = "ntfy";
};
};
in
{
packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployers) (pkgs.lib.mapAttrs' mkManifest deployers);
})

6
flake-parts/nixos.nix
View file

@ -1,5 +1,7 @@
{ self, myLib, nixpkgs, machines, ... }@inputs:
{ self, nixpkgs, ... }@inputs:
let
deployArch = "x86_64-linux";
machines = self.machines.${deployArch};
mkNixosSystems = systemDef:
builtins.mapAttrs
(name: machine:
@ -11,7 +13,7 @@ in
nixosConfigurations = mkNixosSystems (name: machine: {
system = machine.arch;
specialArgs = { inherit self inputs myLib machine machines; };
specialArgs = { inherit self inputs machine machines; };
modules = [
"${self}/configuration.nix"

5
flake-parts/scripts/default.nix
View file

@ -1,5 +1,6 @@
{ myLib, flake-utils, pkgs, ... }: flake-utils.lib.eachDefaultSystem (system:
{ self, nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:
let
script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: {
@ -28,7 +29,7 @@ in
packages.prefetch-container-images =
let
imagesJSON = builtins.toFile "images.json" (builtins.toJSON myLib.globals.images);
imagesJSON = builtins.toFile "images.json" (builtins.toJSON self.globals.images);
in
pkgs.writers.writePython3Bin "prefetch-container-images.py"
{ } ''