home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

cleanup nixos modules a bit

Browse source
This commit is contained in:
Pim Kunis 2023-12-29 13:46:12 +01:00
parent 1f5d121fd0
commit 7222254c22
7 changed files with 90 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
nixos/machines/default.nix
View file

@ -3,7 +3,7 @@
name = "jefke";
hostName = "jefke.hyp";
nixosModule.custom = {
nixosModule.lab = {
dataDisk.enable = true;
terraformDatabase.enable = true;
# k3s.enable = true;
@ -21,7 +21,7 @@
name = "atlas";
hostName = "atlas.hyp";
nixosModule.custom = {
nixosModule.lab = {
disko.osDiskDevice = "/dev/nvme0n1";
ssh = {
@ -36,7 +36,7 @@
name = "lewis";
hostName = "lewis.hyp";
nixosModule.custom = {
nixosModule.lab = {
disko.osDiskDevice = "/dev/sda";
backups.enable = true;

6
nixos/modules/backups.nix
View file

@ -1,6 +1,6 @@
{ pkgs, lib, config, ... }:
let
cfg = config.custom.backups;
cfg = config.lab.backups;
snapshotFile = "/tmp/snapshot.qcow2";
snapshotMount = "/tmp/snapshot";
beforeEverything = pkgs.writeShellScriptBin "beforeEverything" ''
@ -38,7 +38,7 @@ let
};
in
{
options.custom.backups = {
options.lab.backups = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
@ -48,7 +48,7 @@ in
};
repoLocation = lib.mkOption {
default = "${config.custom.dataDisk.mountPoint}/backups/thecloud-data.borg";
default = "${config.lab.dataDisk.mountPoint}/backups/thecloud-data.borg";
type = lib.types.str;
description = ''
Location of the Borg repository to back up to.

48
nixos/modules/data-disk.nix
View file

@ -1,33 +1,29 @@
{ lib, config, ... }:
let cfg = config.custom.dataDisk;
let cfg = config.lab.dataDisk;
in {
options = {
custom = {
dataDisk = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to automatically mount a disk to be used as a data disk.
'';
};
options.lab.dataDisk = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to automatically mount a disk to be used as a data disk.
'';
};
mountPoint = lib.mkOption {
default = "/mnt/data";
type = lib.types.str;
description = ''
Mount point of the data disk (if enabled).
'';
};
mountPoint = lib.mkOption {
default = "/mnt/data";
type = lib.types.str;
description = ''
Mount point of the data disk (if enabled).
'';
};
devicePath = lib.mkOption {
default = "/dev/sda1";
type = lib.types.str;
description = ''
Path of the device to be used as a data disk.
'';
};
};
devicePath = lib.mkOption {
default = "/dev/sda1";
type = lib.types.str;
description = ''
Path of the device to be used as a data disk.
'';
};
};

16
nixos/modules/disko.nix
View file

@ -1,15 +1,11 @@
{ lib, config, ... }:
let cfg = config.custom.disko;
let cfg = config.lab.disko;
in {
options = {
custom = {
disko.osDiskDevice = lib.mkOption {
type = lib.types.str;
description = ''
The disk device to be used for the operating system.
'';
};
};
options.lab.disko.osDiskDevice = lib.mkOption {
type = lib.types.str;
description = ''
The disk device to be used for the operating system.
'';
};
# TODO: rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then

22
nixos/modules/k3s/default.nix
View file

@ -1,16 +1,12 @@
{ pkgs, lib, config, kubenix, ... }:
let cfg = config.custom.k3s;
let cfg = config.lab.k3s;
in {
options = {
custom = {
k3s.enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to start k3s with custom configuration.
'';
};
};
options.lab.k3s.enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to start k3s with custom configuration.
'';
};
config = lib.mkIf cfg.enable {
@ -20,7 +16,7 @@ in {
services.k3s = {
enable = true;
role = "server";
extraFlags = "--tls-san ${config.networking.fqdn} --data-dir ${config.custom.dataDisk.mountPoint}/k3s";
extraFlags = "--tls-san ${config.networking.fqdn} --data-dir ${config.lab.dataDisk.mountPoint}/k3s";
};
system.activationScripts.k3s-bootstrap.text =
@ -30,7 +26,7 @@ in {
}).config.kubernetes.result;
in
''
ln -sf ${k3sBootstrapFile} ${config.custom.dataDisk.mountPoint}/k3s/server/manifests/k3s-bootstrap.json
ln -sf ${k3sBootstrapFile} ${config.lab.dataDisk.mountPoint}/k3s/server/manifests/k3s-bootstrap.json
'';
};
}

76
nixos/modules/ssh-certificates.nix
View file

@ -1,53 +1,49 @@
{ lib, config, ... }:
let
cfg = config.custom.ssh;
cfg = config.lab.ssh;
hostCert = builtins.toFile "host_ed25519-cert.pub" cfg.hostCert;
userCert = builtins.toFile "user_ed25519-cert.pub" cfg.userCert;
in
{
options = {
custom = {
ssh = {
useCertificates = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to use certificates at all.
'';
};
options.lab.ssh = {
useCertificates = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to use certificates at all.
'';
};
hostCert = lib.mkOption {
type = lib.types.str;
description = ''
SSH host certificate
'';
};
hostCert = lib.mkOption {
type = lib.types.str;
description = ''
SSH host certificate
'';
};
userCert = lib.mkOption {
type = lib.types.str;
description = ''
SSH user certificate
'';
};
userCert = lib.mkOption {
type = lib.types.str;
description = ''
SSH user certificate
'';
};
hostKey = lib.mkOption {
default =
../secrets/${config.networking.hostName}_host_ed25519.age;
type = lib.types.path;
description = ''
SSH host key
'';
};
hostKey = lib.mkOption {
default =
../secrets/${config.networking.hostName}_host_ed25519.age;
type = lib.types.path;
description = ''
SSH host key
'';
};
userKey = lib.mkOption {
default =
../secrets/${config.networking.hostName}_user_ed25519.age;
type = lib.types.path;
description = ''
SSH user key
'';
};
};
userKey = lib.mkOption {
default =
../secrets/${config.networking.hostName}_user_ed25519.age;
type = lib.types.path;
description = ''
SSH user key
'';
};
};

26
nixos/modules/terraform-database.nix
View file

@ -1,27 +1,25 @@
{ pkgs, lib, config, ... }:
let cfg = config.custom.terraformDatabase;
let cfg = config.lab.terraformDatabase;
in {
options = {
custom = {
terraformDatabase.enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to start a postgreSQL database for Terraform states
'';
};
};
options.lab.terraformDatabase.enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to start a postgreSQL database for Terraform states
'';
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 5432 ];
services.postgresql = {
enable = true;
ensureDatabases = [ "terraformstates" ];
package = pkgs.postgresql_15;
enableTCPIP = true;
dataDir = lib.mkIf config.custom.dataDisk.enable
"${config.custom.dataDisk.mountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}";
dataDir = lib.mkIf config.lab.dataDisk.enable
"${config.lab.dataDisk.mountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}";
authentication = ''
hostssl terraformstates terraform all cert
@ -45,8 +43,6 @@ in {
}];
};
networking.firewall.allowedTCPPorts = [ 5432 ];
age.secrets."postgresql_server.key" = {
file = ../secrets/postgresql_server.key.age;
mode = "400";