home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

cleanup nixos modules a bit

Browse source
This commit is contained in:
Pim Kunis 2023-12-29 13:46:12 +01:00
parent 1f5d121fd0
commit 7222254c22
7 changed files with 90 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
nixos/machines/default.nix
View file

@ -3,7 +3,7 @@
name = "jefke"; name = "jefke";
hostName = "jefke.hyp"; hostName = "jefke.hyp";
nixosModule.custom = { nixosModule.lab = {
dataDisk.enable = true; dataDisk.enable = true;
terraformDatabase.enable = true; terraformDatabase.enable = true;
# k3s.enable = true; # k3s.enable = true;
@ -21,7 +21,7 @@
name = "atlas"; name = "atlas";
hostName = "atlas.hyp"; hostName = "atlas.hyp";
nixosModule.custom = { nixosModule.lab = {
disko.osDiskDevice = "/dev/nvme0n1"; disko.osDiskDevice = "/dev/nvme0n1";
ssh = { ssh = {
@ -36,7 +36,7 @@
name = "lewis"; name = "lewis";
hostName = "lewis.hyp"; hostName = "lewis.hyp";
nixosModule.custom = { nixosModule.lab = {
disko.osDiskDevice = "/dev/sda"; disko.osDiskDevice = "/dev/sda";
backups.enable = true; backups.enable = true;

6
nixos/modules/backups.nix
View file

@ -1,6 +1,6 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
let let
cfg = config.custom.backups; cfg = config.lab.backups;
snapshotFile = "/tmp/snapshot.qcow2"; snapshotFile = "/tmp/snapshot.qcow2";
snapshotMount = "/tmp/snapshot"; snapshotMount = "/tmp/snapshot";
beforeEverything = pkgs.writeShellScriptBin "beforeEverything" '' beforeEverything = pkgs.writeShellScriptBin "beforeEverything" ''
@ -38,7 +38,7 @@ let
}; };
in in
{ {
options.custom.backups = { options.lab.backups = {
enable = lib.mkOption { enable = lib.mkOption {
default = false; default = false;
type = lib.types.bool; type = lib.types.bool;
@ -48,7 +48,7 @@ in
}; };
repoLocation = lib.mkOption { repoLocation = lib.mkOption {
default = "${config.custom.dataDisk.mountPoint}/backups/thecloud-data.borg"; default = "${config.lab.dataDisk.mountPoint}/backups/thecloud-data.borg";
type = lib.types.str; type = lib.types.str;
description = '' description = ''
Location of the Borg repository to back up to. Location of the Borg repository to back up to.

48
nixos/modules/data-disk.nix
View file

@ -1,33 +1,29 @@
{ lib, config, ... }: { lib, config, ... }:
let cfg = config.custom.dataDisk; let cfg = config.lab.dataDisk;
in { in {
options = { options.lab.dataDisk = {
custom = { enable = lib.mkOption {
dataDisk = { default = false;
enable = lib.mkOption { type = lib.types.bool;
default = false; description = ''
type = lib.types.bool; Whether to automatically mount a disk to be used as a data disk.
description = '' '';
Whether to automatically mount a disk to be used as a data disk. };
'';
};
mountPoint = lib.mkOption { mountPoint = lib.mkOption {
default = "/mnt/data"; default = "/mnt/data";
type = lib.types.str; type = lib.types.str;
description = '' description = ''
Mount point of the data disk (if enabled). Mount point of the data disk (if enabled).
''; '';
}; };
devicePath = lib.mkOption { devicePath = lib.mkOption {
default = "/dev/sda1"; default = "/dev/sda1";
type = lib.types.str; type = lib.types.str;
description = '' description = ''
Path of the device to be used as a data disk. Path of the device to be used as a data disk.
''; '';
};
};
}; };
}; };

16
nixos/modules/disko.nix
View file

@ -1,15 +1,11 @@
{ lib, config, ... }: { lib, config, ... }:
let cfg = config.custom.disko; let cfg = config.lab.disko;
in { in {
options = { options.lab.disko.osDiskDevice = lib.mkOption {
custom = { type = lib.types.str;
disko.osDiskDevice = lib.mkOption { description = ''
type = lib.types.str; The disk device to be used for the operating system.
description = '' '';
The disk device to be used for the operating system.
'';
};
};
}; };
# TODO: rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then # TODO: rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then

22
nixos/modules/k3s/default.nix
View file

@ -1,16 +1,12 @@
{ pkgs, lib, config, kubenix, ... }: { pkgs, lib, config, kubenix, ... }:
let cfg = config.custom.k3s; let cfg = config.lab.k3s;
in { in {
options = { options.lab.k3s.enable = lib.mkOption {
custom = { default = false;
k3s.enable = lib.mkOption { type = lib.types.bool;
default = false; description = ''
type = lib.types.bool; Whether to start k3s with custom configuration.
description = '' '';
Whether to start k3s with custom configuration.
'';
};
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -20,7 +16,7 @@ in {
services.k3s = { services.k3s = {
enable = true; enable = true;
role = "server"; role = "server";
extraFlags = "--tls-san ${config.networking.fqdn} --data-dir ${config.custom.dataDisk.mountPoint}/k3s"; extraFlags = "--tls-san ${config.networking.fqdn} --data-dir ${config.lab.dataDisk.mountPoint}/k3s";
}; };
system.activationScripts.k3s-bootstrap.text = system.activationScripts.k3s-bootstrap.text =
@ -30,7 +26,7 @@ in {
}).config.kubernetes.result; }).config.kubernetes.result;
in in
'' ''
ln -sf ${k3sBootstrapFile} ${config.custom.dataDisk.mountPoint}/k3s/server/manifests/k3s-bootstrap.json ln -sf ${k3sBootstrapFile} ${config.lab.dataDisk.mountPoint}/k3s/server/manifests/k3s-bootstrap.json
''; '';
}; };
} }

76
nixos/modules/ssh-certificates.nix
View file

@ -1,53 +1,49 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.custom.ssh; cfg = config.lab.ssh;
hostCert = builtins.toFile "host_ed25519-cert.pub" cfg.hostCert; hostCert = builtins.toFile "host_ed25519-cert.pub" cfg.hostCert;
userCert = builtins.toFile "user_ed25519-cert.pub" cfg.userCert; userCert = builtins.toFile "user_ed25519-cert.pub" cfg.userCert;
in in
{ {
options = { options.lab.ssh = {
custom = { useCertificates = lib.mkOption {
ssh = { type = lib.types.bool;
useCertificates = lib.mkOption { default = false;
type = lib.types.bool; description = ''
default = false; Whether to use certificates at all.
description = '' '';
Whether to use certificates at all. };
'';
};
hostCert = lib.mkOption { hostCert = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = '' description = ''
SSH host certificate SSH host certificate
''; '';
}; };
userCert = lib.mkOption { userCert = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = '' description = ''
SSH user certificate SSH user certificate
''; '';
}; };
hostKey = lib.mkOption { hostKey = lib.mkOption {
default = default =
../secrets/${config.networking.hostName}_host_ed25519.age; ../secrets/${config.networking.hostName}_host_ed25519.age;
type = lib.types.path; type = lib.types.path;
description = '' description = ''
SSH host key SSH host key
''; '';
}; };
userKey = lib.mkOption { userKey = lib.mkOption {
default = default =
../secrets/${config.networking.hostName}_user_ed25519.age; ../secrets/${config.networking.hostName}_user_ed25519.age;
type = lib.types.path; type = lib.types.path;
description = '' description = ''
SSH user key SSH user key
''; '';
};
};
}; };
}; };

26
nixos/modules/terraform-database.nix
View file

@ -1,27 +1,25 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
let cfg = config.custom.terraformDatabase; let cfg = config.lab.terraformDatabase;
in { in {
options = { options.lab.terraformDatabase.enable = lib.mkOption {
custom = { default = false;
terraformDatabase.enable = lib.mkOption { type = lib.types.bool;
default = false; description = ''
type = lib.types.bool; Whether to start a postgreSQL database for Terraform states
description = '' '';
Whether to start a postgreSQL database for Terraform states
'';
};
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 5432 ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "terraformstates" ]; ensureDatabases = [ "terraformstates" ];
package = pkgs.postgresql_15; package = pkgs.postgresql_15;
enableTCPIP = true; enableTCPIP = true;
dataDir = lib.mkIf config.custom.dataDisk.enable dataDir = lib.mkIf config.lab.dataDisk.enable
"${config.custom.dataDisk.mountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}"; "${config.lab.dataDisk.mountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}";
authentication = '' authentication = ''
hostssl terraformstates terraform all cert hostssl terraformstates terraform all cert
@ -45,8 +43,6 @@ in {
}]; }];
}; };
networking.firewall.allowedTCPPorts = [ 5432 ];
age.secrets."postgresql_server.key" = { age.secrets."postgresql_server.key" = {
file = ../secrets/postgresql_server.key.age; file = ../secrets/postgresql_server.key.age;
mode = "400"; mode = "400";