change nixos -> nix

nix/machines/atlas.nix

@@ -0,0 +1,21 @@
+{
+  machines.atlas = {
+    kind = "physical";
+    arch = "x86_64-linux";
+    isHypervisor = true;
+
+    nixosModule.lab = {
+      storage = {
+        osDisk = "/dev/sda";
+        dataPartition = "/dev/nvme0n1p1";
+      };
+
+      ssh = {
+        useCertificates = true;
+        hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;
+        userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;
+      };
+    };
+  };
+
+}

nix/machines/bancomart.nix

@@ -0,0 +1,15 @@
+{
+  machines.bancomart = {
+    kind = "virtual";
+    hypervisorName = "jefke";
+
+    nixosModule = {
+      microvm.balloonMem = 7680;
+
+      lab = {
+        dockerSwarm.enable = true;
+        vm.id = 2;
+      };
+    };
+  };
+}

nix/machines/certificates/atlas/host_ed25519.crt

@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIH4CQGHwWytKnkn7lYjT6G1NyPzINvfroZgwCLoOLO74AAAAIOMoSSEqM4VUBWUeFweJbqK9z7Ygp7fkX22hyWmgCNg8AAAAAAAAAAAAAAACAAAACWF0bGFzLmh5cAAAAA0AAAAJYXRsYXMuaHlwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgXNGQfd38pUlCi6zBj8Myl6dZsMVU6cjdW63TFHR7W1sAAABTAAAAC3NzaC1lZDI1NTE5AAAAQAYModSEVNG06xvAcRn8XFeCp/iXFeqVcbtfT1NmmMkyIgybkXhJyHjp89BPg0zeAaoScFx8Xpsdd8CsxTeP+QU= root@atlas

nix/machines/certificates/atlas/user_ed25519.crt

@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIItpNkjaH8o51VKydwHYbbLxXMtf4euzojFKPxz+XqdwAAAAIG1vJNH1p8l8HlmYMT/vHGTjEnIul7ORQhutNnKiXlgqAAAAAAAAAAAAAAABAAAACWF0bGFzLmh5cAAAABsAAAAJYXRsYXMuaHlwAAAACmh5cGVydmlzb3IAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgdmt4SFL+swd8kHsh6cQR+TfzMKObJx75fYBbHNT83zUAAABTAAAAC3NzaC1lZDI1NTE5AAAAQIW4tC+FJA6bKFUfRVcHLWz1u3ZL/GRTWD2WCW4ApHq7no6ODeMwE10noNt/42mwYjFmjwR+cd9EuMyUErXmaw8= root@atlas

nix/machines/certificates/jefke/host_ed25519.crt

@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIHzQMMRr2vNtTW3joxPzQYjFFu3iI/WyIRVD18YKY61CAAAAIKTzrsjwRmKg3JbRLY/RrWnIBfCupfFdMWZ/8AQAXg9uAAAAAAAAAAAAAAACAAAACWplZmtlLmh5cAAAAA0AAAAJamVma2UuaHlwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgXNGQfd38pUlCi6zBj8Myl6dZsMVU6cjdW63TFHR7W1sAAABTAAAAC3NzaC1lZDI1NTE5AAAAQPNDgNAOmp5Gl//mjEHF2H5Yi8GIFfyiRm8nJ2UkGXzpNr3+bQvQhPigziuXO0+8910yY9QzXTfvc4mgAT1gpgU= root@jefke

nix/machines/certificates/jefke/user_ed25519.crt

@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIKdTRygvLfapNY6umK+TdoqWDIq4ZzXLZlUJ/lVvkuqtAAAAINZ3aw6gjrOt561j1Mh7kINqlavorKeujN1Q8mn/Fy69AAAAAAAAAAAAAAABAAAACWplZmtlLmh5cAAAABsAAAAJamVma2UuaHlwAAAACmh5cGVydmlzb3IAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgdmt4SFL+swd8kHsh6cQR+TfzMKObJx75fYBbHNT83zUAAABTAAAAC3NzaC1lZDI1NTE5AAAAQI36zBw4Epr1ijXBk7T5JENgisn4SbVTLkhYBWCquHcAv3nFFJOEZ1kdC/SfYaDwmXb/rNybpr3942wF0xD3/ws= root@jefke

nix/machines/certificates/lewis/host_ed25519.crt

@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIAP9Xu3G75HcVIVhrgiCKSM+YTkaCbTqI18NBdWikIlHAAAAIKfbZauF+7q3s7VxhvxdPT7XDapch0P3tD//U4/70D6cAAAAAAAAAAAAAAACAAAACWxld2lzLmh5cAAAAA0AAAAJbGV3aXMuaHlwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgXNGQfd38pUlCi6zBj8Myl6dZsMVU6cjdW63TFHR7W1sAAABTAAAAC3NzaC1lZDI1NTE5AAAAQGHtz4FNkj0LuplU+12A/sx0bE4QeHLYhctXag9DSMGJz9yOpyMpK3PPKkm6leLdGYs7RUjxwXvcj+f4k16VXA0= root@atlas

nix/machines/certificates/lewis/user_ed25519.crt

@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGqYC+tRPZ24WMroezrFgxtm8YObweMCTpz/y+dbGrzKAAAAIEuhHYB6zdSsfvLm4zXfuUbUCkUgPRu6rdt1rninA7PwAAAAAAAAAAAAAAABAAAACWxld2lzLmh5cAAAABsAAAAJbGV3aXMuaHlwAAAACmh5cGVydmlzb3IAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgdmt4SFL+swd8kHsh6cQR+TfzMKObJx75fYBbHNT83zUAAABTAAAAC3NzaC1lZDI1NTE5AAAAQGV0nCPl4HDo1Q24NnFcPc1/FPYxwkWg864eUp5hdbttL4f8h7YLtZw6k8hHIn50wVdHEJkUwYrXgR1dwYhfEwA= root@atlas

nix/machines/default.nix

@@ -0,0 +1,77 @@
+{ lib, ... }:
+let
+  machineOpts = { config, ... }: {
+    options = {
+      kind = lib.mkOption {
+        type = lib.types.enum [ "physical" "virtual" ];
+        description = ''
+          Whether this machine is physical or virtual.
+        '';
+      };
+
+      hypervisorName = lib.mkOption {
+        default = null;
+        type = with lib.types; nullOr str;
+        description = ''
+          The host name of the hypervisor hosting this virtual machine.
+        '';
+      };
+
+      arch = lib.mkOption {
+        default = null;
+        type = with lib.types; nullOr str;
+        description = ''
+          CPU architecture of this machine.
+        '';
+      };
+
+      isRaspberryPi = lib.mkOption {
+        default = false;
+        type = lib.types.bool;
+      };
+
+      isHypervisor = lib.mkOption {
+        default = false;
+        type = lib.types.bool;
+      };
+
+      # Derived value
+      isPhysical = lib.mkOption {
+        default = config.kind == "physical";
+        type = lib.types.bool;
+      };
+
+      # Derived value
+      isVirtual = lib.mkOption {
+        default = config.kind == "virtual";
+        type = lib.types.bool;
+      };
+
+      nixosModule = lib.mkOption {
+        default = { ... }: { };
+        type = lib.types.anything;
+        description = ''
+          Customized configuration for this machine in the form of a NixOS module.
+        '';
+      };
+    };
+  };
+in
+{
+  imports = [
+    ./warwick.nix
+    ./atlas.nix
+    ./jefke.nix
+    ./lewis.nix
+    ./hermes.nix
+    ./maestro.nix
+    ./bancomart.nix
+    ./vpay.nix
+  ];
+
+  options = {
+    machines = lib.mkOption {
+      type = with lib.types; attrsOf (submodule machineOpts);
+    };
+  };
+}

nix/machines/hermes.nix

@@ -0,0 +1,29 @@
+{
+  machines.hermes = {
+    kind = "virtual";
+    hypervisorName = "lewis";
+
+    nixosModule = { hypervisorConfig, ... }: {
+      lab = {
+        networking = {
+          dmz.services.enable = true;
+          staticNetworking = true;
+          staticIPv4 = hypervisorConfig.lab.networking.dmz.ipv4.services;
+          staticIPv6 = hypervisorConfig.lab.networking.dmz.ipv6.services;
+        };
+
+        vm = {
+          # TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
+          # TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?
+          id = 7;
+
+          shares = [{
+            name = "dnsmasq";
+            mountPoint = "/var/lib/dnsmasq";
+          }];
+        };
+      };
+    };
+  };
+
+}

nix/machines/jefke.nix

@@ -0,0 +1,20 @@
+{
+  machines.jefke = {
+    kind = "physical";
+    arch = "x86_64-linux";
+    isHypervisor = true;
+
+    nixosModule.lab = {
+      storage = {
+        osDisk = "/dev/sda";
+        dataPartition = "/dev/nvme0n1p1";
+      };
+
+      ssh = {
+        useCertificates = true;
+        hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;
+        userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;
+      };
+    };
+  };
+}

nix/machines/lewis.nix

@@ -0,0 +1,24 @@
+{
+  machines.lewis = {
+    kind = "physical";
+    arch = "x86_64-linux";
+    isHypervisor = true;
+
+    nixosModule.lab = {
+      backups.enable = true;
+      data-sharing.enable = true;
+      networking.dmz.allowConnectivity = true;
+
+      storage = {
+        osDisk = "/dev/sda";
+        dataPartition = "/dev/nvme0n1p1";
+      };
+
+      ssh = {
+        useCertificates = true;
+        hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;
+        userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;
+      };
+    };
+  };
+}

nix/machines/maestro.nix

@@ -0,0 +1,18 @@
+{
+  machines.maestro = {
+    kind = "virtual";
+    hypervisorName = "atlas";
+
+    nixosModule = { config, ... }: {
+      microvm.balloonMem = 7680;
+
+      lab = {
+        dockerSwarm.enable = true;
+
+        vm = {
+          id = 1;
+        };
+      };
+    };
+  };
+}

nix/machines/vpay.nix

@@ -0,0 +1,15 @@
+{
+  machines.vpay = {
+    kind = "virtual";
+    hypervisorName = "lewis";
+
+    nixosModule = {
+      microvm.balloonMem = 5120;
+
+      lab = {
+        dockerSwarm.enable = true;
+        vm.id = 3;
+      };
+    };
+  };
+}

nix/machines/warwick.nix

@@ -0,0 +1,7 @@
+{
+  machines.warwick = {
+    kind = "physical";
+    arch = "aarch64-linux";
+    isRaspberryPi = true;
+  };
+}