From 8b8106fade40aa4667b5fd2383dc74fd1506b4c1 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Wed, 7 Feb 2024 23:15:48 +0100
Subject: [PATCH] modularize docker swarm config

---
 nixos/default.nix                          |   2 +-
 nixos/machines/default.nix                 | 110 ++++-----------------
 nixos/{virtual.nix => virtual/default.nix} |  56 ++++++++---
 nixos/virtual/docker_swarm.nix             |  39 ++++++++
 4 files changed, 103 insertions(+), 104 deletions(-)
 rename nixos/{virtual.nix => virtual/default.nix} (72%)
 create mode 100644 nixos/virtual/docker_swarm.nix

diff --git a/nixos/default.nix b/nixos/default.nix
index 26b5976..e27dea6 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -7,7 +7,7 @@
     agenix.nixosModules.default
   ]
   ++ lib.lists.optional (machine.type == "physical") ./physical.nix
-  ++ lib.lists.optional (machine.type == "virtual") ./virtual.nix;
+  ++ lib.lists.optional (machine.type == "virtual") ./virtual;
 
   config = {
     time.timeZone = "Europe/Amsterdam";
diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix
index 9cdda92..e1e94da 100644
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@@ -73,15 +73,13 @@
           staticNetworking = true;
           staticIPv4 = config.lab.networking.dmz.ipv4.services;
           staticIPv6 = config.lab.networking.dmz.ipv6.services;
+
+          shares = [{
+            name = "dnsmasq";
+            mountPoint = "/var/lib/dnsmasq";
+          }];
         };
       };
-
-      microvm.shares = [{
-        source = "/var/lib/microvms/${config.networking.hostName}/shares/dnsmasq";
-        mountPoint = "/var/lib/dnsmasq";
-        tag = "dnsmasq";
-        proto = "virtiofs";
-      }];
     };
   };
 
@@ -90,38 +88,16 @@
     hypervisorName = "atlas";
 
     nixosModule = { pkgs, lib, config, ... }: {
-      lab.vm = {
-        id = 1;
-        staticNetworking = true;
-        staticIPv4 = "192.168.30.42";
-        staticIPv6 = "2a0d:6e00:1a77:30::42";
+      lab = {
+        dockerSwarm.enable = true;
+
+        vm = {
+          id = 1;
+          staticNetworking = true;
+          staticIPv4 = "192.168.30.42";
+          staticIPv6 = "2a0d:6e00:1a77:30::42";
+        };
       };
-
-      microvm.shares = [{
-        source = "/var/lib/microvms/${config.networking.hostName}/shares/docker";
-        mountPoint = "/var/lib/docker";
-        tag = "docker";
-        proto = "virtiofs";
-      }];
-
-      networking = {
-        nftables.enable = lib.mkForce false;
-        firewall.enable = lib.mkForce false;
-      };
-
-      virtualisation.docker = {
-        enable = true;
-        liveRestore = false;
-      };
-
-      environment.systemPackages = with pkgs; [
-        (python311.withPackages (python-pkgs: [
-          python-pkgs.docker
-          python-pkgs.requests
-          python-pkgs.jsondiff
-          python-pkgs.pyyaml
-        ]))
-      ];
     };
   };
 
@@ -130,33 +106,10 @@
     hypervisorName = "jefke";
 
     nixosModule = { pkgs, lib, config, ... }: {
-      lab.vm.id = 2;
-
-      microvm.shares = [{
-        source = "/var/lib/microvms/${config.networking.hostName}/shares/docker";
-        mountPoint = "/var/lib/docker";
-        tag = "docker";
-        proto = "virtiofs";
-      }];
-
-      networking = {
-        nftables.enable = lib.mkForce false;
-        firewall.enable = lib.mkForce false;
+      lab = {
+        dockerSwarm.enable = true;
+        vm.id = 2;
       };
-
-      virtualisation.docker = {
-        enable = true;
-        liveRestore = false;
-      };
-
-      environment.systemPackages = with pkgs; [
-        (python311.withPackages (python-pkgs: [
-          python-pkgs.docker
-          python-pkgs.requests
-          python-pkgs.jsondiff
-          python-pkgs.pyyaml
-        ]))
-      ];
     };
   };
 
@@ -165,33 +118,10 @@
     hypervisorName = "lewis";
 
     nixosModule = { pkgs, lib, config, ... }: {
-      lab.vm.id = 3;
-
-      microvm.shares = [{
-        source = "/var/lib/microvms/${config.networking.hostName}/shares/docker";
-        mountPoint = "/var/lib/docker";
-        tag = "docker";
-        proto = "virtiofs";
-      }];
-
-      networking = {
-        nftables.enable = lib.mkForce false;
-        firewall.enable = lib.mkForce false;
+      lab = {
+        dockerSwarm.enable = true;
+        vm.id = 3;
       };
-
-      virtualisation.docker = {
-        enable = true;
-        liveRestore = false;
-      };
-
-      environment.systemPackages = with pkgs; [
-        (python311.withPackages (python-pkgs: [
-          python-pkgs.docker
-          python-pkgs.requests
-          python-pkgs.jsondiff
-          python-pkgs.pyyaml
-        ]))
-      ];
     };
   };
 }
diff --git a/nixos/virtual.nix b/nixos/virtual/default.nix
similarity index 72%
rename from nixos/virtual.nix
rename to nixos/virtual/default.nix
index e1b7cab..d0035b7 100644
--- a/nixos/virtual.nix
+++ b/nixos/virtual/default.nix
@@ -1,4 +1,6 @@
 { pkgs, lib, config, hypervisorConfig, ... }: {
+  imports = [ ./docker_swarm.nix ];
+
   options.lab.vm = {
     baseMACAddress = lib.mkOption {
       default = "BA:DB:EE:F0:00:00";
@@ -37,11 +39,40 @@
         Static IPv6 address for the VM.
       '';
     };
+
+    shares = lib.mkOption {
+      default = [ ];
+      description = ''
+        Directories mounted on the VM using VirtioFS.
+      '';
+      type = lib.types.listOf (lib.types.submodule ({ config, ... }: {
+        options = {
+          name = lib.mkOption {
+            type = lib.types.str;
+            description = ''
+              The name of the directory share.
+            '';
+          };
+
+          mountPoint = lib.mkOption {
+            type = lib.types.str;
+            description = ''
+              The mount point of the directory share inside the virtual machine.
+            '';
+          };
+        };
+      }));
+    };
   };
 
   config = {
     system.stateVersion = hypervisorConfig.system.stateVersion;
 
+    lab.vm.shares = [{
+      name = "host_keys";
+      mountPoint = "/etc/ssh/host_keys";
+    }];
+
     services.openssh = {
       hostKeys = [{
         path = "/etc/ssh/host_keys/ssh_host_ed25519_key";
@@ -54,20 +85,19 @@
     };
 
     microvm = {
-      shares = [
-        {
-          source = "/nix/store";
-          mountPoint = "/nix/.ro-store";
-          tag = "ro-store";
+      shares = [{
+        source = "/nix/store";
+        mountPoint = "/nix/.ro-store";
+        tag = "ro-store";
+        proto = "virtiofs";
+      }] ++ map
+        (share: {
+          source = "/var/lib/microvms/${config.networking.hostName}/shares/${share.name}";
+          mountPoint = share.mountPoint;
+          tag = share.name;
           proto = "virtiofs";
-        }
-        {
-          source = "/var/lib/microvms/${config.networking.hostName}/shares/host_keys";
-          mountPoint = "/etc/ssh/host_keys";
-          tag = "host_keys";
-          proto = "virtiofs";
-        }
-      ];
+        })
+        config.lab.vm.shares;
 
       interfaces = [{
         type = "tap";
diff --git a/nixos/virtual/docker_swarm.nix b/nixos/virtual/docker_swarm.nix
new file mode 100644
index 0000000..34538d2
--- /dev/null
+++ b/nixos/virtual/docker_swarm.nix
@@ -0,0 +1,39 @@
+{ pkgs, lib, config, machine, ... }:
+let
+  cfg = config.lab.dockerSwarm;
+in
+{
+  options.lab.dockerSwarm.enable = lib.mkOption {
+    default = false;
+    type = lib.types.bool;
+    description = ''
+      Whether to enable Docker Swarm on this host.
+    '';
+  };
+
+  config = lib.mkIf cfg.enable {
+    lab.vm.shares = lib.mkIf (machine.type == "virtual") [{
+      name = "docker";
+      mountPoint = "/var/lib/docker";
+    }];
+
+    networking = {
+      nftables.enable = lib.mkForce false;
+      firewall.enable = lib.mkForce false;
+    };
+
+    virtualisation.docker = {
+      enable = true;
+      liveRestore = false;
+    };
+
+    environment.systemPackages = [
+      (pkgs.python311.withPackages (python-pkgs: with python-pkgs; [
+        docker
+        requests
+        jsondiff
+        pyyaml
+      ]))
+    ];
+  };
+}