modularize docker swarm config

This commit is contained in:
Pim Kunis 2024-02-07 23:15:48 +01:00
parent 257afae918
commit 8b8106fade
4 changed files with 103 additions and 104 deletions

View file

@ -7,7 +7,7 @@
agenix.nixosModules.default agenix.nixosModules.default
] ]
++ lib.lists.optional (machine.type == "physical") ./physical.nix ++ lib.lists.optional (machine.type == "physical") ./physical.nix
++ lib.lists.optional (machine.type == "virtual") ./virtual.nix; ++ lib.lists.optional (machine.type == "virtual") ./virtual;
config = { config = {
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";

View file

@ -73,15 +73,13 @@
staticNetworking = true; staticNetworking = true;
staticIPv4 = config.lab.networking.dmz.ipv4.services; staticIPv4 = config.lab.networking.dmz.ipv4.services;
staticIPv6 = config.lab.networking.dmz.ipv6.services; staticIPv6 = config.lab.networking.dmz.ipv6.services;
shares = [{
name = "dnsmasq";
mountPoint = "/var/lib/dnsmasq";
}];
}; };
}; };
microvm.shares = [{
source = "/var/lib/microvms/${config.networking.hostName}/shares/dnsmasq";
mountPoint = "/var/lib/dnsmasq";
tag = "dnsmasq";
proto = "virtiofs";
}];
}; };
}; };
@ -90,38 +88,16 @@
hypervisorName = "atlas"; hypervisorName = "atlas";
nixosModule = { pkgs, lib, config, ... }: { nixosModule = { pkgs, lib, config, ... }: {
lab.vm = { lab = {
id = 1; dockerSwarm.enable = true;
staticNetworking = true;
staticIPv4 = "192.168.30.42"; vm = {
staticIPv6 = "2a0d:6e00:1a77:30::42"; id = 1;
staticNetworking = true;
staticIPv4 = "192.168.30.42";
staticIPv6 = "2a0d:6e00:1a77:30::42";
};
}; };
microvm.shares = [{
source = "/var/lib/microvms/${config.networking.hostName}/shares/docker";
mountPoint = "/var/lib/docker";
tag = "docker";
proto = "virtiofs";
}];
networking = {
nftables.enable = lib.mkForce false;
firewall.enable = lib.mkForce false;
};
virtualisation.docker = {
enable = true;
liveRestore = false;
};
environment.systemPackages = with pkgs; [
(python311.withPackages (python-pkgs: [
python-pkgs.docker
python-pkgs.requests
python-pkgs.jsondiff
python-pkgs.pyyaml
]))
];
}; };
}; };
@ -130,33 +106,10 @@
hypervisorName = "jefke"; hypervisorName = "jefke";
nixosModule = { pkgs, lib, config, ... }: { nixosModule = { pkgs, lib, config, ... }: {
lab.vm.id = 2; lab = {
dockerSwarm.enable = true;
microvm.shares = [{ vm.id = 2;
source = "/var/lib/microvms/${config.networking.hostName}/shares/docker";
mountPoint = "/var/lib/docker";
tag = "docker";
proto = "virtiofs";
}];
networking = {
nftables.enable = lib.mkForce false;
firewall.enable = lib.mkForce false;
}; };
virtualisation.docker = {
enable = true;
liveRestore = false;
};
environment.systemPackages = with pkgs; [
(python311.withPackages (python-pkgs: [
python-pkgs.docker
python-pkgs.requests
python-pkgs.jsondiff
python-pkgs.pyyaml
]))
];
}; };
}; };
@ -165,33 +118,10 @@
hypervisorName = "lewis"; hypervisorName = "lewis";
nixosModule = { pkgs, lib, config, ... }: { nixosModule = { pkgs, lib, config, ... }: {
lab.vm.id = 3; lab = {
dockerSwarm.enable = true;
microvm.shares = [{ vm.id = 3;
source = "/var/lib/microvms/${config.networking.hostName}/shares/docker";
mountPoint = "/var/lib/docker";
tag = "docker";
proto = "virtiofs";
}];
networking = {
nftables.enable = lib.mkForce false;
firewall.enable = lib.mkForce false;
}; };
virtualisation.docker = {
enable = true;
liveRestore = false;
};
environment.systemPackages = with pkgs; [
(python311.withPackages (python-pkgs: [
python-pkgs.docker
python-pkgs.requests
python-pkgs.jsondiff
python-pkgs.pyyaml
]))
];
}; };
}; };
} }

View file

@ -1,4 +1,6 @@
{ pkgs, lib, config, hypervisorConfig, ... }: { { pkgs, lib, config, hypervisorConfig, ... }: {
imports = [ ./docker_swarm.nix ];
options.lab.vm = { options.lab.vm = {
baseMACAddress = lib.mkOption { baseMACAddress = lib.mkOption {
default = "BA:DB:EE:F0:00:00"; default = "BA:DB:EE:F0:00:00";
@ -37,11 +39,40 @@
Static IPv6 address for the VM. Static IPv6 address for the VM.
''; '';
}; };
shares = lib.mkOption {
default = [ ];
description = ''
Directories mounted on the VM using VirtioFS.
'';
type = lib.types.listOf (lib.types.submodule ({ config, ... }: {
options = {
name = lib.mkOption {
type = lib.types.str;
description = ''
The name of the directory share.
'';
};
mountPoint = lib.mkOption {
type = lib.types.str;
description = ''
The mount point of the directory share inside the virtual machine.
'';
};
};
}));
};
}; };
config = { config = {
system.stateVersion = hypervisorConfig.system.stateVersion; system.stateVersion = hypervisorConfig.system.stateVersion;
lab.vm.shares = [{
name = "host_keys";
mountPoint = "/etc/ssh/host_keys";
}];
services.openssh = { services.openssh = {
hostKeys = [{ hostKeys = [{
path = "/etc/ssh/host_keys/ssh_host_ed25519_key"; path = "/etc/ssh/host_keys/ssh_host_ed25519_key";
@ -54,20 +85,19 @@
}; };
microvm = { microvm = {
shares = [ shares = [{
{ source = "/nix/store";
source = "/nix/store"; mountPoint = "/nix/.ro-store";
mountPoint = "/nix/.ro-store"; tag = "ro-store";
tag = "ro-store"; proto = "virtiofs";
}] ++ map
(share: {
source = "/var/lib/microvms/${config.networking.hostName}/shares/${share.name}";
mountPoint = share.mountPoint;
tag = share.name;
proto = "virtiofs"; proto = "virtiofs";
} })
{ config.lab.vm.shares;
source = "/var/lib/microvms/${config.networking.hostName}/shares/host_keys";
mountPoint = "/etc/ssh/host_keys";
tag = "host_keys";
proto = "virtiofs";
}
];
interfaces = [{ interfaces = [{
type = "tap"; type = "tap";

View file

@ -0,0 +1,39 @@
{ pkgs, lib, config, machine, ... }:
let
cfg = config.lab.dockerSwarm;
in
{
options.lab.dockerSwarm.enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to enable Docker Swarm on this host.
'';
};
config = lib.mkIf cfg.enable {
lab.vm.shares = lib.mkIf (machine.type == "virtual") [{
name = "docker";
mountPoint = "/var/lib/docker";
}];
networking = {
nftables.enable = lib.mkForce false;
firewall.enable = lib.mkForce false;
};
virtualisation.docker = {
enable = true;
liveRestore = false;
};
environment.systemPackages = [
(pkgs.python311.withPackages (python-pkgs: with python-pkgs; [
docker
requests
jsondiff
pyyaml
]))
];
};
}