From 8b937fdfc45d57311dbdce33cb9e472089c32c41 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 13 Apr 2024 17:28:31 +0200 Subject: [PATCH] create own library for globals and net.nix --- README.md | 1 + configuration.nix | 9 ++------- flake-parts/checks.nix | 6 +++--- flake-parts/deploy.nix | 4 ++-- flake-parts/kubenix.nix | 7 ++++--- flake-parts/nixos.nix | 4 ++-- flake-parts/scripts/default.nix | 12 ++++++------ flake.nix | 9 +++++---- my-lib/default.nix | 4 ++++ globals.nix => my-lib/globals.nix | 2 +- net.nix => my-lib/net.nix | 5 +---- nixos-modules/default.nix | 1 - 12 files changed, 31 insertions(+), 33 deletions(-) create mode 100644 my-lib/default.nix rename globals.nix => my-lib/globals.nix (95%) rename net.nix => my-lib/net.nix (99%) diff --git a/README.md b/README.md index be0645d..6fb9cc6 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ You can generate this using `nix run .#gen-k3s-cert ~/.k This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory If the cluster has not been initialized yet, next run `nix run .#kubenix-bootstrap.x86_64-linux`. + ⚠️ Do not do this if the cluster has been initialized already, as it will prune any deployed resources! ⚠️ Lastly, deploy everything to the cluster using `nix run .#kubenix.x86_64-linux`. diff --git a/configuration.nix b/configuration.nix index 1b11de3..32e8f7a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,7 +1,6 @@ { pkgs, config, lib, machine, disko, agenix, nixos-hardware, ... }: { imports = [ - ./modules - ./globals.nix + ./nixos-modules machine.nixosModule disko.nixosModules.disko agenix.nixosModules.default @@ -11,6 +10,7 @@ time.timeZone = "Europe/Amsterdam"; hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware; age.identityPaths = [ "/etc/age_ed25519" ]; + nixpkgs.config.allowUnfree = true; i18n = { defaultLocale = "en_US.UTF-8"; @@ -79,11 +79,6 @@ rsync ]; - nixpkgs = { - config.allowUnfree = true; - overlays = [ (final: prev: { lib = prev.lib // (import ./net.nix prev); }) ]; - }; - boot = lib.mkIf (! machine.isRaspberryPi) { kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; diff --git a/flake-parts/checks.nix b/flake-parts/checks.nix index 3d1bd2a..f723510 100644 --- a/flake-parts/checks.nix +++ b/flake-parts/checks.nix @@ -1,11 +1,11 @@ -{ self, hostPkgs, machines, flake-utils, deploy-rs, ... }: flake-utils.lib.eachDefaultSystem (system: { +{ self, pkgs, machines, flake-utils, deploy-rs, ... }: flake-utils.lib.eachDefaultSystem (system: { # Deploy-rs' flake checks seem broken for architectures different from the deployment machine. # We skip these here. checks = deploy-rs.lib.${system}.deployChecks ( - hostPkgs.lib.attrsets.updateManyAttrsByPath [{ + pkgs.lib.attrsets.updateManyAttrsByPath [{ path = [ "nodes" ]; - update = hostPkgs.lib.attrsets.filterAttrs (name: node: + update = pkgs.lib.attrsets.filterAttrs (name: node: machines.${name}.arch == system ); }] diff --git a/flake-parts/deploy.nix b/flake-parts/deploy.nix index 17405df..f8f8fbe 100644 --- a/flake-parts/deploy.nix +++ b/flake-parts/deploy.nix @@ -1,4 +1,4 @@ -{ self, hostPkgs, machines, deploy-rs, ... }: +{ self, pkgs, machines, deploy-rs, ... }: let mkDeployNodes = nodeDef: builtins.mapAttrs @@ -17,7 +17,7 @@ in { hostname = nixosConfiguration.config.networking.fqdn; profiles.system = { - remoteBuild = machine.arch != hostPkgs.stdenv.hostPlatform.system; + remoteBuild = machine.arch != pkgs.stdenv.hostPlatform.system; path = deploy-rs.lib.${machine.arch}.activate.nixos nixosConfiguration; }; }); diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index 38501ad..3fe34b4 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -1,14 +1,15 @@ -{ flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem +{ myLib, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem (system: { + # TODO: DRY kubenix = kubenix.packages.${system}.default.override { - specialArgs = { inherit kubenix nixhelm system; }; + specialArgs = { inherit myLib kubenix nixhelm system; }; module = { imports = [ ../kubenix-modules/all.nix ]; }; }; kubenix-bootstrap = kubenix.packages.${system}.default.override { - specialArgs = { inherit kubenix nixhelm system; }; + specialArgs = { inherit myLib kubenix nixhelm system; }; module = { imports = [ ../kubenix-modules/base.nix ]; }; }; }) diff --git a/flake-parts/nixos.nix b/flake-parts/nixos.nix index 396e789..9013db7 100644 --- a/flake-parts/nixos.nix +++ b/flake-parts/nixos.nix @@ -1,4 +1,4 @@ -{ nixpkgs, nixpkgs-unstable, machines, dns, agenix, nixos-hardware, kubenix, disko, ... }: +{ myLib, nixpkgs, nixpkgs-unstable, machines, dns, agenix, nixos-hardware, kubenix, disko, ... }: let mkNixosSystems = systemDef: builtins.mapAttrs @@ -11,7 +11,7 @@ in nixosConfigurations = mkNixosSystems (name: machine: { system = machine.arch; - specialArgs = { inherit nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; }; + specialArgs = { inherit myLib nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; }; modules = [ ../configuration.nix { networking.hostName = name; } diff --git a/flake-parts/scripts/default.nix b/flake-parts/scripts/default.nix index dd2dff8..49e1e5c 100644 --- a/flake-parts/scripts/default.nix +++ b/flake-parts/scripts/default.nix @@ -1,19 +1,19 @@ -{ flake-utils, hostPkgs, ... }: flake-utils.lib.eachDefaultSystem (system: +{ flake-utils, pkgs, ... }: flake-utils.lib.eachDefaultSystem (system: let createScript = name: runtimeInputs: scriptPath: let - script = (hostPkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { + script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { buildCommand = "${old.buildCommand}\n patchShebangs $out"; }); in - hostPkgs.symlinkJoin { + pkgs.symlinkJoin { inherit name; paths = [ script ] ++ runtimeInputs; - buildInputs = [ hostPkgs.makeWrapper ]; + buildInputs = [ pkgs.makeWrapper ]; postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin"; }; in { - packages.bootstrap = createScript "bootstrap" (with hostPkgs; [ libsecret coreutils nixos-anywhere ]) ./bootstrap.sh; - packages.gen-k3s-cert = createScript "create-k3s-cert" (with hostPkgs; [ openssl coreutils openssh yq ]) ./gen-k3s-cert.sh; + packages.bootstrap = createScript "bootstrap" (with pkgs; [ libsecret coreutils nixos-anywhere ]) ./bootstrap.sh; + packages.gen-k3s-cert = createScript "create-k3s-cert" (with pkgs; [ openssl coreutils openssh yq ]) ./gen-k3s-cert.sh; }) diff --git a/flake.nix b/flake.nix index f47fc2d..e661648 100644 --- a/flake.nix +++ b/flake.nix @@ -37,11 +37,12 @@ outputs = inputs@{ self, nixpkgs, flake-utils, ... }: let - hostSystem = "x86_64-linux"; - hostPkgs = import nixpkgs { system = hostSystem; }; - machines = (hostPkgs.lib.modules.evalModules { modules = [ (import ./machines) ]; }).config.machines; + system = "x86_64-linux"; + pkgs = import nixpkgs { inherit system; }; + machines = (pkgs.lib.modules.evalModules { modules = [ (import ./machines) ]; }).config.machines; + myLib = import ./my-lib pkgs.lib; in - flake-utils.lib.meld (inputs // { inherit hostPkgs machines; }) [ + flake-utils.lib.meld (inputs // { inherit pkgs machines myLib; }) [ ./flake-parts/scripts ./flake-parts/checks.nix ./flake-parts/deploy.nix diff --git a/my-lib/default.nix b/my-lib/default.nix new file mode 100644 index 0000000..37e3eeb --- /dev/null +++ b/my-lib/default.nix @@ -0,0 +1,4 @@ +lib: { + net = import ./net.nix lib; + globals = import ./globals.nix; +} diff --git a/globals.nix b/my-lib/globals.nix similarity index 95% rename from globals.nix rename to my-lib/globals.nix index 373e276..b0d7438 100644 --- a/globals.nix +++ b/my-lib/globals.nix @@ -1,5 +1,5 @@ { - lab.networking = { + networking = { public = { ipv4.router = "192.145.57.90"; ipv6.router = "2a0d:6e00:1a77::1"; diff --git a/net.nix b/my-lib/net.nix similarity index 99% rename from net.nix rename to my-lib/net.nix index 152d606..9f5b0e5 100644 --- a/net.nix +++ b/my-lib/net.nix @@ -1320,7 +1320,4 @@ let }; in - -{ - inherit net; -} +net diff --git a/nixos-modules/default.nix b/nixos-modules/default.nix index b35e378..8d3c5d2 100644 --- a/nixos-modules/default.nix +++ b/nixos-modules/default.nix @@ -4,7 +4,6 @@ ./backups.nix ./networking ./data-sharing.nix - ./globals.nix ./monitoring ./k3s ];