home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

create own library for globals and net.nix

Browse source
This commit is contained in:
Pim Kunis 2024-04-13 17:28:31 +02:00
parent c8023afceb
commit 8b937fdfc4
12 changed files with 31 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -42,6 +42,7 @@ You can generate this using `nix run .#gen-k3s-cert <username> <servername> ~/.k
This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory
If the cluster has not been initialized yet, next run `nix run .#kubenix-bootstrap.x86_64-linux`. If the cluster has not been initialized yet, next run `nix run .#kubenix-bootstrap.x86_64-linux`.
⚠️ Do not do this if the cluster has been initialized already, as it will prune any deployed resources! ⚠️ ⚠️ Do not do this if the cluster has been initialized already, as it will prune any deployed resources! ⚠️
Lastly, deploy everything to the cluster using `nix run .#kubenix.x86_64-linux`. Lastly, deploy everything to the cluster using `nix run .#kubenix.x86_64-linux`.

9
configuration.nix
View file

@ -1,7 +1,6 @@
{ pkgs, config, lib, machine, disko, agenix, nixos-hardware, ... }: { { pkgs, config, lib, machine, disko, agenix, nixos-hardware, ... }: {
imports = [ imports = [
./modules ./nixos-modules
./globals.nix
machine.nixosModule machine.nixosModule
disko.nixosModules.disko disko.nixosModules.disko
agenix.nixosModules.default agenix.nixosModules.default
@ -11,6 +10,7 @@
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware;
age.identityPaths = [ "/etc/age_ed25519" ]; age.identityPaths = [ "/etc/age_ed25519" ];
nixpkgs.config.allowUnfree = true;
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
@ -79,11 +79,6 @@
rsync rsync
]; ];
nixpkgs = {
config.allowUnfree = true;
overlays = [ (final: prev: { lib = prev.lib // (import ./net.nix prev); }) ];
};
boot = lib.mkIf (! machine.isRaspberryPi) { boot = lib.mkIf (! machine.isRaspberryPi) {
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ]; extraModulePackages = [ ];

6
flake-parts/checks.nix
View file

@ -1,11 +1,11 @@
{ self, hostPkgs, machines, flake-utils, deploy-rs, ... }: flake-utils.lib.eachDefaultSystem (system: { { self, pkgs, machines, flake-utils, deploy-rs, ... }: flake-utils.lib.eachDefaultSystem (system: {
# Deploy-rs' flake checks seem broken for architectures different from the deployment machine. # Deploy-rs' flake checks seem broken for architectures different from the deployment machine.
# We skip these here. # We skip these here.
checks = deploy-rs.lib.${system}.deployChecks ( checks = deploy-rs.lib.${system}.deployChecks (
hostPkgs.lib.attrsets.updateManyAttrsByPath [{ pkgs.lib.attrsets.updateManyAttrsByPath [{
path = [ "nodes" ]; path = [ "nodes" ];
update = hostPkgs.lib.attrsets.filterAttrs (name: node: update = pkgs.lib.attrsets.filterAttrs (name: node:
machines.${name}.arch == system machines.${name}.arch == system
); );
}] }]

4
flake-parts/deploy.nix
View file

@ -1,4 +1,4 @@
{ self, hostPkgs, machines, deploy-rs, ... }: { self, pkgs, machines, deploy-rs, ... }:
let let
mkDeployNodes = nodeDef: mkDeployNodes = nodeDef:
builtins.mapAttrs builtins.mapAttrs
@ -17,7 +17,7 @@ in
{ {
hostname = nixosConfiguration.config.networking.fqdn; hostname = nixosConfiguration.config.networking.fqdn;
profiles.system = { profiles.system = {
remoteBuild = machine.arch != hostPkgs.stdenv.hostPlatform.system; remoteBuild = machine.arch != pkgs.stdenv.hostPlatform.system;
path = deploy-rs.lib.${machine.arch}.activate.nixos nixosConfiguration; path = deploy-rs.lib.${machine.arch}.activate.nixos nixosConfiguration;
}; };
}); });

7
flake-parts/kubenix.nix
View file

@ -1,14 +1,15 @@
{ flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem { myLib, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem
(system: { (system: {
# TODO: DRY
kubenix = kubenix.packages.${system}.default.override kubenix = kubenix.packages.${system}.default.override
{ {
specialArgs = { inherit kubenix nixhelm system; }; specialArgs = { inherit myLib kubenix nixhelm system; };
module = { imports = [ ../kubenix-modules/all.nix ]; }; module = { imports = [ ../kubenix-modules/all.nix ]; };
}; };
kubenix-bootstrap = kubenix.packages.${system}.default.override kubenix-bootstrap = kubenix.packages.${system}.default.override
{ {
specialArgs = { inherit kubenix nixhelm system; }; specialArgs = { inherit myLib kubenix nixhelm system; };
module = { imports = [ ../kubenix-modules/base.nix ]; }; module = { imports = [ ../kubenix-modules/base.nix ]; };
}; };
}) })

4
flake-parts/nixos.nix
View file

@ -1,4 +1,4 @@
{ nixpkgs, nixpkgs-unstable, machines, dns, agenix, nixos-hardware, kubenix, disko, ... }: { myLib, nixpkgs, nixpkgs-unstable, machines, dns, agenix, nixos-hardware, kubenix, disko, ... }:
let let
mkNixosSystems = systemDef: mkNixosSystems = systemDef:
builtins.mapAttrs builtins.mapAttrs
@ -11,7 +11,7 @@ in
nixosConfigurations = mkNixosSystems (name: machine: { nixosConfigurations = mkNixosSystems (name: machine: {
system = machine.arch; system = machine.arch;
specialArgs = { inherit nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; }; specialArgs = { inherit myLib nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; };
modules = [ modules = [
../configuration.nix ../configuration.nix
{ networking.hostName = name; } { networking.hostName = name; }

12
flake-parts/scripts/default.nix
View file

@ -1,19 +1,19 @@
{ flake-utils, hostPkgs, ... }: flake-utils.lib.eachDefaultSystem (system: { flake-utils, pkgs, ... }: flake-utils.lib.eachDefaultSystem (system:
let let
createScript = name: runtimeInputs: scriptPath: createScript = name: runtimeInputs: scriptPath:
let let
script = (hostPkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out"; buildCommand = "${old.buildCommand}\n patchShebangs $out";
}); });
in in
hostPkgs.symlinkJoin { pkgs.symlinkJoin {
inherit name; inherit name;
paths = [ script ] ++ runtimeInputs; paths = [ script ] ++ runtimeInputs;
buildInputs = [ hostPkgs.makeWrapper ]; buildInputs = [ pkgs.makeWrapper ];
postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin"; postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin";
}; };
in in
{ {
packages.bootstrap = createScript "bootstrap" (with hostPkgs; [ libsecret coreutils nixos-anywhere ]) ./bootstrap.sh; packages.bootstrap = createScript "bootstrap" (with pkgs; [ libsecret coreutils nixos-anywhere ]) ./bootstrap.sh;
packages.gen-k3s-cert = createScript "create-k3s-cert" (with hostPkgs; [ openssl coreutils openssh yq ]) ./gen-k3s-cert.sh; packages.gen-k3s-cert = createScript "create-k3s-cert" (with pkgs; [ openssl coreutils openssh yq ]) ./gen-k3s-cert.sh;
}) })

9
flake.nix
View file

@ -37,11 +37,12 @@
outputs = outputs =
inputs@{ self, nixpkgs, flake-utils, ... }: inputs@{ self, nixpkgs, flake-utils, ... }:
let let
hostSystem = "x86_64-linux"; system = "x86_64-linux";
hostPkgs = import nixpkgs { system = hostSystem; }; pkgs = import nixpkgs { inherit system; };
machines = (hostPkgs.lib.modules.evalModules { modules = [ (import ./machines) ]; }).config.machines; machines = (pkgs.lib.modules.evalModules { modules = [ (import ./machines) ]; }).config.machines;
myLib = import ./my-lib pkgs.lib;
in in
flake-utils.lib.meld (inputs // { inherit hostPkgs machines; }) [ flake-utils.lib.meld (inputs // { inherit pkgs machines myLib; }) [
./flake-parts/scripts ./flake-parts/scripts
./flake-parts/checks.nix ./flake-parts/checks.nix
./flake-parts/deploy.nix ./flake-parts/deploy.nix

4
my-lib/default.nix Normal file
View file

@ -0,0 +1,4 @@
lib: {
net = import ./net.nix lib;
globals = import ./globals.nix;
}

2
globals.nix → my-lib/globals.nix
View file

@ -1,5 +1,5 @@
{ {
lab.networking = { networking = {
public = { public = {
ipv4.router = "192.145.57.90"; ipv4.router = "192.145.57.90";
ipv6.router = "2a0d:6e00:1a77::1"; ipv6.router = "2a0d:6e00:1a77::1";

5
net.nix → my-lib/net.nix
View file

@ -1320,7 +1320,4 @@ let
}; };
in in
net
{
inherit net;
}

1
nixos-modules/default.nix
View file

@ -4,7 +4,6 @@
./backups.nix ./backups.nix
./networking ./networking
./data-sharing.nix ./data-sharing.nix
./globals.nix
./monitoring ./monitoring
./k3s ./k3s
]; ];