diff --git a/nixos/machines/atlas.nix b/nixos/machines/atlas.nix new file mode 100644 index 0000000..1d61c19 --- /dev/null +++ b/nixos/machines/atlas.nix @@ -0,0 +1,21 @@ +{ + machines.atlas = { + kind = "physical"; + arch = "x86_64-linux"; + isHypervisor = true; + + nixosModule.lab = { + storage = { + osDisk = "/dev/sda"; + dataPartition = "/dev/nvme0n1p1"; + }; + + ssh = { + useCertificates = true; + hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt; + userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt; + }; + }; + }; + +} diff --git a/nixos/machines/bancomart.nix b/nixos/machines/bancomart.nix new file mode 100644 index 0000000..cb635ec --- /dev/null +++ b/nixos/machines/bancomart.nix @@ -0,0 +1,15 @@ +{ + machines.bancomart = { + kind = "virtual"; + hypervisorName = "jefke"; + + nixosModule = { + microvm.balloonMem = 7680; + + lab = { + dockerSwarm.enable = true; + vm.id = 2; + }; + }; + }; +} diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix index 180d8f4..3404f2b 100644 --- a/nixos/machines/default.nix +++ b/nixos/machines/default.nix @@ -47,158 +47,20 @@ let }; in { + imports = [ + ./warwick.nix + ./atlas.nix + ./jefke.nix + ./lewis.nix + ./hermes.nix + ./maestro.nix + ./bancomart.nix + ./vpay.nix + ]; + options = { machines = lib.mkOption { type = with lib.types; attrsOf (submodule machineOpts); }; }; - - config = { - machines = { - warwick = { - kind = "physical"; - arch = "aarch64-linux"; - isRaspberryPi = true; - - nixosModule.lab = { - storage = { - osDisk = "/dev/sda"; - }; - }; - }; - - atlas = { - kind = "physical"; - arch = "x86_64-linux"; - isHypervisor = true; - - nixosModule.lab = { - storage = { - osDisk = "/dev/sda"; - dataPartition = "/dev/nvme0n1p1"; - }; - - ssh = { - useCertificates = true; - hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt; - userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt; - }; - }; - }; - - jefke = { - kind = "physical"; - arch = "x86_64-linux"; - isHypervisor = true; - - nixosModule.lab = { - storage = { - osDisk = "/dev/sda"; - dataPartition = "/dev/nvme0n1p1"; - }; - - ssh = { - useCertificates = true; - hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt; - userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt; - }; - }; - }; - - lewis = { - kind = "physical"; - arch = "x86_64-linux"; - isHypervisor = true; - - nixosModule.lab = { - backups.enable = true; - data-sharing.enable = true; - networking.dmz.allowConnectivity = true; - - storage = { - osDisk = "/dev/sda"; - dataPartition = "/dev/nvme0n1p1"; - }; - - ssh = { - useCertificates = true; - hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt; - userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt; - }; - }; - }; - - hermes = { - kind = "virtual"; - hypervisorName = "lewis"; - - nixosModule = { hypervisorConfig, ... }: { - lab = { - networking = { - dmz.services.enable = true; - staticNetworking = true; - staticIPv4 = hypervisorConfig.lab.networking.dmz.ipv4.services; - staticIPv6 = hypervisorConfig.lab.networking.dmz.ipv6.services; - }; - - vm = { - # TODO: would be cool to create a check that a mac address is only ever assigned to one VM. - # TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible? - id = 7; - - shares = [{ - name = "dnsmasq"; - mountPoint = "/var/lib/dnsmasq"; - }]; - }; - }; - }; - }; - - maestro = { - kind = "virtual"; - hypervisorName = "atlas"; - - nixosModule = { config, ... }: { - microvm.balloonMem = 7680; - - lab = { - dockerSwarm.enable = true; - - vm = { - id = 1; - }; - }; - }; - }; - - bancomart = { - kind = "virtual"; - hypervisorName = "jefke"; - - nixosModule = { - microvm.balloonMem = 7680; - - lab = { - dockerSwarm.enable = true; - vm.id = 2; - }; - }; - }; - - vpay = { - kind = "virtual"; - hypervisorName = "lewis"; - - nixosModule = { - microvm.balloonMem = 5120; - - lab = { - dockerSwarm.enable = true; - vm.id = 3; - }; - }; - }; - }; - }; } diff --git a/nixos/machines/hermes.nix b/nixos/machines/hermes.nix new file mode 100644 index 0000000..35b3061 --- /dev/null +++ b/nixos/machines/hermes.nix @@ -0,0 +1,29 @@ +{ + machines.hermes = { + kind = "virtual"; + hypervisorName = "lewis"; + + nixosModule = { hypervisorConfig, ... }: { + lab = { + networking = { + dmz.services.enable = true; + staticNetworking = true; + staticIPv4 = hypervisorConfig.lab.networking.dmz.ipv4.services; + staticIPv6 = hypervisorConfig.lab.networking.dmz.ipv6.services; + }; + + vm = { + # TODO: would be cool to create a check that a mac address is only ever assigned to one VM. + # TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible? + id = 7; + + shares = [{ + name = "dnsmasq"; + mountPoint = "/var/lib/dnsmasq"; + }]; + }; + }; + }; + }; + +} diff --git a/nixos/machines/jefke.nix b/nixos/machines/jefke.nix new file mode 100644 index 0000000..44c7896 --- /dev/null +++ b/nixos/machines/jefke.nix @@ -0,0 +1,20 @@ +{ + machines.jefke = { + kind = "physical"; + arch = "x86_64-linux"; + isHypervisor = true; + + nixosModule.lab = { + storage = { + osDisk = "/dev/sda"; + dataPartition = "/dev/nvme0n1p1"; + }; + + ssh = { + useCertificates = true; + hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt; + userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt; + }; + }; + }; +} diff --git a/nixos/machines/lewis.nix b/nixos/machines/lewis.nix new file mode 100644 index 0000000..d7fbfd5 --- /dev/null +++ b/nixos/machines/lewis.nix @@ -0,0 +1,24 @@ +{ + machines.lewis = { + kind = "physical"; + arch = "x86_64-linux"; + isHypervisor = true; + + nixosModule.lab = { + backups.enable = true; + data-sharing.enable = true; + networking.dmz.allowConnectivity = true; + + storage = { + osDisk = "/dev/sda"; + dataPartition = "/dev/nvme0n1p1"; + }; + + ssh = { + useCertificates = true; + hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt; + userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt; + }; + }; + }; +} diff --git a/nixos/machines/maestro.nix b/nixos/machines/maestro.nix new file mode 100644 index 0000000..54f3c74 --- /dev/null +++ b/nixos/machines/maestro.nix @@ -0,0 +1,18 @@ +{ + machines.maestro = { + kind = "virtual"; + hypervisorName = "atlas"; + + nixosModule = { config, ... }: { + microvm.balloonMem = 7680; + + lab = { + dockerSwarm.enable = true; + + vm = { + id = 1; + }; + }; + }; + }; +} diff --git a/nixos/machines/vpay.nix b/nixos/machines/vpay.nix new file mode 100644 index 0000000..49a1a67 --- /dev/null +++ b/nixos/machines/vpay.nix @@ -0,0 +1,15 @@ +{ + machines.vpay = { + kind = "virtual"; + hypervisorName = "lewis"; + + nixosModule = { + microvm.balloonMem = 5120; + + lab = { + dockerSwarm.enable = true; + vm.id = 3; + }; + }; + }; +} diff --git a/nixos/machines/warwick.nix b/nixos/machines/warwick.nix new file mode 100644 index 0000000..4c0bb8a --- /dev/null +++ b/nixos/machines/warwick.nix @@ -0,0 +1,14 @@ +{ + machines.warwick = { + kind = "physical"; + arch = "aarch64-linux"; + isRaspberryPi = true; + + nixosModule.lab = { + # TODO: can we do this differently? + storage = { + osDisk = "/dev/sda"; + }; + }; + }; +}