home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

split machines into file for each machine

Browse source
This commit is contained in:
Pim Kunis 2024-02-29 20:30:32 +01:00
parent 904098c877
commit 960d3f6075
9 changed files with 167 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
nixos/machines/atlas.nix Normal file
View file

@ -0,0 +1,21 @@
{
machines.atlas = {
kind = "physical";
arch = "x86_64-linux";
isHypervisor = true;
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;
userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;
};
};
};
}

15
nixos/machines/bancomart.nix Normal file
View file

@ -0,0 +1,15 @@
{
machines.bancomart = {
kind = "virtual";
hypervisorName = "jefke";
nixosModule = {
microvm.balloonMem = 7680;
lab = {
dockerSwarm.enable = true;
vm.id = 2;
};
};
};
}

160
nixos/machines/default.nix
View file

@ -47,158 +47,20 @@ let
};
in
{
imports = [
./warwick.nix
./atlas.nix
./jefke.nix
./lewis.nix
./hermes.nix
./maestro.nix
./bancomart.nix
./vpay.nix
];
options = {
machines = lib.mkOption {
type = with lib.types; attrsOf (submodule machineOpts);
};
};
config = {
machines = {
warwick = {
kind = "physical";
arch = "aarch64-linux";
isRaspberryPi = true;
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
};
};
};
atlas = {
kind = "physical";
arch = "x86_64-linux";
isHypervisor = true;
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;
userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;
};
};
};
jefke = {
kind = "physical";
arch = "x86_64-linux";
isHypervisor = true;
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;
userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;
};
};
};
lewis = {
kind = "physical";
arch = "x86_64-linux";
isHypervisor = true;
nixosModule.lab = {
backups.enable = true;
data-sharing.enable = true;
networking.dmz.allowConnectivity = true;
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;
userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;
};
};
};
hermes = {
kind = "virtual";
hypervisorName = "lewis";
nixosModule = { hypervisorConfig, ... }: {
lab = {
networking = {
dmz.services.enable = true;
staticNetworking = true;
staticIPv4 = hypervisorConfig.lab.networking.dmz.ipv4.services;
staticIPv6 = hypervisorConfig.lab.networking.dmz.ipv6.services;
};
vm = {
# TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
# TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?
id = 7;
shares = [{
name = "dnsmasq";
mountPoint = "/var/lib/dnsmasq";
}];
};
};
};
};
maestro = {
kind = "virtual";
hypervisorName = "atlas";
nixosModule = { config, ... }: {
microvm.balloonMem = 7680;
lab = {
dockerSwarm.enable = true;
vm = {
id = 1;
};
};
};
};
bancomart = {
kind = "virtual";
hypervisorName = "jefke";
nixosModule = {
microvm.balloonMem = 7680;
lab = {
dockerSwarm.enable = true;
vm.id = 2;
};
};
};
vpay = {
kind = "virtual";
hypervisorName = "lewis";
nixosModule = {
microvm.balloonMem = 5120;
lab = {
dockerSwarm.enable = true;
vm.id = 3;
};
};
};
};
};
}

29
nixos/machines/hermes.nix Normal file
View file

@ -0,0 +1,29 @@
{
machines.hermes = {
kind = "virtual";
hypervisorName = "lewis";
nixosModule = { hypervisorConfig, ... }: {
lab = {
networking = {
dmz.services.enable = true;
staticNetworking = true;
staticIPv4 = hypervisorConfig.lab.networking.dmz.ipv4.services;
staticIPv6 = hypervisorConfig.lab.networking.dmz.ipv6.services;
};
vm = {
# TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
# TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?
id = 7;
shares = [{
name = "dnsmasq";
mountPoint = "/var/lib/dnsmasq";
}];
};
};
};
};
}

20
nixos/machines/jefke.nix Normal file
View file

@ -0,0 +1,20 @@
{
machines.jefke = {
kind = "physical";
arch = "x86_64-linux";
isHypervisor = true;
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;
userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;
};
};
};
}

24
nixos/machines/lewis.nix Normal file
View file

@ -0,0 +1,24 @@
{
machines.lewis = {
kind = "physical";
arch = "x86_64-linux";
isHypervisor = true;
nixosModule.lab = {
backups.enable = true;
data-sharing.enable = true;
networking.dmz.allowConnectivity = true;
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;
userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;
};
};
};
}

18
nixos/machines/maestro.nix Normal file
View file

@ -0,0 +1,18 @@
{
machines.maestro = {
kind = "virtual";
hypervisorName = "atlas";
nixosModule = { config, ... }: {
microvm.balloonMem = 7680;
lab = {
dockerSwarm.enable = true;
vm = {
id = 1;
};
};
};
};
}

15
nixos/machines/vpay.nix Normal file
View file

@ -0,0 +1,15 @@
{
machines.vpay = {
kind = "virtual";
hypervisorName = "lewis";
nixosModule = {
microvm.balloonMem = 5120;
lab = {
dockerSwarm.enable = true;
vm.id = 3;
};
};
};
}

14
nixos/machines/warwick.nix Normal file
View file

@ -0,0 +1,14 @@
{
machines.warwick = {
kind = "physical";
arch = "aarch64-linux";
isRaspberryPi = true;
nixosModule.lab = {
# TODO: can we do this differently?
storage = {
osDisk = "/dev/sda";
};
};
};
}