home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

create module system for machines

Browse source
This commit is contained in:
Pim Kunis 2024-02-29 00:28:38 +01:00
parent 9ee519055b
commit e7f35bf1bd
3 changed files with 186 additions and 147 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -35,7 +35,7 @@
pkgs = nixpkgs.legacyPackages.${controllerArch}; pkgs = nixpkgs.legacyPackages.${controllerArch};
lib = pkgs.lib; lib = pkgs.lib;
pkgs-unstable = nixpkgs-unstable.legacyPackages.${controllerArch}; pkgs-unstable = nixpkgs-unstable.legacyPackages.${controllerArch};
machines = import ./nixos/machines; machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines; physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines;
mkNixosSystems = systemDef: mkNixosSystems = systemDef:
builtins.mapAttrs builtins.mapAttrs

329
nixos/machines/default.nix
View file

@ -1,167 +1,206 @@
# TODO: Create a nixos module system for this. (mkMerge) { lib, ... }:
# That way, we don't have to specify isRaspberryPi on every machine... etc. let
machineOpts = { ... }: {
options = {
# TODO: rename to kind?
type = lib.mkOption {
type = lib.types.enum [ "physical" "virtual" ];
description = ''
Whether this machine is physical or virtual.
'';
};
hypervisorName = lib.mkOption {
default = null;
type = with lib.types; nullOr str;
description = ''
The host name of the hypervisor hosting this virtual machine.
'';
};
arch = lib.mkOption {
default = null;
type = with lib.types; nullOr str;
description = ''
CPU architecture of this machine.
'';
};
isRaspberryPi = lib.mkOption {
default = false;
type = lib.types.bool;
};
isHypervisor = lib.mkOption {
default = false;
type = lib.types.bool;
};
nixosModule = lib.mkOption {
default = { ... }: { };
type = lib.types.anything;
description = ''
Customized configuration for this machine in the form of a NixOS module.
'';
};
};
};
in
{ {
warwick = { options = {
type = "physical"; machines = lib.mkOption {
arch = "aarch64-linux"; type = with lib.types; attrsOf (submodule machineOpts);
isRaspberryPi = true;
isHypervisor = false;
isVirtualMachine = false;
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
};
}; };
}; };
atlas = { config = {
type = "physical"; machines = {
arch = "x86_64-linux"; warwick = {
isRaspberryPi = false; type = "physical";
isHypervisor = true; arch = "aarch64-linux";
isVirtualMachine = false; isRaspberryPi = true;
nixosModule.lab = { nixosModule.lab = {
storage = { storage = {
osDisk = "/dev/sda"; osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1"; };
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;
userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;
};
};
};
jefke = {
type = "physical";
arch = "x86_64-linux";
isRaspberryPi = false;
isHypervisor = true;
isVirtualMachine = false;
nixosModule.lab = {
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;
userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;
};
};
};
lewis = {
type = "physical";
arch = "x86_64-linux";
isRaspberryPi = false;
isHypervisor = true;
isVirtualMachine = false;
nixosModule.lab = {
backups.enable = true;
data-sharing.enable = true;
networking.dmz.allowConnectivity = true;
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;
userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;
};
};
};
hermes = {
type = "virtual";
hypervisorName = "lewis";
isRaspberryPi = false;
isVirtualMachine = true;
isHypervisor = false;
nixosModule = { config, ... }: {
lab = {
networking = {
dmz.services.enable = true;
staticNetworking = true;
staticIPv4 = config.lab.networking.dmz.ipv4.services;
staticIPv6 = config.lab.networking.dmz.ipv6.services;
};
vm = {
# TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
# TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?
id = 7;
shares = [{
name = "dnsmasq";
mountPoint = "/var/lib/dnsmasq";
}];
}; };
}; };
};
};
maestro = { atlas = {
type = "virtual"; type = "physical";
hypervisorName = "atlas"; arch = "x86_64-linux";
isRaspberryPi = false; isHypervisor = true;
isVirtualMachine = false;
isHypervisor = false;
nixosModule = { config, ... }: { nixosModule.lab = {
microvm.balloonMem = 7680; storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
lab = { ssh = {
dockerSwarm.enable = true; useCertificates = true;
hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;
vm = { userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;
id = 1; };
}; };
}; };
};
};
bancomart = { jefke = {
type = "virtual"; type = "physical";
hypervisorName = "jefke"; arch = "x86_64-linux";
isRaspberryPi = false; isHypervisor = true;
isVirtualMachine = false;
isHypervisor = false;
nixosModule = { nixosModule.lab = {
microvm.balloonMem = 7680; storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
lab = { ssh = {
dockerSwarm.enable = true; useCertificates = true;
vm.id = 2; hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;
userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;
};
};
}; };
};
};
vpay = { lewis = {
type = "virtual"; type = "physical";
hypervisorName = "lewis"; arch = "x86_64-linux";
isRaspberryPi = false; isHypervisor = true;
isVirtualMachine = false;
isHypervisor = false;
nixosModule = { nixosModule.lab = {
microvm.balloonMem = 5120; backups.enable = true;
data-sharing.enable = true;
networking.dmz.allowConnectivity = true;
lab = { storage = {
dockerSwarm.enable = true; osDisk = "/dev/sda";
vm.id = 3; dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;
userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;
};
};
};
hermes = {
type = "virtual";
hypervisorName = "lewis";
nixosModule = { config, ... }: {
lab = {
networking = {
dmz.services.enable = true;
staticNetworking = true;
# TODO: This seems to cause infinite recursion? Really weird.
# staticIPv4 = config.lab.networking.dmz.ipv4.services;
# staticIPv6 = config.lab.networking.dmz.ipv6.services;
staticIPv4 = "192.168.30.7";
staticIPv6 = "2a0d:6e00:1a77:30::7";
};
vm = {
# # TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
# # TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?
id = 7;
shares = [{
name = "dnsmasq";
mountPoint = "/var/lib/dnsmasq";
}];
};
};
};
};
maestro = {
type = "virtual";
hypervisorName = "atlas";
nixosModule = { config, ... }: {
microvm.balloonMem = 7680;
lab = {
dockerSwarm.enable = true;
vm = {
id = 1;
};
};
};
};
bancomart = {
type = "virtual";
hypervisorName = "jefke";
nixosModule = {
microvm.balloonMem = 7680;
lab = {
dockerSwarm.enable = true;
vm.id = 2;
};
};
};
vpay = {
type = "virtual";
hypervisorName = "lewis";
nixosModule = {
microvm.balloonMem = 5120;
lab = {
dockerSwarm.enable = true;
vm.id = 3;
};
};
}; };
}; };
}; };

2
nixos/modules/networking/default.nix
View file

@ -117,7 +117,7 @@ in {
networkConfig.Bridge = cfg.dmz.bridgeName; networkConfig.Bridge = cfg.dmz.bridgeName;
}; };
}) })
(lib.optionalAttrs machine.isVirtualMachine { (lib.optionalAttrs (machine.type == "virtual") {
"30-main-nic" = { "30-main-nic" = {
matchConfig.Name = "en*"; matchConfig.Name = "en*";