feat(meta/*): support generalized deployments
Some checks failed
Check meta / check_dns (push) Successful in 18s
Check meta / check_meta (push) Successful in 18s
Run pre-commit on all files / check (push) Successful in 25s
Check meta / check_dns (pull_request) Successful in 18s
Check meta / check_meta (pull_request) Successful in 18s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / bridge01 (pull_request) Failing after 24s
Build all the nodes / geo01 (pull_request) Failing after 25s
Build all the nodes / geo02 (pull_request) Failing after 25s
Build all the nodes / compute01 (pull_request) Failing after 30s
Build all the nodes / rescue01 (pull_request) Failing after 25s
Build all the nodes / storage01 (pull_request) Failing after 23s
Build all the nodes / vault01 (pull_request) Failing after 24s
Build all the nodes / web01 (pull_request) Failing after 26s
Build all the nodes / web02 (pull_request) Failing after 26s
Build all the nodes / web03 (pull_request) Failing after 26s
Run pre-commit on all files / check (pull_request) Successful in 24s
Some checks failed
Check meta / check_dns (push) Successful in 18s
Check meta / check_meta (push) Successful in 18s
Run pre-commit on all files / check (push) Successful in 25s
Check meta / check_dns (pull_request) Successful in 18s
Check meta / check_meta (pull_request) Successful in 18s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / bridge01 (pull_request) Failing after 24s
Build all the nodes / geo01 (pull_request) Failing after 25s
Build all the nodes / geo02 (pull_request) Failing after 25s
Build all the nodes / compute01 (pull_request) Failing after 30s
Build all the nodes / rescue01 (pull_request) Failing after 25s
Build all the nodes / storage01 (pull_request) Failing after 23s
Build all the nodes / vault01 (pull_request) Failing after 24s
Build all the nodes / web01 (pull_request) Failing after 26s
Build all the nodes / web02 (pull_request) Failing after 26s
Build all the nodes / web03 (pull_request) Failing after 26s
Run pre-commit on all files / check (pull_request) Successful in 24s
Our colmena knows how to deal with families of system types, e.g. NixOS systems or Liminix-based systems. This is a step 1 towards supporting our APs in our infrastructure. Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
This commit is contained in:
parent
ae057f480f
commit
0d803998b5
13 changed files with 146 additions and 66 deletions
|
@ -37,7 +37,6 @@
|
|||
{
|
||||
sources ? import ./npins,
|
||||
pkgs ? import sources.nixpkgs { },
|
||||
nix-pkgs ? import sources.nix-pkgs { inherit pkgs; },
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -112,7 +111,9 @@ in
|
|||
}))
|
||||
pkgs.npins
|
||||
|
||||
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
|
||||
(pkgs.callPackage ./lib/colmena {
|
||||
colmena = pkgs.callPackage "${sources.colmena}/package.nix" { };
|
||||
})
|
||||
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
||||
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
|
||||
] ++ (builtins.attrValues scripts);
|
||||
|
|
110
hive.nix
110
hive.nix
|
@ -6,6 +6,7 @@ let
|
|||
.applyPatches' sources';
|
||||
|
||||
nix-lib = import ./lib/nix-lib;
|
||||
inherit (nix-lib) warn;
|
||||
|
||||
patch = import ./lib/nix-patches { patchFile = ./patches; };
|
||||
|
||||
|
@ -15,15 +16,23 @@ let
|
|||
mkNode = node: {
|
||||
# Import the base configuration for each node
|
||||
imports = [ ./machines/${node}/_configuration.nix ];
|
||||
|
||||
deployment.systemType = "nixos";
|
||||
};
|
||||
|
||||
nixpkgs' = import ./meta/nixpkgs.nix;
|
||||
# All supported nixpkgs versions, instanciated
|
||||
nixpkgs = nix-lib.mapSingleFuse mkNixpkgs nixpkgs'.supported;
|
||||
# All supported nixpkgs versions × systems, instanciated
|
||||
nixpkgs = nix-lib.mapSingleFuse (
|
||||
s: nix-lib.mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions.supported
|
||||
) nixpkgs'.systems.supported;
|
||||
|
||||
# Get the configured nixos version for the node,
|
||||
# defaulting to the one defined in meta/nixpkgs
|
||||
version = node: nodes'.${node}.nixpkgs or nixpkgs'.default;
|
||||
version = node: nodes'.${node}.nixpkgs.version or nixpkgs'.versions.default;
|
||||
systemType =
|
||||
node:
|
||||
nodes'.${node}.nixpkgs.system
|
||||
or (warn "${node}: Not specifying the `deployment.systemType` is deprecated!" "nixos");
|
||||
|
||||
# Builds a patched version of nixpkgs, only as the source
|
||||
mkNixpkgs' =
|
||||
|
@ -33,17 +42,42 @@ let
|
|||
name = "nixos-${v}";
|
||||
};
|
||||
|
||||
# Build up the nixpkgs configuration for Liminix embedded systems
|
||||
mkLiminixConfig =
|
||||
system: _:
|
||||
(import "${sources.liminix}/devices/${system}").system
|
||||
// {
|
||||
overlays = [ (import "${sources.liminix}/overlay.nix") ];
|
||||
config = {
|
||||
allowUnsupportedSystem = true; # mipsel
|
||||
permittedInsecurePackages = [
|
||||
"python-2.7.18.8" # Python < 3.x is needed for kernel backports.
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# Build up the arguments to instantiate a nixpkgs given a system and a version.
|
||||
mkNixpkgsConfig =
|
||||
system: version:
|
||||
if system == "nixos" then
|
||||
{ }
|
||||
else if system == "zyxel-nwa50ax" then
|
||||
(mkLiminixConfig system version)
|
||||
else
|
||||
(throw "Unknown system: ${system} for nixpkgs configuration instantiation");
|
||||
|
||||
# Instanciates the required nixpkgs version
|
||||
mkNixpkgs = version: import (mkNixpkgs' version) { };
|
||||
mkSystemNixpkgs = system: version: import (mkNixpkgs' version) (mkNixpkgsConfig system version);
|
||||
|
||||
###
|
||||
# Function to create arguments based on the node
|
||||
#
|
||||
mkArgs = node: rec {
|
||||
lib = nixpkgs.${version node}.lib // {
|
||||
lib = nixpkgs.${systemType node}.${version node}.lib // {
|
||||
extra = nix-lib;
|
||||
};
|
||||
|
||||
sourcePkgs = nixpkgs.${systemType node}.${version node};
|
||||
meta = (import ./meta) lib;
|
||||
|
||||
nodeMeta = meta.nodes.${node};
|
||||
|
@ -52,7 +86,7 @@ in
|
|||
|
||||
{
|
||||
meta = {
|
||||
nodeNixpkgs = nix-lib.mapSingleFuse (n: nixpkgs.${version n}) nodes;
|
||||
nodeNixpkgs = nix-lib.mapSingleFuse (n: nixpkgs.${systemType n}.${version n}) nodes;
|
||||
|
||||
specialArgs = {
|
||||
inherit nixpkgs sources;
|
||||
|
@ -63,40 +97,46 @@ in
|
|||
nodeSpecialArgs = nix-lib.mapSingleFuse mkArgs nodes;
|
||||
};
|
||||
|
||||
defaults =
|
||||
{ name, nodeMeta, ... }:
|
||||
{
|
||||
# Import the default modules
|
||||
imports = [
|
||||
./modules
|
||||
(import "${sources.lix-module}/module.nix" { inherit (sources) lix; })
|
||||
];
|
||||
registry = {
|
||||
nixos = {
|
||||
# NOTE: this means that we are evaluating any system, independent of their actual nixpkgs version, with the unstable evaluation entrypoint.
|
||||
evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
|
||||
defaults =
|
||||
{ name, nodeMeta, ... }:
|
||||
{
|
||||
# Import the default modules
|
||||
imports = [
|
||||
./modules
|
||||
(import "${sources.lix-module}/module.nix" { inherit (sources) lix; })
|
||||
];
|
||||
|
||||
# Include default secrets
|
||||
age-secrets.sources = [ ./machines/${name}/secrets ];
|
||||
# Include default secrets
|
||||
age-secrets.sources = [ ./machines/${name}/secrets ];
|
||||
|
||||
# Deployment config is specified in meta.nodes.${node}.deployment
|
||||
inherit (nodeMeta) deployment;
|
||||
# Deployment config is specified in meta.nodes.${node}.deployment
|
||||
inherit (nodeMeta) deployment;
|
||||
|
||||
nix = {
|
||||
# Set NIX_PATH to the patched version of nixpkgs
|
||||
nixPath = [ "nixpkgs=${mkNixpkgs' (version name)}" ];
|
||||
optimise.automatic = true;
|
||||
nix = {
|
||||
# Set NIX_PATH to the patched version of nixpkgs
|
||||
nixPath = [ "nixpkgs=${mkNixpkgs' (version name)}" ];
|
||||
optimise.automatic = true;
|
||||
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
};
|
||||
|
||||
# Allow unfree packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# Use the stateVersion declared in the metadata
|
||||
system = {
|
||||
inherit (nodeMeta) stateVersion;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Allow unfree packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# Use the stateVersion declared in the metadata
|
||||
system = {
|
||||
inherit (nodeMeta) stateVersion;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
// (nix-lib.mapSingleFuse mkNode nodes)
|
||||
|
|
|
@ -42,6 +42,7 @@ rec {
|
|||
recursiveUpdate
|
||||
splitString
|
||||
unique
|
||||
warn
|
||||
;
|
||||
|
||||
/*
|
||||
|
|
|
@ -453,10 +453,10 @@ rec {
|
|||
# `builtins.warn` requires a string message, so we enforce that in our implementation, so that callers aren't accidentally incompatible with newer Nix versions.
|
||||
assert builtins.isString msg;
|
||||
if mustAbort then
|
||||
builtins.trace "␛[1;31mevaluation warning:␛[0m ${msg}" (
|
||||
builtins.trace "[1;31mevaluation warning:[0m ${msg}" (
|
||||
abort "NIX_ABORT_ON_WARN=true; warnings are treated as unrecoverable errors."
|
||||
)
|
||||
else
|
||||
builtins.trace "␛[1;35mevaluation warning:␛[0m ${msg}" v
|
||||
builtins.trace "[1;35mevaluation warning:[0m ${msg}" v
|
||||
);
|
||||
}
|
||||
|
|
|
@ -9,7 +9,9 @@
|
|||
|
||||
services.signal-irc-bridge = {
|
||||
enable = true;
|
||||
package = nixpkgs.unstable.callPackage (sources.signal-irc-bridge.outPath + "/package.nix") { };
|
||||
package = nixpkgs.nixos.unstable.callPackage (
|
||||
sources.signal-irc-bridge.outPath + "/package.nix"
|
||||
) { };
|
||||
configFile = config.age.secrets."signal-irc-bridge-config".path;
|
||||
};
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ in
|
|||
services.stirling-pdf = {
|
||||
enable = true;
|
||||
|
||||
package = nixpkgs.unstable.stirling-pdf.overrideAttrs (old: {
|
||||
package = nixpkgs.nixos.unstable.stirling-pdf.overrideAttrs (old: {
|
||||
patches = (old.patches or [ ]) ++ [
|
||||
(builtins.fetchurl "https://git.dgnum.eu/DGNum/Stirling-PDF/commit/${dgn-id}.patch")
|
||||
];
|
||||
|
|
|
@ -10,7 +10,7 @@ in
|
|||
enable = true;
|
||||
|
||||
user = "git";
|
||||
package = nixpkgs.unstable.forgejo;
|
||||
package = nixpkgs.nixos.unstable.forgejo;
|
||||
stateDir = "/var/lib/git";
|
||||
|
||||
database = {
|
||||
|
|
|
@ -15,7 +15,7 @@ in
|
|||
netbird.server = {
|
||||
enable = true;
|
||||
|
||||
package = nixpkgs.unstable.netbird;
|
||||
package = nixpkgs.nixos.unstable.netbird;
|
||||
|
||||
inherit domain;
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ in
|
|||
services = {
|
||||
netbox = {
|
||||
enable = true;
|
||||
package = nixpkgs.unstable.netbox_4_1;
|
||||
package = nixpkgs.nixos.unstable.netbox_4_1;
|
||||
secretKeyFile = "/dev/null";
|
||||
listenAddress = "127.0.0.1";
|
||||
plugins = p: [ p.netbox-qrcode ];
|
||||
|
|
|
@ -1,11 +1,24 @@
|
|||
{
|
||||
# Default version of nixpkgs to use
|
||||
default = "24.05";
|
||||
versions = {
|
||||
# Default version of nixpkgs to use
|
||||
default = "24.05";
|
||||
|
||||
# Supported nixpkgs versions
|
||||
supported = [
|
||||
"unstable"
|
||||
"23.11"
|
||||
"24.05"
|
||||
];
|
||||
# Supported nixpkgs versions
|
||||
supported = [
|
||||
"unstable"
|
||||
"23.11"
|
||||
"24.05"
|
||||
];
|
||||
};
|
||||
|
||||
systems = {
|
||||
# Default system for our deployments
|
||||
default = "nixos";
|
||||
|
||||
# Supported system types
|
||||
supported = [
|
||||
"zyxel-nwa50ax"
|
||||
"nixos"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
|
||||
stateVersion = "23.05";
|
||||
nix-modules = [ "services/stirling-pdf" ];
|
||||
nixpkgs = "24.05";
|
||||
nixpkgs.version = "24.05";
|
||||
};
|
||||
|
||||
geo01 = {
|
||||
|
@ -54,7 +54,7 @@
|
|||
hashedPassword = "$y$j9T$2XmDpJu.QLhV57yYCh5Lf1$LK.X0HKB02Q0Ujvhj5nIofW2IRrIAL/Uxnvl9AXM1L8";
|
||||
|
||||
stateVersion = "24.05";
|
||||
nixpkgs = "24.05";
|
||||
nixpkgs.version = "24.05";
|
||||
};
|
||||
|
||||
geo02 = {
|
||||
|
@ -64,7 +64,7 @@
|
|||
hashedPassword = "$y$j9T$Q4fbMpSm9beWu4DPNAR9t0$dx/1pH4GPY72LpS5ZiECXAZFDdxwmIywztsX.qo2VVA";
|
||||
|
||||
stateVersion = "24.05";
|
||||
nixpkgs = "24.05";
|
||||
nixpkgs.version = "24.05";
|
||||
};
|
||||
|
||||
rescue01 = {
|
||||
|
@ -84,7 +84,7 @@
|
|||
hashedPassword = "$y$j9T$tvRu1EJ9MwDSvEm0ogwe70$bKSw6nNteN0L3NOy2Yix7KlIvO/oROQmQ.Ynq002Fg8";
|
||||
|
||||
stateVersion = "23.11";
|
||||
nixpkgs = "24.05";
|
||||
nixpkgs.version = "24.05";
|
||||
|
||||
nix-modules = [
|
||||
"services/forgejo-nix-runners"
|
||||
|
@ -99,7 +99,7 @@
|
|||
hashedPassword = "$y$j9T$5osXVNxCDxu3jIndcyh7G.$UrjiDRpMu3W59tKHLGNdLWllZh.4p8IM4sBS5SrNrN1";
|
||||
|
||||
stateVersion = "23.11";
|
||||
nixpkgs = "24.05";
|
||||
nixpkgs.version = "24.05";
|
||||
|
||||
adminGroups = [ "fai" ];
|
||||
};
|
||||
|
@ -114,7 +114,7 @@
|
|||
stateVersion = "23.05";
|
||||
vm-cluster = "Hyperviseur NPS";
|
||||
|
||||
nixpkgs = "24.05";
|
||||
nixpkgs.version = "24.05";
|
||||
};
|
||||
|
||||
web02 = {
|
||||
|
@ -123,7 +123,7 @@
|
|||
hashedPassword = "$y$j9T$p42UVNy78PykkQOjPwXNJ/$B/zCUOrHXVSFGUY63wnViMiSmU2vCWsiX0y62qqgNQ5";
|
||||
|
||||
stateVersion = "24.05";
|
||||
nixpkgs = "24.05";
|
||||
nixpkgs.version = "24.05";
|
||||
vm-cluster = "Hyperviseur NPS";
|
||||
};
|
||||
|
||||
|
@ -133,7 +133,7 @@
|
|||
hashedPassword = "$y$j9T$Un/tcX5SPKNXG.sy/BcTa.$kyNHELjb1GAOWnauJfcjyVi5tacWcuEBKflZDCUC6x4";
|
||||
|
||||
stateVersion = "24.05";
|
||||
nixpkgs = "unstable";
|
||||
nixpkgs.version = "unstable";
|
||||
vm-cluster = "Hyperviseur NPS";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ let
|
|||
inherit (lib.types)
|
||||
attrs
|
||||
attrsOf
|
||||
enum
|
||||
ints
|
||||
listOf
|
||||
nullOr
|
||||
|
@ -35,6 +36,7 @@ let
|
|||
};
|
||||
|
||||
org = config.organization;
|
||||
nixpkgs = import ./nixpkgs.nix;
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -137,12 +139,22 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
nixpkgs = mkOption {
|
||||
type = str;
|
||||
inherit (import ./nixpkgs.nix) default;
|
||||
description = ''
|
||||
Version of nixpkgs to use.
|
||||
'';
|
||||
nixpkgs = {
|
||||
version = mkOption {
|
||||
type = enum nixpkgs.versions.supported;
|
||||
inherit (nixpkgs.versions) default;
|
||||
description = ''
|
||||
Version of nixpkgs to use.
|
||||
'';
|
||||
};
|
||||
system = mkOption {
|
||||
type = enum nixpkgs.systems.supported;
|
||||
inherit (nixpkgs.systems) default;
|
||||
description = ''
|
||||
Type of system for this node, will impact how it is evaluated and deployed.
|
||||
'';
|
||||
example = "zyxel-nwa50ax";
|
||||
};
|
||||
};
|
||||
|
||||
nix-modules = mkOption {
|
||||
|
|
|
@ -38,6 +38,17 @@
|
|||
"url": null,
|
||||
"hash": "09z5l5yh4zm0mf9hb3xc18gjk2dgv3l1icywrsxax00y1i1zlvna"
|
||||
},
|
||||
"colmena": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
"type": "Git",
|
||||
"url": "https://git.dgnum.eu/DGNum/colmena"
|
||||
},
|
||||
"branch": "main",
|
||||
"revision": "71b1b660f2cda2e34e134d0028cafbd56bb22008",
|
||||
"url": null,
|
||||
"hash": "0pkzs70j1qch2238mbpl9aspzbkh0kgab25vnpr37nb75lmq81ij"
|
||||
},
|
||||
"dgsi": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
|
|
Loading…
Reference in a new issue