feat(meta/*): support generalized deployments
Some checks failed
Check meta / check_dns (push) Successful in 18s
Check meta / check_meta (push) Successful in 18s
Run pre-commit on all files / check (push) Successful in 25s
Check meta / check_dns (pull_request) Successful in 18s
Check meta / check_meta (pull_request) Successful in 18s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / bridge01 (pull_request) Failing after 24s
Build all the nodes / geo01 (pull_request) Failing after 25s
Build all the nodes / geo02 (pull_request) Failing after 25s
Build all the nodes / compute01 (pull_request) Failing after 30s
Build all the nodes / rescue01 (pull_request) Failing after 25s
Build all the nodes / storage01 (pull_request) Failing after 23s
Build all the nodes / vault01 (pull_request) Failing after 24s
Build all the nodes / web01 (pull_request) Failing after 26s
Build all the nodes / web02 (pull_request) Failing after 26s
Build all the nodes / web03 (pull_request) Failing after 26s
Run pre-commit on all files / check (pull_request) Successful in 24s
Some checks failed
Check meta / check_dns (push) Successful in 18s
Check meta / check_meta (push) Successful in 18s
Run pre-commit on all files / check (push) Successful in 25s
Check meta / check_dns (pull_request) Successful in 18s
Check meta / check_meta (pull_request) Successful in 18s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / bridge01 (pull_request) Failing after 24s
Build all the nodes / geo01 (pull_request) Failing after 25s
Build all the nodes / geo02 (pull_request) Failing after 25s
Build all the nodes / compute01 (pull_request) Failing after 30s
Build all the nodes / rescue01 (pull_request) Failing after 25s
Build all the nodes / storage01 (pull_request) Failing after 23s
Build all the nodes / vault01 (pull_request) Failing after 24s
Build all the nodes / web01 (pull_request) Failing after 26s
Build all the nodes / web02 (pull_request) Failing after 26s
Build all the nodes / web03 (pull_request) Failing after 26s
Run pre-commit on all files / check (pull_request) Successful in 24s
Our colmena knows how to deal with families of system types, e.g. NixOS systems or Liminix-based systems. This is a step 1 towards supporting our APs in our infrastructure. Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
This commit is contained in:
parent
ae057f480f
commit
0d803998b5
13 changed files with 146 additions and 66 deletions
|
@ -37,7 +37,6 @@
|
||||||
{
|
{
|
||||||
sources ? import ./npins,
|
sources ? import ./npins,
|
||||||
pkgs ? import sources.nixpkgs { },
|
pkgs ? import sources.nixpkgs { },
|
||||||
nix-pkgs ? import sources.nix-pkgs { inherit pkgs; },
|
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
@ -112,7 +111,9 @@ in
|
||||||
}))
|
}))
|
||||||
pkgs.npins
|
pkgs.npins
|
||||||
|
|
||||||
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
|
(pkgs.callPackage ./lib/colmena {
|
||||||
|
colmena = pkgs.callPackage "${sources.colmena}/package.nix" { };
|
||||||
|
})
|
||||||
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
||||||
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
|
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
|
||||||
] ++ (builtins.attrValues scripts);
|
] ++ (builtins.attrValues scripts);
|
||||||
|
|
52
hive.nix
52
hive.nix
|
@ -6,6 +6,7 @@ let
|
||||||
.applyPatches' sources';
|
.applyPatches' sources';
|
||||||
|
|
||||||
nix-lib = import ./lib/nix-lib;
|
nix-lib = import ./lib/nix-lib;
|
||||||
|
inherit (nix-lib) warn;
|
||||||
|
|
||||||
patch = import ./lib/nix-patches { patchFile = ./patches; };
|
patch = import ./lib/nix-patches { patchFile = ./patches; };
|
||||||
|
|
||||||
|
@ -15,15 +16,23 @@ let
|
||||||
mkNode = node: {
|
mkNode = node: {
|
||||||
# Import the base configuration for each node
|
# Import the base configuration for each node
|
||||||
imports = [ ./machines/${node}/_configuration.nix ];
|
imports = [ ./machines/${node}/_configuration.nix ];
|
||||||
|
|
||||||
|
deployment.systemType = "nixos";
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs' = import ./meta/nixpkgs.nix;
|
nixpkgs' = import ./meta/nixpkgs.nix;
|
||||||
# All supported nixpkgs versions, instanciated
|
# All supported nixpkgs versions × systems, instanciated
|
||||||
nixpkgs = nix-lib.mapSingleFuse mkNixpkgs nixpkgs'.supported;
|
nixpkgs = nix-lib.mapSingleFuse (
|
||||||
|
s: nix-lib.mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions.supported
|
||||||
|
) nixpkgs'.systems.supported;
|
||||||
|
|
||||||
# Get the configured nixos version for the node,
|
# Get the configured nixos version for the node,
|
||||||
# defaulting to the one defined in meta/nixpkgs
|
# defaulting to the one defined in meta/nixpkgs
|
||||||
version = node: nodes'.${node}.nixpkgs or nixpkgs'.default;
|
version = node: nodes'.${node}.nixpkgs.version or nixpkgs'.versions.default;
|
||||||
|
systemType =
|
||||||
|
node:
|
||||||
|
nodes'.${node}.nixpkgs.system
|
||||||
|
or (warn "${node}: Not specifying the `deployment.systemType` is deprecated!" "nixos");
|
||||||
|
|
||||||
# Builds a patched version of nixpkgs, only as the source
|
# Builds a patched version of nixpkgs, only as the source
|
||||||
mkNixpkgs' =
|
mkNixpkgs' =
|
||||||
|
@ -33,17 +42,42 @@ let
|
||||||
name = "nixos-${v}";
|
name = "nixos-${v}";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Build up the nixpkgs configuration for Liminix embedded systems
|
||||||
|
mkLiminixConfig =
|
||||||
|
system: _:
|
||||||
|
(import "${sources.liminix}/devices/${system}").system
|
||||||
|
// {
|
||||||
|
overlays = [ (import "${sources.liminix}/overlay.nix") ];
|
||||||
|
config = {
|
||||||
|
allowUnsupportedSystem = true; # mipsel
|
||||||
|
permittedInsecurePackages = [
|
||||||
|
"python-2.7.18.8" # Python < 3.x is needed for kernel backports.
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Build up the arguments to instantiate a nixpkgs given a system and a version.
|
||||||
|
mkNixpkgsConfig =
|
||||||
|
system: version:
|
||||||
|
if system == "nixos" then
|
||||||
|
{ }
|
||||||
|
else if system == "zyxel-nwa50ax" then
|
||||||
|
(mkLiminixConfig system version)
|
||||||
|
else
|
||||||
|
(throw "Unknown system: ${system} for nixpkgs configuration instantiation");
|
||||||
|
|
||||||
# Instanciates the required nixpkgs version
|
# Instanciates the required nixpkgs version
|
||||||
mkNixpkgs = version: import (mkNixpkgs' version) { };
|
mkSystemNixpkgs = system: version: import (mkNixpkgs' version) (mkNixpkgsConfig system version);
|
||||||
|
|
||||||
###
|
###
|
||||||
# Function to create arguments based on the node
|
# Function to create arguments based on the node
|
||||||
#
|
#
|
||||||
mkArgs = node: rec {
|
mkArgs = node: rec {
|
||||||
lib = nixpkgs.${version node}.lib // {
|
lib = nixpkgs.${systemType node}.${version node}.lib // {
|
||||||
extra = nix-lib;
|
extra = nix-lib;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sourcePkgs = nixpkgs.${systemType node}.${version node};
|
||||||
meta = (import ./meta) lib;
|
meta = (import ./meta) lib;
|
||||||
|
|
||||||
nodeMeta = meta.nodes.${node};
|
nodeMeta = meta.nodes.${node};
|
||||||
|
@ -52,7 +86,7 @@ in
|
||||||
|
|
||||||
{
|
{
|
||||||
meta = {
|
meta = {
|
||||||
nodeNixpkgs = nix-lib.mapSingleFuse (n: nixpkgs.${version n}) nodes;
|
nodeNixpkgs = nix-lib.mapSingleFuse (n: nixpkgs.${systemType n}.${version n}) nodes;
|
||||||
|
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit nixpkgs sources;
|
inherit nixpkgs sources;
|
||||||
|
@ -63,6 +97,10 @@ in
|
||||||
nodeSpecialArgs = nix-lib.mapSingleFuse mkArgs nodes;
|
nodeSpecialArgs = nix-lib.mapSingleFuse mkArgs nodes;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
registry = {
|
||||||
|
nixos = {
|
||||||
|
# NOTE: this means that we are evaluating any system, independent of their actual nixpkgs version, with the unstable evaluation entrypoint.
|
||||||
|
evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
|
||||||
defaults =
|
defaults =
|
||||||
{ name, nodeMeta, ... }:
|
{ name, nodeMeta, ... }:
|
||||||
{
|
{
|
||||||
|
@ -98,5 +136,7 @@ in
|
||||||
inherit (nodeMeta) stateVersion;
|
inherit (nodeMeta) stateVersion;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
// (nix-lib.mapSingleFuse mkNode nodes)
|
// (nix-lib.mapSingleFuse mkNode nodes)
|
||||||
|
|
|
@ -42,6 +42,7 @@ rec {
|
||||||
recursiveUpdate
|
recursiveUpdate
|
||||||
splitString
|
splitString
|
||||||
unique
|
unique
|
||||||
|
warn
|
||||||
;
|
;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -453,10 +453,10 @@ rec {
|
||||||
# `builtins.warn` requires a string message, so we enforce that in our implementation, so that callers aren't accidentally incompatible with newer Nix versions.
|
# `builtins.warn` requires a string message, so we enforce that in our implementation, so that callers aren't accidentally incompatible with newer Nix versions.
|
||||||
assert builtins.isString msg;
|
assert builtins.isString msg;
|
||||||
if mustAbort then
|
if mustAbort then
|
||||||
builtins.trace "␛[1;31mevaluation warning:␛[0m ${msg}" (
|
builtins.trace "[1;31mevaluation warning:[0m ${msg}" (
|
||||||
abort "NIX_ABORT_ON_WARN=true; warnings are treated as unrecoverable errors."
|
abort "NIX_ABORT_ON_WARN=true; warnings are treated as unrecoverable errors."
|
||||||
)
|
)
|
||||||
else
|
else
|
||||||
builtins.trace "␛[1;35mevaluation warning:␛[0m ${msg}" v
|
builtins.trace "[1;35mevaluation warning:[0m ${msg}" v
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,9 @@
|
||||||
|
|
||||||
services.signal-irc-bridge = {
|
services.signal-irc-bridge = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = nixpkgs.unstable.callPackage (sources.signal-irc-bridge.outPath + "/package.nix") { };
|
package = nixpkgs.nixos.unstable.callPackage (
|
||||||
|
sources.signal-irc-bridge.outPath + "/package.nix"
|
||||||
|
) { };
|
||||||
configFile = config.age.secrets."signal-irc-bridge-config".path;
|
configFile = config.age.secrets."signal-irc-bridge-config".path;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@ in
|
||||||
services.stirling-pdf = {
|
services.stirling-pdf = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
package = nixpkgs.unstable.stirling-pdf.overrideAttrs (old: {
|
package = nixpkgs.nixos.unstable.stirling-pdf.overrideAttrs (old: {
|
||||||
patches = (old.patches or [ ]) ++ [
|
patches = (old.patches or [ ]) ++ [
|
||||||
(builtins.fetchurl "https://git.dgnum.eu/DGNum/Stirling-PDF/commit/${dgn-id}.patch")
|
(builtins.fetchurl "https://git.dgnum.eu/DGNum/Stirling-PDF/commit/${dgn-id}.patch")
|
||||||
];
|
];
|
||||||
|
|
|
@ -10,7 +10,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
user = "git";
|
user = "git";
|
||||||
package = nixpkgs.unstable.forgejo;
|
package = nixpkgs.nixos.unstable.forgejo;
|
||||||
stateDir = "/var/lib/git";
|
stateDir = "/var/lib/git";
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
|
|
|
@ -15,7 +15,7 @@ in
|
||||||
netbird.server = {
|
netbird.server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
package = nixpkgs.unstable.netbird;
|
package = nixpkgs.nixos.unstable.netbird;
|
||||||
|
|
||||||
inherit domain;
|
inherit domain;
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ in
|
||||||
services = {
|
services = {
|
||||||
netbox = {
|
netbox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = nixpkgs.unstable.netbox_4_1;
|
package = nixpkgs.nixos.unstable.netbox_4_1;
|
||||||
secretKeyFile = "/dev/null";
|
secretKeyFile = "/dev/null";
|
||||||
listenAddress = "127.0.0.1";
|
listenAddress = "127.0.0.1";
|
||||||
plugins = p: [ p.netbox-qrcode ];
|
plugins = p: [ p.netbox-qrcode ];
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{
|
{
|
||||||
|
versions = {
|
||||||
# Default version of nixpkgs to use
|
# Default version of nixpkgs to use
|
||||||
default = "24.05";
|
default = "24.05";
|
||||||
|
|
||||||
|
@ -8,4 +9,16 @@
|
||||||
"23.11"
|
"23.11"
|
||||||
"24.05"
|
"24.05"
|
||||||
];
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
systems = {
|
||||||
|
# Default system for our deployments
|
||||||
|
default = "nixos";
|
||||||
|
|
||||||
|
# Supported system types
|
||||||
|
supported = [
|
||||||
|
"zyxel-nwa50ax"
|
||||||
|
"nixos"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,7 +44,7 @@
|
||||||
|
|
||||||
stateVersion = "23.05";
|
stateVersion = "23.05";
|
||||||
nix-modules = [ "services/stirling-pdf" ];
|
nix-modules = [ "services/stirling-pdf" ];
|
||||||
nixpkgs = "24.05";
|
nixpkgs.version = "24.05";
|
||||||
};
|
};
|
||||||
|
|
||||||
geo01 = {
|
geo01 = {
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
hashedPassword = "$y$j9T$2XmDpJu.QLhV57yYCh5Lf1$LK.X0HKB02Q0Ujvhj5nIofW2IRrIAL/Uxnvl9AXM1L8";
|
hashedPassword = "$y$j9T$2XmDpJu.QLhV57yYCh5Lf1$LK.X0HKB02Q0Ujvhj5nIofW2IRrIAL/Uxnvl9AXM1L8";
|
||||||
|
|
||||||
stateVersion = "24.05";
|
stateVersion = "24.05";
|
||||||
nixpkgs = "24.05";
|
nixpkgs.version = "24.05";
|
||||||
};
|
};
|
||||||
|
|
||||||
geo02 = {
|
geo02 = {
|
||||||
|
@ -64,7 +64,7 @@
|
||||||
hashedPassword = "$y$j9T$Q4fbMpSm9beWu4DPNAR9t0$dx/1pH4GPY72LpS5ZiECXAZFDdxwmIywztsX.qo2VVA";
|
hashedPassword = "$y$j9T$Q4fbMpSm9beWu4DPNAR9t0$dx/1pH4GPY72LpS5ZiECXAZFDdxwmIywztsX.qo2VVA";
|
||||||
|
|
||||||
stateVersion = "24.05";
|
stateVersion = "24.05";
|
||||||
nixpkgs = "24.05";
|
nixpkgs.version = "24.05";
|
||||||
};
|
};
|
||||||
|
|
||||||
rescue01 = {
|
rescue01 = {
|
||||||
|
@ -84,7 +84,7 @@
|
||||||
hashedPassword = "$y$j9T$tvRu1EJ9MwDSvEm0ogwe70$bKSw6nNteN0L3NOy2Yix7KlIvO/oROQmQ.Ynq002Fg8";
|
hashedPassword = "$y$j9T$tvRu1EJ9MwDSvEm0ogwe70$bKSw6nNteN0L3NOy2Yix7KlIvO/oROQmQ.Ynq002Fg8";
|
||||||
|
|
||||||
stateVersion = "23.11";
|
stateVersion = "23.11";
|
||||||
nixpkgs = "24.05";
|
nixpkgs.version = "24.05";
|
||||||
|
|
||||||
nix-modules = [
|
nix-modules = [
|
||||||
"services/forgejo-nix-runners"
|
"services/forgejo-nix-runners"
|
||||||
|
@ -99,7 +99,7 @@
|
||||||
hashedPassword = "$y$j9T$5osXVNxCDxu3jIndcyh7G.$UrjiDRpMu3W59tKHLGNdLWllZh.4p8IM4sBS5SrNrN1";
|
hashedPassword = "$y$j9T$5osXVNxCDxu3jIndcyh7G.$UrjiDRpMu3W59tKHLGNdLWllZh.4p8IM4sBS5SrNrN1";
|
||||||
|
|
||||||
stateVersion = "23.11";
|
stateVersion = "23.11";
|
||||||
nixpkgs = "24.05";
|
nixpkgs.version = "24.05";
|
||||||
|
|
||||||
adminGroups = [ "fai" ];
|
adminGroups = [ "fai" ];
|
||||||
};
|
};
|
||||||
|
@ -114,7 +114,7 @@
|
||||||
stateVersion = "23.05";
|
stateVersion = "23.05";
|
||||||
vm-cluster = "Hyperviseur NPS";
|
vm-cluster = "Hyperviseur NPS";
|
||||||
|
|
||||||
nixpkgs = "24.05";
|
nixpkgs.version = "24.05";
|
||||||
};
|
};
|
||||||
|
|
||||||
web02 = {
|
web02 = {
|
||||||
|
@ -123,7 +123,7 @@
|
||||||
hashedPassword = "$y$j9T$p42UVNy78PykkQOjPwXNJ/$B/zCUOrHXVSFGUY63wnViMiSmU2vCWsiX0y62qqgNQ5";
|
hashedPassword = "$y$j9T$p42UVNy78PykkQOjPwXNJ/$B/zCUOrHXVSFGUY63wnViMiSmU2vCWsiX0y62qqgNQ5";
|
||||||
|
|
||||||
stateVersion = "24.05";
|
stateVersion = "24.05";
|
||||||
nixpkgs = "24.05";
|
nixpkgs.version = "24.05";
|
||||||
vm-cluster = "Hyperviseur NPS";
|
vm-cluster = "Hyperviseur NPS";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -133,7 +133,7 @@
|
||||||
hashedPassword = "$y$j9T$Un/tcX5SPKNXG.sy/BcTa.$kyNHELjb1GAOWnauJfcjyVi5tacWcuEBKflZDCUC6x4";
|
hashedPassword = "$y$j9T$Un/tcX5SPKNXG.sy/BcTa.$kyNHELjb1GAOWnauJfcjyVi5tacWcuEBKflZDCUC6x4";
|
||||||
|
|
||||||
stateVersion = "24.05";
|
stateVersion = "24.05";
|
||||||
nixpkgs = "unstable";
|
nixpkgs.version = "unstable";
|
||||||
vm-cluster = "Hyperviseur NPS";
|
vm-cluster = "Hyperviseur NPS";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@ let
|
||||||
inherit (lib.types)
|
inherit (lib.types)
|
||||||
attrs
|
attrs
|
||||||
attrsOf
|
attrsOf
|
||||||
|
enum
|
||||||
ints
|
ints
|
||||||
listOf
|
listOf
|
||||||
nullOr
|
nullOr
|
||||||
|
@ -35,6 +36,7 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
org = config.organization;
|
org = config.organization;
|
||||||
|
nixpkgs = import ./nixpkgs.nix;
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -137,13 +139,23 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs = mkOption {
|
nixpkgs = {
|
||||||
type = str;
|
version = mkOption {
|
||||||
inherit (import ./nixpkgs.nix) default;
|
type = enum nixpkgs.versions.supported;
|
||||||
|
inherit (nixpkgs.versions) default;
|
||||||
description = ''
|
description = ''
|
||||||
Version of nixpkgs to use.
|
Version of nixpkgs to use.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
system = mkOption {
|
||||||
|
type = enum nixpkgs.systems.supported;
|
||||||
|
inherit (nixpkgs.systems) default;
|
||||||
|
description = ''
|
||||||
|
Type of system for this node, will impact how it is evaluated and deployed.
|
||||||
|
'';
|
||||||
|
example = "zyxel-nwa50ax";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
nix-modules = mkOption {
|
nix-modules = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
|
|
|
@ -38,6 +38,17 @@
|
||||||
"url": null,
|
"url": null,
|
||||||
"hash": "09z5l5yh4zm0mf9hb3xc18gjk2dgv3l1icywrsxax00y1i1zlvna"
|
"hash": "09z5l5yh4zm0mf9hb3xc18gjk2dgv3l1icywrsxax00y1i1zlvna"
|
||||||
},
|
},
|
||||||
|
"colmena": {
|
||||||
|
"type": "Git",
|
||||||
|
"repository": {
|
||||||
|
"type": "Git",
|
||||||
|
"url": "https://git.dgnum.eu/DGNum/colmena"
|
||||||
|
},
|
||||||
|
"branch": "main",
|
||||||
|
"revision": "71b1b660f2cda2e34e134d0028cafbd56bb22008",
|
||||||
|
"url": null,
|
||||||
|
"hash": "0pkzs70j1qch2238mbpl9aspzbkh0kgab25vnpr37nb75lmq81ij"
|
||||||
|
},
|
||||||
"dgsi": {
|
"dgsi": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
"repository": {
|
"repository": {
|
||||||
|
|
Loading…
Reference in a new issue