feat: init AP management via Colmena and Liminix #110
7 changed files with 83 additions and 114 deletions
22
default.nix
22
default.nix
|
@ -37,8 +37,6 @@
|
||||||
let
|
let
|
||||||
sources = import ./npins;
|
sources = import ./npins;
|
||||||
pkgs = import sources.nixpkgs { };
|
pkgs = import sources.nixpkgs { };
|
||||||
liminixHive = import ./liminix-hive.nix { inherit sources; };
|
|
||||||
|
|
||||||
pre-commit-check = (import sources.pre-commit-hooks).run {
|
pre-commit-check = (import sources.pre-commit-hooks).run {
|
||||||
src = ./.;
|
src = ./.;
|
||||||
|
|
||||||
|
@ -72,19 +70,13 @@ in
|
||||||
name = "dgnum-infra";
|
name = "dgnum-infra";
|
||||||
|
|
||||||
packages =
|
packages =
|
||||||
(
|
(with pkgs; [
|
||||||
with pkgs;
|
npins
|
||||||
[
|
nixos-generators
|
||||||
npins
|
attic-client
|
||||||
nixos-generators
|
(callPackage (sources.disko + "/package.nix") { })
|
||||||
attic-client
|
(callPackage ./lib/colmena { colmena = import sources.colmena; })
|
||||||
liminixHive.liminix.pkgs.pkgsBuildBuild.min-copy-closure
|
])
|
||||||
]
|
|
||||||
++ (builtins.map (p: callPackage p { }) [
|
|
||||||
(sources.disko + "/package.nix")
|
|
||||||
./lib/colmena
|
|
||||||
])
|
|
||||||
)
|
|
||||||
++ (import ./scripts { inherit pkgs; });
|
++ (import ./scripts { inherit pkgs; });
|
||||||
|
|
||||||
shellHook = ''
|
shellHook = ''
|
||||||
|
|
111
hive.nix
111
hive.nix
|
@ -2,6 +2,7 @@ let
|
||||||
sources = import ./npins;
|
sources = import ./npins;
|
||||||
|
|
||||||
lib = import (sources.nix-lib + "/src/trivial.nix");
|
lib = import (sources.nix-lib + "/src/trivial.nix");
|
||||||
|
lib' = (import sources.nixos-unstable { }).lib;
|
||||||
|
|
||||||
patch = import sources.nix-patches { patchFile = ./patches; };
|
patch = import sources.nix-patches { patchFile = ./patches; };
|
||||||
|
|
||||||
|
@ -14,6 +15,8 @@ let
|
||||||
"_configuration.nix"
|
"_configuration.nix"
|
||||||
"_hardware-configuration.nix"
|
"_hardware-configuration.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
deployment.systemType = systemType node;
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs' = import ./meta/nixpkgs.nix;
|
nixpkgs' = import ./meta/nixpkgs.nix;
|
||||||
|
@ -27,6 +30,10 @@ let
|
||||||
# defaulting to the one defined in meta/nixpkgs
|
# defaulting to the one defined in meta/nixpkgs
|
||||||
version = node: nodes'.${node}.nixpkgs or nixpkgs'.versions.default;
|
version = node: nodes'.${node}.nixpkgs or nixpkgs'.versions.default;
|
||||||
system = node: nodes'.${node}.system or nixpkgs'.systems.default;
|
system = node: nodes'.${node}.system or nixpkgs'.systems.default;
|
||||||
|
systemType =
|
||||||
|
node:
|
||||||
|
nodes'.${node}.system
|
||||||
|
or (lib'.warn "Not specifying the `deployment.systemType` is deprecated!" "nixos");
|
||||||
|
|
||||||
# Builds a patched version of nixpkgs, only as the source
|
# Builds a patched version of nixpkgs, only as the source
|
||||||
mkNixpkgs' =
|
mkNixpkgs' =
|
||||||
|
@ -85,8 +92,57 @@ in
|
||||||
|
|
||||||
{
|
{
|
||||||
registry = {
|
registry = {
|
||||||
liminix = {
|
zyxel-nwa50ax = {
|
||||||
evalConfig = import "${sources.liminix}/lib/eval-config.nix" { nixpkgs = sources.nixos-unstable; };
|
evalConfig = import "${sources.liminix}/lib/eval-config.nix" { nixpkgs = sources.nixos-unstable; };
|
||||||
|
|
||||||
|
defaults = {
|
||||||
|
nixpkgs.hostPlatform = {
|
||||||
|
config = "mipsel-unknown-linux-musl";
|
||||||
|
gcc = {
|
||||||
|
abi = "32";
|
||||||
|
arch = "mips32"; # mips32r2?
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# It's impure, but who cares?
|
||||||
|
# Can Flakes do that?
|
||||||
|
nixpkgs.buildPlatform = builtins.currentSystem;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixos = {
|
||||||
|
evalConfig = import "${sources.nixos-unstable}/nixos/lib/eval-config.nix";
|
||||||
|
defaults =
|
||||||
|
{ nodeMeta, name, ... }:
|
||||||
|
{
|
||||||
|
# Import the default modules
|
||||||
|
imports = [ ./modules ];
|
||||||
|
|
||||||
|
# Include default secrets
|
||||||
|
age-secrets.sources = [ ./machines/${name}/secrets ];
|
||||||
|
|
||||||
|
# Deployment config is specified in meta.nodes.${node}.deployment
|
||||||
|
inherit (nodeMeta) deployment;
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
# Set NIX_PATH to the patched version of nixpkgs
|
||||||
|
nixPath = [ "nixpkgs=${mkNixpkgs' (version name)}" ];
|
||||||
|
optimise.automatic = true;
|
||||||
|
|
||||||
|
gc = {
|
||||||
|
automatic = true;
|
||||||
|
dates = "weekly";
|
||||||
|
options = "--delete-older-than 7d";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Allow unfree packages
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
# Use the stateVersion declared in the metadata
|
||||||
|
system = {
|
||||||
|
inherit (nodeMeta) stateVersion;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -99,58 +155,5 @@ in
|
||||||
|
|
||||||
nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes;
|
nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes;
|
||||||
};
|
};
|
||||||
|
|
||||||
registry.nixos.defaults =
|
|
||||||
{ nodeMeta, name, ... }:
|
|
||||||
{
|
|
||||||
# Import the default modules
|
|
||||||
imports = [ ./modules ];
|
|
||||||
|
|
||||||
# Include default secrets
|
|
||||||
age-secrets.sources = [ ./machines/${name}/secrets ];
|
|
||||||
|
|
||||||
# Deployment config is specified in meta.nodes.${node}.deployment
|
|
||||||
inherit (nodeMeta) deployment;
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
# Set NIX_PATH to the patched version of nixpkgs
|
|
||||||
nixPath = [ "nixpkgs=${mkNixpkgs' (version name)}" ];
|
|
||||||
optimise.automatic = true;
|
|
||||||
|
|
||||||
gc = {
|
|
||||||
automatic = true;
|
|
||||||
dates = "weekly";
|
|
||||||
options = "--delete-older-than 7d";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allow unfree packages
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
# Use the stateVersion declared in the metadata
|
|
||||||
system = {
|
|
||||||
inherit (nodeMeta) stateVersion;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
ap01 =
|
|
||||||
let
|
|
||||||
device = import "${sources.liminix}/devices/zyxel-nwa50ax";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
deployment.systemType = "liminix";
|
|
||||||
nixpkgs.hostPlatform = {
|
|
||||||
config = "mipsel-unknown-linux-musl";
|
|
||||||
gcc = {
|
|
||||||
abi = "32";
|
|
||||||
arch = "mips32"; # mips32r2?
|
|
||||||
};
|
|
||||||
};
|
|
||||||
nixpkgs.buildPlatform = "x86_64-linux";
|
|
||||||
imports = [
|
|
||||||
./machines/ap/configuration.nix
|
|
||||||
device.module
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
// (lib.mapSingleFuse mkNode nodes)
|
// (lib.mapSingleFuse mkNode nodes)
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
# This is a very rudimentary hive to deploy Liminix images.
|
|
||||||
{
|
|
||||||
sources ? import ./npins,
|
|
||||||
nixpkgs ? sources.nixpkgs,
|
|
||||||
liminix ? sources.liminix,
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
evalLiminix =
|
|
||||||
{ config, device }:
|
|
||||||
{
|
|
||||||
primary = import liminix {
|
|
||||||
inherit device nixpkgs;
|
|
||||||
imageType = "primary";
|
|
||||||
liminix-config = config;
|
|
||||||
};
|
|
||||||
secondary = import liminix {
|
|
||||||
inherit device nixpkgs;
|
|
||||||
imageType = "secondary";
|
|
||||||
liminix-config = config;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
zyxel = {
|
|
||||||
nwa50ax = import "${liminix}/devices/zyxel-nwa50ax";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
liminix.pkgs =
|
|
||||||
(import liminix {
|
|
||||||
device = zyxel.nwa50ax;
|
|
||||||
imageType = "primary";
|
|
||||||
liminix-config = ./machines/ap/configuration.nix;
|
|
||||||
}).pkgs;
|
|
||||||
devices = zyxel;
|
|
||||||
ap-test = evalLiminix {
|
|
||||||
config = ./machines/ap/configuration.nix;
|
|
||||||
device = zyxel.nwa50ax;
|
|
||||||
};
|
|
||||||
}
|
|
1
machines/ap01/_hardware-configuration.nix
Normal file
1
machines/ap01/_hardware-configuration.nix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{ }
|
|
@ -42,6 +42,7 @@ let
|
||||||
builtins.fetchGit {
|
builtins.fetchGit {
|
||||||
inherit (repository) url;
|
inherit (repository) url;
|
||||||
rev = revision;
|
rev = revision;
|
||||||
|
allRefs = true;
|
||||||
# hash = hash;
|
# hash = hash;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,17 @@
|
||||||
"url": "https://github.com/zhaofengli/attic/archive/4dbdbee45728d8ce5788db6461aaaa89d98081f0.tar.gz",
|
"url": "https://github.com/zhaofengli/attic/archive/4dbdbee45728d8ce5788db6461aaaa89d98081f0.tar.gz",
|
||||||
"hash": "1iri77pbf0gvas93zra29qy1c3l61n97z84xblqxmmhsxvljzvnh"
|
"hash": "1iri77pbf0gvas93zra29qy1c3l61n97z84xblqxmmhsxvljzvnh"
|
||||||
},
|
},
|
||||||
|
"colmena": {
|
||||||
|
"type": "Git",
|
||||||
|
"repository": {
|
||||||
|
"type": "Git",
|
||||||
|
"url": "https://git.dgnum.eu/DGNum/colmena.git"
|
||||||
|
},
|
||||||
|
"branch": "custom-activation",
|
||||||
|
"revision": "937ca4d17aecd3ae7394a2a1772dd3e705cb5779",
|
||||||
|
"url": null,
|
||||||
|
"hash": "11n9qdm0zi3s89zdcdmyv4l4wv5aq8b4sigx54cp24plxszxrsa7"
|
||||||
|
},
|
||||||
"disko": {
|
"disko": {
|
||||||
"type": "GitRelease",
|
"type": "GitRelease",
|
||||||
"repository": {
|
"repository": {
|
||||||
|
@ -68,14 +79,13 @@
|
||||||
"liminix": {
|
"liminix": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
"repository": {
|
"repository": {
|
||||||
"type": "GitHub",
|
"type": "Git",
|
||||||
"owner": "RaitoBezarius",
|
"url": "https://git.dgnum.eu/DGNum/liminix.git"
|
||||||
"repo": "liminix"
|
|
||||||
},
|
},
|
||||||
"branch": "colmena--compat",
|
"branch": "main",
|
||||||
"revision": "411a6bc688763fe62d210ccfe066a6cea72a9dce",
|
"revision": "7ae86c23d96b5e6a59fff4d8ebcb3e2e90e4034f",
|
||||||
"url": "https://github.com/RaitoBezarius/liminix/archive/411a6bc688763fe62d210ccfe066a6cea72a9dce.tar.gz",
|
"url": null,
|
||||||
"hash": "17wg5288z3085rd4day1qqi1pm0cmibmcm6nrqrgrc1w1iwja9f0"
|
"hash": "1kw6jp5xnpwnpl2pal3qpr5ljrsvjish4v4m0brnxchc8s1ygq6i"
|
||||||
},
|
},
|
||||||
"linkal": {
|
"linkal": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
|
Loading…
Reference in a new issue