DGNum/infrastructure
9
5
Fork 3
Code Issues 31 Pull requests 30 Projects 1 Releases Packages Wiki Activity Actions
infrastructure/hive.nix
Tom Hubrecht a89ca47df7
Some checks failed
Run pre-commit on all files / pre-commit (push) Successful in 38s
Details
Check meta / check_dns (pull_request) Successful in 15s
Details
Check meta / check_meta (pull_request) Successful in 17s
Details
Check workflows / check_workflows (pull_request) Successful in 19s
Details
Build all the nodes / Jaccess01 (pull_request) Successful in 23s
Details
Build all the nodes / Jaccess04 (pull_request) Successful in 25s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 29s
Details
Build all the nodes / ap01 (pull_request) Successful in 42s
Details
Build all the nodes / hypervisor02 (pull_request) Failing after 46s
Details
Build all the nodes / netcore01 (pull_request) Successful in 26s
Details
Build all the nodes / build01 (pull_request) Failing after 50s
Details
Build all the nodes / hypervisor01 (pull_request) Failing after 50s
Details
Build all the nodes / geo01 (pull_request) Failing after 52s
Details
Build all the nodes / geo02 (pull_request) Failing after 56s
Details
Build all the nodes / hypervisor03 (pull_request) Failing after 45s
Details
Build all the nodes / netcore02 (pull_request) Successful in 22s
Details
Build all the nodes / compute01 (pull_request) Failing after 1m7s
Details
Build all the nodes / bridge01 (pull_request) Successful in 1m19s
Details
Build all the nodes / lab-router01 (pull_request) Successful in 59s
Details
Build all the nodes / iso (pull_request) Successful in 1m11s
Details
Build all the nodes / cof02 (pull_request) Successful in 1m27s
Details
Build the shell / build-shell (pull_request) Successful in 22s
Details
Build all the nodes / tower01 (pull_request) Failing after 43s
Details
Build all the nodes / web02 (pull_request) Failing after 45s
Details
Build all the nodes / web03 (pull_request) Failing after 45s
Details
Build all the nodes / krz01 (pull_request) Failing after 1m28s
Details
Build all the nodes / vault01 (pull_request) Successful in 59s
Details
Build all the nodes / zulip01 (pull_request) Successful in 49s
Details
Build all the nodes / rescue01 (pull_request) Failing after 1m5s
Details
Build all the nodes / web01 (pull_request) Failing after 1m5s
Details
Build all the nodes / storage01 (pull_request) Failing after 1m16s
Details
feat(activation): Use lix-diff instead of nvd 
The colors are better
2025-06-12 23:52:40 +02:00

227 lines
6 KiB
Nix
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
# TODO: change comments to ### \n # [text] \n #
let
### Init some tooling
bootstrap = import ./bootstrap.nix;
inherit (bootstrap.pkgs) lib;
inherit (lib.extra) mapSingleFuse;
inherit (bootstrap) sources;
### Let's build meta
metadata = (import ./meta) lib;
nodes = builtins.attrNames metadata.nodes;
### Nixpkgs instanciation
nixpkgs' = import ./meta/nixpkgs.nix;
# Build up the nixpkgs configuration for Liminix embedded systems
mkLiminixConfig =
system: _:
(import "${sources.liminix}/devices/${system}").system
// {
overlays = [ (import "${sources.liminix}/overlay.nix") ];
config = {
allowUnsupportedSystem = true; # mipsel
permittedInsecurePackages = [
"python-2.7.18.8" # Python < 3.x is needed for kernel backports.
];
};
};
# Build up the arguments to instantiate a nixpkgs given a system and a version.
mkNixpkgsConfig =
system:
{
nixos = _: { config.allowUnfree = true; }; # TODO: add nix-pkgs overlay here
zyxel-nwa50ax = mkLiminixConfig system;
netconf = _: { };
}
.${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation");
# Instanciates the required nixpkgs version
mkSystemNixpkgs =
system: version: import sources."nixos-${version}" (mkNixpkgsConfig system version);
# All supported nixpkgs versions × systems, instanciated
nixpkgs = mapSingleFuse (s: mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions) nixpkgs'.systems;
# Get the configured nixos version for the node,
# defaulting to the one defined in meta/nixpkgs
version = node: metadata.nodes.${node}.nixpkgs.version;
system = node: metadata.nodes.${node}.nixpkgs.system;
category = node: nixpkgs'.categories.${system node};
nodePkgs = node: nixpkgs.${system node}.${version node};
##########
# Function to create arguments based on the node
#
mkArgs = node: rec {
lib = sourcePkgs.lib.extend bootstrap.overlays.lib;
sourcePkgs = nodePkgs node;
meta = metadata;
nodeMeta = metadata.nodes.${node};
nodePath = "machines/${category node}/${node}";
};
##########
# Module for each node (quite empty since almost everything is in the default module)
#
mkNode = node: {
deployment.systemType = system node;
};
in
{
meta = {
nixpkgs = import nixpkgs.nixos.unstable.path;
nodeNixpkgs = mapSingleFuse nodePkgs nodes;
specialArgs = {
inherit bootstrap nixpkgs sources;
dgn-keys = import ./lib/keys {
meta = metadata;
inherit lib;
};
};
nodeSpecialArgs = mapSingleFuse mkArgs nodes;
};
registry = {
zyxel-nwa50ax = {
evalConfig =
args:
(import "${sources.liminix}/lib/eval-config.nix" {
nixpkgs = args.specialArgs.sourcePkgs.path;
})
args;
defaults =
{ name, nodePath, ... }:
{
# Import the default modules
imports = [
# Import the base configuration for each node
./${nodePath}/_configuration.nix
./modules/generic
./modules/${category name}
];
# It's impure, but who cares?
# Can Flakes even do that? :)
nixpkgs.buildPlatform = builtins.currentSystem;
};
};
netconf = {
evalConfig = nixpkgs.nixos.unstable.lib.evalModules;
defaults =
{
name,
nodeMeta,
nodePath,
...
}:
{
_module.args = {
pkgs = nixpkgs.nixos.unstable;
};
# Import the default modules
imports = [
# Import the base configuration for each node
./${nodePath}.nix
./modules/netconf
./lib/netconf-junos
"${sources.nixos-unstable}/nixos/modules/misc/assertions.nix"
];
system.host-name = name;
inherit (nodeMeta) deployment;
};
};
nixos = {
evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
defaults =
{
lib,
name,
nodes,
nodeMeta,
nodePath,
meta,
sourcePkgs,
...
}:
{
# Import the default modules
imports = [
# Import the base configuration for each node
./${nodePath}/_configuration.nix
./modules/generic
(import "${sources.lix-module}/module.nix" { inherit (sources) lix; })
./modules/${category name}
];
_module.args.serverNodes = lib.filterAttrs (
name: _: meta.nodes.${name}.nixpkgs.system == "nixos"
) nodes;
# Include default secrets
age-secrets.sources = [ ./${nodePath}/secrets ];
# Deployment config is specified in meta.nodes.${node}.deployment
inherit (nodeMeta) deployment;
nix = {
# Set NIX_PATH to the patched version of nixpkgs
nixPath = [ "nixpkgs=${builtins.storePath sourcePkgs.path}" ];
optimise.automatic = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
settings = (import ./. { pkgs = sourcePkgs; }).mkCacheSettings [ "infra" ];
};
# Allow unfree packages
nixpkgs = {
config.allowUnfree = true;
overlays = [
(self: _: {
lix-diff = self.callPackage (sources.lix-diff + "/package.nix") { };
})
];
};
# Use the stateVersion declared in the metadata
system = {
inherit (nodeMeta) stateVersion;
};
};
};
};
}
// (mapSingleFuse mkNode nodes)
Reference in a new issue View git blame Copy permalink