DGNum/infrastructure
9
6
Fork 3
Code Issues 31 Pull requests 32 Projects 1 Releases Packages Wiki Activity Actions
The dgnum infrastructure
1390 commits 37 branches 2 tags 4.8 MiB
Find a file
DGNum [bot] 07a3435f90
lon: update lix 
d169c092fc28838a253be136d17fe7de1292c728
→ ee0655240270480d7f6063dcf12ec47f04d2ded6

Last 50 commits:
  ee06552 libstore: asyncify RemoteStore::Connection::processStderr
  7a10df6 libstore: asyncify RemoteStore connection setup
  cc04a43 libstore: remove flushing from processStderr
  8b3fdbc libstore: add framed data support to sendCommand
  1a22475 libstore: encapsulate reading simple command results
  2128a2d libstore: encapsulate sending of simple commands
  ec374bc libstore: deserialize findRoots data as vector-of-tuples
  ab8f4ae libstore: add CommonProto code for bool/unsigned/uint64_t
  87fbc15 libutil: make the pool element factory a promise
  56847dc libutil: make Buffered{Sink,Source} io buffer shareable
  7d681a5 libutil: add io buffer abstraction
  cc56070 libstore: have SSH use a socketpair, not two pipes
  9c4fd3d libstore: remove unused RemoteStore::Connection::closeWrite
  bea24c8 libutil/cgroup: destroy state record at destroy time
  7bd8271 libstore/platform/linux: destroy cgroup before we release user locks
  797c6d4 libutil/file-system: make `AutoDelete` not copyable and movable
  9f9fced libstore/build/worker: clean up cgroup error messages typos
  a527bb2 libstore/build: cgroup delegation to sandbox
  1783d5b libstore/build: drop cgroups experimental feature
  21dbd77 libstore/binary-cache-store: skip NAR listings if it's not possible to serialize it
  1e71df3 doc/manual/rl-next: mention symbol value reuse
  ebc8f56 libexpr/primops: pass the underlying `Value` of symbols if possible
  5e98a21 libexpr/symbol-table: introduce `InternedSymbol`
  364e94f libexpr/value: do not depend on `Symbol`
  95ea358 libexpr/print: drop redundant constructor in emplace_back call
  ac3b742 libexpr/symbol-table: remove unused field from `SymbolTable::symbols`
  5db71cf libutil: `add` should emplace inside a `ChunkedVector`
  d8b1bb5 build: fix Meson warning about lix-clang-tidy not having meson_version
  b70bbbe misc/pre-commit: add automatic `clang-format` of changed lines
  c19a0fe devshell: add `git-clang-format`
  004a505 tests/functional2/nix: fix config serialization
  0625e69 tests/functional2: fix bad error message when merging files
  afa5b92 tests/functional2: improve type checking util
  60830ca libstore: add derivation wire generator
  4ebf79b libstore: associate wire connection states with stores
  ce9acd5 libstore: use proper connection handle for narFromPath
  2cd44d2 libstore: don't wrap&unwrap connection handles
  b33669b libutil: remove withFramedSink
  c135710 libstore: send worker options packet as one blob
  cf93814 libutil: remove unused FdSource::read
  8c30a16 libutil: remove long-dead create_coro_gc_hook
  dd31a23 libstore: add worker serializer for SubstitutablePathInfo
  fca0a30 libstore: remove pre-2.18 protocols
  019b17f tests/functional2/lang: Migrate trivial `eval-okay` tests
  9673c64 tests/functional2/lang: Migrate trivial `parse-okay` tests
  0219434 tests/functional2/lang: Migrate trivial `parse-fail` tests
  63edb9c tests/functional2/lang: Migrate trivial `eval-fail` tests
  a7e5ff0 tests/functional2: Make symlink handling less confusing
  e753fcb gc: delay throwing error until cleanup is complete
  530b40a tests/functional2: fix overly broad xfail test passing
2025-06-12 15:55:42 +02:00
.forgejo/workflows chore(workflows/lon-update): Change timer again 2025-06-12 14:54:00 +02:00
lib feat(netconf/junos): allow snmp management 2025-06-09 17:04:59 +02:00
LICENSES feat(modules/extranix): Simplify 2025-04-16 07:48:57 +02:00
machines feat(kanidm): Add SuiteNumerique Drive client 2025-06-11 23:13:20 +02:00
meta feat(lon): Init from npins 2025-06-11 23:00:50 +02:00
modules revert(hackdays): remove all infra dedicated to hackdays 2025-06-06 10:59:42 +02:00
patches feat(lon): Add import from npins patch 2025-06-11 23:00:50 +02:00
pkgs feat(lon): Init from npins 2025-06-11 23:00:50 +02:00
scripts feat(scripts): Add rekey-all 2025-05-19 10:03:12 +02:00
workflows chore(workflows/lon-update): Change timer again 2025-06-12 14:54:00 +02:00
.envrc feat(workflows): Switch to a nix-based definition of workflows 2024-11-11 17:57:23 +01:00
.gitattributes feat(lon): Init from npins 2025-06-11 23:00:50 +02:00
.gitignore fix(infra): remove untrackable file 2024-02-17 22:56:25 +01:00
bootstrap.nix feat(lon): Init from npins 2025-06-11 23:00:50 +02:00
CONTRIBUTE.md chore: Add license and copyright information 2024-12-13 12:41:38 +01:00
default.nix fix(workflows/lon-update): Write the shell definition correctly 2025-06-12 14:31:40 +02:00
hive.nix fix(substituters): Allow all paths from the infra cache 2025-05-04 15:20:47 +02:00
keys.nix fix(keys): Make it so agenix works again 2025-02-13 17:38:12 +01:00
lon.lock lon: update lix 2025-06-12 15:55:42 +02:00
lon.nix feat(lon): Init from npins 2025-06-11 23:00:50 +02:00
README.md chore: Refactor meta to a module architecture 2025-02-06 13:08:04 +01:00
REUSE.toml feat(lon): Init from npins 2025-06-11 23:00:50 +02:00
shell.nix feat(nix): Use passthru for shells and return to importing the scripts 2024-11-14 22:18:40 +01:00

README.md

❄️ infrastructure

The dgnum infrastructure.

Contributing

Some instruction on how to contribute are available (in french) in /CONTRIBUTE.md. You're expected to read this document before commiting to the repo.

Some documentation for the development tools are provided in the aforementioned file.

Using the binary cache

Add the following module to your configuration (and pin this repo using your favorite tool: npins, lon, etc...):

{ lib, ... }:
let
  dgnum-infra = PINNED_PATH_TO_INFRA;
in {
  nix.settings = (import dgnum-infra { }).mkCacheSettings {
    caches = [ "infra" ];
  };
}

Adding a new machine

The first step is to create a minimal viable NixOS host, using tha means necessary. The second step is to find a name for this host, it must be unique from the other hosts.

Tip

For the rest of this part, we assume that the host is named host02

Download the keys

The public SSH keys of host02 have to be saved to keys, preferably only the ssh-ed25519 one.

It can be retreived with :

ssh-keyscan address.of.host02 2>/dev/null | awk '/ssh-ed25519/ {print $2,$3}'

Initialize the machine folder and configuration

  • Create a folder host02 under machines/
  • Copy the hardware configuration file generated by nixos-generate-config to machines/host02/_hardware-configuration.nix
  • Create a machines/host02/_configuration.nix file, it will contain the main configuration options, the basic content of this file should be the following
{ lib, ... }:

lib.extra.mkConfig {
  enabledModules = [
    # List of modules to enable
  ];

  enabledServices = [
    # List of services to enable
  ];

  extraConfig = {
    services.netbird.enable = true;
  };

  root = ./.;
}

Fill in the metadata

Network configuration

The network is declared in meta/network.nix, the necessary hostId value can be generated with :

head -c4 /dev/urandom | od -A none -t x4 | sed 's/ //'

Other details

The general metadata is declared in meta/nodes.nix, the main values to declare are :

  • site, where the node is physically located
  • stateVersion
  • nixpkgs, the nixpkgs version to use

Initialize secrets

Create the directory secrets in the configuration folder, and add a secrets.nix file containing :

(import ../../../keys.nix).mkSecrets [ "host02" ] [
  # List of secrets for host02
]

This will be used for future secret management.

Update encrypted files

Both the Arkheon, Netbox and notification modules have secrets that are deployed on all machines. To make those services work correctly, run in modules/dgn-records, modules/dgn-netbox-agent and modules/dgn-notify :

agenix -r

Commit and create a PR

Once all of this is done, check that the configuration builds correctly :

colmena build --on host02

Apply it, and create a Pull Request.