infrastructure/hive.nix
Ryan Lahfa 0d803998b5
Some checks failed
Check meta / check_dns (push) Successful in 18s
Check meta / check_meta (push) Successful in 18s
Run pre-commit on all files / check (push) Successful in 25s
Check meta / check_dns (pull_request) Successful in 18s
Check meta / check_meta (pull_request) Successful in 18s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / bridge01 (pull_request) Failing after 24s
Build all the nodes / geo01 (pull_request) Failing after 25s
Build all the nodes / geo02 (pull_request) Failing after 25s
Build all the nodes / compute01 (pull_request) Failing after 30s
Build all the nodes / rescue01 (pull_request) Failing after 25s
Build all the nodes / storage01 (pull_request) Failing after 23s
Build all the nodes / vault01 (pull_request) Failing after 24s
Build all the nodes / web01 (pull_request) Failing after 26s
Build all the nodes / web02 (pull_request) Failing after 26s
Build all the nodes / web03 (pull_request) Failing after 26s
Run pre-commit on all files / check (pull_request) Successful in 24s
feat(meta/*): support generalized deployments
Our colmena knows how to deal with families of system types, e.g. NixOS
systems or Liminix-based systems.

This is a step 1 towards supporting our APs in our infrastructure.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-12-07 15:25:27 +01:00

142 lines
4.1 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

let
sources' = import ./npins;
# Patch sources directly
sources = builtins.mapAttrs (patch.base { pkgs = import sources'.nixos-unstable { }; })
.applyPatches' sources';
nix-lib = import ./lib/nix-lib;
inherit (nix-lib) warn;
patch = import ./lib/nix-patches { patchFile = ./patches; };
nodes' = import ./meta/nodes.nix;
nodes = builtins.attrNames nodes';
mkNode = node: {
# Import the base configuration for each node
imports = [ ./machines/${node}/_configuration.nix ];
deployment.systemType = "nixos";
};
nixpkgs' = import ./meta/nixpkgs.nix;
# All supported nixpkgs versions × systems, instanciated
nixpkgs = nix-lib.mapSingleFuse (
s: nix-lib.mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions.supported
) nixpkgs'.systems.supported;
# Get the configured nixos version for the node,
# defaulting to the one defined in meta/nixpkgs
version = node: nodes'.${node}.nixpkgs.version or nixpkgs'.versions.default;
systemType =
node:
nodes'.${node}.nixpkgs.system
or (warn "${node}: Not specifying the `deployment.systemType` is deprecated!" "nixos");
# Builds a patched version of nixpkgs, only as the source
mkNixpkgs' =
v:
patch.mkNixpkgsSrc rec {
src = sources'.${name};
name = "nixos-${v}";
};
# Build up the nixpkgs configuration for Liminix embedded systems
mkLiminixConfig =
system: _:
(import "${sources.liminix}/devices/${system}").system
// {
overlays = [ (import "${sources.liminix}/overlay.nix") ];
config = {
allowUnsupportedSystem = true; # mipsel
permittedInsecurePackages = [
"python-2.7.18.8" # Python < 3.x is needed for kernel backports.
];
};
};
# Build up the arguments to instantiate a nixpkgs given a system and a version.
mkNixpkgsConfig =
system: version:
if system == "nixos" then
{ }
else if system == "zyxel-nwa50ax" then
(mkLiminixConfig system version)
else
(throw "Unknown system: ${system} for nixpkgs configuration instantiation");
# Instanciates the required nixpkgs version
mkSystemNixpkgs = system: version: import (mkNixpkgs' version) (mkNixpkgsConfig system version);
###
# Function to create arguments based on the node
#
mkArgs = node: rec {
lib = nixpkgs.${systemType node}.${version node}.lib // {
extra = nix-lib;
};
sourcePkgs = nixpkgs.${systemType node}.${version node};
meta = (import ./meta) lib;
nodeMeta = meta.nodes.${node};
};
in
{
meta = {
nodeNixpkgs = nix-lib.mapSingleFuse (n: nixpkgs.${systemType n}.${version n}) nodes;
specialArgs = {
inherit nixpkgs sources;
dgn-keys = import ./keys;
};
nodeSpecialArgs = nix-lib.mapSingleFuse mkArgs nodes;
};
registry = {
nixos = {
# NOTE: this means that we are evaluating any system, independent of their actual nixpkgs version, with the unstable evaluation entrypoint.
evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
defaults =
{ name, nodeMeta, ... }:
{
# Import the default modules
imports = [
./modules
(import "${sources.lix-module}/module.nix" { inherit (sources) lix; })
];
# Include default secrets
age-secrets.sources = [ ./machines/${name}/secrets ];
# Deployment config is specified in meta.nodes.${node}.deployment
inherit (nodeMeta) deployment;
nix = {
# Set NIX_PATH to the patched version of nixpkgs
nixPath = [ "nixpkgs=${mkNixpkgs' (version name)}" ];
optimise.automatic = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Use the stateVersion declared in the metadata
system = {
inherit (nodeMeta) stateVersion;
};
};
};
};
}
// (nix-lib.mapSingleFuse mkNode nodes)