Tom Hubrecht
816d940fe3
All checks were successful
Build all the nodes / Jaccess04 (push) Successful in 20s
Build all the nodes / Jaccess01 (push) Successful in 22s
Run pre-commit on all files / pre-commit (push) Successful in 28s
Build all the nodes / ap01 (push) Successful in 35s
Build all the nodes / bridge01 (push) Successful in 45s
Build all the nodes / build01 (push) Successful in 48s
Build all the nodes / cof02 (push) Successful in 49s
Build all the nodes / geo01 (push) Successful in 49s
Build all the nodes / geo02 (push) Successful in 53s
Build all the nodes / compute01 (push) Successful in 1m15s
Build all the nodes / hypervisor01 (push) Successful in 48s
Build all the nodes / hypervisor02 (push) Successful in 45s
Build all the nodes / hypervisor03 (push) Successful in 49s
Build all the nodes / iso (push) Successful in 54s
Build all the nodes / lab-router01 (push) Successful in 46s
Build all the nodes / netcore01 (push) Successful in 20s
Build all the nodes / krz01 (push) Successful in 1m10s
Build all the nodes / netcore02 (push) Successful in 20s
Build all the nodes / rescue01 (push) Successful in 59s
Build all the nodes / storage01 (push) Successful in 51s
Build all the nodes / tower01 (push) Successful in 50s
Build all the nodes / web02 (push) Successful in 47s
Build all the nodes / vault01 (push) Successful in 1m5s
Build all the nodes / web01 (push) Successful in 1m8s
Build the shell / build-shell (push) Successful in 22s
Build all the nodes / web03 (push) Successful in 56s
Build all the nodes / zulip01 (push) Successful in 45s
It is required to be able to run lix-diff as it uses `nix store` internally.
231 lines
6.1 KiB
Nix
231 lines
6.1 KiB
Nix
# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
|
||
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
||
# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
|
||
#
|
||
# SPDX-License-Identifier: EUPL-1.2
|
||
|
||
# TODO: change comments to ### \n # [text] \n #
|
||
|
||
let
|
||
### Init some tooling
|
||
|
||
bootstrap = import ./bootstrap.nix;
|
||
|
||
inherit (bootstrap.pkgs) lib;
|
||
inherit (lib.extra) mapSingleFuse;
|
||
|
||
inherit (bootstrap) sources;
|
||
|
||
### Let's build meta
|
||
metadata = (import ./meta) lib;
|
||
|
||
nodes = builtins.attrNames metadata.nodes;
|
||
|
||
### Nixpkgs instanciation
|
||
|
||
nixpkgs' = import ./meta/nixpkgs.nix;
|
||
|
||
# Build up the nixpkgs configuration for Liminix embedded systems
|
||
mkLiminixConfig =
|
||
system: _:
|
||
(import "${sources.liminix}/devices/${system}").system
|
||
// {
|
||
overlays = [ (import "${sources.liminix}/overlay.nix") ];
|
||
config = {
|
||
allowUnsupportedSystem = true; # mipsel
|
||
permittedInsecurePackages = [
|
||
"python-2.7.18.8" # Python < 3.x is needed for kernel backports.
|
||
];
|
||
};
|
||
};
|
||
|
||
# Build up the arguments to instantiate a nixpkgs given a system and a version.
|
||
mkNixpkgsConfig =
|
||
system:
|
||
{
|
||
nixos = _: { config.allowUnfree = true; }; # TODO: add nix-pkgs overlay here
|
||
zyxel-nwa50ax = mkLiminixConfig system;
|
||
netconf = _: { };
|
||
}
|
||
.${system} or (throw "Unknown system: ${system} for nixpkgs configuration instantiation");
|
||
|
||
# Instanciates the required nixpkgs version
|
||
mkSystemNixpkgs =
|
||
system: version: import sources."nixos-${version}" (mkNixpkgsConfig system version);
|
||
|
||
# All supported nixpkgs versions × systems, instanciated
|
||
nixpkgs = mapSingleFuse (s: mapSingleFuse (mkSystemNixpkgs s) nixpkgs'.versions) nixpkgs'.systems;
|
||
|
||
# Get the configured nixos version for the node,
|
||
# defaulting to the one defined in meta/nixpkgs
|
||
version = node: metadata.nodes.${node}.nixpkgs.version;
|
||
system = node: metadata.nodes.${node}.nixpkgs.system;
|
||
category = node: nixpkgs'.categories.${system node};
|
||
|
||
nodePkgs = node: nixpkgs.${system node}.${version node};
|
||
|
||
##########
|
||
# Function to create arguments based on the node
|
||
#
|
||
mkArgs = node: rec {
|
||
lib = sourcePkgs.lib.extend bootstrap.overlays.lib;
|
||
|
||
sourcePkgs = nodePkgs node;
|
||
meta = metadata;
|
||
|
||
nodeMeta = metadata.nodes.${node};
|
||
nodePath = "machines/${category node}/${node}";
|
||
};
|
||
|
||
##########
|
||
# Module for each node (quite empty since almost everything is in the default module)
|
||
#
|
||
mkNode = node: {
|
||
deployment.systemType = system node;
|
||
};
|
||
|
||
in
|
||
|
||
{
|
||
meta = {
|
||
nixpkgs = import nixpkgs.nixos.unstable.path;
|
||
nodeNixpkgs = mapSingleFuse nodePkgs nodes;
|
||
|
||
specialArgs = {
|
||
inherit bootstrap nixpkgs sources;
|
||
|
||
dgn-keys = import ./lib/keys {
|
||
meta = metadata;
|
||
inherit lib;
|
||
};
|
||
};
|
||
|
||
nodeSpecialArgs = mapSingleFuse mkArgs nodes;
|
||
};
|
||
|
||
registry = {
|
||
zyxel-nwa50ax = {
|
||
evalConfig =
|
||
args:
|
||
(import "${sources.liminix}/lib/eval-config.nix" {
|
||
nixpkgs = args.specialArgs.sourcePkgs.path;
|
||
})
|
||
args;
|
||
|
||
defaults =
|
||
{ name, nodePath, ... }:
|
||
{
|
||
# Import the default modules
|
||
imports = [
|
||
# Import the base configuration for each node
|
||
./${nodePath}/_configuration.nix
|
||
./modules/generic
|
||
./modules/${category name}
|
||
];
|
||
# It's impure, but who cares?
|
||
# Can Flakes even do that? :)
|
||
nixpkgs.buildPlatform = builtins.currentSystem;
|
||
};
|
||
};
|
||
|
||
netconf = {
|
||
evalConfig = nixpkgs.nixos.unstable.lib.evalModules;
|
||
|
||
defaults =
|
||
{
|
||
name,
|
||
nodeMeta,
|
||
nodePath,
|
||
...
|
||
}:
|
||
{
|
||
_module.args = {
|
||
pkgs = nixpkgs.nixos.unstable;
|
||
};
|
||
|
||
# Import the default modules
|
||
imports = [
|
||
# Import the base configuration for each node
|
||
./${nodePath}.nix
|
||
./modules/netconf
|
||
./lib/netconf-junos
|
||
"${sources.nixos-unstable}/nixos/modules/misc/assertions.nix"
|
||
];
|
||
|
||
system.host-name = name;
|
||
|
||
inherit (nodeMeta) deployment;
|
||
};
|
||
};
|
||
|
||
nixos = {
|
||
evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
|
||
defaults =
|
||
{
|
||
lib,
|
||
name,
|
||
nodes,
|
||
nodeMeta,
|
||
nodePath,
|
||
meta,
|
||
sourcePkgs,
|
||
...
|
||
}:
|
||
{
|
||
# Import the default modules
|
||
imports = [
|
||
# Import the base configuration for each node
|
||
./${nodePath}/_configuration.nix
|
||
./modules/generic
|
||
(import "${sources.lix-module}/module.nix" { inherit (sources) lix; })
|
||
./modules/${category name}
|
||
];
|
||
|
||
_module.args.serverNodes = lib.filterAttrs (
|
||
name: _: meta.nodes.${name}.nixpkgs.system == "nixos"
|
||
) nodes;
|
||
|
||
# Include default secrets
|
||
age-secrets.sources = [ ./${nodePath}/secrets ];
|
||
|
||
# Deployment config is specified in meta.nodes.${node}.deployment
|
||
inherit (nodeMeta) deployment;
|
||
|
||
# Set NIX_PATH to the patched version of nixpkgs
|
||
environment.etc.nixpkgs.source = builtins.storePath sourcePkgs.path;
|
||
nix.nixPath = [ "nixpkgs=/etc/nixpkgs" ];
|
||
|
||
nix = {
|
||
optimise.automatic = true;
|
||
|
||
gc = {
|
||
automatic = true;
|
||
dates = "weekly";
|
||
options = "--delete-older-than 7d";
|
||
};
|
||
|
||
settings = {
|
||
extra-experimental-features = [ "nix-command" ];
|
||
} // ((import ./. { pkgs = sourcePkgs; }).mkCacheSettings [ "infra" ]);
|
||
};
|
||
|
||
# Allow unfree packages
|
||
nixpkgs = {
|
||
config.allowUnfree = true;
|
||
overlays = [
|
||
(self: _: {
|
||
lix-diff = self.callPackage (sources.lix-diff + "/package.nix") { };
|
||
})
|
||
];
|
||
};
|
||
|
||
# Use the stateVersion declared in the metadata
|
||
system = {
|
||
inherit (nodeMeta) stateVersion;
|
||
};
|
||
};
|
||
};
|
||
};
|
||
|
||
}
|
||
// (mapSingleFuse mkNode nodes)
|