refactor(ops): Split //ops/nixos into different locations
Splits //ops/nixos into: * //ops/nixos.nix - utility functions for building systems * //ops/machines - shared machine definitions (read by readTree) * //ops/modules - shared NixOS modules (skipped by readTree) This simplifies working with the configuration fixpoint in whitby, and is overall a bit more in line with how NixOS systems in user folders currently work. Change-Id: I1322ec5cc76c0207c099c05d44828a3df0b3ffc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2931 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: glittershark <grfn@gws.fyi>
This commit is contained in:
parent
7deabb8c8d
commit
90281c4eac
38 changed files with 41 additions and 60 deletions
|
@ -42,7 +42,7 @@ Twitter][].
|
||||||
[`//ops/pipelines`](https://cs.tvl.fyi/depot/-/tree/ops/pipelines).
|
[`//ops/pipelines`](https://cs.tvl.fyi/depot/-/tree/ops/pipelines).
|
||||||
|
|
||||||
All services that we host are deployed on NixOS machines that we manage. Their
|
All services that we host are deployed on NixOS machines that we manage. Their
|
||||||
configuration is tracked in `//ops/nixos`.
|
configuration is tracked in `//ops/{modules,machines}`.
|
||||||
|
|
||||||
## Nix
|
## Nix
|
||||||
|
|
||||||
|
|
|
@ -60,7 +60,7 @@ And `scope` should refer to some kind of logical grouping inside of the project.
|
||||||
|
|
||||||
It does not make sense to include the full path unless it aids in
|
It does not make sense to include the full path unless it aids in
|
||||||
disambiguating. For example, when changing the configuration of the host
|
disambiguating. For example, when changing the configuration of the host
|
||||||
`camden` at `//ops/nixos/camden` it is enough to write `feat(camden): ...`.
|
`whitby` at `//ops/machines/whitby` it is enough to write `feat(whitby): ...`.
|
||||||
|
|
||||||
Please take a look at the existing commit log for examples.
|
Please take a look at the existing commit log for examples.
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ depot, ... }:
|
{ depot, ... }:
|
||||||
|
|
||||||
(with depot.ops.nixos; [
|
(with depot.ops.machines; [
|
||||||
whitby
|
whitby
|
||||||
]) ++
|
]) ++
|
||||||
|
|
|
@ -1,30 +1,31 @@
|
||||||
{ depot, lib, pkgs, ... }:
|
{ depot, lib, pkgs, ... }: # readTree options
|
||||||
|
config: # passed by module system
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (builtins) listToAttrs;
|
inherit (builtins) listToAttrs;
|
||||||
inherit (lib) range;
|
inherit (lib) range;
|
||||||
in lib.fix(self: {
|
in lib.fix(self: {
|
||||||
imports = [
|
imports = [
|
||||||
"${depot.depotPath}/ops/nixos/clbot.nix"
|
"${depot.depotPath}/ops/modules/clbot.nix"
|
||||||
"${depot.depotPath}/ops/nixos/irccat.nix"
|
"${depot.depotPath}/ops/modules/irccat.nix"
|
||||||
"${depot.depotPath}/ops/nixos/monorepo-gerrit.nix"
|
"${depot.depotPath}/ops/modules/monorepo-gerrit.nix"
|
||||||
"${depot.depotPath}/ops/nixos/panettone.nix"
|
"${depot.depotPath}/ops/modules/panettone.nix"
|
||||||
"${depot.depotPath}/ops/nixos/paroxysm.nix"
|
"${depot.depotPath}/ops/modules/paroxysm.nix"
|
||||||
"${depot.depotPath}/ops/nixos/smtprelay.nix"
|
"${depot.depotPath}/ops/modules/smtprelay.nix"
|
||||||
"${depot.depotPath}/ops/nixos/sourcegraph.nix"
|
"${depot.depotPath}/ops/modules/sourcegraph.nix"
|
||||||
"${depot.depotPath}/ops/nixos/tvl-buildkite.nix"
|
"${depot.depotPath}/ops/modules/tvl-buildkite.nix"
|
||||||
"${depot.depotPath}/ops/nixos/tvl-slapd/default.nix"
|
"${depot.depotPath}/ops/modules/tvl-slapd/default.nix"
|
||||||
"${depot.depotPath}/ops/nixos/tvl-sso/default.nix"
|
"${depot.depotPath}/ops/modules/tvl-sso/default.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/b.tvl.fyi.nix"
|
"${depot.depotPath}/ops/modules/www/b.tvl.fyi.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/cache.tvl.su.nix"
|
"${depot.depotPath}/ops/modules/www/cache.tvl.su.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/cl.tvl.fyi.nix"
|
"${depot.depotPath}/ops/modules/www/cl.tvl.fyi.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/code.tvl.fyi.nix"
|
"${depot.depotPath}/ops/modules/www/code.tvl.fyi.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/cs.tvl.fyi.nix"
|
"${depot.depotPath}/ops/modules/www/cs.tvl.fyi.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/login.tvl.fyi.nix"
|
"${depot.depotPath}/ops/modules/www/login.tvl.fyi.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/tazj.in.nix"
|
"${depot.depotPath}/ops/modules/www/tazj.in.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/todo.tvl.fyi.nix"
|
"${depot.depotPath}/ops/modules/www/todo.tvl.fyi.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/tvl.fyi.nix"
|
"${depot.depotPath}/ops/modules/www/tvl.fyi.nix"
|
||||||
"${depot.depotPath}/ops/nixos/www/wigglydonke.rs.nix"
|
"${depot.depotPath}/ops/modules/www/wigglydonke.rs.nix"
|
||||||
"${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"
|
"${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"
|
||||||
];
|
];
|
||||||
|
|
2
ops/modules/default.nix
Normal file
2
ops/modules/default.nix
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
# Make readTree happy at this level.
|
||||||
|
_: {}
|
|
@ -1,21 +1,8 @@
|
||||||
# Most of the Nix expressions in this folder are NixOS modules, which
|
# Helper functions for instantiating depot-compatible NixOS machines.
|
||||||
# are not readTree compatible.
|
|
||||||
#
|
|
||||||
# Some things (such as system configurations) are, and we import them
|
|
||||||
# here manually.
|
|
||||||
#
|
|
||||||
# TODO(tazjin): Find a more elegant solution for the whole module
|
|
||||||
# situation.
|
|
||||||
{ depot, lib, pkgs, ... }@args:
|
{ depot, lib, pkgs, ... }@args:
|
||||||
|
|
||||||
let inherit (lib) findFirst isAttrs;
|
let inherit (lib) findFirst isAttrs;
|
||||||
in rec {
|
in rec {
|
||||||
whitby = import ./whitby/default.nix args;
|
|
||||||
|
|
||||||
# System installation
|
|
||||||
|
|
||||||
allSystems = import ./all-systems.nix args;
|
|
||||||
|
|
||||||
# This provides our standard set of arguments to all NixOS modules.
|
# This provides our standard set of arguments to all NixOS modules.
|
||||||
baseModule = { ... }: {
|
baseModule = { ... }: {
|
||||||
_module.args = {
|
_module.args = {
|
||||||
|
@ -36,7 +23,7 @@ in rec {
|
||||||
(findFirst
|
(findFirst
|
||||||
(system: system.config.networking.hostName == hostname)
|
(system: system.config.networking.hostName == hostname)
|
||||||
(throw "${hostname} is not a known NixOS host")
|
(throw "${hostname} is not a known NixOS host")
|
||||||
(map nixosFor allSystems));
|
(map nixosFor depot.ops.machines.all-systems));
|
||||||
|
|
||||||
rebuild-system = pkgs.writeShellScriptBin "rebuild-system" ''
|
rebuild-system = pkgs.writeShellScriptBin "rebuild-system" ''
|
||||||
set -ue
|
set -ue
|
||||||
|
@ -53,9 +40,6 @@ in rec {
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Systems that should be built in CI
|
# Systems that should be built in CI
|
||||||
#
|
whitbySystem = (nixosFor depot.ops.machines.whitby).system;
|
||||||
# TODO(tazjin): Refactor the whole systems setup, it's a bit
|
|
||||||
# inconsistent at the moment.
|
|
||||||
whitbySystem = (nixosFor whitby).system;
|
|
||||||
meta.targets = [ "whitbySystem" ];
|
meta.targets = [ "whitbySystem" ];
|
||||||
}
|
}
|
3
ops/nixos/.gitignore
vendored
3
ops/nixos/.gitignore
vendored
|
@ -1,3 +0,0 @@
|
||||||
hardware-configuration.nix
|
|
||||||
local-configuration.nix
|
|
||||||
result
|
|
|
@ -7,7 +7,7 @@
|
||||||
../modules/tvl.nix
|
../modules/tvl.nix
|
||||||
../modules/fcitx.nix
|
../modules/fcitx.nix
|
||||||
../modules/rtlsdr.nix
|
../modules/rtlsdr.nix
|
||||||
../../../../../ops/nixos/v4l2loopback.nix
|
../../../../../ops/modules/v4l2loopback.nix
|
||||||
../modules/desktop.nix
|
../modules/desktop.nix
|
||||||
../modules/development.nix
|
../modules/development.nix
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,20 +1,17 @@
|
||||||
NixOS configuration
|
NixOS configuration
|
||||||
===================
|
===================
|
||||||
|
|
||||||
My NixOS configuration! It configures most of the packages I require
|
My NixOS configurations! It configures most of the packages I require
|
||||||
on my systems, sets up Emacs the way I need and does a bunch of other
|
on my systems, sets up Emacs the way I need and does a bunch of other
|
||||||
interesting things.
|
interesting things.
|
||||||
|
|
||||||
System configuration lives in folders for each machine and a custom
|
System configuration lives in folders, and some of the modules stem
|
||||||
fixed point evaluation (similar to standard NixOS module
|
from `//ops/modules`.
|
||||||
configuration) is used to combine configuration together.
|
|
||||||
|
|
||||||
Building `ops.nixos.rebuilder` yields a script that will automatically
|
Machines are deployed with the script at `ops.nixos.rebuild-system`.
|
||||||
build and activate the newest configuration based on the current
|
|
||||||
hostname.
|
|
||||||
|
|
||||||
## Configured hosts:
|
## Configured hosts:
|
||||||
|
|
||||||
* `frog` - weapon of mass computation at home
|
* `tverskoy` - X13 AMD that's travelling around with me
|
||||||
* `camden` - NUC serving tazj.in, tvl.fyi & co
|
* `frog` - weapon of mass computation (in storage in London)
|
||||||
* ~~`urdhva` - T470s~~ (currently with edef)
|
* `camden` - NUC formerly serving tazj.in (in storage in London)
|
||||||
|
|
|
@ -25,8 +25,8 @@ in lib.fix(self: {
|
||||||
sha256 = "157c64220lf825ll4c0cxsdwg7cxqdx4z559fdp7kpz0g6p8fhhr";
|
sha256 = "157c64220lf825ll4c0cxsdwg7cxqdx4z559fdp7kpz0g6p8fhhr";
|
||||||
};
|
};
|
||||||
in [
|
in [
|
||||||
"${depot.depotPath}/ops/nixos/quassel.nix"
|
"${depot.depotPath}/ops/modules/quassel.nix"
|
||||||
"${depot.depotPath}/ops/nixos/smtprelay.nix"
|
"${depot.depotPath}/ops/modules/smtprelay.nix"
|
||||||
"${oldChannel}/nixos/modules/security/acme.nix"
|
"${oldChannel}/nixos/modules/security/acme.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ config: let
|
||||||
};
|
};
|
||||||
in lib.fix(self: {
|
in lib.fix(self: {
|
||||||
imports = [
|
imports = [
|
||||||
"${depot.depotPath}/ops/nixos/v4l2loopback.nix"
|
"${depot.depotPath}/ops/modules/v4l2loopback.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
Loading…
Reference in a new issue