| # Top-level file aggregating all machines managed from hscloud. |
| # |
| # This file is meant to be used with colmena. For information about |
| # building/deploying machines see //ops/README.md. |
| |
| let |
| hscloud = import ../default.nix { }; |
| pkgs = hscloud.pkgs; |
| |
| nixpkgsForRunc112 = import |
| (pkgs.fetchFromGitHub { |
| owner = "nixos"; |
| repo = "nixpkgs"; |
| rev = "f6a0dcdc5008e7aa6ccac5b99a02b73461540789"; |
| sha256 = "sha256-ro5vOuY6kDvqXFWLRMcXKkEurJZSD+DQ866aWp0tARk="; |
| }) {}; |
| |
| # TODO(patryk): unpin and upgrade |
| nixpkgsMachines = import |
| (pkgs.fetchFromGitHub { |
| owner = "nixos"; |
| repo = "nixpkgs-channels"; |
| rev = "e26c0ffdb013cd378fc2528a44689a8bf35d2a6c"; |
| sha256 = "1b33hw35fqb9rzszdg5jpiyfvhx2cxpv0qrkyr19zkdpdahzdbss"; |
| }) |
| { |
| overlays = [ |
| (self: super: { |
| # Bump runc to 1.1.12 fix CVE-2024-21626 |
| # Taking it from another nixpkgs is the easiest, as nixpkgsMachines' |
| # Go is too old to build a newer verison of runc from upstream. |
| runc = nixpkgsForRunc112.runc; |
| }) |
| ]; |
| }; |
| |
| mkClusterMachine = path: { |
| deployment.tags = [ "k8s" ]; |
| |
| imports = [ |
| ../cluster/machines/modules/base.nix |
| ../cluster/machines/modules/kube-controlplane.nix |
| ../cluster/machines/modules/kube-dataplane.nix |
| path |
| ]; |
| }; |
| in |
| { |
| meta = { |
| nixpkgs = pkgs; |
| |
| nodeNixpkgs = { |
| "bc01n01.hswaw.net" = nixpkgsMachines; |
| "bc01n05.hswaw.net" = nixpkgsMachines; |
| "dcr01s22.hswaw.net" = nixpkgsMachines; |
| "dcr01s24.hswaw.net" = nixpkgsMachines; |
| "dcr03s16.hswaw.net" = nixpkgsMachines; |
| |
| "edge01.waw.bgp.wtf" = nixpkgsMachines; |
| |
| "larrythebuilder.q3k.org" = import pkgs.path { system = "aarch64-linux"; }; |
| "tv1.waw.hackerspace.pl" = import pkgs.path { system = "aarch64-linux"; }; |
| "tv2.waw.hackerspace.pl" = import pkgs.path { system = "aarch64-linux"; }; |
| |
| # TODO update global pkgs to >= 22.05 and remove this override |
| # building on current pkgs gives error: |
| # error: The option `services.home-assistant.extraComponents' does not exist. |
| "sound.waw.hackerspace.pl" = import |
| (fetchTarball { |
| # NixOS/nixpkgs/nixos-unstable 2024-04-15 |
| url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/fc69edccf533e2731ab8850c59482907e0d4fc28"; |
| sha256 = "1rzpidjcjgj5dl6q1j5vll375qaq0b9j9wbhfg2a19fyk2z5nz64"; |
| }) |
| { }; |
| |
| "printmaster.waw.hackerspace.pl" = import |
| (fetchTarball { |
| url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/56911ef3403a9318b7621ce745f5452fb9ef6867"; |
| sha256 = "0jf6pnz4s5w9p35wd584hy7p6r5aaq1khfdxv2c1nqnmss05nn2b"; |
| }) |
| { system = "aarch64-linux"; }; |
| |
| "snowflake.hackerspace.pl" = import |
| (fetchTarball { |
| # NixOS/nixpkgs/nixos-unstable 2024-06-11 |
| url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/c7b821ba2e1e635ba5a76d299af62821cbcb09f3"; |
| sha256 = "0gzqmnniwqjs7hqi6y9zxf2by1j2nxa82zsixzskbr1yrw5vfcqr"; |
| }) |
| { system = "x86_64-linux"; }; |
| }; |
| |
| allowApplyAll = false; |
| }; |
| |
| defaults = { nodes, pkgs, ... }: { |
| _module.args.workspace = hscloud.hscloudForPkgs pkgs; |
| _module.args.machines = nodes; |
| }; |
| |
| "bc01n01.hswaw.net" = mkClusterMachine ../cluster/machines/bc01n01.hswaw.net.nix; |
| "bc01n05.hswaw.net" = mkClusterMachine ../cluster/machines/bc01n05.hswaw.net.nix; |
| "dcr01s22.hswaw.net" = mkClusterMachine ../cluster/machines/dcr01s22.hswaw.net.nix; |
| "dcr01s24.hswaw.net" = mkClusterMachine ../cluster/machines/dcr01s24.hswaw.net.nix; |
| "dcr03s16.hswaw.net" = mkClusterMachine ../cluster/machines/dcr03s16.hswaw.net.nix; |
| |
| "edge01.waw.bgp.wtf" = { ... }: { |
| imports = [ |
| ../bgpwtf/machines/edge01.waw.bgp.wtf.nix |
| ../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix |
| ]; |
| }; |
| |
| "larrythebuilder.q3k.org" = import ../hswaw/machines/larrythebuilder.q3k.org/configuration.nix; |
| |
| "customs.hackerspace.pl" = import ../hswaw/machines/customs.hackerspace.pl/configuration.nix; |
| "tv1.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv1.nix; |
| "tv2.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv2.nix; |
| "sound.waw.hackerspace.pl" = import ../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix; |
| "arcade.waw.hackerspace.pl" = import ../hswaw/machines/arcade.waw.hackerspace.pl/configuration.nix; |
| "printmaster.waw.hackerspace.pl" = { ... }: { |
| imports = [ ../hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix ]; |
| deployment.buildOnTarget = true; |
| }; |
| "snowflake.hackerspace.pl" = import ../hswaw/machines/snowflake/configuration.nix; |
| } |