Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / d843b782a111eb4ab20d1fb2b759db321d692941 / . / ops / hive.nix
blob: a8b1eea0e97f92174530feec33391b3c185b9882 [file] [log] [blame]
# Top-level file aggregating all machines managed from hscloud.
#
# This file is meant to be used with colmena. For information about
# building/deploying machines see //ops/README.md.
let
hscloud = import ../default.nix { };
pkgs = hscloud.pkgs;
nixpkgsForRunc112 = import
(pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = "f6a0dcdc5008e7aa6ccac5b99a02b73461540789";
sha256 = "sha256-ro5vOuY6kDvqXFWLRMcXKkEurJZSD+DQ866aWp0tARk=";
}) {};
# TODO(patryk): unpin and upgrade
nixpkgsMachines = import
(pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs-channels";
rev = "e26c0ffdb013cd378fc2528a44689a8bf35d2a6c";
sha256 = "1b33hw35fqb9rzszdg5jpiyfvhx2cxpv0qrkyr19zkdpdahzdbss";
})
{
overlays = [
(self: super: {
# Bump runc to 1.1.12 fix CVE-2024-21626
# Taking it from another nixpkgs is the easiest, as nixpkgsMachines'
# Go is too old to build a newer verison of runc from upstream.
runc = nixpkgsForRunc112.runc;
})
];
};
mkClusterMachine = path: {
deployment.tags = [ "k8s" ];
imports = [
../cluster/machines/modules/base.nix
../cluster/machines/modules/kube-controlplane.nix
../cluster/machines/modules/kube-dataplane.nix
path
];
};
in
{
meta = {
nixpkgs = pkgs;
nodeNixpkgs = {
"bc01n01.hswaw.net" = nixpkgsMachines;
"bc01n05.hswaw.net" = nixpkgsMachines;
"dcr01s22.hswaw.net" = nixpkgsMachines;
"dcr01s24.hswaw.net" = nixpkgsMachines;
"dcr03s16.hswaw.net" = nixpkgsMachines;
"edge01.waw.bgp.wtf" = nixpkgsMachines;
"larrythebuilder.q3k.org" = import pkgs.path { system = "aarch64-linux"; };
"tv1.waw.hackerspace.pl" = import pkgs.path { system = "aarch64-linux"; };
"tv2.waw.hackerspace.pl" = import pkgs.path { system = "aarch64-linux"; };
# TODO update global pkgs to >= 22.05 and remove this override
# building on current pkgs gives error:
# error: The option `services.home-assistant.extraComponents' does not exist.
"sound.waw.hackerspace.pl" = import
(fetchTarball {
# NixOS/nixpkgs/nixos-unstable 2024-04-15
url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/fc69edccf533e2731ab8850c59482907e0d4fc28";
sha256 = "1rzpidjcjgj5dl6q1j5vll375qaq0b9j9wbhfg2a19fyk2z5nz64";
})
{ };
"printmaster.waw.hackerspace.pl" = import
(fetchTarball {
url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/56911ef3403a9318b7621ce745f5452fb9ef6867";
sha256 = "0jf6pnz4s5w9p35wd584hy7p6r5aaq1khfdxv2c1nqnmss05nn2b";
})
{ system = "aarch64-linux"; };
};
allowApplyAll = false;
};
defaults = { nodes, pkgs, ... }: {
_module.args.workspace = hscloud.hscloudForPkgs pkgs;
_module.args.machines = nodes;
};
"bc01n01.hswaw.net" = mkClusterMachine ../cluster/machines/bc01n01.hswaw.net.nix;
"bc01n05.hswaw.net" = mkClusterMachine ../cluster/machines/bc01n05.hswaw.net.nix;
"dcr01s22.hswaw.net" = mkClusterMachine ../cluster/machines/dcr01s22.hswaw.net.nix;
"dcr01s24.hswaw.net" = mkClusterMachine ../cluster/machines/dcr01s24.hswaw.net.nix;
"dcr03s16.hswaw.net" = mkClusterMachine ../cluster/machines/dcr03s16.hswaw.net.nix;
"edge01.waw.bgp.wtf" = { ... }: {
imports = [
../bgpwtf/machines/edge01.waw.bgp.wtf.nix
../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
];
};
"larrythebuilder.q3k.org" = import ../hswaw/machines/larrythebuilder.q3k.org/configuration.nix;
"customs.hackerspace.pl" = import ../hswaw/machines/customs.hackerspace.pl/configuration.nix;
"tv1.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv1.nix;
"tv2.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv2.nix;
"sound.waw.hackerspace.pl" = import ../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix;
"arcade.waw.hackerspace.pl" = import ../hswaw/machines/arcade.waw.hackerspace.pl/configuration.nix;
"printmaster.waw.hackerspace.pl" = { ... }: {
imports = [ ../hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix ];
deployment.buildOnTarget = true;
};
}