Serge Bazanski | 6abe4fa | 2020-10-03 00:18:34 +0200 | [diff] [blame] | 1 | # Top-level file aggregating all machines managed from hscloud. |
| 2 | # |
| 3 | # This allows to have a common attrset of machines that can be deployed |
| 4 | # in the same way. |
| 5 | # |
Serge Bazanski | b3c6770 | 2021-09-10 22:27:24 +0000 | [diff] [blame] | 6 | # For information about building/deploying machines see //ops/README.md. |
Serge Bazanski | 6abe4fa | 2020-10-03 00:18:34 +0200 | [diff] [blame] | 7 | |
Serge Bazanski | c35ea6a | 2022-07-07 17:47:58 +0200 | [diff] [blame] | 8 | { hscloud, pkgs, hscloudForPkgs, ... }: |
Serge Bazanski | 6abe4fa | 2020-10-03 00:18:34 +0200 | [diff] [blame] | 9 | |
| 10 | let |
Bartosz Stebel | 7ab03b1 | 2024-01-27 00:38:27 +0100 | [diff] [blame^] | 11 | # nixpkgs for cluster machines (.hswaw.net). Pinned to an old nixpkgs |
| 12 | # for stability and controlled k8s upgrades. |
Serge Bazanski | b3c6770 | 2021-09-10 22:27:24 +0000 | [diff] [blame] | 13 | |
Bartosz Stebel | 7ab03b1 | 2024-01-27 00:38:27 +0100 | [diff] [blame^] | 14 | nixpkgsMachines = import (pkgs.fetchFromGitHub { |
Serge Bazanski | 8f08423 | 2023-03-10 20:52:06 +0100 | [diff] [blame] | 15 | owner = "nixos"; |
Bartosz Stebel | 655db5e | 2024-01-24 20:16:19 +0100 | [diff] [blame] | 16 | repo = "nixpkgs"; |
| 17 | rev = "e26c0ffdb013cd378fc2528a44689a8bf35d2a6c"; # 21.11 |
Serge Bazanski | 8f08423 | 2023-03-10 20:52:06 +0100 | [diff] [blame] | 18 | sha256 = "1b33hw35fqb9rzszdg5jpiyfvhx2cxpv0qrkyr19zkdpdahzdbss"; |
| 19 | }) { }; |
Bartosz Stebel | 7ab03b1 | 2024-01-27 00:38:27 +0100 | [diff] [blame^] | 20 | # fixture for convenient upgrades (just import different nixpkgs here) |
| 21 | nixpkgsMachinesNew = nixpkgsMachines; |
Serge Bazanski | 8f08423 | 2023-03-10 20:52:06 +0100 | [diff] [blame] | 22 | |
| 23 | |
Serge Bazanski | a16af2d | 2021-10-16 19:14:05 +0000 | [diff] [blame] | 24 | # mkMachine builds NixOS modules into a NixOS derivation. |
| 25 | # It: |
| 26 | # 1) injects passthru.hscloud.provision which deploys that configuration |
| 27 | # over SSH to a production machine. |
| 28 | # 2) injects 'workspace' as a nixos module argument which points to the root |
| 29 | # of the hscloud readTree object. It will contain whatever nixpkgs |
| 30 | # checkout this file has been invoked with, ie. will not be 'mixed in' |
| 31 | # with the pkgs argument. |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 32 | mkMachine = machines: pkgs: paths: pkgs.nixos ({ config, pkgs, ... }: { |
Serge Bazanski | 6abe4fa | 2020-10-03 00:18:34 +0200 | [diff] [blame] | 33 | imports = paths; |
Serge Bazanski | b3c6770 | 2021-09-10 22:27:24 +0000 | [diff] [blame] | 34 | |
| 35 | config = let |
| 36 | name = config.networking.hostName; |
| 37 | domain = if (config.networking ? domain) && config.networking.domain != null then config.networking.domain else "hswaw.net"; |
| 38 | fqdn = name + "." + domain; |
| 39 | toplevel = config.system.build.toplevel; |
| 40 | |
| 41 | runProvision = '' |
| 42 | #!/bin/sh |
| 43 | set -eu |
| 44 | remote=root@${fqdn} |
| 45 | echo "Configuration for ${fqdn} is ${toplevel}" |
| 46 | nix copy -s --to ssh://$remote ${toplevel} |
| 47 | |
| 48 | running="$(ssh $remote readlink -f /nix/var/nix/profiles/system)" |
| 49 | if [ "$running" == "${toplevel}" ]; then |
| 50 | echo "${fqdn} already running ${toplevel}." |
| 51 | else |
| 52 | echo "/etc/systemd/system diff:" |
| 53 | ssh $remote diff -ur /var/run/current-system/etc/systemd/system ${toplevel}/etc/systemd/system || true |
| 54 | echo "" |
| 55 | echo "" |
| 56 | echo "dry-activate diff:" |
| 57 | ssh $remote ${toplevel}/bin/switch-to-configuration dry-activate |
| 58 | read -p "Do you want to switch to this configuration? " -n 1 -r |
| 59 | echo |
| 60 | if ! [[ $REPLY =~ ^[Yy]$ ]]; then |
| 61 | exit 1 |
| 62 | fi |
| 63 | |
| 64 | echo -ne "\n\nswitch-to-configuration test...\n" |
| 65 | ssh $remote ${toplevel}/bin/switch-to-configuration test |
| 66 | fi |
| 67 | |
| 68 | echo -ne "\n\n" |
| 69 | read -p "Do you want to set this configuration as boot? " -n 1 -r |
| 70 | echo |
| 71 | if ! [[ $REPLY =~ ^[Yy]$ ]]; then |
| 72 | exit 1 |
| 73 | fi |
| 74 | |
| 75 | echo -ne "\n\nsetting system profile...\n" |
| 76 | ssh $remote nix-env -p /nix/var/nix/profiles/system --set ${toplevel} |
| 77 | |
| 78 | echo -ne "\n\nswitch-to-configuration boot...\n" |
| 79 | ssh $remote ${toplevel}/bin/switch-to-configuration boot |
| 80 | ''; |
| 81 | in { |
| 82 | passthru.hscloud.provision = pkgs.writeScript "provision-${fqdn}" runProvision; |
Serge Bazanski | a16af2d | 2021-10-16 19:14:05 +0000 | [diff] [blame] | 83 | |
| 84 | # TODO(q3k): this should be named hscloud, but that seems to not work. Debug and rename. |
Serge Bazanski | c35ea6a | 2022-07-07 17:47:58 +0200 | [diff] [blame] | 85 | _module.args.workspace = hscloudForPkgs pkgs; |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 86 | _module.args.machines = machines; |
Serge Bazanski | b3c6770 | 2021-09-10 22:27:24 +0000 | [diff] [blame] | 87 | }; |
Serge Bazanski | 6abe4fa | 2020-10-03 00:18:34 +0200 | [diff] [blame] | 88 | }); |
Serge Bazanski | 6abe4fa | 2020-10-03 00:18:34 +0200 | [diff] [blame] | 89 | |
Bartosz Stebel | 7ab03b1 | 2024-01-27 00:38:27 +0100 | [diff] [blame^] | 90 | mkClusterMachine = machines: path: mkMachine machines nixpkgsMachines [ |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 91 | ../cluster/machines/modules/base.nix |
| 92 | ../cluster/machines/modules/kube-controlplane.nix |
| 93 | ../cluster/machines/modules/kube-dataplane.nix |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 94 | path |
Serge Bazanski | 6abe4fa | 2020-10-03 00:18:34 +0200 | [diff] [blame] | 95 | ]; |
Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 96 | |
Bartosz Stebel | 7ab03b1 | 2024-01-27 00:38:27 +0100 | [diff] [blame^] | 97 | mkClusterMachineNew = machines: path: mkMachine machines nixpkgsMachinesNew [ |
Serge Bazanski | ef3aab6 | 2022-11-18 14:39:45 +0000 | [diff] [blame] | 98 | ../cluster/machines/modules/base.nix |
| 99 | ../cluster/machines/modules/kube-controlplane.nix |
| 100 | ../cluster/machines/modules/kube-dataplane.nix |
Serge Bazanski | ef3aab6 | 2022-11-18 14:39:45 +0000 | [diff] [blame] | 101 | path |
| 102 | ]; |
| 103 | |
| 104 | |
Serge Bazanski | 5ac5e4b | 2022-07-06 00:31:35 +0200 | [diff] [blame] | 105 | pkgsArm = import pkgs.path { |
| 106 | system = "aarch64-linux"; |
| 107 | }; |
| 108 | |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 109 | machines = self: { |
Bartosz Stebel | 7ab03b1 | 2024-01-27 00:38:27 +0100 | [diff] [blame^] | 110 | "bc01n01.hswaw.net" = mkClusterMachine self ../cluster/machines/bc01n01.hswaw.net.nix; |
| 111 | "bc01n05.hswaw.net" = mkClusterMachine self ../cluster/machines/bc01n05.hswaw.net.nix; |
| 112 | "dcr01s22.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s22.hswaw.net.nix; |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 113 | "dcr01s24.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s24.hswaw.net.nix; |
Bartosz Stebel | 7ab03b1 | 2024-01-27 00:38:27 +0100 | [diff] [blame^] | 114 | "dcr03s16.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr03s16.hswaw.net.nix; |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 115 | |
Bartosz Stebel | 7ab03b1 | 2024-01-27 00:38:27 +0100 | [diff] [blame^] | 116 | "edge01.waw.bgp.wtf" = mkMachine self nixpkgsMachines [ |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 117 | ../bgpwtf/machines/edge01.waw.bgp.wtf.nix |
| 118 | ../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix |
| 119 | ]; |
| 120 | |
Serge Bazanski | 5ac5e4b | 2022-07-06 00:31:35 +0200 | [diff] [blame] | 121 | "larrythebuilder.q3k.org" = mkMachine self pkgsArm [ |
| 122 | ../hswaw/machines/larrythebuilder.q3k.org/configuration.nix |
| 123 | ]; |
| 124 | |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 125 | "customs.hackerspace.pl" = mkMachine self pkgs [ |
| 126 | ../hswaw/machines/customs.hackerspace.pl/configuration.nix |
| 127 | ]; |
Serge Bazanski | 5ac5e4b | 2022-07-06 00:31:35 +0200 | [diff] [blame] | 128 | "tv1.waw.hackerspace.pl" = mkMachine self pkgsArm [ |
Serge Bazanski | dcdbd84 | 2022-07-07 02:30:09 +0200 | [diff] [blame] | 129 | ../hswaw/machines/tv/tv1.nix |
| 130 | ]; |
| 131 | "tv2.waw.hackerspace.pl" = mkMachine self pkgsArm [ |
| 132 | ../hswaw/machines/tv/tv2.nix |
Serge Bazanski | 5ac5e4b | 2022-07-06 00:31:35 +0200 | [diff] [blame] | 133 | ]; |
vuko | deeeff8 | 2022-10-02 23:12:29 +0200 | [diff] [blame] | 134 | "sound.waw.hackerspace.pl" = let |
| 135 | # TODO update global pkgs to >= 22.05 and remove this override |
| 136 | # building on current pkgs gives error: |
| 137 | # error: The option `services.home-assistant.extraComponents' does not exist. |
| 138 | pkgs = import (fetchTarball { |
| 139 | # NixOS/nixpkgs/nixos-unstable 2022-09-10 |
| 140 | url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/2da64a81275b68fdad38af669afeda43d401e94b"; |
| 141 | sha256 = "1k71lmzdaa48yqkmsnd22n177qmxxi4gj2qcmdbv0mc6l4f27wd0"; |
| 142 | }) {}; |
| 143 | in mkMachine self pkgs [ |
| 144 | ../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix |
| 145 | ]; |
Serge Bazanski | 55a486a | 2022-06-11 18:27:01 +0000 | [diff] [blame] | 146 | }; |
| 147 | |
| 148 | in pkgs.lib.fix machines |