Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 9cfc2a0e439439e5c8d66e82ce1d90edb06a4f01 / . / ops / machines.nix
blob: 5401e30a08eaaa47d190fdccfb90e914e48c5307 [file] [log] [blame]
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]1# Top-level file aggregating all machines managed from hscloud.
2#
3# This allows to have a common attrset of machines that can be deployed
4# in the same way.
5#
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]6# For information about building/deploying machines see //ops/README.md.
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]7
8{ hscloud, pkgs, ... }:
9
10let
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]11 # nixpkgs for cluster machines (.hswaw.net). Currently pinned to an old
12 # nixpkgs because NixOS modules for kubernetes changed enough that it's not
13 # super easy to use them as is.
14 #
15 # TODO(q3k): fix this: use an old nixpkgs for Kube modules while using
16 # hscloud nixpkgs for everything else.
17 nixpkgsCluster = import (pkgs.fetchFromGitHub {
18 owner = "nixos";
19 repo = "nixpkgs-channels";
20 rev = "44ad80ab1036c5cc83ada4bfa451dac9939f2a10";
21 sha256 = "1b61nzvy0d46cspy07szkc0rggacxiqg9v1py27pkqpj7rvawfsk";
22 }) {};
23
24 # edge01 still lives on an old nixpkgs checkout.
25 #
26 # TODO(b/3): unpin and deploy.
27 nixpkgsBgpwtf = import (pkgs.fetchFromGitHub {
28 owner = "nixos";
29 repo = "nixpkgs-channels";
30 rev = "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38";
31 sha256 = "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v";
32 }) {};
33
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]34 # Stopgap measure to import //cluster/nix machine definitions into new
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]35 # //ops/ infrastructure.
36 #
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]37 # TODO(q3k): inject defs-cluster-k0.nix / defs-machines.nix content via
38 # nixos options instead of having module definitions loading it themselves,
39 # deduplicate list of machines below with defs-machines.nix somehow.
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]40 clusterMachineConfig = name: [({ config, pkgs, ...}: {
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]41 # The hostname is used by //cluster/nix machinery to load the appropriate
42 # config from defs-machines into defs-cluster-k0.
43 networking.hostName = name;
44 imports = [
45 ../cluster/nix/modules/base.nix
46 ../cluster/nix/modules/kubernetes.nix
47 ];
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]48 })];
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]49
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]50 # mkMachine builds NixOS modules into a NixOS derivation, and injects
51 # passthru.hscloud.provision which deploys that configuration over SSH to a
52 # production machine.
Serge Bazanskia0332a72021-03-17 22:12:43 +0100[diff] [blame]53 mkMachine = pkgs: paths: pkgs.nixos ({ config, pkgs, ... }: {
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]54 imports = paths;
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]55
56 config = let
57 name = config.networking.hostName;
58 domain = if (config.networking ? domain) && config.networking.domain != null then config.networking.domain else "hswaw.net";
59 fqdn = name + "." + domain;
60 toplevel = config.system.build.toplevel;
61
62 runProvision = ''
63 #!/bin/sh
64 set -eu
65 remote=root@${fqdn}
66 echo "Configuration for ${fqdn} is ${toplevel}"
67 nix copy -s --to ssh://$remote ${toplevel}
68
69 running="$(ssh $remote readlink -f /nix/var/nix/profiles/system)"
70 if [ "$running" == "${toplevel}" ]; then
71 echo "${fqdn} already running ${toplevel}."
72 else
73 echo "/etc/systemd/system diff:"
74 ssh $remote diff -ur /var/run/current-system/etc/systemd/system ${toplevel}/etc/systemd/system || true
75 echo ""
76 echo ""
77 echo "dry-activate diff:"
78 ssh $remote ${toplevel}/bin/switch-to-configuration dry-activate
79 read -p "Do you want to switch to this configuration? " -n 1 -r
80 echo
81 if ! [[ $REPLY =~ ^[Yy]$ ]]; then
82 exit 1
83 fi
84
85 echo -ne "\n\nswitch-to-configuration test...\n"
86 ssh $remote ${toplevel}/bin/switch-to-configuration test
87 fi
88
89 echo -ne "\n\n"
90 read -p "Do you want to set this configuration as boot? " -n 1 -r
91 echo
92 if ! [[ $REPLY =~ ^[Yy]$ ]]; then
93 exit 1
94 fi
95
96 echo -ne "\n\nsetting system profile...\n"
97 ssh $remote nix-env -p /nix/var/nix/profiles/system --set ${toplevel}
98
99 echo -ne "\n\nswitch-to-configuration boot...\n"
100 ssh $remote ${toplevel}/bin/switch-to-configuration boot
101 '';
102 in {
103 passthru.hscloud.provision = pkgs.writeScript "provision-${fqdn}" runProvision;
104 };
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]105 });
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]106in {
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]107 "bc01n01.hswaw.net" = mkMachine nixpkgsCluster (clusterMachineConfig "bc01n01");
108 "bc01n02.hswaw.net" = mkMachine nixpkgsCluster (clusterMachineConfig "bc01n02");
109 "dcr01s22.hswaw.net" = mkMachine nixpkgsCluster (clusterMachineConfig "dcr01s22");
110 "dcr01s24.hswaw.net" = mkMachine nixpkgsCluster (clusterMachineConfig "dcr01s24");
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]111
Serge Bazanskib3c67702021-09-10 22:27:24 +0000[diff] [blame]112 "edge01.waw.bgp.wtf" = mkMachine nixpkgsBgpwtf [
Serge Bazanski6abe4fa2020-10-03 00:18:34 +0200[diff] [blame]113 ../bgpwtf/machines/edge01.waw.bgp.wtf.nix
114 ../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
115 ];
116}