ops/machines.nix

# Top-level file aggregating all machines managed from hscloud.
#
# This allows to have a common attrset of machines that can be deployed
# in the same way.
#
# For information about building/deploying machines see //ops/README.md.

{ hscloud, pkgs, hscloudForPkgs, ... }:

let
  # nixpkgs for cluster machines (.hswaw.net). Currently pinned to an old
  # nixpkgs because NixOS modules for kubernetes changed enough that it's not
  # super easy to use them as is.
  #
  # TODO(q3k): fix this: use an old nixpkgs for Kube modules while using
  # hscloud nixpkgs for everything else.
  nixpkgsCluster = import (pkgs.fetchFromGitHub {
    owner = "nixos";
    repo = "nixpkgs-channels";
    rev = "44ad80ab1036c5cc83ada4bfa451dac9939f2a10";
    sha256 = "1b61nzvy0d46cspy07szkc0rggacxiqg9v1py27pkqpj7rvawfsk";
  }) { };

  # TODO(patryk): unpin and upgrade
  nixpkgsBgpwtf = import (pkgs.fetchFromGitHub {
    owner = "nixos";
    repo = "nixpkgs-channels";
    rev = "e26c0ffdb013cd378fc2528a44689a8bf35d2a6c";
    sha256 = "1b33hw35fqb9rzszdg5jpiyfvhx2cxpv0qrkyr19zkdpdahzdbss";
  }) { };


  # mkMachine builds NixOS modules into a NixOS derivation.
  # It:
  #  1) injects passthru.hscloud.provision which deploys that configuration
  #     over SSH to a production machine.
  #  2) injects 'workspace' as a nixos module argument which points to the root
  #     of the hscloud readTree object. It will contain whatever nixpkgs
  #     checkout this file has been invoked with, ie. will not be 'mixed in'
  #     with the pkgs argument.
  mkMachine = machines: pkgs: paths: pkgs.nixos ({ config, pkgs, ... }: {
    imports = paths;

    config = let
      name = config.networking.hostName;
      domain = if (config.networking ? domain) && config.networking.domain != null then config.networking.domain else "hswaw.net";
      fqdn = name + "." + domain;
      toplevel = config.system.build.toplevel;

      runProvision = ''
        #!/bin/sh
        set -eu
        remote=root@${fqdn}
        echo "Configuration for ${fqdn} is ${toplevel}"
        nix copy -s --to ssh://$remote ${toplevel}

        running="$(ssh $remote readlink -f /nix/var/nix/profiles/system)"
        if [ "$running" == "${toplevel}" ]; then
          echo "${fqdn} already running ${toplevel}."
        else
          echo "/etc/systemd/system diff:"
          ssh $remote diff -ur /var/run/current-system/etc/systemd/system ${toplevel}/etc/systemd/system || true
          echo ""
          echo ""
          echo "dry-activate diff:"
          ssh $remote ${toplevel}/bin/switch-to-configuration dry-activate
          read -p "Do you want to switch to this configuration? " -n 1 -r
          echo
          if ! [[ $REPLY =~ ^[Yy]$ ]]; then
            exit 1
          fi

          echo -ne "\n\nswitch-to-configuration test...\n"
          ssh $remote ${toplevel}/bin/switch-to-configuration test
        fi

        echo -ne "\n\n"
        read -p "Do you want to set this configuration as boot? " -n 1 -r
        echo
        if ! [[ $REPLY =~ ^[Yy]$ ]]; then
            exit 1
        fi

        echo -ne "\n\nsetting system profile...\n"
        ssh $remote nix-env -p /nix/var/nix/profiles/system --set ${toplevel}

        echo -ne "\n\nswitch-to-configuration boot...\n"
        ssh $remote ${toplevel}/bin/switch-to-configuration boot
      '';
    in {
      passthru.hscloud.provision = pkgs.writeScript "provision-${fqdn}" runProvision;

      # TODO(q3k): this should be named hscloud, but that seems to not work. Debug and rename.
      _module.args.workspace = hscloudForPkgs pkgs;
      _module.args.machines = machines;
    };
  });

  mkClusterMachine = machines: path: mkMachine machines nixpkgsCluster [
    ../cluster/machines/modules/base.nix
    ../cluster/machines/modules/kube-controlplane.nix
    ../cluster/machines/modules/kube-dataplane.nix
    path
  ];

  mkClusterMachineNew = machines: path: mkMachine machines nixpkgsBgpwtf [
    ../cluster/machines/modules/base.nix
    ../cluster/machines/modules/kube-controlplane.nix
    ../cluster/machines/modules/kube-dataplane.nix
    path
  ];


  pkgsArm = import pkgs.path {
    system = "aarch64-linux";
  };

  machines = self: {
    "bc01n01.hswaw.net" = mkClusterMachineNew self ../cluster/machines/bc01n01.hswaw.net.nix;
    "bc01n02.hswaw.net" = mkClusterMachine self ../cluster/machines/bc01n02.hswaw.net.nix;
    "bc01n05.hswaw.net" = mkClusterMachineNew self ../cluster/machines/bc01n05.hswaw.net.nix;
    "dcr01s22.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s22.hswaw.net.nix;
    "dcr01s24.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s24.hswaw.net.nix;

    "edge01.waw.bgp.wtf" = mkMachine self nixpkgsBgpwtf [
      ../bgpwtf/machines/edge01.waw.bgp.wtf.nix
      ../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
    ];

    "larrythebuilder.q3k.org" = mkMachine self pkgsArm [
      ../hswaw/machines/larrythebuilder.q3k.org/configuration.nix
    ];

    "customs.hackerspace.pl" = mkMachine self pkgs [
      ../hswaw/machines/customs.hackerspace.pl/configuration.nix
    ];
    "tv1.waw.hackerspace.pl" = mkMachine self pkgsArm [
      ../hswaw/machines/tv/tv1.nix
    ];
    "tv2.waw.hackerspace.pl" = mkMachine self pkgsArm [
      ../hswaw/machines/tv/tv2.nix
    ];
    "sound.waw.hackerspace.pl" = let
        # TODO update global pkgs to >= 22.05 and remove this override
        # building on current pkgs gives error:
        #   error: The option `services.home-assistant.extraComponents' does not exist.
        pkgs = import (fetchTarball {
          # NixOS/nixpkgs/nixos-unstable 2022-09-10
          url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/2da64a81275b68fdad38af669afeda43d401e94b";
          sha256 = "1k71lmzdaa48yqkmsnd22n177qmxxi4gj2qcmdbv0mc6l4f27wd0";
        }) {};
    in mkMachine self pkgs [
      ../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix
    ];
  };

in pkgs.lib.fix machines