ops/machines.nix

# Top-level file aggregating all machines managed from hscloud.
#
# This allows to have a common attrset of machines that can be deployed
# in the same way.
#
# For information about building/deploying machines see //ops/README.md.

{ hscloud, pkgs, hscloudForPkgs, ... }:

let
  # nixpkgs for cluster machines (.hswaw.net). Pinned to an old nixpkgs
  # for stability and controlled k8s upgrades.

  nixpkgsMachines = import (pkgs.fetchFromGitHub {
    owner = "nixos";
    repo = "nixpkgs";
    rev = "e26c0ffdb013cd378fc2528a44689a8bf35d2a6c"; # 21.11
    sha256 = "1b33hw35fqb9rzszdg5jpiyfvhx2cxpv0qrkyr19zkdpdahzdbss";
  }) { };
  # fixture for convenient upgrades (just import different nixpkgs here)
  nixpkgsMachinesNew = nixpkgsMachines;


  # mkMachine builds NixOS modules into a NixOS derivation.
  # It:
  #  1) injects passthru.hscloud.provision which deploys that configuration
  #     over SSH to a production machine.
  #  2) injects 'workspace' as a nixos module argument which points to the root
  #     of the hscloud readTree object. It will contain whatever nixpkgs
  #     checkout this file has been invoked with, ie. will not be 'mixed in'
  #     with the pkgs argument.
  mkMachine = machines: pkgs: paths: pkgs.nixos ({ config, pkgs, ... }: {
    imports = paths;

    config = let
      name = config.networking.hostName;
      domain = if (config.networking ? domain) && config.networking.domain != null then config.networking.domain else "hswaw.net";
      fqdn = name + "." + domain;
      toplevel = config.system.build.toplevel;

      runProvision = ''
        #!/bin/sh
        set -eu
        remote=root@${fqdn}
        echo "Configuration for ${fqdn} is ${toplevel}"
        nix copy -s --to ssh://$remote ${toplevel}

        running="$(ssh $remote readlink -f /nix/var/nix/profiles/system)"
        if [ "$running" == "${toplevel}" ]; then
          echo "${fqdn} already running ${toplevel}."
        else
          echo "/etc/systemd/system diff:"
          ssh $remote diff -ur /var/run/current-system/etc/systemd/system ${toplevel}/etc/systemd/system || true
          echo ""
          echo ""
          echo "dry-activate diff:"
          ssh $remote ${toplevel}/bin/switch-to-configuration dry-activate
          read -p "Do you want to switch to this configuration? " -n 1 -r
          echo
          if ! [[ $REPLY =~ ^[Yy]$ ]]; then
            exit 1
          fi

          echo -ne "\n\nswitch-to-configuration test...\n"
          ssh $remote ${toplevel}/bin/switch-to-configuration test
        fi

        echo -ne "\n\n"
        read -p "Do you want to set this configuration as boot? " -n 1 -r
        echo
        if ! [[ $REPLY =~ ^[Yy]$ ]]; then
            exit 1
        fi

        echo -ne "\n\nsetting system profile...\n"
        ssh $remote nix-env -p /nix/var/nix/profiles/system --set ${toplevel}

        echo -ne "\n\nswitch-to-configuration boot...\n"
        ssh $remote ${toplevel}/bin/switch-to-configuration boot
      '';
    in {
      passthru.hscloud.provision = pkgs.writeScript "provision-${fqdn}" runProvision;

      # TODO(q3k): this should be named hscloud, but that seems to not work. Debug and rename.
      _module.args.workspace = hscloudForPkgs pkgs;
      _module.args.machines = machines;
    };
  });

  mkClusterMachine = machines: path: mkMachine machines nixpkgsMachines [
    ../cluster/machines/modules/base.nix
    ../cluster/machines/modules/kube-controlplane.nix
    ../cluster/machines/modules/kube-dataplane.nix
    path
  ];

  mkClusterMachineNew = machines: path: mkMachine machines nixpkgsMachinesNew [
    ../cluster/machines/modules/base.nix
    ../cluster/machines/modules/kube-controlplane.nix
    ../cluster/machines/modules/kube-dataplane.nix
    path
  ];


  pkgsArm = import pkgs.path {
    system = "aarch64-linux";
  };

  machines = self: {
    "bc01n01.hswaw.net" = mkClusterMachine self ../cluster/machines/bc01n01.hswaw.net.nix;
    "bc01n05.hswaw.net" = mkClusterMachine self ../cluster/machines/bc01n05.hswaw.net.nix;
    "dcr01s22.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s22.hswaw.net.nix;
    "dcr01s24.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s24.hswaw.net.nix;
    "dcr03s16.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr03s16.hswaw.net.nix;

    "edge01.waw.bgp.wtf" = mkMachine self nixpkgsMachines [
      ../bgpwtf/machines/edge01.waw.bgp.wtf.nix
      ../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
    ];

    "larrythebuilder.q3k.org" = mkMachine self pkgsArm [
      ../hswaw/machines/larrythebuilder.q3k.org/configuration.nix
    ];

    "customs.hackerspace.pl" = mkMachine self pkgs [
      ../hswaw/machines/customs.hackerspace.pl/configuration.nix
    ];
    "tv1.waw.hackerspace.pl" = mkMachine self pkgsArm [
      ../hswaw/machines/tv/tv1.nix
    ];
    "tv2.waw.hackerspace.pl" = mkMachine self pkgsArm [
      ../hswaw/machines/tv/tv2.nix
    ];
    "sound.waw.hackerspace.pl" = let
        # TODO update global pkgs to >= 22.05 and remove this override
        # building on current pkgs gives error:
        #   error: The option `services.home-assistant.extraComponents' does not exist.
        pkgs = import (fetchTarball {
          # NixOS/nixpkgs/nixos-unstable 2022-09-10
          url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/2da64a81275b68fdad38af669afeda43d401e94b";
          sha256 = "1k71lmzdaa48yqkmsnd22n177qmxxi4gj2qcmdbv0mc6l4f27wd0";
        }) {};
    in mkMachine self pkgs [
      ../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix
    ];
  };

in pkgs.lib.fix machines