privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster: use new hosts style

Browse source
This commit is contained in:
Max Headroom 2023-03-07 01:26:07 +01:00
parent 25e7ba5c33
commit 1c27955577
17 changed files with 45 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cluster/default.nix
View file

@ -1,6 +1,9 @@
{ lib, hostName }: { lib, depot, hostName }:
lib.evalModules { lib.evalModules {
specialArgs = {
inherit depot;
};
modules = [ modules = [
# Arbitrary variables to reference across multiple services # Arbitrary variables to reference across multiple services
./lib/vars ./lib/vars
@ -10,7 +13,6 @@ lib.evalModules {
../modules/port-magic ../modules/port-magic
../tools/inject.nix ../tools/inject.nix
./lib/load-hosts.nix
./lib/services.nix ./lib/services.nix
./lib/inject-nixos-config.nix ./lib/inject-nixos-config.nix
./lib/port-magic-multi.nix ./lib/port-magic-multi.nix

4
cluster/inject.nix
View file

@ -1,8 +1,8 @@
hostName: hostName:
{ lib, ... }: { depot, lib, ... }:
let let
cluster = import ./. { inherit lib hostName; }; cluster = import ./. { inherit lib depot hostName; };
in in
{ {

9
cluster/lib/load-hosts.nix
View file

@ -1,9 +0,0 @@
{ config, lib, ... }:
let
hosts = import ../../hosts;
self = hosts.${config.vars.hostName};
others = lib.filterAttrs (_: host: host != self) hosts;
in
{
config.vars.hosts = hosts // { inherit self others; };
}

12
cluster/services/consul/remote-api.nix
View file

@ -1,16 +1,14 @@
{ config, cluster, hosts, lib, tools, ... }: { config, cluster, depot, lib, tools, ... }:
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
inherit (config.networking) hostName; inherit (depot.reflection) hyprspace;
hyprspaceConfig = hosts.${hostName}.hypr;
frontendDomain = "consul-remote.internal.${domain}"; frontendDomain = "consul-remote.internal.${domain}";
in in
{ {
services.nginx.virtualHosts.${frontendDomain} = tools.nginx.vhosts.proxy "http://127.0.0.1:8500" // { services.nginx.virtualHosts.${frontendDomain} = tools.nginx.vhosts.proxy "http://127.0.0.1:8500" // {
listenAddresses = lib.singleton hyprspaceConfig.addr; listenAddresses = lib.singleton hyprspace.addr;
enableACME = false; enableACME = false;
useACMEHost = "internal.${domain}"; useACMEHost = "internal.${domain}";
}; };
@ -20,13 +18,13 @@ in
mode = "external"; mode = "external";
definition = { definition = {
name = "consul-remote"; name = "consul-remote";
address = hyprspaceConfig.addr; address = hyprspace.addr;
port = 443; port = 443;
checks = [ checks = [
{ {
name = "Frontend"; name = "Frontend";
id = "service:consul-remote:frontend"; id = "service:consul-remote:frontend";
http = "https://${hyprspaceConfig.addr}/v1/status/leader"; http = "https://${hyprspace.addr}/v1/status/leader";
tls_server_name = frontendDomain; tls_server_name = frontendDomain;
interval = "60s"; interval = "60s";
} }

4
cluster/services/dns/authoritative.nix
View file

@ -1,7 +1,7 @@
{ cluster, config, hosts, lib, tools, ... }: { cluster, config, depot, lib, tools, ... }:
let let
inherit (hosts.${config.networking.hostName}) interfaces; inherit (depot.reflection) interfaces;
inherit (tools.meta) domain; inherit (tools.meta) domain;
patroni = cluster.config.links.patroni-pg-access; patroni = cluster.config.links.patroni-pg-access;

6
cluster/services/dns/coredns.nix
View file

@ -1,10 +1,10 @@
{ config, hosts, inputs, lib, pkgs, tools, ... }: { config, depot, lib, pkgs, tools, ... }:
let let
inherit (hosts.${config.networking.hostName}) interfaces; inherit (depot.reflection) interfaces;
inherit (tools.meta) domain; inherit (tools.meta) domain;
inherit (config.links) localRecursor; inherit (config.links) localRecursor;
inherit (inputs.self.packages.${pkgs.system}) stevenblack-hosts; inherit (depot.packages) stevenblack-hosts;
dot = config.security.acme.certs."securedns.${domain}"; dot = config.security.acme.certs."securedns.${domain}";
in in

6
cluster/services/dns/default.nix
View file

@ -1,7 +1,7 @@
{ config, ... }: { config, depot, ... }:
let let
inherit (config.vars) hosts; inherit (depot.config) hours;
in in
{ {
vars.pdns-api-key-secret = { vars.pdns-api-key-secret = {
@ -10,7 +10,7 @@ in
}; };
links = { links = {
dnsResolver = { dnsResolver = {
ipv4 = hosts.VEGAS.interfaces.vstub.addr; ipv4 = hours.VEGAS.interfaces.vstub.addr;
port = 53; port = 53;
}; };
powerdns-api = { powerdns-api = {

4
cluster/services/hercules-ci-multi-agent/common.nix
View file

@ -1,4 +1,4 @@
{ config, inputs, lib, pkgs, ... }: { config, depot, lib, pkgs, ... }:
let let
mapAgents = lib.flip lib.mapAttrs config.services.hercules-ci-agents; mapAgents = lib.flip lib.mapAttrs config.services.hercules-ci-agents;
@ -17,7 +17,7 @@ let
in in
{ {
imports = [ imports = [
inputs.hercules-ci-agent.nixosModules.multi-agent-service depot.inputs.hercules-ci-agent.nixosModules.multi-agent-service
]; ];
age.secrets = mergeMap (name: _: { age.secrets = mergeMap (name: _: {

4
cluster/services/hercules-ci-multi-agent/orgs/max.nix
View file

@ -1,8 +1,8 @@
{ config, lib, inputs, pkgs, ... }: { config, lib, depot, pkgs, ... }:
{ {
services.hercules-ci-agents.max = { services.hercules-ci-agents.max = {
package = lib.mkForce inputs.self.packages.${pkgs.system}.hercules-ci-agent; package = lib.mkForce depot.packages.hercules-ci-agent;
settings = { settings = {
clusterJoinTokenPath = config.age.secrets.hci-token-max.path; clusterJoinTokenPath = config.age.secrets.hci-token-max.path;
binaryCachesPath = config.age.secrets.hci-cache-config-max.path; binaryCachesPath = config.age.secrets.hci-cache-config-max.path;

4
cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix
View file

@ -1,8 +1,8 @@
{ config, lib, inputs, pkgs, ... }: { config, lib, depot, pkgs, ... }:
{ {
services.hercules-ci-agents.nixpak = { services.hercules-ci-agents.nixpak = {
package = lib.mkForce inputs.self.packages.${pkgs.system}.hercules-ci-agent; package = lib.mkForce depot.packages.hercules-ci-agent;
settings = { settings = {
clusterJoinTokenPath = config.age.secrets.hci-token-nixpak.path; clusterJoinTokenPath = config.age.secrets.hci-token-nixpak.path;
binaryCachesPath = config.age.secrets.hci-cache-config-nixpak.path; binaryCachesPath = config.age.secrets.hci-cache-config-nixpak.path;

4
cluster/services/hercules-ci-multi-agent/orgs/private-void.nix
View file

@ -1,8 +1,8 @@
{ config, lib, inputs, pkgs, ... }: { config, lib, depot, pkgs, ... }:
{ {
services.hercules-ci-agents.private-void = { services.hercules-ci-agents.private-void = {
package = lib.mkForce inputs.self.packages.${pkgs.system}.hercules-ci-agent; package = lib.mkForce depot.packages.hercules-ci-agent;
settings = { settings = {
clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path; clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path;
binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path; binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path;

4
cluster/services/ipfs/cluster.nix
View file

@ -1,4 +1,4 @@
{ config, depot, inputs, lib, pkgs, tools, ... }: { config, depot, lib, pkgs, tools, ... }:
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
@ -24,7 +24,7 @@ in {
services.ipfs-cluster = { services.ipfs-cluster = {
enable = true; enable = true;
package = inputs.self.packages.${pkgs.system}.ipfs-cluster; package = depot.packages.ipfs-cluster;
consensus = "crdt"; consensus = "crdt";
dataDir = "/srv/storage/ipfs/cluster"; dataDir = "/srv/storage/ipfs/cluster";
secretFile = config.age.secrets.ipfs-cluster-secret.path; secretFile = config.age.secrets.ipfs-cluster-secret.path;

4
cluster/services/ipfs/default.nix
View file

@ -1,8 +1,8 @@
{ config, lib, tools, ... }: { config, depot, lib, tools, ... }:
{ {
hostLinks = lib.genAttrs config.services.ipfs.nodes.node (name: let hostLinks = lib.genAttrs config.services.ipfs.nodes.node (name: let
host = config.vars.hosts.${name}; host = depot.reflection;
intf = host.interfaces.primary; intf = host.interfaces.primary;
self = config.hostLinks.${name}.ipfs; self = config.hostLinks.${name}.ipfs;
in { in {

4
cluster/services/ipfs/gateway.nix
View file

@ -1,4 +1,4 @@
{ config, hosts, tools, ... }: { config, depot, tools, ... }:
with tools.nginx; with tools.nginx;
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
@ -64,7 +64,7 @@ in
extraConfig = '' extraConfig = ''
access_log off; access_log off;
auth_request off; auth_request off;
allow ${hosts.VEGAS.interfaces.primary.addr}; allow ${depot.config.hours.VEGAS.interfaces.primary.addr};
deny all; deny all;
''; '';
}; };

6
cluster/services/ipfs/node.nix
View file

@ -1,4 +1,4 @@
{ cluster, config, depot, inputs, lib, hosts, pkgs, tools, ... }: { cluster, config, depot, lib, pkgs, tools, ... }:
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
cfg = config.services.ipfs; cfg = config.services.ipfs;
@ -21,7 +21,7 @@ in
services.ipfs = { services.ipfs = {
enable = true; enable = true;
package = inputs.self.packages.${pkgs.system}.ipfs; package = depot.packages.ipfs;
startWhenNeeded = false; startWhenNeeded = false;
autoMount = true; autoMount = true;
autoMigrate = false; autoMigrate = false;
@ -40,7 +40,7 @@ in
extraFlags = [ "--migrate" ]; extraFlags = [ "--migrate" ];
extraConfig = { extraConfig = {
Bootstrap = [ Bootstrap = [
"/ip4/${hosts.VEGAS.interfaces.primary.addr}/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo" "/ip4/${depot.config.hours.VEGAS.interfaces.primary.addr}/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa" "/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb" "/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN" "/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN"

4
cluster/services/websites/host.nix
View file

@ -1,9 +1,9 @@
{ config, inputs, lib, pkgs, tools, ... }: { config, depot, lib, pkgs, tools, ... }:
let let
importWebsites = expr: import expr { importWebsites = expr: import expr {
tools = tools.nginx; tools = tools.nginx;
packages = inputs.self.packages.${pkgs.system}; inherit (depot) packages;
}; };
websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix); websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix);

14
cluster/services/wireguard/default.nix
View file

@ -1,7 +1,7 @@
{ config, ... }: { config, depot, ... }:
let let
inherit (config.vars) hosts; inherit (depot.config) hours;
meshNet = rec { meshNet = rec {
netAddr = "10.1.1.0"; netAddr = "10.1.1.0";
@ -9,7 +9,7 @@ let
cidr = "${netAddr}/${toString prefix}"; cidr = "${netAddr}/${toString prefix}";
}; };
getExtAddr = host: host.interfaces.primary.addrPublic or host.interfaces.primary.addr; getExtAddr = host: host.interfaces.primary.addrPublic;
in in
{ {
vars = { vars = {
@ -22,7 +22,7 @@ in
}; };
links = { links = {
mesh-node-checkmate = { mesh-node-checkmate = {
ipv4 = getExtAddr hosts.checkmate; ipv4 = getExtAddr hours.checkmate;
extra = { extra = {
meshIp = "10.1.1.32"; meshIp = "10.1.1.32";
inherit meshNet; inherit meshNet;
@ -32,17 +32,17 @@ in
}; };
}; };
mesh-node-VEGAS = { mesh-node-VEGAS = {
ipv4 = getExtAddr hosts.VEGAS; ipv4 = getExtAddr hours.VEGAS;
extra = { extra = {
meshIp = "10.1.1.5"; meshIp = "10.1.1.5";
inherit meshNet; inherit meshNet;
pubKey = "NpeB8O4erGTas1pz6Pt7qtY9k45YV6tcZmvvA4qXoFk="; pubKey = "NpeB8O4erGTas1pz6Pt7qtY9k45YV6tcZmvvA4qXoFk=";
privKeyFile = ./mesh-keys/VEGAS.age; privKeyFile = ./mesh-keys/VEGAS.age;
extraRoutes = [ "${hosts.VEGAS.interfaces.vstub.addr}/32" "10.10.0.0/16" ]; extraRoutes = [ "${hours.VEGAS.interfaces.vstub.addr}/32" "10.10.0.0/16" ];
}; };
}; };
mesh-node-prophet = { mesh-node-prophet = {
ipv4 = getExtAddr hosts.prophet; ipv4 = getExtAddr hours.prophet;
extra = { extra = {
meshIp = "10.1.1.9"; meshIp = "10.1.1.9";
inherit meshNet; inherit meshNet;