From be919cb2b355a04492dd6ec0adab3c928a668d6c Mon Sep 17 00:00:00 2001 From: Max Date: Tue, 31 Jan 2023 22:59:53 +0100 Subject: [PATCH 1/4] treewide: pipe /modules through flake-parts --- cluster/services/ipfs/cluster.nix | 4 +- cluster/services/ipfs/node.nix | 4 +- cluster/services/patroni/worker.nix | 4 +- flake.nix | 7 ++-- hosts/VEGAS/system.nix | 11 ++--- hosts/prophet/system.nix | 13 +++--- hosts/soda/system.nix | 12 +++--- modules/default.nix | 63 ---------------------------- modules/part.nix | 64 +++++++++++++++++++++++++++++ 9 files changed, 91 insertions(+), 91 deletions(-) delete mode 100644 modules/default.nix create mode 100644 modules/part.nix diff --git a/cluster/services/ipfs/cluster.nix b/cluster/services/ipfs/cluster.nix index 83844dc..12d6ed3 100644 --- a/cluster/services/ipfs/cluster.nix +++ b/cluster/services/ipfs/cluster.nix @@ -1,4 +1,4 @@ -{ aspect, config, inputs, lib, pkgs, tools, ... }: +{ config, depot, inputs, lib, pkgs, tools, ... }: let inherit (tools.meta) domain; @@ -11,7 +11,7 @@ let proxySocket = "/run/ipfs-cluster/ipfs-api-proxy.sock"; in { imports = [ - aspect.modules.ipfs-cluster + depot.nixosModules.ipfs-cluster ]; age.secrets = { diff --git a/cluster/services/ipfs/node.nix b/cluster/services/ipfs/node.nix index ee86503..22ebb5a 100644 --- a/cluster/services/ipfs/node.nix +++ b/cluster/services/ipfs/node.nix @@ -1,4 +1,4 @@ -{ aspect, cluster, config, inputs, lib, hosts, pkgs, tools, ... }: +{ cluster, config, depot, inputs, lib, hosts, pkgs, tools, ... }: let inherit (tools.meta) domain; cfg = config.services.ipfs; @@ -9,7 +9,7 @@ let in { imports = [ - aspect.modules.ipfs + depot.nixosModules.ipfs ]; links.ipfsGateway.protocol = "http"; diff --git a/cluster/services/patroni/worker.nix b/cluster/services/patroni/worker.nix index 297c5ac..21ea484 100644 --- a/cluster/services/patroni/worker.nix +++ b/cluster/services/patroni/worker.nix @@ -1,4 +1,4 @@ -{ aspect, cluster, config, lib, pkgs, ... }: +{ cluster, config, depot, lib, pkgs, ... }: let inherit (cluster.config) vars; @@ -14,7 +14,7 @@ in { imports = [ - aspect.modules.patroni + depot.nixosModules.patroni ]; age.secrets = lib.mapAttrs (_: file: { diff --git a/flake.nix b/flake.nix index e803d8f..d2743c6 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,6 @@ inherit (nixpkgs) lib; - aspect = import ./modules inputs; hosts = import ./hosts; nixosHosts' = lib.filterAttrs (_: host: host ? nixos) hosts; @@ -28,7 +27,8 @@ meta = import ./tools/meta.nix; specialArgs = { - inherit inputs hosts aspect; + inherit inputs hosts; + depot = inputs.self; toolsets = import ./tools; }; mkNixOS' = lib: name: let host = hosts.${name}; in lib.nixosSystem { @@ -78,8 +78,6 @@ in flake-parts.lib.mkFlake { inherit inputs; } { inherit systems; flake = { - nixosModules = aspect.modules; - nixosConfigurations = lib.genAttrs nixosHosts mkNixOS; deploy.nodes = mkDeployments deployableNixosHosts {}; @@ -89,6 +87,7 @@ imports = [ inputs.drv-parts.flakeModule inputs.dream2nix.flakeModuleBeta + ./modules/part.nix ./packages/part.nix ]; }; diff --git a/hosts/VEGAS/system.nix b/hosts/VEGAS/system.nix index b04fbb5..9b16f2b 100644 --- a/hosts/VEGAS/system.nix +++ b/hosts/VEGAS/system.nix @@ -1,4 +1,4 @@ -{ aspect, config, hosts, inputs, tools, ... }: +{ config, depot, hosts, inputs, tools, ... }: { imports = @@ -40,12 +40,13 @@ ./services/warehouse ./services/websites ./services/wireguard-server - aspect.modules.hyprspace - aspect.modules.nix-builder - ] + depot.nixosModules.hyprspace + depot.nixosModules.nix-builder + + depot.nixosModules.backboneBase + ]; # TODO: fix users # ++ (import ../../users "server").groups.admin - ++ aspect.sets.backbone; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; diff --git a/hosts/prophet/system.nix b/hosts/prophet/system.nix index 24e7791..b2aa370 100644 --- a/hosts/prophet/system.nix +++ b/hosts/prophet/system.nix @@ -1,4 +1,4 @@ -{ aspect, inputs, hosts, ... }: +{ inputs, depot, hosts, ... }: { imports = @@ -8,13 +8,12 @@ inputs.agenix.nixosModules.age - aspect.modules.hyprspace - aspect.modules.nix-builder - aspect.modules.sss + depot.nixosModules.hyprspace + depot.nixosModules.nix-builder + depot.nixosModules.sss - - ] - ++ aspect.sets.server; + depot.nixosModules.serverBase + ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; diff --git a/hosts/soda/system.nix b/hosts/soda/system.nix index 0fbec11..5b3e7c2 100644 --- a/hosts/soda/system.nix +++ b/hosts/soda/system.nix @@ -1,12 +1,12 @@ -{ aspect, hosts, ... }: +{ depot, hosts, ... }: { - imports = with aspect; [ - modules.fail2ban - modules.nix-config-server - modules.sss + imports = with depot.nixosModules; [ + containerBase + fail2ban + sss ./soda.nix - ] ++ sets.base ++ sets.networking; + ]; boot.isContainer = true; diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index eb6c90e..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,63 +0,0 @@ -inputs: -with builtins; -let - aspects = { - autopatch = import ./autopatch; - consul-service-registry = import ./consul-service-registry; - deploy-rs-receiver = import ./deploy-rs-receiver; - enterprise = import ./enterprise; - fail2ban = import ./fail2ban; - hydra = import ./hydra; - hyprspace = import ./hyprspace; - ipfs = import ./ipfs; - ipfs-cluster = import ./ipfs-cluster; - maintenance = import ./maintenance; - minimal = import ./minimal; - motd = import ./motd; - nix-builder = import ./nix-builder; - nix-config-server = import ./nix-config/server.nix; - nix-register-flakes = import ./nix-register-flakes; - patroni = import ./patroni; - port-magic = import ./port-magic; - shell-config = import ./shell-config; - ssh = import ./ssh; - sss = import ./sss; - system-info = import ./system-info; - system-recovery = import ./system-recovery; - tested = import ./tested; - }; -in rec { - modules = aspects; - sets = with modules; rec { - base = [ - autopatch - enterprise - maintenance - minimal - ]; - - networking = [ - port-magic - ssh - ]; - - server = [ - consul-service-registry - deploy-rs-receiver - fail2ban - motd - nix-config-server - system-info - system-recovery - tested - ] ++ base ++ networking; - - container = [ - nix-config-server - ] ++ base ++ networking; - - backbone = server ++ [ - sss - ]; - }; -} diff --git a/modules/part.nix b/modules/part.nix new file mode 100644 index 0000000..b5cf0f2 --- /dev/null +++ b/modules/part.nix @@ -0,0 +1,64 @@ +{ config, ... }: + +let + group = imports: { inherit imports; }; +in + +{ + flake.nixosModules = with config.flake.nixosModules; { + autopatch = ./autopatch; + consul-service-registry = ./consul-service-registry; + deploy-rs-receiver = ./deploy-rs-receiver; + enterprise = ./enterprise; + fail2ban = ./fail2ban; + hydra = ./hydra; + hyprspace = ./hyprspace; + ipfs = ./ipfs; + ipfs-cluster = ./ipfs-cluster; + maintenance = ./maintenance; + minimal = ./minimal; + motd = ./motd; + nix-builder = ./nix-builder; + nix-config-server = ./nix-config/server.nix; + nix-register-flakes = ./nix-register-flakes; + patroni = ./patroni; + port-magic = ./port-magic; + shell-config = ./shell-config; + ssh = ./ssh; + sss = ./sss; + system-info = ./system-info; + system-recovery = ./system-recovery; + tested = ./tested; + + machineBase = group [ + autopatch + enterprise + maintenance + minimal + port-magic + ssh + ]; + + serverBase = group [ + machineBase + consul-service-registry + deploy-rs-receiver + fail2ban + motd + nix-config-server + system-info + system-recovery + tested + ]; + + containerBase = group [ + machineBase + nix-config-server + ]; + + backboneBase = group [ + serverBase + sss + ]; + }; +} From 004af67a0e23ecfa97e1cc3b3936afdc532107fc Mon Sep 17 00:00:00 2001 From: Max Date: Fri, 24 Feb 2023 15:16:15 +0100 Subject: [PATCH 2/4] hosts: restructure and modularize --- flake.nix | 78 +------------------ hosts/VEGAS/default.nix | 8 +- .../services/backbone-routing/default.nix | 4 +- .../backbone-routing/port-forward.nix | 4 +- hosts/VEGAS/services/mail/postfix.nix | 4 +- hosts/VEGAS/services/matrix/web-client.nix | 4 +- hosts/VEGAS/services/meet/default.nix | 9 +-- hosts/VEGAS/services/monitoring/default.nix | 4 +- hosts/VEGAS/services/nix/nar-serve.nix | 4 +- hosts/VEGAS/services/reflex/default.nix | 4 +- hosts/VEGAS/services/searxng/default.nix | 4 +- hosts/VEGAS/services/sso/default.nix | 6 +- hosts/VEGAS/services/uptime-kuma/default.nix | 6 +- hosts/VEGAS/services/websites/default.nix | 4 +- hosts/VEGAS/system.nix | 12 +-- hosts/checkmate/default.nix | 8 +- hosts/checkmate/system.nix | 14 ++-- hosts/default.nix | 31 -------- hosts/deploy.nix | 57 ++++++++++++++ hosts/nixos.nix | 24 ++++++ hosts/options/default.nix | 34 ++++++++ hosts/options/hour/enterprise.nix | 12 +++ hosts/options/hour/hyprspace.nix | 30 +++++++ hosts/options/hour/interfaces.nix | 38 +++++++++ hosts/options/hour/nixos.nix | 18 +++++ hosts/options/hour/ssh.nix | 28 +++++++ hosts/part.nix | 49 ++++++++++++ hosts/prophet/default.nix | 8 +- hosts/prophet/system.nix | 6 +- hosts/soda/default.nix | 6 +- hosts/soda/system.nix | 6 +- 31 files changed, 356 insertions(+), 168 deletions(-) delete mode 100644 hosts/default.nix create mode 100644 hosts/deploy.nix create mode 100644 hosts/nixos.nix create mode 100644 hosts/options/default.nix create mode 100644 hosts/options/hour/enterprise.nix create mode 100644 hosts/options/hour/hyprspace.nix create mode 100644 hosts/options/hour/interfaces.nix create mode 100644 hosts/options/hour/nixos.nix create mode 100644 hosts/options/hour/ssh.nix create mode 100644 hosts/part.nix diff --git a/flake.nix b/flake.nix index d2743c6..dd105ed 100644 --- a/flake.nix +++ b/flake.nix @@ -7,86 +7,14 @@ }; outputs = { self, nixpkgs, flake-parts, ... }@inputs: - let + flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" ]; - nixpkgsFor = nixpkgs.legacyPackages; - - inherit (nixpkgs) lib; - - hosts = import ./hosts; - - nixosHosts' = lib.filterAttrs (_: host: host ? nixos) hosts; - - nixosHosts = lib.attrNames nixosHosts'; - - deployableNixosHosts' = lib.filterAttrs (_: host: host ? container -> !host.container) nixosHosts'; - - deployableNixosHosts = lib.attrNames deployableNixosHosts'; - - meta = import ./tools/meta.nix; - - specialArgs = { - inherit inputs hosts; - depot = inputs.self; - toolsets = import ./tools; - }; - mkNixOS' = lib: name: let host = hosts.${name}; in lib.nixosSystem { - inherit specialArgs; - system = "${host.arch}-linux"; - modules = [ host.nixos ./tools/inject.nix (import ./cluster/inject.nix name) ]; - }; - mkNixOS = mkNixOS' lib; - - mkDeployEffect = branch: name: host: let - subdomain = host.enterprise.subdomain or "services"; - hostname = "${lib.toLower name}.${subdomain}.${meta.domain}"; - in effects.runIf (branch == "master" || branch == "staging") (effects.runNixOS { - requiredSystemFeatures = [ "hci-deploy-agent-nixos" ]; - inherit (self.nixosConfigurations.${name}) config; - secretsMap.ssh = "deploy-ssh"; - - userSetupScript = '' - writeSSHKey ssh - cat >>~/.ssh/known_hosts <>~/.ssh/known_hosts < Date: Tue, 7 Mar 2023 01:25:57 +0100 Subject: [PATCH 3/4] modules: use new hosts style --- modules/enterprise/default.nix | 4 ++-- modules/fail2ban/default.nix | 4 ++-- modules/hyprspace/default.nix | 20 ++++++++++---------- modules/maintenance/default.nix | 2 -- modules/motd/default.nix | 4 ++-- modules/nix-config/server.nix | 4 ++-- modules/nix-register-flakes/default.nix | 8 ++++---- modules/ssh/default.nix | 8 ++++---- modules/sss/default.nix | 4 ++-- modules/system-info/default.nix | 4 ++-- modules/tested/default.nix | 4 ++-- 11 files changed, 32 insertions(+), 34 deletions(-) diff --git a/modules/enterprise/default.nix b/modules/enterprise/default.nix index da4aa9c..33de9b5 100644 --- a/modules/enterprise/default.nix +++ b/modules/enterprise/default.nix @@ -1,8 +1,8 @@ -{ config, hosts, lib, tools, ... }: +{ config, depot, lib, tools, ... }: let orgDomain = tools.meta.domain; orgRealm = lib.toUpper orgDomain; - host = hosts.${config.networking.hostName} or null; + host = depot.reflection; in { krb5 = { enable = true; diff --git a/modules/fail2ban/default.nix b/modules/fail2ban/default.nix index 96c9c6a..e184bd9 100644 --- a/modules/fail2ban/default.nix +++ b/modules/fail2ban/default.nix @@ -1,4 +1,4 @@ -{ config, hosts, ... }: +{ config, depot, ... }: { services.fail2ban = { enable = true; @@ -10,7 +10,7 @@ ''; ignoreIP = [ "10.0.0.0/8" - hosts.${config.networking.hostName}.interfaces.primary.addr + depot.reflection.interfaces.primary.addr ]; bantime-increment = { enable = true; diff --git a/modules/hyprspace/default.nix b/modules/hyprspace/default.nix index 6444f83..8f442e4 100644 --- a/modules/hyprspace/default.nix +++ b/modules/hyprspace/default.nix @@ -1,23 +1,23 @@ -{ pkgs, inputs, lib, hosts, config, ... }: +{ pkgs, depot, lib, config, ... }: let inherit (config.networking) hostName; - inherit (inputs.self.packages.${pkgs.system}) hyprspace; - hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hypr) hosts; + inherit (depot.packages) hyprspace; + hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.config.hours; peersFormatted = builtins.mapAttrs (_: x: { - inherit (x.hypr) id; - routes = map (net: { inherit net; }) ((x.hypr.routes or []) ++ [ "${x.hypr.addr}/32" ]); + inherit (x.hyprspace) id; + routes = map (net: { inherit net; }) ((x.hyprspace.routes or []) ++ [ "${x.hyprspace.addr}/32" ]); }) hyprspaceCapableNodes; peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted; peerList = builtins.attrValues peersFiltered; - myNode = hosts.${hostName}; - listenPort = myNode.hypr.listenPort or 8001; + myNode = depot.reflection; + listenPort = myNode.hyprspace.listenPort or 8001; interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON { interface = { name = "hyprspace"; listen_port = listenPort; - inherit (myNode.hypr) id; - address = "${myNode.hypr.addr}/24"; + inherit (myNode.hyprspace) id; + address = "${myNode.hyprspace.addr}/24"; private_key = "@HYPRSPACEPRIVATEKEY@"; }; peers = peerList; @@ -26,7 +26,7 @@ let privateKeyFile = config.age.secrets.hyprspace-key.path; runConfig = "/run/hyprspace.yml"; in { - networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair v.hypr.addr [k "${k}.hypr"]) hyprspaceCapableNodes; + networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair v.hyprspace.addr [k "${k}.hypr"]) hyprspaceCapableNodes; age.secrets.hyprspace-key = { file = ../../secrets/hyprspace-key- + "${hostName}.age"; mode = "0400"; diff --git a/modules/maintenance/default.nix b/modules/maintenance/default.nix index a5955a5..7246e7f 100644 --- a/modules/maintenance/default.nix +++ b/modules/maintenance/default.nix @@ -1,5 +1,3 @@ -{ inputs, pkgs, ... }: - { systemd.targets.maintenance = { unitConfig.AllowIsolate = true; diff --git a/modules/motd/default.nix b/modules/motd/default.nix index dee78b9..be403a6 100644 --- a/modules/motd/default.nix +++ b/modules/motd/default.nix @@ -1,4 +1,4 @@ -{ config, inputs, pkgs, ... }: +{ config, depot, pkgs, ... }: { users.motd = builtins.readFile ./motd.txt; environment.interactiveShellInit = let @@ -40,7 +40,7 @@ echo -e " █ ''${BGREEN}(✓)''${CO} ''${BWHITE}You are using a genuine Private Void™ system.''${CO}" echo " █" echo -e " █ ''${BWHITE}OS Version....:''${CO} NixOS ''${CAB}${config.system.nixos.version}''${CO}" - echo -e " █ ''${BWHITE}Configuration.:''${CO} ''${CAB}${inputs.self.rev or "\${BRED}(✘)\${CO}\${BWHITE} Dirty"}''${CO}" + echo -e " █ ''${BWHITE}Configuration.:''${CO} ''${CAB}${depot.rev or "\${BRED}(✘)\${CO}\${BWHITE} Dirty"}''${CO}" echo -e " █ ''${BWHITE}Uptime........:''${CO} $(${uptime} -p | ${util "cut"} -d ' ' -f2- | GREP_COLORS='mt=01;35' ${grep} --color=always '[0-9]*')" echo -e " █ ''${BWHITE}SSH Logins....:''${CO} There are currently ''${CAB}$(${countUsers})''${CO} users logged in on ''${CAB}$(${countSessions})''${CO} sessions" ) diff --git a/modules/nix-config/server.nix b/modules/nix-config/server.nix index 6378177..914a681 100644 --- a/modules/nix-config/server.nix +++ b/modules/nix-config/server.nix @@ -1,8 +1,8 @@ -{ pkgs, lib, config, inputs, tools, ... }: +{ pkgs, lib, config, depot, tools, ... }: { nix = { - package = inputs.nix-super.packages.${pkgs.system}.default; + package = depot.inputs.nix-super.packages.default; settings = { trusted-users = [ "root" "@wheel" "@admins" ]; diff --git a/modules/nix-register-flakes/default.nix b/modules/nix-register-flakes/default.nix index 7b698f9..12a0d6e 100644 --- a/modules/nix-register-flakes/default.nix +++ b/modules/nix-register-flakes/default.nix @@ -1,6 +1,6 @@ -{ inputs, ... }: +{ depot, ... }: -with inputs; +with depot.inputs; { nix.nixPath = [ "repl=/etc/nixos/flake-channels/system/repl.nix" @@ -8,13 +8,13 @@ with inputs; ]; nix.registry = { - system.flake = self; + system.flake = depot; nixpkgs.flake = nixpkgs; default.flake = nixpkgs; }; environment.etc = { - "nixos/flake-channels/system".source = inputs.self; + "nixos/flake-channels/system".source = depot; "nixos/flake-channels/nixpkgs".source = nixpkgs; }; } diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index 57d87fd..161237b 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -1,8 +1,8 @@ -{ hosts, lib, ... }: +{ depot, lib, ... }: let - filtered = lib.filterAttrs (_: host: host ? ssh) hosts; - idCapable = lib.filterAttrs (_: host: host.ssh ? id) filtered; - configCapable = lib.filterAttrs (_: host: host.ssh ? extraConfig) filtered; + filtered = lib.filterAttrs (_: host: host.ssh.enable) depot.config.hours; + idCapable = lib.filterAttrs (_: host: host.ssh.id.publicKey != null) filtered; + configCapable = lib.filterAttrs (_: host: host.ssh.extraConfig != "") filtered; sshHosts = lib.mapAttrs (_: host: host.ssh.id) idCapable; sshExtras = lib.mapAttrsToList (_: host: host.ssh.extraConfig) configCapable; diff --git a/modules/sss/default.nix b/modules/sss/default.nix index 86e1645..43de8eb 100644 --- a/modules/sss/default.nix +++ b/modules/sss/default.nix @@ -1,9 +1,9 @@ -{ config, lib, hosts, tools, utils, ... }: +{ config, lib, depot, tools, utils, ... }: let inherit (tools.meta) domain; inherit (tools) identity; inherit (config.networking) hostName; - inherit (hosts.${hostName}) enterprise interfaces; + inherit (depot.reflection) enterprise interfaces; toINI = content: lib.generators.toINI {} (iniFilter content); diff --git a/modules/system-info/default.nix b/modules/system-info/default.nix index 1269f44..af865d4 100644 --- a/modules/system-info/default.nix +++ b/modules/system-info/default.nix @@ -1,5 +1,5 @@ -{ inputs, ... }: +{ depot, ... }: { - system.configurationRevision = inputs.self.rev or null; + system.configurationRevision = depot.rev or null; } diff --git a/modules/tested/default.nix b/modules/tested/default.nix index 619b724..ce33617 100644 --- a/modules/tested/default.nix +++ b/modules/tested/default.nix @@ -1,4 +1,4 @@ -{ config, inputs, lib, pkgs, ... }: +{ config, depot, lib, pkgs, ... }: with lib; { @@ -9,5 +9,5 @@ with lib; default = []; }; }; - config.system.extraDependencies = map (name: inputs.self.checks.${pkgs.system}.${name}) config.tested.requiredChecks; + config.system.extraDependencies = map (name: depot.checks.${name}) config.tested.requiredChecks; } From 1c279555771edd80566c472a480b23d1b1c24e1e Mon Sep 17 00:00:00 2001 From: Max Date: Tue, 7 Mar 2023 01:26:07 +0100 Subject: [PATCH 4/4] cluster: use new hosts style --- cluster/default.nix | 6 ++++-- cluster/inject.nix | 4 ++-- cluster/lib/load-hosts.nix | 9 --------- cluster/services/consul/remote-api.nix | 12 +++++------- cluster/services/dns/authoritative.nix | 4 ++-- cluster/services/dns/coredns.nix | 6 +++--- cluster/services/dns/default.nix | 6 +++--- .../services/hercules-ci-multi-agent/common.nix | 4 ++-- .../services/hercules-ci-multi-agent/orgs/max.nix | 4 ++-- .../hercules-ci-multi-agent/orgs/nixpak.nix | 4 ++-- .../hercules-ci-multi-agent/orgs/private-void.nix | 4 ++-- cluster/services/ipfs/cluster.nix | 4 ++-- cluster/services/ipfs/default.nix | 4 ++-- cluster/services/ipfs/gateway.nix | 4 ++-- cluster/services/ipfs/node.nix | 6 +++--- cluster/services/websites/host.nix | 4 ++-- cluster/services/wireguard/default.nix | 14 +++++++------- 17 files changed, 45 insertions(+), 54 deletions(-) delete mode 100644 cluster/lib/load-hosts.nix diff --git a/cluster/default.nix b/cluster/default.nix index e3e4ce4..6eaf70d 100644 --- a/cluster/default.nix +++ b/cluster/default.nix @@ -1,6 +1,9 @@ -{ lib, hostName }: +{ lib, depot, hostName }: lib.evalModules { + specialArgs = { + inherit depot; + }; modules = [ # Arbitrary variables to reference across multiple services ./lib/vars @@ -10,7 +13,6 @@ lib.evalModules { ../modules/port-magic ../tools/inject.nix - ./lib/load-hosts.nix ./lib/services.nix ./lib/inject-nixos-config.nix ./lib/port-magic-multi.nix diff --git a/cluster/inject.nix b/cluster/inject.nix index 66ffb22..f9052a2 100644 --- a/cluster/inject.nix +++ b/cluster/inject.nix @@ -1,8 +1,8 @@ hostName: -{ lib, ... }: +{ depot, lib, ... }: let - cluster = import ./. { inherit lib hostName; }; + cluster = import ./. { inherit lib depot hostName; }; in { diff --git a/cluster/lib/load-hosts.nix b/cluster/lib/load-hosts.nix deleted file mode 100644 index 3b86f67..0000000 --- a/cluster/lib/load-hosts.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, ... }: -let - hosts = import ../../hosts; - self = hosts.${config.vars.hostName}; - others = lib.filterAttrs (_: host: host != self) hosts; -in -{ - config.vars.hosts = hosts // { inherit self others; }; -} diff --git a/cluster/services/consul/remote-api.nix b/cluster/services/consul/remote-api.nix index 14cefb8..7725175 100644 --- a/cluster/services/consul/remote-api.nix +++ b/cluster/services/consul/remote-api.nix @@ -1,16 +1,14 @@ -{ config, cluster, hosts, lib, tools, ... }: +{ config, cluster, depot, lib, tools, ... }: let inherit (tools.meta) domain; - inherit (config.networking) hostName; - - hyprspaceConfig = hosts.${hostName}.hypr; + inherit (depot.reflection) hyprspace; frontendDomain = "consul-remote.internal.${domain}"; in { services.nginx.virtualHosts.${frontendDomain} = tools.nginx.vhosts.proxy "http://127.0.0.1:8500" // { - listenAddresses = lib.singleton hyprspaceConfig.addr; + listenAddresses = lib.singleton hyprspace.addr; enableACME = false; useACMEHost = "internal.${domain}"; }; @@ -20,13 +18,13 @@ in mode = "external"; definition = { name = "consul-remote"; - address = hyprspaceConfig.addr; + address = hyprspace.addr; port = 443; checks = [ { name = "Frontend"; id = "service:consul-remote:frontend"; - http = "https://${hyprspaceConfig.addr}/v1/status/leader"; + http = "https://${hyprspace.addr}/v1/status/leader"; tls_server_name = frontendDomain; interval = "60s"; } diff --git a/cluster/services/dns/authoritative.nix b/cluster/services/dns/authoritative.nix index 99d2bfb..30326f4 100644 --- a/cluster/services/dns/authoritative.nix +++ b/cluster/services/dns/authoritative.nix @@ -1,7 +1,7 @@ -{ cluster, config, hosts, lib, tools, ... }: +{ cluster, config, depot, lib, tools, ... }: let - inherit (hosts.${config.networking.hostName}) interfaces; + inherit (depot.reflection) interfaces; inherit (tools.meta) domain; patroni = cluster.config.links.patroni-pg-access; diff --git a/cluster/services/dns/coredns.nix b/cluster/services/dns/coredns.nix index e92247d..a991914 100644 --- a/cluster/services/dns/coredns.nix +++ b/cluster/services/dns/coredns.nix @@ -1,10 +1,10 @@ -{ config, hosts, inputs, lib, pkgs, tools, ... }: +{ config, depot, lib, pkgs, tools, ... }: let - inherit (hosts.${config.networking.hostName}) interfaces; + inherit (depot.reflection) interfaces; inherit (tools.meta) domain; inherit (config.links) localRecursor; - inherit (inputs.self.packages.${pkgs.system}) stevenblack-hosts; + inherit (depot.packages) stevenblack-hosts; dot = config.security.acme.certs."securedns.${domain}"; in diff --git a/cluster/services/dns/default.nix b/cluster/services/dns/default.nix index 6786ad2..18edb9f 100644 --- a/cluster/services/dns/default.nix +++ b/cluster/services/dns/default.nix @@ -1,7 +1,7 @@ -{ config, ... }: +{ config, depot, ... }: let - inherit (config.vars) hosts; + inherit (depot.config) hours; in { vars.pdns-api-key-secret = { @@ -10,7 +10,7 @@ in }; links = { dnsResolver = { - ipv4 = hosts.VEGAS.interfaces.vstub.addr; + ipv4 = hours.VEGAS.interfaces.vstub.addr; port = 53; }; powerdns-api = { diff --git a/cluster/services/hercules-ci-multi-agent/common.nix b/cluster/services/hercules-ci-multi-agent/common.nix index fc4bc77..707f90e 100644 --- a/cluster/services/hercules-ci-multi-agent/common.nix +++ b/cluster/services/hercules-ci-multi-agent/common.nix @@ -1,4 +1,4 @@ -{ config, inputs, lib, pkgs, ... }: +{ config, depot, lib, pkgs, ... }: let mapAgents = lib.flip lib.mapAttrs config.services.hercules-ci-agents; @@ -17,7 +17,7 @@ let in { imports = [ - inputs.hercules-ci-agent.nixosModules.multi-agent-service + depot.inputs.hercules-ci-agent.nixosModules.multi-agent-service ]; age.secrets = mergeMap (name: _: { diff --git a/cluster/services/hercules-ci-multi-agent/orgs/max.nix b/cluster/services/hercules-ci-multi-agent/orgs/max.nix index a74e9c6..55c360d 100644 --- a/cluster/services/hercules-ci-multi-agent/orgs/max.nix +++ b/cluster/services/hercules-ci-multi-agent/orgs/max.nix @@ -1,8 +1,8 @@ -{ config, lib, inputs, pkgs, ... }: +{ config, lib, depot, pkgs, ... }: { services.hercules-ci-agents.max = { - package = lib.mkForce inputs.self.packages.${pkgs.system}.hercules-ci-agent; + package = lib.mkForce depot.packages.hercules-ci-agent; settings = { clusterJoinTokenPath = config.age.secrets.hci-token-max.path; binaryCachesPath = config.age.secrets.hci-cache-config-max.path; diff --git a/cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix b/cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix index 44909b6..ac0087e 100644 --- a/cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix +++ b/cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix @@ -1,8 +1,8 @@ -{ config, lib, inputs, pkgs, ... }: +{ config, lib, depot, pkgs, ... }: { services.hercules-ci-agents.nixpak = { - package = lib.mkForce inputs.self.packages.${pkgs.system}.hercules-ci-agent; + package = lib.mkForce depot.packages.hercules-ci-agent; settings = { clusterJoinTokenPath = config.age.secrets.hci-token-nixpak.path; binaryCachesPath = config.age.secrets.hci-cache-config-nixpak.path; diff --git a/cluster/services/hercules-ci-multi-agent/orgs/private-void.nix b/cluster/services/hercules-ci-multi-agent/orgs/private-void.nix index eb9619f..f60f4e8 100644 --- a/cluster/services/hercules-ci-multi-agent/orgs/private-void.nix +++ b/cluster/services/hercules-ci-multi-agent/orgs/private-void.nix @@ -1,8 +1,8 @@ -{ config, lib, inputs, pkgs, ... }: +{ config, lib, depot, pkgs, ... }: { services.hercules-ci-agents.private-void = { - package = lib.mkForce inputs.self.packages.${pkgs.system}.hercules-ci-agent; + package = lib.mkForce depot.packages.hercules-ci-agent; settings = { clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path; binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path; diff --git a/cluster/services/ipfs/cluster.nix b/cluster/services/ipfs/cluster.nix index 12d6ed3..2a8f1b1 100644 --- a/cluster/services/ipfs/cluster.nix +++ b/cluster/services/ipfs/cluster.nix @@ -1,4 +1,4 @@ -{ config, depot, inputs, lib, pkgs, tools, ... }: +{ config, depot, lib, pkgs, tools, ... }: let inherit (tools.meta) domain; @@ -24,7 +24,7 @@ in { services.ipfs-cluster = { enable = true; - package = inputs.self.packages.${pkgs.system}.ipfs-cluster; + package = depot.packages.ipfs-cluster; consensus = "crdt"; dataDir = "/srv/storage/ipfs/cluster"; secretFile = config.age.secrets.ipfs-cluster-secret.path; diff --git a/cluster/services/ipfs/default.nix b/cluster/services/ipfs/default.nix index 6eaa468..db3a837 100644 --- a/cluster/services/ipfs/default.nix +++ b/cluster/services/ipfs/default.nix @@ -1,8 +1,8 @@ -{ config, lib, tools, ... }: +{ config, depot, lib, tools, ... }: { hostLinks = lib.genAttrs config.services.ipfs.nodes.node (name: let - host = config.vars.hosts.${name}; + host = depot.reflection; intf = host.interfaces.primary; self = config.hostLinks.${name}.ipfs; in { diff --git a/cluster/services/ipfs/gateway.nix b/cluster/services/ipfs/gateway.nix index ec22343..c37727e 100644 --- a/cluster/services/ipfs/gateway.nix +++ b/cluster/services/ipfs/gateway.nix @@ -1,4 +1,4 @@ -{ config, hosts, tools, ... }: +{ config, depot, tools, ... }: with tools.nginx; let inherit (tools.meta) domain; @@ -64,7 +64,7 @@ in extraConfig = '' access_log off; auth_request off; - allow ${hosts.VEGAS.interfaces.primary.addr}; + allow ${depot.config.hours.VEGAS.interfaces.primary.addr}; deny all; ''; }; diff --git a/cluster/services/ipfs/node.nix b/cluster/services/ipfs/node.nix index 22ebb5a..454d800 100644 --- a/cluster/services/ipfs/node.nix +++ b/cluster/services/ipfs/node.nix @@ -1,4 +1,4 @@ -{ cluster, config, depot, inputs, lib, hosts, pkgs, tools, ... }: +{ cluster, config, depot, lib, pkgs, tools, ... }: let inherit (tools.meta) domain; cfg = config.services.ipfs; @@ -21,7 +21,7 @@ in services.ipfs = { enable = true; - package = inputs.self.packages.${pkgs.system}.ipfs; + package = depot.packages.ipfs; startWhenNeeded = false; autoMount = true; autoMigrate = false; @@ -40,7 +40,7 @@ in extraFlags = [ "--migrate" ]; extraConfig = { Bootstrap = [ - "/ip4/${hosts.VEGAS.interfaces.primary.addr}/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo" + "/ip4/${depot.config.hours.VEGAS.interfaces.primary.addr}/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo" "/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa" "/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb" "/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN" diff --git a/cluster/services/websites/host.nix b/cluster/services/websites/host.nix index c26d1c1..1ae37e0 100644 --- a/cluster/services/websites/host.nix +++ b/cluster/services/websites/host.nix @@ -1,9 +1,9 @@ -{ config, inputs, lib, pkgs, tools, ... }: +{ config, depot, lib, pkgs, tools, ... }: let importWebsites = expr: import expr { tools = tools.nginx; - packages = inputs.self.packages.${pkgs.system}; + inherit (depot) packages; }; websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix); diff --git a/cluster/services/wireguard/default.nix b/cluster/services/wireguard/default.nix index 50b6114..b8a0ffb 100644 --- a/cluster/services/wireguard/default.nix +++ b/cluster/services/wireguard/default.nix @@ -1,7 +1,7 @@ -{ config, ... }: +{ config, depot, ... }: let - inherit (config.vars) hosts; + inherit (depot.config) hours; meshNet = rec { netAddr = "10.1.1.0"; @@ -9,7 +9,7 @@ let cidr = "${netAddr}/${toString prefix}"; }; - getExtAddr = host: host.interfaces.primary.addrPublic or host.interfaces.primary.addr; + getExtAddr = host: host.interfaces.primary.addrPublic; in { vars = { @@ -22,7 +22,7 @@ in }; links = { mesh-node-checkmate = { - ipv4 = getExtAddr hosts.checkmate; + ipv4 = getExtAddr hours.checkmate; extra = { meshIp = "10.1.1.32"; inherit meshNet; @@ -32,17 +32,17 @@ in }; }; mesh-node-VEGAS = { - ipv4 = getExtAddr hosts.VEGAS; + ipv4 = getExtAddr hours.VEGAS; extra = { meshIp = "10.1.1.5"; inherit meshNet; pubKey = "NpeB8O4erGTas1pz6Pt7qtY9k45YV6tcZmvvA4qXoFk="; privKeyFile = ./mesh-keys/VEGAS.age; - extraRoutes = [ "${hosts.VEGAS.interfaces.vstub.addr}/32" "10.10.0.0/16" ]; + extraRoutes = [ "${hours.VEGAS.interfaces.vstub.addr}/32" "10.10.0.0/16" ]; }; }; mesh-node-prophet = { - ipv4 = getExtAddr hosts.prophet; + ipv4 = getExtAddr hours.prophet; extra = { meshIp = "10.1.1.9"; inherit meshNet;