diff --git a/hosts/athame/meta.nix b/hosts/athame/meta.nix new file mode 100644 index 00000000..bc69e604 --- /dev/null +++ b/hosts/athame/meta.nix @@ -0,0 +1,18 @@ +{ config, hosts, ... }: { + config = { + resources.athame = { + provider = "null"; + type = "resource"; + connection = { + port = 62954; + host = "athame.kittywit.ch"; + }; + }; + deploy.systems.athame = with config.resources; { + nixosConfig = hosts.athame.config; + connection = athame.connection.set; + triggers.copy.athame = athame.refAttr "id"; + triggers.secrets.athame = athame.refAttr "id"; + }; + }; +} diff --git a/hosts/samhain/meta.nix b/hosts/samhain/meta.nix new file mode 100644 index 00000000..27a1e719 --- /dev/null +++ b/hosts/samhain/meta.nix @@ -0,0 +1,18 @@ +{ config, hosts, ... }: { + config = { + resources.samhain = { + provider = "null"; + type = "resource"; + connection = { + port = 62954; + host = "192.168.1.135"; + }; + }; + deploy.systems.samhain = with config.resources; { + nixosConfig = hosts.samhain.config; + connection = samhain.connection.set; + triggers.copy.samhain = athame.refAttr "id"; + triggers.secrets.samhain = athame.refAttr "id"; + }; + }; +} diff --git a/hosts/yule/meta.nix b/hosts/yule/meta.nix new file mode 100644 index 00000000..4e7cb572 --- /dev/null +++ b/hosts/yule/meta.nix @@ -0,0 +1,18 @@ +{ config, hosts, ... }: { + config = { + resources.yule = { + provider = "null"; + type = "resource"; + connection = { + port = 62954; + host = "192.168.1.92"; + }; + }; + deploy.systems.yule = with config.resources; { + nixosConfig = hosts.yule.config; + connection = yule.connection.set; + triggers.copy.yule = athame.refAttr "id"; + triggers.secrets.yule = athame.refAttr "id"; + }; + }; +} diff --git a/lib/deploy.nix b/lib/deploy.nix index d5613465..a5a032a4 100644 --- a/lib/deploy.nix +++ b/lib/deploy.nix @@ -8,96 +8,90 @@ let tfEval = config: (evalModules { modules = [ pkgsModule (sources.tf-nix + "/modules") ] ++ toList config; - specialArgs = { }; + specialArgs = { inherit hosts; }; }).config; - tf = makeOverridable ({ group ? null, host ? null }: tfEval ({ config, ... }: { - deps = { - enable = true; - select.hclPaths = (map (name: config.resources."${name}_system_switch".out.hclPathStr) (if host != null then [ host ] else (if group != null then groups.${group} else []) )); - }; + tf = makeOverridable ({ group ? null, host ? null }: + tfEval ({ config, ... }: { + imports = + mapAttrsToList (name: host: import (../hosts + "/${name}/meta.nix")) + hosts; - state = { file = toString ../private/files/tf/terraform.tfstate; }; - - runners.lazy = { - file = ../.; - args = [ "--show-trace" ]; - attrPrefix = let attr = if host != null then "host.${host}" else if group != null then "group.${group}" else "tf"; in "deploy.${attr}.runners.run."; - }; - - terraform = { - dataDir = toString ../private/files/tf/tfdata; - logPath = toString ../private/files/tf/terraform.log; - }; - - variables.hcloud_token = { - type = "string"; - value.shellCommand = "bitw get infra/hcloud_token"; - }; - - providers.hcloud = { inputs.token = config.variables.hcloud_token.ref; }; - - resources = with config.resources; { - hcloud_ssh_key = { - provider = "hcloud"; - type = "ssh_key"; - inputs = { - name = "yubikey"; - public_key = - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== cardno:000612078454"; - }; + deps = { + enable = true; + select.hclPaths = + (map (name: config.resources."${name}_system_switch".out.hclPathStr) + (if host != null then + [ host ] + else + (if group != null then groups.${group} else [ ]))); }; - athame = { provider = "null"; type = "resource"; connection = { port = 62954; host = "athame.kittywit.ch"; }; }; - samhain = { provider = "null"; type = "resource"; connection = { port = 62954; host = "192.168.1.135"; }; }; - yule = { provider = "null"; type = "resource"; connection = { port = 62954; host = "192.168.1.92"; }; }; + state = { file = toString ../private/files/tf/terraform.tfstate; }; - athame-testing = { - provider = "hcloud"; - type = "server"; - inputs = { - name = "athame-testing"; - image = "ubuntu-20.04"; - server_type = "cpx21"; - location = "nbg1"; - backups = false; - ssh_keys = [ (hcloud_ssh_key.refAttr "id") ]; - }; - connection = { host = config.lib.tf.terraformSelf "ipv4_address"; }; - provisioners = [ - { - remote-exec.command = - "curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NO_REBOOT=true PROVIDER=hetznercloud NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log"; - } - { - remote-exec.command = "reboot"; - onFailure = "continue"; - } - ]; + runners.lazy = { + file = ../.; + args = [ "--show-trace" ]; + attrPrefix = let + attr = if host != null then + "host.${host}" + else if group != null then + "group.${group}" + else + "tf"; + in "deploy.${attr}.runners.run."; }; - }; - deploy.systems.athame = with config.resources; { - nixosConfig = hosts.athame.config; - connection = athame.connection.set; - triggers.copy.athame = athame.refAttr "id"; - triggers.secrets.athame = athame.refAttr "id"; - }; - deploy.systems.samhain = with config.resources; { - nixosConfig = hosts.samhain.config; - connection = samhain.connection.set; - triggers.copy.samhain = athame.refAttr "id"; - triggers.secrets.samhain = athame.refAttr "id"; - }; - deploy.systems.yule = with config.resources; { - nixosConfig = hosts.yule.config; - connection = yule.connection.set; - triggers.copy.yule = athame.refAttr "id"; - triggers.secrets.yule = athame.refAttr "id"; - }; - })) {}; -in { - inherit tf; - group = genAttrs (attrNames groups) (group: (tf.override { inherit group; })); - host = genAttrs (attrNames hosts) (host: (tf.override { inherit host; })); + terraform = { + dataDir = toString ../private/files/tf/tfdata; + logPath = toString ../private/files/tf/terraform.log; + }; + + variables.hcloud_token = { + type = "string"; + value.shellCommand = "bitw get infra/hcloud_token"; + }; + + providers.hcloud = { inputs.token = config.variables.hcloud_token.ref; }; + + resources = with config.resources; { + hcloud_ssh_key = { + provider = "hcloud"; + type = "ssh_key"; + inputs = { + name = "yubikey"; + public_key = + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== cardno:000612078454"; + }; + }; + + athame-testing = { + provider = "hcloud"; + type = "server"; + inputs = { + name = "athame-testing"; + image = "ubuntu-20.04"; + server_type = "cpx21"; + location = "nbg1"; + backups = false; + ssh_keys = [ (hcloud_ssh_key.refAttr "id") ]; + }; + connection = { host = config.lib.tf.terraformSelf "ipv4_address"; }; + provisioners = [ + { + remote-exec.command = + "curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NO_REBOOT=true PROVIDER=hetznercloud NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log"; + } + { + remote-exec.command = "reboot"; + onFailure = "continue"; + } + ]; + }; + }; + })) { }; +in { + inherit tf; + group = genAttrs (attrNames groups) (group: (tf.override { inherit group; })); + host = genAttrs (attrNames hosts) (host: (tf.override { inherit host; })); } diff --git a/lib/hosts.nix b/lib/hosts.nix index e642463e..ff5ac0b7 100644 --- a/lib/hosts.nix +++ b/lib/hosts.nix @@ -34,7 +34,7 @@ rec { (mapAttrsToList (name: host: host.config.deploy.groups) hosts)); groups = listToAttrs (map (groupName: - nameValuePair groupName - (attrNames (filterAttrs (name: host: elem groupName host.config.deploy.groups) - hosts))) groupNames); + nameValuePair groupName (attrNames + (filterAttrs (name: host: elem groupName host.config.deploy.groups) + hosts))) groupNames); } diff --git a/modules/nixos/deploy/default.nix b/modules/nixos/deploy/default.nix index cd9f97b7..f37e8d6b 100644 --- a/modules/nixos/deploy/default.nix +++ b/modules/nixos/deploy/default.nix @@ -12,7 +12,5 @@ with lib; }; }; - config = { - deploy.groups = [ "all" ]; - }; + config = { deploy.groups = [ "all" ]; }; }