gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

hosts/daiyousei: init. auto hostnames. profiles/cross.

Browse source
This commit is contained in:
kat witch 2021-09-02 05:19:04 +01:00
parent d2a823f5bc
commit 3e52c7648a
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
22 changed files with 479 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/hosts/athame/nixos.nix
View file

@ -75,8 +75,6 @@ with lib;
# Networking # Networking
networking = { networking = {
hostName = "athame";
domain = "kittywit.ch";
hostId = "7b0ac74e"; hostId = "7b0ac74e";
useDHCP = false; useDHCP = false;
interfaces = { interfaces = {

1
config/hosts/beltane/nixos.nix
View file

@ -93,7 +93,6 @@ with lib;
# Networking # Networking
networking = { networking = {
hostName = "beltane";
hostId = "3ef9a419"; hostId = "3ef9a419";
useDHCP = false; useDHCP = false;
interfaces.eno1.ipv4.addresses = singleton { interfaces.eno1.ipv4.addresses = singleton {

78
config/hosts/daiyousei/nixos.nix Normal file
View file

@ -0,0 +1,78 @@
{ config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; let
oci-root = meta.deploy.targets.oci-root.tf;
addr_ipv6_nix =
let
prefix = head (splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
in
assert hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6;
in
{
imports = with meta; [
profiles.hardware.oracle.ubuntu
services.nginx
];
deploy.tf.providers.local = {};
nixpkgs.localSystem = systems.examples.aarch64-multiplatform // {
system = "aarch64-linux";
};
kw.oci = {
enable = true;
base = "Canonical Ubuntu";
specs = {
shape = "VM.Standard.A1.Flex";
cores = 4;
ram = 24;
space = 100;
};
ad = 1;
network = {
publicV6 = 6;
privateV4 = 5;
};
};
services.nginx.virtualHosts =
let
splashy = pkgs.host-splash-site config.networking.hostName;
in
kw.virtualHostGen {
networkFilter = [ "public" ];
block.locations."/" = { root = splashy; };
};
networking = {
useDHCP = false;
interfaces.ens3 = {
useDHCP = true;
ipv6 = {
addresses = mkIf (config.network.addresses.public.nixos.ipv6.enable) [{
address = config.network.addresses.public.nixos.ipv6.address;
prefixLength = 64;
}];
routes = [{
address = "::";
prefixLength = 0;
}];
};
};
};
network = {
addresses = {
public = {
enable = true;
# TODO: move into module
nixos.ipv6.address = mkIf (tf.state.resources ? ${tf.resources.${config.networking.hostName}.out.reference}) addr_ipv6_nix;
tf.ipv6.address = tf.resources."${config.networking.hostName}_ipv6".refAttr "ip_address";
};
};
firewall.public.interfaces = singleton "ens3";
tf = {
enable = true;
ipv4_attr = "public_ip";
};
};
}

1
config/hosts/ostara/nixos.nix
View file

@ -49,7 +49,6 @@ with lib;
# Networking # Networking
networking = { networking = {
hostName = "ostara";
hostId = "9f89b327"; hostId = "9f89b327";
useDHCP = false; useDHCP = false;
interfaces.enp1s0.ipv4.addresses = singleton { interfaces.enp1s0.ipv4.addresses = singleton {

28
config/hosts/rinnosuke/nixos.nix
View file

@ -4,17 +4,30 @@
let let
prefix = head (splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block")); prefix = head (splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
in in
assert hasSuffix "::" prefix; prefix + "7"; assert hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6;
in in
{ {
imports = (with (import (sources.tf-nix + "/modules")); [ imports = with meta; [
nixos.ubuntu-linux profiles.hardware.oracle.ubuntu
nixos.oracle
./oracle.nix
]) ++ (with meta; [
services.knot services.knot
services.nginx services.nginx
]); ];
kw.oci = {
enable = true;
base = "Canonical Ubuntu";
specs = {
shape = "VM.Standard.E2.1.Micro";
cores = 1;
ram = 1;
space = 50;
};
ad = 2;
network = {
publicV6 = 7;
privateV4 = 3;
};
};
services.nginx.virtualHosts = services.nginx.virtualHosts =
let let
@ -27,7 +40,6 @@ in
networking = { networking = {
useDHCP = false; useDHCP = false;
hostName = "rinnosuke";
interfaces.ens3 = { interfaces.ens3 = {
useDHCP = true; useDHCP = true;
ipv6 = { ipv6 = {

4
config/hosts/samhain/nixos.nix
View file

@ -14,6 +14,9 @@ in
profiles.hardware.ms-7b86 profiles.hardware.ms-7b86
profiles.gui profiles.gui
profiles.vfio profiles.vfio
profiles.cross.aarch64
profiles.cross.armv7l
profiles.cross.armv6l
users.kat.guiFull users.kat.guiFull
users.kat.services.weechat users.kat.services.weechat
services.nginx services.nginx
@ -178,7 +181,6 @@ in
# Networking # Networking
networking = { networking = {
hostName = "samhain";
hostId = "617050fc"; hostId = "617050fc";
useDHCP = false; useDHCP = false;
useNetworkd = true; useNetworkd = true;

1
config/hosts/to-do/mabon/nixos/default.nix
View file

@ -19,7 +19,6 @@
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
networking.hostId = "d199ad70"; networking.hostId = "d199ad70";
networking.hostName = "mabon";
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.enp1s0.useDHCP = false; networking.interfaces.enp1s0.useDHCP = false;

1
config/hosts/yule/nixos.nix
View file

@ -63,7 +63,6 @@ with lib;
networking = { networking = {
hostId = "dddbb888"; hostId = "dddbb888";
hostName = "yule";
useDHCP = false; useDHCP = false;
wireless.interfaces = singleton "wlp2s0"; wireless.interfaces = singleton "wlp2s0";
interfaces = { interfaces = {

7
config/modules/meta/network.nix
View file

@ -31,7 +31,12 @@ with lib;
config = { config = {
nixpkgs = { nixpkgs = {
system = mkDefault pkgs.system; system = mkDefault pkgs.system;
pkgs = mkDefault pkgs; pkgs = let
pkgsReval = import pkgs.path {
inherit (config.nixpkgs) localSystem crossSystem;
inherit (pkgs) overlays config;
};
in mkDefault (if config.nixpkgs.config == pkgs.config && config.nixpkgs.localSystem.system == pkgs.targetPlatform.system then pkgs else pkgsReval);
}; };
}; };
}; };

3
config/modules/nixos/settings.nix
View file

@ -7,7 +7,4 @@
(sources.tf-nix + "/modules/nixos/secrets.nix") (sources.tf-nix + "/modules/nixos/secrets.nix")
(sources.tf-nix + "/modules/nixos/secrets-users.nix") (sources.tf-nix + "/modules/nixos/secrets-users.nix")
]; ];
excludes = [
"oracle"
];
} }

40
config/profiles/base/profiles.nix
View file

@ -8,6 +8,21 @@ with lib;
gui = mkEnableOption "Graphical System"; gui = mkEnableOption "Graphical System";
vfio = mkEnableOption "VFIO"; vfio = mkEnableOption "VFIO";
trusted = mkEnableOption "Trusted Submodule"; trusted = mkEnableOption "Trusted Submodule";
cross = {
enable = mkEnableOption "cross/emulated compilation";
aarch64 = mkOption {
type = types.bool;
default = false;
};
armv6l = mkOption {
type = types.bool;
default = false;
};
armv7l = mkOption {
type = types.bool;
default = false;
};
};
hardware = { hardware = {
acs-override = mkEnableOption "ACS IOMMU Override"; acs-override = mkEnableOption "ACS IOMMU Override";
amdgpu = mkEnableOption "AMD GPU"; amdgpu = mkEnableOption "AMD GPU";
@ -18,6 +33,11 @@ with lib;
ryzen = mkEnableOption "AMD Ryzen CPU"; ryzen = mkEnableOption "AMD Ryzen CPU";
ms-7b86 = mkEnableOption "MSI B450-A Pro Max"; ms-7b86 = mkEnableOption "MSI B450-A Pro Max";
rm-310 = mkEnableOption "Intel DQ67OW"; rm-310 = mkEnableOption "Intel DQ67OW";
oracle = {
common = mkEnableOption "OCI";
ubuntu = mkEnableOption "Canonical Ubuntu Base Image";
oracle = mkEnableOption "Oracle Linux Base Image";
};
eeepc-1015pem = mkEnableOption "Asus Eee PC 1015PEM"; eeepc-1015pem = mkEnableOption "Asus Eee PC 1015PEM";
v330-14arr = mkEnableOption "Lenovo Ideapad v330-14ARR"; v330-14arr = mkEnableOption "Lenovo Ideapad v330-14ARR";
}; };
@ -30,6 +50,21 @@ with lib;
gui = mkEnableOption "Graphical System"; gui = mkEnableOption "Graphical System";
vfio = mkEnableOption "VFIO"; vfio = mkEnableOption "VFIO";
trusted = mkEnableOption "Trusted Submodule"; trusted = mkEnableOption "Trusted Submodule";
cross = {
enable = mkEnableOption "cross/emulated compilation";
aarch64 = mkOption {
type = types.bool;
default = false;
};
armv6l = mkOption {
type = types.bool;
default = false;
};
armv7l = mkOption {
type = types.bool;
default = false;
};
};
hardware = { hardware = {
acs-override = mkEnableOption "ACS IOMMU Override"; acs-override = mkEnableOption "ACS IOMMU Override";
amdgpu = mkEnableOption "AMD GPU"; amdgpu = mkEnableOption "AMD GPU";
@ -40,6 +75,11 @@ with lib;
ryzen = mkEnableOption "AMD Ryzen CPU"; ryzen = mkEnableOption "AMD Ryzen CPU";
ms-7b86 = mkEnableOption "MSI B450-A Pro Max"; ms-7b86 = mkEnableOption "MSI B450-A Pro Max";
rm-310 = mkEnableOption "Intel DQ67OW"; rm-310 = mkEnableOption "Intel DQ67OW";
oracle = {
common = mkEnableOption "OCI";
ubuntu = mkEnableOption "Canonical Ubuntu Base Image";
oracle = mkEnableOption "Oracle Linux Base Image";
};
eeepc-1015pem = mkEnableOption "Asus Eee PC 1015PEM"; eeepc-1015pem = mkEnableOption "Asus Eee PC 1015PEM";
v330-14arr = mkEnableOption "Lenovo Ideapad v330-14ARR"; v330-14arr = mkEnableOption "Lenovo Ideapad v330-14ARR";
}; };

11
config/profiles/cross/aarch64.nix Normal file
View file

@ -0,0 +1,11 @@
{ pkgs, config, lib, ... }: with lib; {
boot.binfmt = {
emulatedSystems = [ "aarch64-linux" ];
/*
registrations.aarch64-linux = {
interpreter = mkForce "${pkgs.qemu-vfio or pkgs.qemu}/bin/qemu-aarch64";
};
*/
};
}

6
config/profiles/cross/armv7.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, ... }: {
nix = {
binaryCaches = [ "https://arm.cachix.org/" ];
binaryCachePublicKeys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ];
};
}

6
config/profiles/cross/armvcommon.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, ... }: {
nix = {
binaryCaches = [ "https://thefloweringash-armv7.cachix.org/" ];
binaryCachePublicKeys = [ "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" ];
};
}

35
config/profiles/cross/default.nix Normal file
View file

@ -0,0 +1,35 @@
rec {
common = ./armvcommon.nix;
armv7-base = ./armv7.nix;
aarch64-base = ./aarch64.nix;
aarch64 = {
deploy.profile.cross = {
enable = true;
aarch64 = true;
};
imports = [
aarch64-base
];
};
armv7l = {
deploy.profile.cross = {
enable = true;
armv7l = true;
};
imports = [
common
armv7-base
];
};
armv6l = {
deploy.profile.cross = {
enable = true;
armv6l = true;
};
imports = [
common
];
};
}

231
config/profiles/hardware/oracle/common.nix Normal file
View file

@ -0,0 +1,231 @@
{ config, tf, meta, kw, pkgs, lib, sources, ... }: with lib; let
oci-root = meta.deploy.targets.oci-root.tf;
cfg = config.kw.oci;
in
{
options.kw.oci = {
enable = mkEnableOption "oracle server";
base = mkOption {
description = ''
Canonical Ubuntu provides an EXT4 root filesystem.
Oracle Linux provides an XFS root filesystem.
'';
type = with types; enum [
"Canonical Ubuntu"
"Oracle Linux"
];
default = "Canonical Ubuntu";
};
specs = {
shape = mkOption {
type = with types; nullOr str;
default = null;
};
cores = mkOption {
type = with types; nullOr int;
default = null;
};
ram = mkOption {
type = with types; nullOr int;
default = null;
};
space = mkOption {
type = with types; nullOr int;
default = null;
};
};
network = {
privateV4 = mkOption {
type = with types; nullOr int;
default = null;
};
publicV6 = mkOption {
type = with types; nullOr int;
default = null;
};
};
ad = mkOption {
description = ''
Availability Domain.
Important because, for example: EPYC instances can only be provisioned on AD2 in London.
'';
type = with types; nullOr int;
default = null;
};
};
imports = with import (sources.tf-nix + "/modules"); [
nixos.oracle
];
config = {
deploy.tf =
let
compartment_id = oci-root.resources.oci_kw_compartment.importAttr "id";
inherit (tf.lib.tf) terraformExpr;
in
{
deploy.systems."${config.networking.hostName}" = {
lustrate = {
enable = true;
connection = tf.resources."${config.networking.hostName}".connection.set;
};
connection = {
port = head config.services.openssh.ports;
};
};
providers.oci = {
inputs = {
tenancy_ocid = oci-root.outputs.oci_tenancy.import;
user_ocid = oci-root.resources.oci_kw_user.importAttr "id";
fingerprint = oci-root.resources.oci_kw_apikey.importAttr "fingerprint";
region = oci-root.outputs.oci_region.import;
private_key_path = oci-root.resources.oci_kw_key_file.importAttr "filename";
};
};
resources = mkMerge [{
cloudinit = {
provider = "cloudinit";
type = "config";
dataSource = true;
inputs = {
part = singleton {
content_type = "text/cloud-config";
content = "#cloud-config\n" + builtins.toJSON {
disable_root = false;
};
};
};
};
availability_domain = {
provider = "oci";
type = "identity_availability_domain";
dataSource = true;
inputs = {
inherit compartment_id;
ad_number = cfg.ad;
};
};
generic_image = {
provider = "oci";
type = "core_images";
dataSource = true;
inputs = {
inherit compartment_id;
inherit (tf.resources."${config.networking.hostName}".inputs) shape;
operating_system = cfg.base;
sort_by = "TIMECREATED";
sort_order = "DESC";
};
};
"${config.networking.hostName}_vnic" = {
provider = "oci";
type = "core_vnic_attachments";
dataSource = true;
inputs = {
inherit compartment_id;
instance_id = tf.resources."${config.networking.hostName}".refAttr "id";
};
};
"${config.networking.hostName}_ipv6" = {
provider = "oci";
type = "core_ipv6";
inputs = {
vnic_id = tf.resources."${config.networking.hostName}_vnic".refAttr "vnic_attachments[0].vnic_id";
display_name = config.networking.hostName;
ip_address = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"}", ${toString cfg.network.publicV6})'';
};
};
"${config.networking.hostName}" = {
provider = "oci";
type = "core_instance";
inputs = {
inherit compartment_id;
extended_metadata = { };
metadata = {
ssh_authorized_keys = concatStringsSep "\n" config.users.users.root.openssh.authorizedKeys.keys;
user_data = tf.resources.cloudinit.refAttr "rendered";
};
shape = cfg.specs.shape;
shape_config = {
ocpus = cfg.specs.cores;
memory_in_gbs = cfg.specs.ram;
};
source_details = {
source_type = "image";
source_id = tf.resources.generic_image.refAttr "images[0].id";
boot_volume_size_in_gbs = cfg.specs.space; # min 50GB, up to 200GB free
};
create_vnic_details = [
{
assign_public_ip = true;
subnet_id = oci-root.resources.oci_kw_subnet.importAttr "id";
private_ip = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "cidr_block"}", ${toString cfg.network.privateV4})'';
nsg_ids = [
(tf.resources.firewall_group.refAttr "id")
];
}
];
availability_domain = tf.resources.availability_domain.refAttr "name";
};
lifecycle.ignoreChanges = [
"source_details[0].source_id"
];
connection = {
type = "ssh";
user = "root";
host = tf.lib.tf.terraformSelf "public_ip";
timeout = "5m";
};
};
firewall_group = {
provider = "oci";
type = "core_network_security_group";
inputs = {
display_name = "${config.networking.hostName} firewall group";
inherit compartment_id;
vcn_id = oci-root.resources.oci_vcn.importAttr "id";
};
};
}
(
let
protoValues = {
TCP = 6;
UDP = 17;
};
inherit (config.networking) firewall;
ipv4 = "0.0.0.0/0";
ipv6 = "::/0";
mapPort = source: protocol: port: {
provider = "oci";
type = "core_network_security_group_security_rule";
inputs = {
network_security_group_id = tf.resources.firewall_group.refAttr "id";
inherit protocol source;
direction = "INGRESS";
${if protocol == protoValues.TCP then "tcp_options" else "udp_options"} = {
destination_port_range =
if isAttrs port then {
min = port.from;
max = port.to;
} else {
min = port;
max = port;
};
};
};
};
mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ];
mapAllForInterface =
let
protos = [ "TCP" "UDP" ];
types = [ "Ports" "PortRanges" ];
in
interface: concatMap (type: concatMap (proto: (concatMap (port: (mapAll protoValues.${proto}) port) interface."allowed${proto}${type}")) protos) types;
rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces);
# TODO: use `count` and index into a fancy json or something?
in
listToAttrs (imap0 (i: rule: nameValuePair "firewall${toString i}" rule) rules)
)];
};
};
}

26
config/profiles/hardware/oracle/default.nix Normal file
View file

@ -0,0 +1,26 @@
rec {
common = ./common.nix;
ubuntu-base = ./ubuntu.nix;
oracle-base = ./oracle.nix;
ubuntu = {
deploy.profile.hardware.oracle = {
common = true;
ubuntu = true;
};
imports = [
common
ubuntu-base
];
};
oracle = {
deploy.profile.hardware.oracle = {
common = true;
oracle = true;
};
imports = [
common
oracle-base
];
};
}

5
config/profiles/hardware/oracle/oracle.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, sources, ... }: {
imports = with import (sources.tf-nix + "/modules"); [
nixos.oracle-linux
];
}

5
config/profiles/hardware/oracle/ubuntu.nix Normal file
View file

@ -0,0 +1,5 @@
{ sources, ... }: {
imports = with import (sources.tf-nix + "/modules"); [
nixos.ubuntu-linux
];
}

3
default.nix
View file

@ -69,6 +69,9 @@ let
(host: { (host: {
network.nodes.${host} = { network.nodes.${host} = {
imports = config.lib.kw.nodeImport host; imports = config.lib.kw.nodeImport host;
networking = {
hostName = host;
};
}; };
}) })
(lib.attrNames xarg.hosts)); (lib.attrNames xarg.hosts));

6
nix/sources.json
View file

@ -89,10 +89,10 @@
"homepage": null, "homepage": null,
"owner": "kittywitch", "owner": "kittywitch",
"repo": "nixexprs", "repo": "nixexprs",
"rev": "1ba4276349007ac90a9bda6e856752945a2ba342", "rev": "fb4a435201384c6a45b593d47bc72b4998ffe78d",
"sha256": "0m6v8aykjzvb5phr9kwazkyjp3bbzv6wys6jzvkpqgysl8mxyfhf", "sha256": "07r2n6xx6l4pbrqdda42amxdq9d9nqg8pnkqbimfhssakpnkv2ml",
"type": "tarball", "type": "tarball",
"url": "https://github.com/kittywitch/nixexprs/archive/1ba4276349007ac90a9bda6e856752945a2ba342.tar.gz", "url": "https://github.com/kittywitch/nixexprs/archive/fb4a435201384c6a45b593d47bc72b4998ffe78d.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"niv": { "niv": {

2
overlays/exprs

@ -1 +1 @@
Subproject commit 1ba4276349007ac90a9bda6e856752945a2ba342 Subproject commit fb4a435201384c6a45b593d47bc72b4998ffe78d