2020-10-02 22:18:34 +00:00
|
|
|
# Top-level file aggregating all machines managed from hscloud.
|
|
|
|
#
|
|
|
|
# This allows to have a common attrset of machines that can be deployed
|
|
|
|
# in the same way.
|
|
|
|
#
|
2021-09-10 22:27:24 +00:00
|
|
|
# For information about building/deploying machines see //ops/README.md.
|
2020-10-02 22:18:34 +00:00
|
|
|
|
|
|
|
{ hscloud, pkgs, ... }:
|
|
|
|
|
|
|
|
let
|
2021-09-10 22:27:24 +00:00
|
|
|
# nixpkgs for cluster machines (.hswaw.net). Currently pinned to an old
|
|
|
|
# nixpkgs because NixOS modules for kubernetes changed enough that it's not
|
|
|
|
# super easy to use them as is.
|
|
|
|
#
|
|
|
|
# TODO(q3k): fix this: use an old nixpkgs for Kube modules while using
|
|
|
|
# hscloud nixpkgs for everything else.
|
|
|
|
nixpkgsCluster = import (pkgs.fetchFromGitHub {
|
|
|
|
owner = "nixos";
|
|
|
|
repo = "nixpkgs-channels";
|
|
|
|
rev = "44ad80ab1036c5cc83ada4bfa451dac9939f2a10";
|
|
|
|
sha256 = "1b61nzvy0d46cspy07szkc0rggacxiqg9v1py27pkqpj7rvawfsk";
|
2021-09-10 22:30:56 +00:00
|
|
|
}) {
|
|
|
|
overlays = [
|
|
|
|
(self: super: rec {
|
|
|
|
# Use a newer version of Ceph (16, Pacific, EOL 2023-06-01) than in
|
|
|
|
# this nixpkgs (15, Octopus, EOL 2022-06-01).
|
|
|
|
#
|
|
|
|
# This is to:
|
|
|
|
# 1. Fix a bug in which ceph-volume lvm create fails due to a rocksdb
|
|
|
|
# mismatch (https://tracker.ceph.com/issues/49815)
|
|
|
|
# 2. At the time of deployment not start out with an ancient version
|
|
|
|
# of Ceph.
|
|
|
|
#
|
|
|
|
# Once we unpin nixpkgsCluster past a version that contains this Ceph,
|
|
|
|
# this can be unoverlayed.
|
|
|
|
inherit (super.callPackages ./ceph {
|
|
|
|
boost = super.boost17x.override { enablePython = true; python = super.python3; };
|
|
|
|
lua = super.lua5_4;
|
|
|
|
}) ceph ceph-client;
|
|
|
|
ceph-lib = ceph.lib;
|
|
|
|
})
|
|
|
|
];
|
|
|
|
};
|
2021-09-10 22:27:24 +00:00
|
|
|
|
|
|
|
# edge01 still lives on an old nixpkgs checkout.
|
|
|
|
#
|
|
|
|
# TODO(b/3): unpin and deploy.
|
|
|
|
nixpkgsBgpwtf = import (pkgs.fetchFromGitHub {
|
|
|
|
owner = "nixos";
|
|
|
|
repo = "nixpkgs-channels";
|
|
|
|
rev = "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38";
|
|
|
|
sha256 = "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v";
|
|
|
|
}) {};
|
|
|
|
|
2021-10-16 16:22:46 +00:00
|
|
|
# customs.hackerspace.pl migration temporary checkout
|
|
|
|
nixpkgsCustoms = import (pkgs.fetchFromGitHub {
|
|
|
|
owner = "nixos";
|
|
|
|
repo = "nixpkgs";
|
|
|
|
rev = "d12178b1c4a6ef1232c8c677573ba9db204e66ff";
|
|
|
|
sha256 = "0p7df7yzi35kblxr5ks0rxxp9cfh269g88xpj60sdhdjvfnn6cp7";
|
|
|
|
}) {};
|
|
|
|
|
2021-10-16 19:14:05 +00:00
|
|
|
# mkMachine builds NixOS modules into a NixOS derivation.
|
|
|
|
# It:
|
|
|
|
# 1) injects passthru.hscloud.provision which deploys that configuration
|
|
|
|
# over SSH to a production machine.
|
|
|
|
# 2) injects 'workspace' as a nixos module argument which points to the root
|
|
|
|
# of the hscloud readTree object. It will contain whatever nixpkgs
|
|
|
|
# checkout this file has been invoked with, ie. will not be 'mixed in'
|
|
|
|
# with the pkgs argument.
|
2022-06-11 18:27:01 +00:00
|
|
|
mkMachine = machines: pkgs: paths: pkgs.nixos ({ config, pkgs, ... }: {
|
2020-10-02 22:18:34 +00:00
|
|
|
imports = paths;
|
|
|
|
|
2021-09-10 22:27:24 +00:00
|
|
|
config = let
|
|
|
|
name = config.networking.hostName;
|
|
|
|
domain = if (config.networking ? domain) && config.networking.domain != null then config.networking.domain else "hswaw.net";
|
|
|
|
fqdn = name + "." + domain;
|
|
|
|
toplevel = config.system.build.toplevel;
|
|
|
|
|
|
|
|
runProvision = ''
|
|
|
|
#!/bin/sh
|
|
|
|
set -eu
|
|
|
|
remote=root@${fqdn}
|
|
|
|
echo "Configuration for ${fqdn} is ${toplevel}"
|
|
|
|
nix copy -s --to ssh://$remote ${toplevel}
|
|
|
|
|
|
|
|
running="$(ssh $remote readlink -f /nix/var/nix/profiles/system)"
|
|
|
|
if [ "$running" == "${toplevel}" ]; then
|
|
|
|
echo "${fqdn} already running ${toplevel}."
|
|
|
|
else
|
|
|
|
echo "/etc/systemd/system diff:"
|
|
|
|
ssh $remote diff -ur /var/run/current-system/etc/systemd/system ${toplevel}/etc/systemd/system || true
|
|
|
|
echo ""
|
|
|
|
echo ""
|
|
|
|
echo "dry-activate diff:"
|
|
|
|
ssh $remote ${toplevel}/bin/switch-to-configuration dry-activate
|
|
|
|
read -p "Do you want to switch to this configuration? " -n 1 -r
|
|
|
|
echo
|
|
|
|
if ! [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo -ne "\n\nswitch-to-configuration test...\n"
|
|
|
|
ssh $remote ${toplevel}/bin/switch-to-configuration test
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo -ne "\n\n"
|
|
|
|
read -p "Do you want to set this configuration as boot? " -n 1 -r
|
|
|
|
echo
|
|
|
|
if ! [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo -ne "\n\nsetting system profile...\n"
|
|
|
|
ssh $remote nix-env -p /nix/var/nix/profiles/system --set ${toplevel}
|
|
|
|
|
|
|
|
echo -ne "\n\nswitch-to-configuration boot...\n"
|
|
|
|
ssh $remote ${toplevel}/bin/switch-to-configuration boot
|
|
|
|
'';
|
|
|
|
in {
|
|
|
|
passthru.hscloud.provision = pkgs.writeScript "provision-${fqdn}" runProvision;
|
2021-10-16 19:14:05 +00:00
|
|
|
|
|
|
|
# TODO(q3k): this should be named hscloud, but that seems to not work. Debug and rename.
|
|
|
|
_module.args.workspace = hscloud;
|
2022-06-11 18:27:01 +00:00
|
|
|
_module.args.machines = machines;
|
2021-09-10 22:27:24 +00:00
|
|
|
};
|
|
|
|
});
|
2021-10-16 16:22:46 +00:00
|
|
|
|
2022-06-11 18:27:01 +00:00
|
|
|
mkClusterMachine = machines: path: mkMachine machines nixpkgsCluster [
|
|
|
|
../cluster/machines/modules/base.nix
|
|
|
|
../cluster/machines/modules/kube-controlplane.nix
|
|
|
|
../cluster/machines/modules/kube-dataplane.nix
|
|
|
|
../cluster/machines/modules/ceph.nix
|
|
|
|
path
|
2021-10-16 16:22:46 +00:00
|
|
|
];
|
2022-06-11 18:27:01 +00:00
|
|
|
|
|
|
|
machines = self: {
|
|
|
|
"bc01n01.hswaw.net" = mkClusterMachine self ../cluster/machines/bc01n01.hswaw.net.nix;
|
|
|
|
"bc01n02.hswaw.net" = mkClusterMachine self ../cluster/machines/bc01n02.hswaw.net.nix;
|
|
|
|
"dcr01s22.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s22.hswaw.net.nix;
|
|
|
|
"dcr01s24.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s24.hswaw.net.nix;
|
|
|
|
|
|
|
|
"edge01.waw.bgp.wtf" = mkMachine self nixpkgsBgpwtf [
|
|
|
|
../bgpwtf/machines/edge01.waw.bgp.wtf.nix
|
|
|
|
../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
"customs.hackerspace.pl" = mkMachine self pkgs [
|
|
|
|
../hswaw/machines/customs.hackerspace.pl/configuration.nix
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
in pkgs.lib.fix machines
|