forked from hswaw/hscloud
Bartosz Stebel
9a88f28805
Also make dataplane-only nodes actually work: - make kubeproxy use the same package as kubelet - disable firewall Change-Id: I7babbb749656e6f75151c8eda6e3f09f3c6bff5f Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1686 Reviewed-by: q3k <q3k@hackerspace.pl>
158 lines
5.9 KiB
Nix
158 lines
5.9 KiB
Nix
# Top-level file aggregating all machines managed from hscloud.
|
|
#
|
|
# This allows to have a common attrset of machines that can be deployed
|
|
# in the same way.
|
|
#
|
|
# For information about building/deploying machines see //ops/README.md.
|
|
|
|
{ hscloud, pkgs, hscloudForPkgs, ... }:
|
|
|
|
let
|
|
# nixpkgs for cluster machines (.hswaw.net). Currently pinned to an old
|
|
# nixpkgs because NixOS modules for kubernetes changed enough that it's not
|
|
# super easy to use them as is.
|
|
#
|
|
# TODO(q3k): fix this: use an old nixpkgs for Kube modules while using
|
|
# hscloud nixpkgs for everything else.
|
|
nixpkgsCluster = import (pkgs.fetchFromGitHub {
|
|
owner = "nixos";
|
|
repo = "nixpkgs-channels";
|
|
rev = "44ad80ab1036c5cc83ada4bfa451dac9939f2a10";
|
|
sha256 = "1b61nzvy0d46cspy07szkc0rggacxiqg9v1py27pkqpj7rvawfsk";
|
|
}) { };
|
|
|
|
# TODO(patryk): unpin and upgrade
|
|
nixpkgsBgpwtf = import (pkgs.fetchFromGitHub {
|
|
owner = "nixos";
|
|
repo = "nixpkgs-channels";
|
|
rev = "e26c0ffdb013cd378fc2528a44689a8bf35d2a6c";
|
|
sha256 = "1b33hw35fqb9rzszdg5jpiyfvhx2cxpv0qrkyr19zkdpdahzdbss";
|
|
}) { };
|
|
|
|
|
|
# mkMachine builds NixOS modules into a NixOS derivation.
|
|
# It:
|
|
# 1) injects passthru.hscloud.provision which deploys that configuration
|
|
# over SSH to a production machine.
|
|
# 2) injects 'workspace' as a nixos module argument which points to the root
|
|
# of the hscloud readTree object. It will contain whatever nixpkgs
|
|
# checkout this file has been invoked with, ie. will not be 'mixed in'
|
|
# with the pkgs argument.
|
|
mkMachine = machines: pkgs: paths: pkgs.nixos ({ config, pkgs, ... }: {
|
|
imports = paths;
|
|
|
|
config = let
|
|
name = config.networking.hostName;
|
|
domain = if (config.networking ? domain) && config.networking.domain != null then config.networking.domain else "hswaw.net";
|
|
fqdn = name + "." + domain;
|
|
toplevel = config.system.build.toplevel;
|
|
|
|
runProvision = ''
|
|
#!/bin/sh
|
|
set -eu
|
|
remote=root@${fqdn}
|
|
echo "Configuration for ${fqdn} is ${toplevel}"
|
|
nix copy -s --to ssh://$remote ${toplevel}
|
|
|
|
running="$(ssh $remote readlink -f /nix/var/nix/profiles/system)"
|
|
if [ "$running" == "${toplevel}" ]; then
|
|
echo "${fqdn} already running ${toplevel}."
|
|
else
|
|
echo "/etc/systemd/system diff:"
|
|
ssh $remote diff -ur /var/run/current-system/etc/systemd/system ${toplevel}/etc/systemd/system || true
|
|
echo ""
|
|
echo ""
|
|
echo "dry-activate diff:"
|
|
ssh $remote ${toplevel}/bin/switch-to-configuration dry-activate
|
|
read -p "Do you want to switch to this configuration? " -n 1 -r
|
|
echo
|
|
if ! [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
exit 1
|
|
fi
|
|
|
|
echo -ne "\n\nswitch-to-configuration test...\n"
|
|
ssh $remote ${toplevel}/bin/switch-to-configuration test
|
|
fi
|
|
|
|
echo -ne "\n\n"
|
|
read -p "Do you want to set this configuration as boot? " -n 1 -r
|
|
echo
|
|
if ! [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
exit 1
|
|
fi
|
|
|
|
echo -ne "\n\nsetting system profile...\n"
|
|
ssh $remote nix-env -p /nix/var/nix/profiles/system --set ${toplevel}
|
|
|
|
echo -ne "\n\nswitch-to-configuration boot...\n"
|
|
ssh $remote ${toplevel}/bin/switch-to-configuration boot
|
|
'';
|
|
in {
|
|
passthru.hscloud.provision = pkgs.writeScript "provision-${fqdn}" runProvision;
|
|
|
|
# TODO(q3k): this should be named hscloud, but that seems to not work. Debug and rename.
|
|
_module.args.workspace = hscloudForPkgs pkgs;
|
|
_module.args.machines = machines;
|
|
};
|
|
});
|
|
|
|
mkClusterMachine = machines: path: mkMachine machines nixpkgsCluster [
|
|
../cluster/machines/modules/base.nix
|
|
../cluster/machines/modules/kube-controlplane.nix
|
|
../cluster/machines/modules/kube-dataplane.nix
|
|
path
|
|
];
|
|
|
|
mkClusterMachineNew = machines: path: mkMachine machines nixpkgsBgpwtf [
|
|
../cluster/machines/modules/base.nix
|
|
../cluster/machines/modules/kube-controlplane.nix
|
|
../cluster/machines/modules/kube-dataplane.nix
|
|
path
|
|
];
|
|
|
|
|
|
pkgsArm = import pkgs.path {
|
|
system = "aarch64-linux";
|
|
};
|
|
|
|
machines = self: {
|
|
"bc01n01.hswaw.net" = mkClusterMachineNew self ../cluster/machines/bc01n01.hswaw.net.nix;
|
|
"bc01n02.hswaw.net" = mkClusterMachine self ../cluster/machines/bc01n02.hswaw.net.nix;
|
|
"bc01n05.hswaw.net" = mkClusterMachineNew self ../cluster/machines/bc01n05.hswaw.net.nix;
|
|
"dcr01s22.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s22.hswaw.net.nix;
|
|
"dcr01s24.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s24.hswaw.net.nix;
|
|
"dcr03s16.hswaw.net" = mkClusterMachineNew self ../cluster/machines/dcr03s16.hswaw.net.nix;
|
|
|
|
"edge01.waw.bgp.wtf" = mkMachine self nixpkgsBgpwtf [
|
|
../bgpwtf/machines/edge01.waw.bgp.wtf.nix
|
|
../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
|
|
];
|
|
|
|
"larrythebuilder.q3k.org" = mkMachine self pkgsArm [
|
|
../hswaw/machines/larrythebuilder.q3k.org/configuration.nix
|
|
];
|
|
|
|
"customs.hackerspace.pl" = mkMachine self pkgs [
|
|
../hswaw/machines/customs.hackerspace.pl/configuration.nix
|
|
];
|
|
"tv1.waw.hackerspace.pl" = mkMachine self pkgsArm [
|
|
../hswaw/machines/tv/tv1.nix
|
|
];
|
|
"tv2.waw.hackerspace.pl" = mkMachine self pkgsArm [
|
|
../hswaw/machines/tv/tv2.nix
|
|
];
|
|
"sound.waw.hackerspace.pl" = let
|
|
# TODO update global pkgs to >= 22.05 and remove this override
|
|
# building on current pkgs gives error:
|
|
# error: The option `services.home-assistant.extraComponents' does not exist.
|
|
pkgs = import (fetchTarball {
|
|
# NixOS/nixpkgs/nixos-unstable 2022-09-10
|
|
url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/2da64a81275b68fdad38af669afeda43d401e94b";
|
|
sha256 = "1k71lmzdaa48yqkmsnd22n177qmxxi4gj2qcmdbv0mc6l4f27wd0";
|
|
}) {};
|
|
in mkMachine self pkgs [
|
|
../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix
|
|
];
|
|
};
|
|
|
|
in pkgs.lib.fix machines
|