2024-02-01 22:28:14 +00:00
|
|
|
# Top-level file aggregating all machines managed from hscloud.
|
|
|
|
#
|
|
|
|
# This file is meant to be used with colmena. For information about
|
|
|
|
# building/deploying machines see //ops/README.md.
|
|
|
|
|
|
|
|
let
|
|
|
|
hscloud = import ../default.nix { };
|
|
|
|
pkgs = hscloud.pkgs;
|
|
|
|
|
2024-02-08 11:44:39 +00:00
|
|
|
nixpkgsForRunc112 = import
|
|
|
|
(pkgs.fetchFromGitHub {
|
|
|
|
owner = "nixos";
|
|
|
|
repo = "nixpkgs";
|
|
|
|
rev = "f6a0dcdc5008e7aa6ccac5b99a02b73461540789";
|
|
|
|
sha256 = "sha256-ro5vOuY6kDvqXFWLRMcXKkEurJZSD+DQ866aWp0tARk=";
|
|
|
|
}) {};
|
|
|
|
|
2024-02-01 22:28:14 +00:00
|
|
|
# TODO(patryk): unpin and upgrade
|
|
|
|
nixpkgsMachines = import
|
|
|
|
(pkgs.fetchFromGitHub {
|
|
|
|
owner = "nixos";
|
|
|
|
repo = "nixpkgs-channels";
|
|
|
|
rev = "e26c0ffdb013cd378fc2528a44689a8bf35d2a6c";
|
|
|
|
sha256 = "1b33hw35fqb9rzszdg5jpiyfvhx2cxpv0qrkyr19zkdpdahzdbss";
|
|
|
|
})
|
2024-02-08 11:44:39 +00:00
|
|
|
{
|
|
|
|
overlays = [
|
|
|
|
(self: super: {
|
|
|
|
# Bump runc to 1.1.12 fix CVE-2024-21626
|
|
|
|
# Taking it from another nixpkgs is the easiest, as nixpkgsMachines'
|
|
|
|
# Go is too old to build a newer verison of runc from upstream.
|
|
|
|
runc = nixpkgsForRunc112.runc;
|
|
|
|
})
|
|
|
|
];
|
|
|
|
};
|
2024-02-01 22:28:14 +00:00
|
|
|
|
|
|
|
mkClusterMachine = path: {
|
|
|
|
deployment.tags = [ "k8s" ];
|
|
|
|
|
|
|
|
imports = [
|
|
|
|
../cluster/machines/modules/base.nix
|
|
|
|
../cluster/machines/modules/kube-controlplane.nix
|
|
|
|
../cluster/machines/modules/kube-dataplane.nix
|
|
|
|
path
|
|
|
|
];
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
|
|
meta = {
|
|
|
|
nixpkgs = pkgs;
|
|
|
|
|
|
|
|
nodeNixpkgs = {
|
|
|
|
"bc01n01.hswaw.net" = nixpkgsMachines;
|
|
|
|
"bc01n05.hswaw.net" = nixpkgsMachines;
|
|
|
|
"dcr01s22.hswaw.net" = nixpkgsMachines;
|
|
|
|
"dcr01s24.hswaw.net" = nixpkgsMachines;
|
|
|
|
"dcr03s16.hswaw.net" = nixpkgsMachines;
|
|
|
|
|
|
|
|
"edge01.waw.bgp.wtf" = nixpkgsMachines;
|
|
|
|
|
|
|
|
"larrythebuilder.q3k.org" = import pkgs.path { system = "aarch64-linux"; };
|
|
|
|
"tv1.waw.hackerspace.pl" = import pkgs.path { system = "aarch64-linux"; };
|
|
|
|
"tv2.waw.hackerspace.pl" = import pkgs.path { system = "aarch64-linux"; };
|
|
|
|
|
|
|
|
# TODO update global pkgs to >= 22.05 and remove this override
|
|
|
|
# building on current pkgs gives error:
|
|
|
|
# error: The option `services.home-assistant.extraComponents' does not exist.
|
|
|
|
"sound.waw.hackerspace.pl" = import
|
|
|
|
(fetchTarball {
|
|
|
|
# NixOS/nixpkgs/nixos-unstable 2022-09-10
|
|
|
|
url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/2da64a81275b68fdad38af669afeda43d401e94b";
|
|
|
|
sha256 = "1k71lmzdaa48yqkmsnd22n177qmxxi4gj2qcmdbv0mc6l4f27wd0";
|
|
|
|
})
|
|
|
|
{ };
|
|
|
|
};
|
|
|
|
|
|
|
|
allowApplyAll = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
defaults = { nodes, pkgs, ... }: {
|
|
|
|
_module.args.workspace = hscloud.hscloudForPkgs pkgs;
|
|
|
|
_module.args.machines = nodes;
|
|
|
|
};
|
|
|
|
|
|
|
|
"bc01n01.hswaw.net" = mkClusterMachine ../cluster/machines/bc01n01.hswaw.net.nix;
|
|
|
|
"bc01n05.hswaw.net" = mkClusterMachine ../cluster/machines/bc01n05.hswaw.net.nix;
|
|
|
|
"dcr01s22.hswaw.net" = mkClusterMachine ../cluster/machines/dcr01s22.hswaw.net.nix;
|
|
|
|
"dcr01s24.hswaw.net" = mkClusterMachine ../cluster/machines/dcr01s24.hswaw.net.nix;
|
|
|
|
"dcr03s16.hswaw.net" = mkClusterMachine ../cluster/machines/dcr03s16.hswaw.net.nix;
|
|
|
|
|
|
|
|
"edge01.waw.bgp.wtf" = { ... }: {
|
|
|
|
imports = [
|
|
|
|
../bgpwtf/machines/edge01.waw.bgp.wtf.nix
|
|
|
|
../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
"larrythebuilder.q3k.org" = import ../hswaw/machines/larrythebuilder.q3k.org/configuration.nix;
|
|
|
|
|
|
|
|
"customs.hackerspace.pl" = import ../hswaw/machines/customs.hackerspace.pl/configuration.nix;
|
|
|
|
"tv1.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv1.nix;
|
|
|
|
"tv2.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv2.nix;
|
|
|
|
"sound.waw.hackerspace.pl" = import ../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix;
|
|
|
|
}
|