diff --git a/flake.lock b/flake.lock index 7048f0c4..21810d4a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,22 +1,44 @@ { "nodes": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1693611461, + "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1669542132, - "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", + "lastModified": 1695830400, + "narHash": "sha256-gToZXQVr0G/1WriO83olnqrLSHF2Jb8BPcmCt497ro0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a115bb9bd56831941be3776c8a94005867f316a7", + "rev": "8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "NixOS", "ref": "nixos-unstable", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "root": { "inputs": { + "flake-parts": "flake-parts", "nixpkgs": "nixpkgs" } } diff --git a/flake.nix b/flake.nix index c9c56d07..7b924151 100644 --- a/flake.nix +++ b/flake.nix @@ -1,128 +1,17 @@ { + nixConfig.bash-prompt = "\\[\\033[01;32m\\][nix-flakes \\W] \$\\[\\033[00m\\] "; + inputs = { - nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-parts = { url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, ... }: - let - # System types to support. - supportedSystems = [ "x86_64-linux" ]; - - # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'. - forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system); - - # Nixpkgs instantiated for supported system types. - nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = [ self.overlays.default ]; }); - in - { - overlays.default = (final: prev: - with final.pkgs; - rec { - scaleTests = callPackage ./nix/tests/allTests.nix { }; - massflash = callPackage ./nix/pkgs/massflash.nix { }; - scaleInventory = callPackage ./nix/pkgs/scaleInventory.nix { }; - }); - - packages = forAllSystems (system: { - inherit (nixpkgsFor.${system}) scaleTests scaleInventory; - }); - nixosConfigurations = - let - # All scale common modules - system = "x86_64-linux"; - common = - ({ modulesPath, ... }: { - imports = [ - ./nix/modules/bhyve-image.nix - ./nix/machines/_common/users.nix - ]; - }); - pkgs = nixpkgsFor.${system}; - in - { - loghost = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - common - ./nix/machines/loghost.nix - ]; - }; - massflash = nixpkgs.lib.nixosSystem { - inherit system pkgs; - modules = [ - ({ modulesPath, ... }: { - imports = [ - "${toString modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" - ]; - }) - ./nix/machines/massflash.nix - ]; - }; - coreMaster = nixpkgs.lib.nixosSystem { - inherit system pkgs; - modules = [ - common - ./nix/machines/core/master.nix - ]; - specialArgs = { inherit self; }; - }; - coreSlave = nixpkgs.lib.nixosSystem { - inherit system pkgs; - modules = [ - common - ./nix/machines/core/slave.nix - ]; - }; - signs = nixpkgs.lib.nixosSystem { - inherit system pkgs; - modules = [ - common - ./nix/machines/signs.nix - ]; - }; - }; - # Like nix-shell - # Good example: https://github.com/tcdi/pgx/blob/master/flake.nix - devShells = forAllSystems - (system: - let - pkgs = nixpkgsFor.${system}; - in - { - default = import ./shell.nix { inherit pkgs; }; - }); - - checks = - let - pkgs = nixpkgsFor.x86_64-linux; - in - { - # python tests for the data found in facts - # disabling persistence and cache for py utils to avoid warnings - # since caching is taken care of by nix - pytest-facts = pkgs.runCommand "pytest-facts" { } '' - cp -r ${pkgs.lib.cleanSource self}/* . - cd facts - ${pkgs.python3Packages.pylint}/bin/pylint --persistent n *.py - ${pkgs.python3Packages.pytest}/bin/pytest -vv -p no:cacheprovider - touch $out - ''; - perl-switches = pkgs.runCommand "perl-switches" - { - buildInputs = [ pkgs.gnumake pkgs.perl ]; - } '' - cp -r ${pkgs.lib.cleanSource self}/* . - cd switch-configuration - make .lint - make .build-switch-configs - touch $out - ''; - - }; + outputs = inputs: + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ "x86_64-linux" "aarch64-linux" ]; + imports = [ + ./nix/flake-module.nix + ]; }; - - # Bold green prompt for `nix develop` - # Had to add extra escape chars to each special char - nixConfig.bash-prompt = "\\[\\033[01;32m\\][nix-flakes \\W] \$\\[\\033[00m\\] "; } diff --git a/hello b/hello new file mode 100644 index 00000000..e69de29b diff --git a/nix/dev/flake-module.nix b/nix/dev/flake-module.nix new file mode 100644 index 00000000..bf2c8d25 --- /dev/null +++ b/nix/dev/flake-module.nix @@ -0,0 +1,45 @@ +{ + perSystem = { pkgs, ... }: + let + scale_python = pkgs.python3.withPackages (p: with p ; [ pytest pylint ipdb ]); + + # Trying to keep these pkg sets separate for later + global = with pkgs; [ + bash + curl + git + jq + kermit + screen + glibcLocales + (pkgs.python3.withPackages (p: with p ; [ pytest pylint ipdb ])) + ]; + ansible_sub = [ + pkgs.ansible + pkgs.ansible-lint + ]; + openwrt_sub = with pkgs; [ + expect + gomplate + magic-wormhole + tftp-hpa + nettools + unixtools.ping + iperf3 + ncurses + ncurses.dev + pkg-config + gcc + stdenv + ]; + network_sub = [ pkgs.perl ]; + in + { + devShells.default = pkgs.mkShell { + packages = global + ++ ansible_sub + ++ openwrt_sub + ++ network_sub; + }; + }; +} diff --git a/nix/flake-module.nix b/nix/flake-module.nix new file mode 100644 index 00000000..781cba8f --- /dev/null +++ b/nix/flake-module.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./pkgs/flake-module.nix + ./tests/flake-module.nix + ./modules/flake-module.nix + ./machines/flake-module.nix + ./dev/flake-module.nix + ]; +} diff --git a/nix/machines/core/common.nix b/nix/machines/core/common.nix index f40093e8..583c2eeb 100644 --- a/nix/machines/core/common.nix +++ b/nix/machines/core/common.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: { # If not present then warning and will be set to latest release during build @@ -22,7 +22,7 @@ ldns bind kea - scaleInventory + inputs.self.packages.${pkgs.system}.scaleInventory vim git ]; @@ -49,7 +49,7 @@ kea = { dhcp4 = { enable = true; - configFile = "${pkgs.scaleInventory}/config/kea.json"; + configFile = "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/kea.json"; }; }; }; diff --git a/nix/machines/core/master.nix b/nix/machines/core/master.nix index c7dd15b7..5d35be09 100644 --- a/nix/machines/core/master.nix +++ b/nix/machines/core/master.nix @@ -1,6 +1,6 @@ -{ config, lib, pkgs, self, ... }: +{ config, lib, pkgs, inputs, ... }: let - zoneSerial = toString self.lastModified; + zoneSerial = toString inputs.self.lastModified; in { @@ -18,7 +18,7 @@ in ''; }; - # Make sure that the makes of these files are actually lexicographically before 99-default.link provides by systemd defaults since first match wins + # Make sure that the nix/machines/core/master.nixmakes of these files are actually lexicographically before 99-default.link provides by systemd defaults since first match wins # Ref: https://github.com/systemd/systemd/issues/9227#issuecomment-395500679 systemd.network = { enable = true; @@ -56,7 +56,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${pkgs.scaleInventory}/config/db.scale.lan.records") + (builtins.readFile "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/db.scale.lan.records") ]); }; "10.in-addr.arpa." = { @@ -76,7 +76,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${pkgs.scaleInventory}/config/db.ipv4.arpa.records") + (builtins.readFile "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/db.ipv4.arpa.records") ]); }; # 2001:470:f026:: @@ -97,7 +97,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${pkgs.scaleInventory}/config/db.ipv6.arpa.records") + (builtins.readFile "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/db.ipv6.arpa.records") ]); }; }; diff --git a/nix/machines/flake-module.nix b/nix/machines/flake-module.nix new file mode 100644 index 00000000..47879ab2 --- /dev/null +++ b/nix/machines/flake-module.nix @@ -0,0 +1,63 @@ +{ lib, inputs, ... }: + +let + # All scale common modules + system = "x86_64-linux"; + common = { + imports = [ + inputs.self.nixosModules.bhyve-image + ./_common/users.nix + ]; + }; +in +{ + flake.nixosConfigurations = + { + loghost = lib.nixosSystem { + inherit system; + modules = [ + common + ./loghost.nix + ]; + specialArgs = { inherit inputs; }; + }; + massflash = lib.nixosSystem { + inherit system; + modules = [ + ({ modulesPath, ... }: { + imports = [ + "${ toString modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + ]; + }) + ./massflash.nix + ]; + specialArgs = { inherit inputs; }; + }; + coreMaster = lib.nixosSystem { + inherit system; + modules = [ + common + ./core/master.nix + ]; + specialArgs = { inherit inputs; }; + }; + coreSlave = lib.nixosSystem { + inherit system; + modules = [ + common + ./core/slave.nix + ]; + specialArgs = { inherit inputs; }; + }; + signs = lib.nixosSystem { + inherit system; + modules = [ + common + ./signs.nix + ]; + specialArgs = { inherit inputs; }; + }; + }; + + +} diff --git a/nix/machines/massflash.nix b/nix/machines/massflash.nix index bcf139fe..d21b0126 100644 --- a/nix/machines/massflash.nix +++ b/nix/machines/massflash.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: let addtobr = pkgs.writeShellScriptBin "addtobr" '' [ -z "$1" ] && echo "Please pass in network device" && exit 1 @@ -112,7 +112,7 @@ in expect git kea - massflash + inputs.self.packages.${pkgs.system}.massflash unixtools.ping tmux vim @@ -153,7 +153,7 @@ in "hooks-libraries": [{ "library": "${pkgs.kea}/lib/kea/hooks/libdhcp_run_script.so", "parameters": { - "name": "${pkgs.massflash}/bin/massflash", + "name": "${inputs.self.packages.${pkgs.system}.massflash}/bin/massflash", "sync": false } }] diff --git a/nix/modules/flake-module.nix b/nix/modules/flake-module.nix new file mode 100644 index 00000000..2cb4c1fa --- /dev/null +++ b/nix/modules/flake-module.nix @@ -0,0 +1,3 @@ +{ + flake.nixosModules.bhyve-image = ./bhyve-image.nix; +} diff --git a/nix/pkgs/flake-module.nix b/nix/pkgs/flake-module.nix new file mode 100644 index 00000000..f7d38b13 --- /dev/null +++ b/nix/pkgs/flake-module.nix @@ -0,0 +1,8 @@ +{ + perSystem = { pkgs, ... }: { + packages = { + massflash = pkgs.callPackage ./massflash.nix { }; + scaleInventory = pkgs.callPackage ./scaleInventory.nix { }; + }; + }; +} diff --git a/nix/pkgs/scaleInventory.nix b/nix/pkgs/scaleInventory.nix index 2de82514..4c8ce43b 100644 --- a/nix/pkgs/scaleInventory.nix +++ b/nix/pkgs/scaleInventory.nix @@ -1,9 +1,8 @@ { stdenvNoCC , copyPathsToStore , lib -, python310 +, python3 , python310Packages -, jq }: let local_manifests = copyPathsToStore [ @@ -16,7 +15,7 @@ stdenvNoCC.mkDerivation { name = "scaleInventory"; - propagatedBuildInputs = [ python310 python310Packages.jinja2 ]; + propagatedBuildInputs = [ python3 python310Packages.jinja2 ]; buildCommand = '' mkdir $out diff --git a/nix/tests/allTests.nix b/nix/tests/allTests.nix deleted file mode 100644 index 04844e56..00000000 --- a/nix/tests/allTests.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ nixosTest }: -rec { - loghost = nixosTest (import ./loghost.nix); - core = nixosTest (import ./core.nix); -} diff --git a/nix/tests/core.nix b/nix/tests/core.nix index 5b55fe1e..bbf9494b 100644 --- a/nix/tests/core.nix +++ b/nix/tests/core.nix @@ -1,9 +1,13 @@ +{ inputs, ... }: + { name = "core"; + nodes = { coreServer = { lib, ... }: { + _module.args = { inherit inputs; }; imports = [ ../machines/core/master.nix ]; - } // { + virtualisation.vlans = [ 1 ]; virtualisation.graphics = false; systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; @@ -19,7 +23,7 @@ }; }; - client1 = { config, pkgs, ... }: { + client1 = { pkgs, ... }: { virtualisation.vlans = [ 1 ]; systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; networking = { @@ -36,20 +40,22 @@ }; }; - testScript = let - coreServerIp = "10.0.3.5"; - clientDefaultRoute = "10.0.3.1"; - in '' - start_all() - coreServer.wait_for_unit("systemd-networkd-wait-online.service") - coreServer.succeed("kea-dhcp4 -t /etc/kea/dhcp4-server.conf") - client1.wait_for_unit("systemd-networkd-wait-online.service") - client1.wait_until_succeeds("ping -c 5 ${coreServerIp}") - client1.wait_until_succeeds("ip route show | grep default | grep -w ${clientDefaultRoute}") - # Have to wrap drill since retcode isnt necessarily 1 on query failure - client1.wait_until_succeeds("test ! -z \"$(drill -Q -z scale.lan SOA)\"") - client1.wait_until_succeeds("test ! -z \"$(drill -Q -z coreexpo.scale.lan A)\"") - client1.wait_until_succeeds("test ! -z \"$(drill -Q -z coreexpo.scale.lan AAAA)\"") - client1.wait_until_succeeds("test ! -z \"$(drill -Q -z -x ${coreServerIp})\"") - ''; + testScript = + let + coreServerIp = "10.0.3.5"; + clientDefaultRoute = "10.0.3.1"; + in + '' + start_all() + coreServer.wait_for_unit("systemd-networkd-wait-online.service") + coreServer.succeed("kea-dhcp4 -t /etc/kea/dhcp4-server.conf") + client1.wait_for_unit("systemd-networkd-wait-online.service") + client1.wait_until_succeeds("ping -c 5 ${coreServerIp}") + client1.wait_until_succeeds("ip route show | grep default | grep -w ${clientDefaultRoute}") + # Have to wrap drill since retcode isnt necessarily 1 on query failure + client1.wait_until_succeeds("test ! -z \"$(drill -Q -z scale.lan SOA)\"") + client1.wait_until_succeeds("test ! -z \"$(drill -Q -z coreexpo.scale.lan A)\"") + client1.wait_until_succeeds("test ! -z \"$(drill -Q -z coreexpo.scale.lan AAAA)\"") + client1.wait_until_succeeds("test ! -z \"$(drill -Q -z -x ${coreServerIp})\"") + ''; } diff --git a/nix/tests/flake-module.nix b/nix/tests/flake-module.nix new file mode 100644 index 00000000..2279751c --- /dev/null +++ b/nix/tests/flake-module.nix @@ -0,0 +1,34 @@ +{ withSystem, inputs, ... }: + +{ + flake.checks.x86_64-linux = withSystem "x86_64-linux" ({ pkgs, ... }: { + core = pkgs.testers.runNixOSTest (import ./core.nix { inherit inputs; }); + loghost = pkgs.testers.runNixOSTest ./loghost.nix; + }); + + perSystem = { pkgs, lib, ... }: { + checks = { + # python tests for the data found in facts + # disabling persistence and cache for py utils to avoid warnings + # since caching is taken care of by nix + pytest-facts = (pkgs.runCommand "pytest-facts" { } '' + cp -r --no-preserve=mode ${pkgs.lib.cleanSource inputs.self}/* . + cd facts + ${pkgs.python3Packages.pylint}/bin/pylint --persistent n *.py + ${pkgs.python3Packages.pytest}/bin/pytest -vv -p no:cacheprovider + touch $out + ''); + + perl-switches = (pkgs.runCommand "perl-switches" + { + buildInputs = [ pkgs.gnumake pkgs.perl ]; + } '' + cp -r --no-preserve=mode ${lib.cleanSource inputs.self}/* . + cd switch-configuration + make .lint + make .build-switch-configs + touch $out + ''); + }; + }; +} diff --git a/nix/tests/loghost.nix b/nix/tests/loghost.nix index bac84ea1..0c7d2acc 100644 --- a/nix/tests/loghost.nix +++ b/nix/tests/loghost.nix @@ -1,6 +1,8 @@ { name = "loghost"; - nodes.machine1 = { ... }: { imports = [ ../machines/loghost.nix ]; } // { + + nodes.machine1 = { + imports = [ ../machines/loghost.nix ]; virtualisation.graphics = false; }; diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 542815ae..00000000 --- a/shell.nix +++ /dev/null @@ -1,18 +0,0 @@ -# Leverage the nix flake devShell to get pinned nixpkgs -{ pkgs ? import {} }: - -with pkgs; - -let - scale_python = python310.withPackages - (pythonPackages: with pythonPackages; [ pytest pylint ipdb ]); - - # Trying to keep these pkg sets separate for later - global = [ bash curl git jq kermit screen glibcLocales ] ++ [ scale_python ]; - ansible_sub = [ansible_2_12 ansible-lint]; - openwrt_sub = [ expect gomplate magic-wormhole tftp-hpa nettools unixtools.ping iperf3 ncurses ncurses.dev pkg-config gcc stdenv ]; - network_sub = [ perl534 ]; -in -mkShell { - buildInputs = [ global ] ++ [ ansible_sub ] ++ [ openwrt_sub ] ++ [ network_sub ]; -} diff --git a/switch-configuration/Makefile b/switch-configuration/Makefile index f41bf085..5f187137 100644 --- a/switch-configuration/Makefile +++ b/switch-configuration/Makefile @@ -26,7 +26,7 @@ build-switch-configs: .build-switch-configs .build-switch-configs: .lint .secrets config/switchtypes config/types/* config/vlans config/vlans.d/* config/scripts/build_switch_configs.pl config/scripts/switch_template.pl cd config && \ - ./scripts/build_switch_configs.pl + perl scripts/build_switch_configs.pl touch .build-switch-configs # Make the switch-maps-bundle which is a collection of all the switch port maps