diff --git a/flake.lock b/flake.lock index ec3ddcd2..c6a3640a 100644 --- a/flake.lock +++ b/flake.lock @@ -21,26 +21,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1693611461, - "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -63,7 +43,7 @@ "inputs": { "flake-utils": "flake-utils", "nixpkgs": [ - "nixpkgs" + "nixpkgs-2405" ], "spectrum": [] }, @@ -82,7 +62,7 @@ "type": "github" } }, - "nixpkgs": { + "nixpkgs-2405": { "locked": { "lastModified": 1728500571, "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", @@ -93,8 +73,8 @@ }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", "repo": "nixpkgs", + "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", "type": "github" } }, @@ -117,9 +97,11 @@ "root": { "inputs": { "disko": "disko", - "flake-parts": "flake-parts", "microvm": "microvm", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs-2405" + ], + "nixpkgs-2405": "nixpkgs-2405", "nixpkgs-unstable": "nixpkgs-unstable", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index 8fbdf5fd..dde5bb83 100644 --- a/flake.nix +++ b/flake.nix @@ -2,38 +2,31 @@ nixConfig.bash-prompt = "\\[\\033[01;32m\\][nix-flakes \\W] \$\\[\\033[00m\\] "; inputs = { - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; - microvm = { - url = "github:sarcasticadmin/microvm.nix/rh/1707108673virtio"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.spectrum.follows = ""; - }; # Currently using this fork since the upstream seems to be causing an issue - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + disko.inputs.nixpkgs.follows = "nixpkgs-unstable"; + disko.url = "github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe"; + microvm.inputs.nixpkgs.follows = "nixpkgs-2405"; + microvm.inputs.spectrum.follows = ""; + # Currently using this fork since the upstream seems to be causing an issue + microvm.url = "github:sarcasticadmin/microvm.nix/rh/1707108673virtio"; + # nixpkgs-2405 has been pinned to this rev to maintain parity from before flake-parts was removed + # If you want to bump this input, change it back to `github:NixOS/nixpkgs/nixos-24.05` and lock the flake again + nixpkgs-2405.url = "github:NixOS/nixpkgs?rev=d51c28603def282a24fa034bcb007e2bcb5b5dd0"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - treefmt-nix = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; - disko = { - url = "github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; + nixpkgs.follows = "nixpkgs-2405"; + treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; + treefmt-nix.url = "github:numtide/treefmt-nix"; }; - outputs = - inputs: - (inputs.flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - imports = [ ./nix/flake-module.nix ]; - }) - // { - formatter = import ./nix/formatter inputs; - formatterModule = import ./nix/formatterModule inputs; - }; + outputs = inputs: { + checks = import ./nix/checks inputs; + devShells = import ./nix/dev-shells inputs; + formatter = import ./nix/formatter inputs; + formatterModule = import ./nix/formatterModule inputs; + legacyPackages = import ./nix/legacy-packages inputs; + library = import ./nix/library inputs; + nixosConfigurations = import ./nix/nixos-configurations inputs; + nixosModules = import ./nix/nixos-modules inputs; + overlays = import ./nix/overlays inputs; + packages = import ./nix/packages inputs; + }; } diff --git a/nix/tests/core.nix b/nix/checks/core.nix similarity index 96% rename from nix/tests/core.nix rename to nix/checks/core.nix index 7e49a134..c93ad426 100644 --- a/nix/tests/core.nix +++ b/nix/checks/core.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, ... }: +{ inputs }: let chomp = "103"; prefix = "2001:470:f026:${chomp}"; @@ -75,11 +75,11 @@ in inherit inputs; }; imports = [ - ../machines/core/master.nix - ../modules/facts.nix + ../nixos-configurations/core-master/configuration.nix + ../nixos-modules/facts.nix ]; - facts = lib.mkForce { + scale-network.facts = lib.mkForce { ipv4 = "${coremasterAddr.ipv4}/24"; ipv6 = "${coremasterAddr.ipv6}/64"; eth = "eth1"; @@ -89,7 +89,7 @@ in systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; systemd.network = { networks = { - # Override the phyiscal interface config + # Override the physical interface config "10-lan" = lib.mkForce { name = "eth1"; enable = true; diff --git a/nix/checks/default.nix b/nix/checks/default.nix new file mode 100644 index 00000000..15245e91 --- /dev/null +++ b/nix/checks/default.nix @@ -0,0 +1,93 @@ +inputs: +let + inherit (inputs.nixpkgs) + lib + ; + + inherit (lib.attrsets) + genAttrs + ; + + inherit (lib.sources) + cleanSource + ; +in +genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + ( + system: + let + pkgs = inputs.self.legacyPackages.${system}; + in + { + core = pkgs.testers.runNixOSTest (import ./core.nix { inherit inputs; }); + loghost = pkgs.testers.runNixOSTest ./loghost.nix; + + pytest-facts = + let + testPython = ( + pkgs.python3.withPackages ( + pythonPackages: with pythonPackages; [ + pylint + pytest + jinja2 + ] + ) + ); + in + (pkgs.runCommand "pytest-facts" { } '' + cp -r --no-preserve=mode ${cleanSource inputs.self}/* . + cd facts + ${testPython}/bin/pylint --persistent n *.py + ${testPython}/bin/pytest -vv -p no:cacheprovider + touch $out + ''); + + duplicates-facts = ( + pkgs.runCommand "duplicates-facts" { buildInputs = [ pkgs.fish ]; } '' + cp -r --no-preserve=mode ${cleanSource inputs.self}/* . + cd facts + fish test_duplicates.fish + touch $out + '' + ); + + perl-switches = ( + pkgs.runCommand "perl-switches" + { + buildInputs = [ + pkgs.gnumake + pkgs.perl + ]; + } + '' + cp -r --no-preserve=mode ${cleanSource inputs.self}/* . + cd switch-configuration + make .lint + make .build-switch-configs + touch $out + '' + ); + + openwrt-golden = + pkgs.runCommand "openwrt-golden" + { + buildInputs = [ + pkgs.diffutils + pkgs.gomplate + ]; + } + '' + cp -r --no-preserve=mode ${cleanSource inputs.self}/* . + cd tests/unit/openwrt + mkdir -p $out/tmp/ar71xx + ${pkgs.bash}/bin/bash test.sh -t ar71xx -o $out + ''; + + formatting = inputs.self.formatterModule.${system}.config.build.check inputs.self; + + } + ) diff --git a/nix/tests/loghost.nix b/nix/checks/loghost.nix similarity index 82% rename from nix/tests/loghost.nix rename to nix/checks/loghost.nix index 0c7d2acc..8368bc0f 100644 --- a/nix/tests/loghost.nix +++ b/nix/checks/loghost.nix @@ -2,7 +2,9 @@ name = "loghost"; nodes.machine1 = { - imports = [ ../machines/loghost.nix ]; + imports = [ + ../nixos-configurations/loghost/base.nix + ]; virtualisation.graphics = false; }; diff --git a/nix/dev-shells/default.nix b/nix/dev-shells/default.nix new file mode 100644 index 00000000..73e04d7b --- /dev/null +++ b/nix/dev-shells/default.nix @@ -0,0 +1,75 @@ +inputs: +inputs.nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + ( + system: + let + pkgs = inputs.self.legacyPackages.${system}; + + scalePython = [ + (pkgs.python3.withPackages ( + ps: with ps; [ + pytest + pylint + ipdb + ] + )) + ]; + + global = with pkgs; [ + bash + curl + fish + git + jq + kermit + screen + glibcLocales + ]; + + openwrtSub = with pkgs; [ + expect + gomplate + magic-wormhole + tftp-hpa + nettools + unixtools.ping + iperf3 + ncurses + ncurses.dev + pkg-config + gcc + stdenv + scale-network.serverspec + ]; + + networkSub = with pkgs; [ + perl + ghostscript + ]; + in + { + scalePython = pkgs.mkShellNoCC { + packages = scalePython; + }; + + global = pkgs.mkShellNoCC { + packages = global; + }; + + openwrtSub = pkgs.mkShellNoCC { + packages = openwrtSub; + }; + + networkSub = pkgs.mkShellNoCC { + packages = networkSub; + }; + + default = pkgs.mkShellNoCC { + packages = (scalePython ++ global ++ openwrtSub ++ networkSub); + }; + } + ) diff --git a/nix/dev/flake-module.nix b/nix/dev/flake-module.nix deleted file mode 100644 index c45a3eed..00000000 --- a/nix/dev/flake-module.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { pkgs, ... }: - let - scale_python = pkgs.python3.withPackages ( - p: with p; [ - pytest - pylint - ipdb - ] - ); - - # Trying to keep these pkg sets separate for later - global = with pkgs; [ - bash - curl - fish - git - jq - kermit - screen - glibcLocales - (pkgs.python3.withPackages ( - p: with p; [ - pytest - pylint - ipdb - ] - )) - ]; - openwrt_sub = with pkgs; [ - expect - gomplate - magic-wormhole - tftp-hpa - nettools - unixtools.ping - iperf3 - ncurses - ncurses.dev - pkg-config - gcc - stdenv - inputs.self.packages.${pkgs.system}.serverspec - ]; - network_sub = with pkgs; [ - perl - ghostscript - ]; - in - { - devShells.default = pkgs.mkShell { - packages = global ++ openwrt_sub ++ network_sub; - }; - }; -} diff --git a/nix/flake-module.nix b/nix/flake-module.nix deleted file mode 100644 index 781cba8f..00000000 --- a/nix/flake-module.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - ./pkgs/flake-module.nix - ./tests/flake-module.nix - ./modules/flake-module.nix - ./machines/flake-module.nix - ./dev/flake-module.nix - ]; -} diff --git a/nix/legacy-packages/default.nix b/nix/legacy-packages/default.nix new file mode 100644 index 00000000..42474297 --- /dev/null +++ b/nix/legacy-packages/default.nix @@ -0,0 +1,13 @@ +inputs: +inputs.nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + ( + system: + import inputs.nixpkgs { + inherit system; + overlays = [ inputs.self.overlays.default ]; + } + ) diff --git a/nix/library/default.nix b/nix/library/default.nix new file mode 100644 index 00000000..45578f55 --- /dev/null +++ b/nix/library/default.nix @@ -0,0 +1,33 @@ +inputs: +let + inherit (inputs.nixpkgs-unstable) lib; + + inherit (lib.attrsets) + mapAttrs' + nameValuePair + ; + + inherit (lib.strings) + splitString + substring + toLower + toUpper + concatMapStrings + ; +in +rec { + + mutFirstChar = + f: s: + let + firstChar = f (substring 0 1 s); + rest = substring 1 (-1) s; + in + firstChar + rest; + + kebabToCamel = + s: mutFirstChar toLower (concatMapStrings (mutFirstChar toUpper) (splitString "-" s)); + + attrNamesKebabToCamel = mapAttrs' (name: value: nameValuePair (kebabToCamel name) value); + +} diff --git a/nix/machines/_common/base.nix b/nix/machines/_common/base.nix deleted file mode 100644 index 88a46ce0..00000000 --- a/nix/machines/_common/base.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ config, pkgs, ... }: -{ - # default to stateVersion for current lock - system.stateVersion = config.system.nixos.version; - - # remove the annoying experimental warnings - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - environment.systemPackages = with pkgs; [ - bc - binutils - btop - cachix - curl - dig - dmidecode - file - git - git-lfs - gptfdisk # sgdisk, sfdisk, etc. - inetutils # telnet,ftp,etc - iproute2 - jq - lsof - mtr - nmap - openssh - openssl - pciutils - psmisc # fuser - silver-searcher - strace - tcpdump - tmux - usbutils - unixtools.nettools - wget - ((vim_configurable.override { }).customize { - name = "vim"; - # Install plugins for syntax highlighting of nix files - vimrcConfig.packages.myplugins = with pkgs.vimPlugins; { - start = [ - vim-nix - ]; - opt = [ ]; - }; - vimrcConfig.customRC = '' - " Turn on syntax highlighting by default - syntax on - " Disable mouse - set mouse-=a - ''; - }) - ]; - - # Purge nano from being the default - environment.variables = { - EDITOR = "vim"; - }; - - # set 24h military time - i18n.extraLocaleSettings = { - LC_TIME = "C.UTF-8"; - }; - - # Force noXlibs per recommendation in microVMs - # ref: https://github.com/astro/microvm.nix/issues/167 - environment.noXlibs = false; -} diff --git a/nix/machines/_common/prometheus.nix b/nix/machines/_common/prometheus.nix deleted file mode 100644 index 0b2ac413..00000000 --- a/nix/machines/_common/prometheus.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: -let - port = 9100; -in -{ - networking.firewall.allowedTCPPorts = [ port ]; - - services.prometheus.exporters.node = { - enable = true; - port = port; - enabledCollectors = [ - "logind" - "systemd" - "network_route" - ]; - disabledCollectors = [ - "textfile" - ]; - }; -} diff --git a/nix/machines/_common/ssh/vm.nix b/nix/machines/_common/ssh/vm.nix deleted file mode 100644 index 9743ad51..00000000 --- a/nix/machines/_common/ssh/vm.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - services.openssh = { - enable = true; - hostKeys = [ - { - path = "/var/lib/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/var/lib/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; -} diff --git a/nix/machines/_common/time.nix b/nix/machines/_common/time.nix deleted file mode 100644 index 753b7ac9..00000000 --- a/nix/machines/_common/time.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - # Sets the default timeservers for everything thats using the default: systemd-timesyncd - networking.timeServers = [ - "ntpconf.scale.lan" - "ntpexpo.scale.lan" - ]; -} diff --git a/nix/machines/_common/users.nix b/nix/machines/_common/users.nix deleted file mode 100644 index aab0beaa..00000000 --- a/nix/machines/_common/users.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - - security.sudo = { - extraConfig = '' - Defaults rootpw - Defaults lecture="never" - ''; - }; - - users.mutableUsers = false; - users.extraUsers.root.hashedPassword = "$6$3Hm/K5fbR3UEMK6H$3aaegtdwvejGk9Bk0ttN5bNJn4z2Yt6LWXD3nGI7.44Pbm7A1TpKuxG9XQLwsj7M9NEk8eB5Exg0qVRV//6br/"; - - users.users = { - rob = { - isNormalUser = true; - uid = 2005; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEiESod7DOT2cmT2QEYjBIrzYqTDnJLld1em3doDROq" - ]; - }; - owen = { - isNormalUser = true; - uid = 2006; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjcUJLTENGrV6K/nrPOswcBVMMuS4sLSs0UyTRw8wU87PDUzJz8Ht2SgHqeEQJdRm1+b6iLsx2uKOf+/pU8qE= root@kiev.delong.com" - ]; - }; - dlang = { - isNormalUser = true; - uid = 2008; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqPnzsYPKyURdnUpZx1nt9RFQjaz9q7m5wh525Crsho" - ]; - }; - kylerisse = { - isNormalUser = true; - uid = 2007; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcTYYr/TGH4vRCaY4WU4Qc7RlzzBOHv2XYxGwCzV+fg p" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX8NM1OQECwhNTQE0qAm422uq9L0i0Y/hvPPc4tHIOX a" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlEPbMnefiPfCTKb9lOzPzfnOVAohO08myWWMm9EJxZ" - ]; - }; - ruebenramirez = { - isNormalUser = true; - uid = 2009; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkQS5ohCDizq24WfDgP/dEOonD/0WfrI0EAZFCyS0Ea" - ]; - }; - rhamel = { - isNormalUser = true; - uid = 2010; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVZ7n1EOezedsbphq5atGtHm11xeGpLZBzEbgV7eZdb" - ]; - }; - jsh = { - isNormalUser = true; - uid = 2011; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfK7f1WvpQRhhB6UFeTOY5cB5uCzHFgP1DZZMwf75WZ" - ]; - }; - }; - -} diff --git a/nix/machines/bootstrap/default.nix b/nix/machines/bootstrap/default.nix deleted file mode 100644 index 7df9dc31..00000000 --- a/nix/machines/bootstrap/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, pkgs, ... }: -let - # without readFile the bootstrap script is not executable because its referenced to its path as regular file in the store - # ref: https://discourse.nixos.org/t/cannot-run-basic-shell-using-writeshellscriptbin/28835/2 - mybootstrap = pkgs.writeShellScriptBin "mybootstrap" (builtins.readFile ./bootstrap.sh); -in -{ - # remove the annoying experimental warnings - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - networking = { - # use systemd.networkd - useNetworkd = true; - useDHCP = false; - firewall.enable = true; - }; - - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "eno1"; - enable = true; - networkConfig.DHCP = "yes"; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - wget - git - vim - efibootmgr - gptfdisk - screen - mybootstrap - ]; - - services.openssh = { - enable = true; - openFirewall = true; - }; -} diff --git a/nix/machines/devServer/default.nix b/nix/machines/devServer/default.nix deleted file mode 100644 index e568be70..00000000 --- a/nix/machines/devServer/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./libvirt.nix - ./gitlab.nix - ]; - # remove the annoying experimental warnings - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - networking = { - useNetworkd = true; - useDHCP = false; - firewall.enable = true; - }; - - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "eno1"; - enable = true; - networkConfig.DHCP = "yes"; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - wget - git - vim - efibootmgr - gptfdisk - screen - ]; - - services.openssh = { - enable = true; - openFirewall = true; - }; -} diff --git a/nix/machines/devServer/gitlab.nix b/nix/machines/devServer/gitlab.nix deleted file mode 100644 index 51e5e1b1..00000000 --- a/nix/machines/devServer/gitlab.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - services.gitlab-runner = { - enable = true; - gracefulTermination = true; - services = { - shell = { - # make sure this is a quote path so it doesnt end up in /nix/store - authenticationTokenConfigFile = "/persist/etc/gitlab/shellAuthToken.env"; - executor = "shell"; - }; - }; - }; - - # include for gl-runner cli - environment.systemPackages = [ pkgs.gitlab-runner ]; -} diff --git a/nix/machines/devServer/libvirt.nix b/nix/machines/devServer/libvirt.nix deleted file mode 100644 index 4e08f186..00000000 --- a/nix/machines/devServer/libvirt.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: -{ - security.polkit.enable = true; - - virtualisation.libvirtd = { - enable = true; - qemu = { - ovmf.enable = true; - runAsRoot = false; - }; - onBoot = "ignore"; - onShutdown = "shutdown"; - }; - - # Add any users in the 'wheel' group to the 'libvirt' group. - users.groups.libvirt.members = builtins.filter ( - x: builtins.elem "wheel" config.users.users."${x}".extraGroups - ) (builtins.attrNames config.users.users); -} diff --git a/nix/machines/flake-module.nix b/nix/machines/flake-module.nix deleted file mode 100644 index 8f8fc32c..00000000 --- a/nix/machines/flake-module.nix +++ /dev/null @@ -1,156 +0,0 @@ -{ lib, inputs, ... }: - -let - # All scale common modules - system = "x86_64-linux"; - common = { - imports = [ - inputs.microvm.nixosModules.microvm - inputs.self.nixosModules.facts - ./_common - ./_common/time.nix - ./_common/ssh/vm.nix - ]; - }; -in -{ - flake.nixosConfigurations = { - bootstrapImage = lib.nixosSystem { - inherit system; - modules = [ - ( - { modulesPath, ... }: - { - imports = [ - "${toString modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" - ]; - } - ) - ./_common/base.nix - ./_common/users.nix - ./bootstrap - ]; - }; - devServer = lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - inputs.disko.nixosModules.disko - ./devServer/disko.nix - ./_common/base.nix - ./_common/users.nix - ./devServer/default.nix - ./devServer/hardware-configuration.nix - ]; - }; - loghost = lib.nixosSystem { - inherit system; - modules = [ - common - ./loghost.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - monitor = lib.nixosSystem { - inherit system; - modules = [ - common - ./monitor/monitor.nix - ./monitor/microvm-config.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - massflash = lib.nixosSystem { - inherit system; - modules = [ - ( - { modulesPath, ... }: - { - imports = [ - "${toString modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" - ]; - } - ) - ./_common/base.nix - ./_common/users.nix - ./massflash.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - coreMaster = lib.nixosSystem { - inherit system; - modules = [ - common - ./core/microvm-config.nix - ./core/master.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - coreSlave = lib.nixosSystem { - inherit system; - modules = [ - common - ./core/microvm-config.nix - ./core/slave.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - hypervisor1 = lib.nixosSystem { - inherit system; - modules = [ - ./_common - inputs.microvm.nixosModules.host - ./hypervisor/hypervisor1.nix - ./hypervisor/hardware-configuration.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - hypervisor2 = lib.nixosSystem { - inherit system; - modules = [ - ./_common - inputs.microvm.nixosModules.host - ./hypervisor/hypervisor2.nix - ./hypervisor/hardware-configuration.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - signs = lib.nixosSystem { - inherit system; - modules = [ - common - ./signs/microvm-config.nix - ./signs/signs.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - cache = lib.nixosSystem { - inherit system; - modules = [ - common - ./cache/microvm-config.nix - ./cache/cache.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - - }; - -} diff --git a/nix/machines/hypervisor/libvirt.nix b/nix/machines/hypervisor/libvirt.nix deleted file mode 100644 index 4e08f186..00000000 --- a/nix/machines/hypervisor/libvirt.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: -{ - security.polkit.enable = true; - - virtualisation.libvirtd = { - enable = true; - qemu = { - ovmf.enable = true; - runAsRoot = false; - }; - onBoot = "ignore"; - onShutdown = "shutdown"; - }; - - # Add any users in the 'wheel' group to the 'libvirt' group. - users.groups.libvirt.members = builtins.filter ( - x: builtins.elem "wheel" config.users.users."${x}".extraGroups - ) (builtins.attrNames config.users.users); -} diff --git a/nix/machines/loghost.nix b/nix/machines/loghost.nix deleted file mode 100644 index 4b74ce0a..00000000 --- a/nix/machines/loghost.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - - boot.kernelParams = [ "console=ttyS0" ]; - - networking = { - firewall.allowedTCPPorts = [ 514 ]; - }; - - # TODO: How to handle sudo esculation - security.sudo.wheelNeedsPassword = false; - - environment.systemPackages = with pkgs; [ - rsyslog - vim - git - ]; - - # Easy test of the service using logger - # logger -n 127.0.0.1 -P 514 --tcp "simple test" - # cat /var/log/rsyslog//root.log - services.rsyslogd = { - enable = true; - defaultConfig = '' - module(load="imtcp") - input(type="imtcp" port="514") - - $template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log" - *.* ?RemoteLogs - & ~ - ''; - }; -} diff --git a/nix/modules/flake-module.nix b/nix/modules/flake-module.nix deleted file mode 100644 index a6de6716..00000000 --- a/nix/modules/flake-module.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - flake.nixosModules.bhyve-image = ./bhyve-image.nix; - flake.nixosModules.facts = ./facts.nix; -} diff --git a/nix/machines/bootstrap/bootstrap.sh b/nix/nixos-configurations/bootstrap-image/bootstrap.sh similarity index 100% rename from nix/machines/bootstrap/bootstrap.sh rename to nix/nixos-configurations/bootstrap-image/bootstrap.sh diff --git a/nix/nixos-configurations/bootstrap-image/default.nix b/nix/nixos-configurations/bootstrap-image/default.nix new file mode 100644 index 00000000..8d3ca57b --- /dev/null +++ b/nix/nixos-configurations/bootstrap-image/default.nix @@ -0,0 +1,73 @@ +{ + release = "2405"; + + modules = + { + modulesPath, + pkgs, + ... + }: + let + mybootstrap = pkgs.writeShellScriptBin "mybootstrap" (builtins.readFile ./bootstrap.sh); + in + { + imports = [ + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = true; + }; + + systemd.network = { + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "eno1"; + enable = true; + networkConfig.DHCP = "yes"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + wget + git + vim + efibootmgr + gptfdisk + screen + mybootstrap + ]; + + services.openssh = { + enable = true; + openFirewall = true; + }; + + }; + }; +} diff --git a/nix/machines/cache/cachecache.nix b/nix/nixos-configurations/cache/cachecache.nix similarity index 100% rename from nix/machines/cache/cachecache.nix rename to nix/nixos-configurations/cache/cachecache.nix diff --git a/nix/machines/cache/cache.nix b/nix/nixos-configurations/cache/configuration.nix similarity index 97% rename from nix/machines/cache/cache.nix rename to nix/nixos-configurations/cache/configuration.nix index ddef479c..58e6bdc3 100644 --- a/nix/machines/cache/cache.nix +++ b/nix/nixos-configurations/cache/configuration.nix @@ -1,6 +1,4 @@ { - config, - lib, pkgs, ... }: diff --git a/nix/nixos-configurations/cache/default.nix b/nix/nixos-configurations/cache/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/cache/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/cache/microvm-config.nix b/nix/nixos-configurations/cache/microvm-config.nix similarity index 100% rename from nix/machines/cache/microvm-config.nix rename to nix/nixos-configurations/cache/microvm-config.nix diff --git a/nix/nixos-configurations/core-master/common.nix b/nix/nixos-configurations/core-master/common.nix new file mode 100644 index 00000000..7d861cc9 --- /dev/null +++ b/nix/nixos-configurations/core-master/common.nix @@ -0,0 +1,92 @@ +{ + config, + lib, + options, + pkgs, + ... +}: + +{ + boot.kernelParams = [ "console=ttyS0" ]; + + # disable legacy networking bits as recommended by: + # https://github.com/NixOS/nixpkgs/issues/10001#issuecomment-905532069 + # https://github.com/NixOS/nixpkgs/blob/82935bfed15d680aa66d9020d4fe5c4e8dc09123/nixos/tests/systemd-networkd-dhcpserver.nix + networking = { + useDHCP = false; + useNetworkd = true; + firewall.allowedTCPPorts = [ + 53 + 67 + 68 + ]; + firewall.allowedUDPPorts = [ + 53 + 67 + 68 + 123 + 547 + ]; + }; + + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + ldns + bind + kea + scale-network.scaleInventory + vim + git + ]; + + environment.etc."bind/named.conf".source = config.services.bind.configFile; + + systemd.services.bind = + let + # Get original config + cfg = config.services.bind; + in + { + serviceConfig.ExecStart = lib.mkForce "${cfg.package.out}/sbin/named -u named ${lib.strings.optionalString cfg.ipv4Only "-4"} -c /etc/bind/named.conf -f"; + restartTriggers = [ + cfg.configFile + ]; + }; + + services = { + resolved.enable = false; + kea = { + dhcp4 = { + enable = true; + configFile = "${pkgs.scale-network.scaleInventory}/config/dhcp4-server.conf"; + }; + dhcp6 = + let + dhcp6PopulateConfig = pkgs.runCommand "replace" { } '' + mkdir $out + cp ${pkgs.scale-network.scaleInventory}/config/dhcp6-server.conf $TMP/dhcp6-server.conf + substituteInPlace "$TMP/dhcp6-server.conf" \ + --replace '@@SERVERADDRESS@@' '${builtins.head (lib.splitString "/" config.scale-network.facts.ipv6)}' \ + --replace '@@INTERFACE@@' '${config.scale-network.facts.eth}' + cp $TMP/dhcp6-server.conf $out + ''; + + in + { + enable = true; + configFile = "${dhcp6PopulateConfig}/dhcp6-server.conf"; + }; + }; + ntp = { + enable = true; + # Default to time servers that are not Scales since we have to get time from somewhere + servers = options.networking.timeServers.default; + extraConfig = '' + # Hosts on the local network(s) are not permitted because of the "restrict default" + restrict 10.0.0.0/8 kod nomodify notrap nopeer + restrict 2001:470:f026::/48 kod nomodify notrap nopeer + ''; + }; + }; +} diff --git a/nix/machines/core/master.nix b/nix/nixos-configurations/core-master/configuration.nix similarity index 88% rename from nix/machines/core/master.nix rename to nix/nixos-configurations/core-master/configuration.nix index 4a857fef..037023c0 100644 --- a/nix/machines/core/master.nix +++ b/nix/nixos-configurations/core-master/configuration.nix @@ -14,7 +14,7 @@ in ./common.nix ]; - facts = { + scale-network.facts = { ipv4 = "10.128.3.5/24"; ipv6 = "2001:470:f026:503::5/64"; eth = "eth0"; @@ -41,8 +41,8 @@ in name = "e*0*"; enable = true; address = [ - config.facts.ipv4 - config.facts.ipv6 + config.scale-network.facts.ipv4 + config.scale-network.facts.ipv6 ]; routes = [ { routeConfig.Gateway = "10.128.3.1"; } @@ -84,9 +84,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/db.scale.lan.records") + (builtins.readFile "${pkgs.scale-network.scaleInventory}/config/db.scale.lan.records") ] ); }; @@ -108,9 +106,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/db.ipv4.arpa.records") + (builtins.readFile "${pkgs.scale-network.scaleInventory}/config/db.ipv4.arpa.records") ] ); }; @@ -133,9 +129,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/db.ipv6.arpa.records") + (builtins.readFile "${pkgs.scale-network.scaleInventory}/config/db.ipv6.arpa.records") ] ); }; diff --git a/nix/nixos-configurations/core-master/default.nix b/nix/nixos-configurations/core-master/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/core-master/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/core/microvm-config.nix b/nix/nixos-configurations/core-master/microvm-config.nix similarity index 100% rename from nix/machines/core/microvm-config.nix rename to nix/nixos-configurations/core-master/microvm-config.nix diff --git a/nix/machines/core/common.nix b/nix/nixos-configurations/core-slave/common.nix similarity index 83% rename from nix/machines/core/common.nix rename to nix/nixos-configurations/core-slave/common.nix index 26a39c51..85b3b41b 100644 --- a/nix/machines/core/common.nix +++ b/nix/nixos-configurations/core-slave/common.nix @@ -36,7 +36,7 @@ ldns bind kea - inputs.self.packages.${pkgs.system}.scaleInventory + scale-network.scaleInventory vim git ]; @@ -60,18 +60,16 @@ kea = { dhcp4 = { enable = true; - configFile = "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/dhcp4-server.conf"; + configFile = "${pkgs.scale-network.scaleInventory}/config/dhcp4-server.conf"; }; dhcp6 = let dhcp6PopulateConfig = pkgs.runCommand "replace" { } '' mkdir $out - cp ${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/dhcp6-server.conf $TMP/dhcp6-server.conf + cp ${pkgs.scale-network.scaleInventory}/config/dhcp6-server.conf $TMP/dhcp6-server.conf substituteInPlace "$TMP/dhcp6-server.conf" \ - --replace '@@SERVERADDRESS@@' '${builtins.head (lib.splitString "/" config.facts.ipv6)}' \ - --replace '@@INTERFACE@@' '${config.facts.eth}' + --replace '@@SERVERADDRESS@@' '${builtins.head (lib.splitString "/" config.scale-network.facts.ipv6)}' \ + --replace '@@INTERFACE@@' '${config.scale-network.facts.eth}' cp $TMP/dhcp6-server.conf $out ''; diff --git a/nix/machines/core/slave.nix b/nix/nixos-configurations/core-slave/configuration.nix similarity index 92% rename from nix/machines/core/slave.nix rename to nix/nixos-configurations/core-slave/configuration.nix index c961a8d1..ba6b7dc0 100644 --- a/nix/machines/core/slave.nix +++ b/nix/nixos-configurations/core-slave/configuration.nix @@ -9,7 +9,7 @@ imports = [ ./common.nix ]; - facts = { + scale-network.facts = { ipv4 = "10.0.3.5/24"; ipv6 = "2001:470:f026:103::5/64"; eth = "eth0"; @@ -32,8 +32,8 @@ name = "e*0"; enable = true; address = [ - config.facts.ipv4 - config.facts.ipv6 + config.scale-network.facts.ipv4 + config.scale-network.facts.ipv6 ]; routes = [ { routeConfig.Gateway = "10.0.3.1"; } @@ -57,7 +57,7 @@ "8.8.4.4" ]; extraOptions = '' - transfer-source-v6 ${builtins.head (lib.splitString "/" config.facts.ipv6)}; + transfer-source-v6 ${builtins.head (lib.splitString "/" config.scale-network.facts.ipv6)}; ''; zones = { "scale.lan." = { diff --git a/nix/nixos-configurations/core-slave/default.nix b/nix/nixos-configurations/core-slave/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/core-slave/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/nixos-configurations/core-slave/microvm-config.nix b/nix/nixos-configurations/core-slave/microvm-config.nix new file mode 100644 index 00000000..6d19c306 --- /dev/null +++ b/nix/nixos-configurations/core-slave/microvm-config.nix @@ -0,0 +1,29 @@ +{ config, ... }: + +{ + microvm.qemu.serialConsole = false; + microvm.qemu.extraArgs = [ + "-serial" + "pty" + ]; + + microvm.vcpu = 4; + microvm.mem = 8192; + microvm.interfaces = [ + { + type = "tap"; + id = "vm-${config.networking.hostName}"; + # Will eventually pull this from facts + mac = + if config.networking.hostName == "coremaster" then "4c:72:b9:7c:41:17" else "58:9c:fc:00:38:5f"; + } + ]; + + microvm.volumes = [ + { + image = "/persist/microvm/${config.networking.hostName}.img"; + mountPoint = "/var"; + size = 40000; + } + ]; +} diff --git a/nix/nixos-configurations/default.nix b/nix/nixos-configurations/default.nix new file mode 100644 index 00000000..ab76ecdb --- /dev/null +++ b/nix/nixos-configurations/default.nix @@ -0,0 +1,48 @@ +inputs: +let + inherit (builtins) + readDir + ; + + inherit (inputs.nixpkgs-unstable) lib; + + inherit (lib.attrsets) + filterAttrs + mapAttrs' + nameValuePair + ; + + inherit (lib.modules) + mkDefault + ; + + inherit (inputs.self.library) + kebabToCamel + ; +in +mapAttrs' ( + hostDirectory: _: + nameValuePair (kebabToCamel hostDirectory) ( + let + inherit (import ./${hostDirectory}) release modules; + in + inputs."nixpkgs-${release}".lib.nixosSystem { + modules = [ + ( + { ... }: + { + networking.hostName = mkDefault hostDirectory; + nixpkgs.overlays = [ inputs.self.overlays.default ]; + } + ) + inputs.disko.nixosModules.disko + inputs.self.nixosModules.default + modules + ]; + + specialArgs = { + inherit inputs; + }; + } + ) +) (filterAttrs (_: fileType: fileType == "directory") (readDir ./.)) diff --git a/nix/nixos-configurations/dev-server/default.nix b/nix/nixos-configurations/dev-server/default.nix new file mode 100644 index 00000000..cc02d11e --- /dev/null +++ b/nix/nixos-configurations/dev-server/default.nix @@ -0,0 +1,74 @@ +{ + release = "2405"; + + modules = + { + pkgs, + ... + }: + { + imports = [ + ./disko.nix + ./hardware-configuration.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + libvirt.enable = true; + services.gitlab.enable = true; + services.prometheus.enable = false; + services.ssh4vms.enable = false; + timeServers.enable = false; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = true; + }; + + systemd.network = { + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "eno1"; + enable = true; + networkConfig.DHCP = "yes"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + wget + git + vim + efibootmgr + gptfdisk + screen + ]; + + services.openssh = { + enable = true; + openFirewall = true; + }; + + }; + }; +} diff --git a/nix/machines/devServer/disko.nix b/nix/nixos-configurations/dev-server/disko.nix similarity index 100% rename from nix/machines/devServer/disko.nix rename to nix/nixos-configurations/dev-server/disko.nix diff --git a/nix/machines/devServer/hardware-configuration.nix b/nix/nixos-configurations/dev-server/hardware-configuration.nix similarity index 100% rename from nix/machines/devServer/hardware-configuration.nix rename to nix/nixos-configurations/dev-server/hardware-configuration.nix diff --git a/nix/machines/hypervisor/hypervisor1.nix b/nix/nixos-configurations/hypervisor1/configuration.nix similarity index 97% rename from nix/machines/hypervisor/hypervisor1.nix rename to nix/nixos-configurations/hypervisor1/configuration.nix index 10d30540..5e2b4253 100644 --- a/nix/machines/hypervisor/hypervisor1.nix +++ b/nix/nixos-configurations/hypervisor1/configuration.nix @@ -5,10 +5,6 @@ ... }: { - imports = [ - ./libvirt.nix - ]; - # ZFS uniq system ID # to generate: head -c4 /dev/urandom | od -A none -t x4 networking.hostId = "25c531dc"; diff --git a/nix/nixos-configurations/hypervisor1/default.nix b/nix/nixos-configurations/hypervisor1/default.nix new file mode 100644 index 00000000..d4b39cfb --- /dev/null +++ b/nix/nixos-configurations/hypervisor1/default.nix @@ -0,0 +1,37 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + inputs.microvm.nixosModules.host + ./configuration.nix + ./hardware-configuration.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + libvirt.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/hypervisor/hardware-configuration.nix b/nix/nixos-configurations/hypervisor1/hardware-configuration.nix similarity index 100% rename from nix/machines/hypervisor/hardware-configuration.nix rename to nix/nixos-configurations/hypervisor1/hardware-configuration.nix diff --git a/nix/machines/hypervisor/hypervisor2.nix b/nix/nixos-configurations/hypervisor2/configuration.nix similarity index 100% rename from nix/machines/hypervisor/hypervisor2.nix rename to nix/nixos-configurations/hypervisor2/configuration.nix diff --git a/nix/nixos-configurations/hypervisor2/default.nix b/nix/nixos-configurations/hypervisor2/default.nix new file mode 100644 index 00000000..83b0b8e1 --- /dev/null +++ b/nix/nixos-configurations/hypervisor2/default.nix @@ -0,0 +1,36 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + inputs.microvm.nixosModules.host + ./configuration.nix + ./hardware-configuration.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/nixos-configurations/hypervisor2/hardware-configuration.nix b/nix/nixos-configurations/hypervisor2/hardware-configuration.nix new file mode 100644 index 00000000..6b45a090 --- /dev/null +++ b/nix/nixos-configurations/hypervisor2/hardware-configuration.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + # *sas drivers required for Lenovo System x3650 M5 Machine Type: 8871AC1 + boot.initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + "mpt3sas" + "megaraid_sas" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "zroot/root"; + fsType = "zfs"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + options = [ "nofail" ]; + }; + fileSystems."/boot2" = { + device = "/dev/disk/by-label/BOOT2"; + fsType = "vfat"; + options = [ "nofail" ]; + }; + fileSystems."/nix" = { + device = "zroot/nix"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "zroot/home"; + fsType = "zfs"; + }; + + fileSystems."/persist" = { + device = "zroot/persist"; + fsType = "zfs"; + }; + + # Make sure we have a place to storage persistent volumes + system.activationScripts.persist_microvm = lib.stringAfter [ "stdio" ] '' + mkdir -m 750 -p /persist/microvm + chown microvm:kvm /persist/microvm + ''; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + boot.loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + mirroredBoots = [ + { + devices = [ "nodev" ]; + path = "/boot"; + } + { + devices = [ "nodev" ]; + path = "/boot2"; + } + ]; + }; +} diff --git a/nix/nixos-configurations/loghost/base.nix b/nix/nixos-configurations/loghost/base.nix new file mode 100644 index 00000000..d59f597b --- /dev/null +++ b/nix/nixos-configurations/loghost/base.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: +{ + config = { + boot.kernelParams = [ "console=ttyS0" ]; + + networking = { + firewall.allowedTCPPorts = [ 514 ]; + }; + + # TODO: How to handle sudo esculation + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + rsyslog + vim + git + ]; + + # Easy test of the service using logger + # logger -n 127.0.0.1 -P 514 --tcp "simple test" + # cat /var/log/rsyslog//root.log + services.rsyslogd = { + enable = true; + defaultConfig = '' + module(load="imtcp") + input(type="imtcp" port="514") + + $template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log" + *.* ?RemoteLogs + & ~ + ''; + }; + }; +} diff --git a/nix/nixos-configurations/loghost/default.nix b/nix/nixos-configurations/loghost/default.nix new file mode 100644 index 00000000..b8d02ef7 --- /dev/null +++ b/nix/nixos-configurations/loghost/default.nix @@ -0,0 +1,37 @@ +{ + release = "2405"; + + modules = + { + inputs, + pkgs, + ... + }: + { + imports = [ + inputs.microvm.nixosModules.microvm + ./base.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + }; + }; +} diff --git a/nix/machines/massflash.nix b/nix/nixos-configurations/massflash/configuration.nix similarity index 95% rename from nix/machines/massflash.nix rename to nix/nixos-configurations/massflash/configuration.nix index 0291463f..e79c2957 100644 --- a/nix/machines/massflash.nix +++ b/nix/nixos-configurations/massflash/configuration.nix @@ -1,5 +1,4 @@ { - config, lib, pkgs, inputs, @@ -122,7 +121,7 @@ in expect git kea - inputs.self.packages.${pkgs.system}.massflash + scale-network.massflash unixtools.ping tmux vim @@ -164,7 +163,7 @@ in "hooks-libraries": [{ "library": "${pkgs.kea}/lib/kea/hooks/libdhcp_run_script.so", "parameters": { - "name": "${inputs.self.packages.${pkgs.system}.massflash}/bin/massflash", + "name": "${pkgs.scale-network.massflash}/bin/massflash", "sync": false } }] diff --git a/nix/nixos-configurations/massflash/default.nix b/nix/nixos-configurations/massflash/default.nix new file mode 100644 index 00000000..e8997d17 --- /dev/null +++ b/nix/nixos-configurations/massflash/default.nix @@ -0,0 +1,34 @@ +{ + release = "2405"; + + modules = + { + modulesPath, + ... + }: + { + imports = [ + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + ./configuration.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/monitor/monitor.nix b/nix/nixos-configurations/monitor/configuration.nix similarity index 87% rename from nix/machines/monitor/monitor.nix rename to nix/nixos-configurations/monitor/configuration.nix index ae6d6fa1..0616e8be 100644 --- a/nix/machines/monitor/monitor.nix +++ b/nix/nixos-configurations/monitor/configuration.nix @@ -1,6 +1,5 @@ { config, - lib, pkgs, inputs, ... @@ -10,26 +9,11 @@ let dashboard = pkgs.copyPathToStore ../../../monitoring/openwrt_dashboard.json; in { - imports = [ - ../_common/prometheus.nix - ]; - boot.kernelParams = [ "console=ttyS0" "boot.shell_on_fail" ]; - users.users = { - berkhan = { - isNormalUser = true; - uid = 2100; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6UhZ/oPqiFzCOxoZWeUqeGZCVLLNQbHH3uuIa6PCTz" - ]; - }; - }; - systemd.network = { enable = true; networks = { @@ -82,7 +66,7 @@ in { job_name = "ap"; static_configs = builtins.fromJSON ( - builtins.readFile "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/prom.json" + builtins.readFile "${pkgs.scale-network.scaleInventory}/config/prom.json" ); } ]; diff --git a/nix/nixos-configurations/monitor/default.nix b/nix/nixos-configurations/monitor/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/monitor/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/monitor/microvm-config.nix b/nix/nixos-configurations/monitor/microvm-config.nix similarity index 100% rename from nix/machines/monitor/microvm-config.nix rename to nix/nixos-configurations/monitor/microvm-config.nix diff --git a/nix/machines/signs/signs.nix b/nix/nixos-configurations/signs/configuration.nix similarity index 100% rename from nix/machines/signs/signs.nix rename to nix/nixos-configurations/signs/configuration.nix diff --git a/nix/nixos-configurations/signs/default.nix b/nix/nixos-configurations/signs/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/signs/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/signs/microvm-config.nix b/nix/nixos-configurations/signs/microvm-config.nix similarity index 100% rename from nix/machines/signs/microvm-config.nix rename to nix/nixos-configurations/signs/microvm-config.nix diff --git a/nix/nixos-modules/base.nix b/nix/nixos-modules/base.nix new file mode 100644 index 00000000..11a433f8 --- /dev/null +++ b/nix/nixos-modules/base.nix @@ -0,0 +1,91 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.scale-network.base; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.base.enable = mkEnableOption "SCaLE network base setup"; + + config = mkIf cfg.enable { + # default to stateVersion for current lock + system.stateVersion = config.system.nixos.release; + + # remove the annoying experimental warnings + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + environment.systemPackages = with pkgs; [ + bc + binutils + btop + cachix + curl + dig + dmidecode + file + git + git-lfs + gptfdisk # sgdisk, sfdisk, etc. + inetutils # telnet,ftp,etc + iproute2 + jq + lsof + mtr + nmap + openssh + openssl + pciutils + psmisc # fuser + silver-searcher + strace + tcpdump + tmux + usbutils + unixtools.nettools + wget + ((vim_configurable.override { }).customize { + name = "vim"; + # Install plugins for syntax highlighting of nix files + vimrcConfig.packages.myplugins = with pkgs.vimPlugins; { + start = [ + vim-nix + ]; + opt = [ ]; + }; + vimrcConfig.customRC = '' + " Turn on syntax highlighting by default + syntax on + " Disable mouse + set mouse-=a + ''; + }) + ]; + + # Purge nano from being the default + environment.variables = { + EDITOR = "vim"; + }; + + # set 24h military time + i18n.extraLocaleSettings = { + LC_TIME = "C.UTF-8"; + }; + + # Force noXlibs per recommendation in microVMs + # ref: https://github.com/astro/microvm.nix/issues/167 + environment.noXlibs = false; + }; +} diff --git a/nix/modules/bhyve-image.nix b/nix/nixos-modules/bhyve-image.nix similarity index 100% rename from nix/modules/bhyve-image.nix rename to nix/nixos-modules/bhyve-image.nix diff --git a/nix/nixos-modules/default.nix b/nix/nixos-modules/default.nix new file mode 100644 index 00000000..87a5c9cf --- /dev/null +++ b/nix/nixos-modules/default.nix @@ -0,0 +1,15 @@ +inputs: { + default = + { ... }: + { + imports = [ + ./base.nix + ./facts.nix + ./libvirt.nix + ./time.nix + + ./services + ./users + ]; + }; +} diff --git a/nix/modules/facts.nix b/nix/nixos-modules/facts.nix similarity index 55% rename from nix/modules/facts.nix rename to nix/nixos-modules/facts.nix index 23af0032..9c763b0b 100644 --- a/nix/modules/facts.nix +++ b/nix/nixos-modules/facts.nix @@ -1,17 +1,30 @@ -{ config, lib, ... }: - -with lib; +{ + lib, + ... +}: +let + inherit (lib) + types + ; + inherit (lib.options) + mkOption + ; +in { - options.facts = { + options.scale-network.facts = { + ipv4 = mkOption { type = types.str; }; + ipv6 = mkOption { type = types.str; }; + eth = mkOption { type = types.str; }; + }; } diff --git a/nix/nixos-modules/libvirt.nix b/nix/nixos-modules/libvirt.nix new file mode 100644 index 00000000..ef67a2c1 --- /dev/null +++ b/nix/nixos-modules/libvirt.nix @@ -0,0 +1,44 @@ +{ + config, + lib, + ... +}: +let + cfg = config.scale-network.libvirt; + + inherit (builtins) + attrNames + elem + filter + ; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.libvirt.enable = mkEnableOption "SCaLE network libvirt setup"; + + config = mkIf cfg.enable { + security.polkit.enable = true; + + virtualisation.libvirtd = { + enable = true; + qemu = { + ovmf.enable = true; + runAsRoot = false; + }; + onBoot = "ignore"; + onShutdown = "shutdown"; + }; + + # Add any users in the 'wheel' group to the 'libvirt' group. + users.groups.libvirt.members = ( + filter (x: elem "wheel" config.users.users."${x}".extraGroups) (attrNames config.users.users) + ); + }; +} diff --git a/nix/machines/_common/default.nix b/nix/nixos-modules/services/default.nix similarity index 50% rename from nix/machines/_common/default.nix rename to nix/nixos-modules/services/default.nix index 0e36f749..86c7c7f3 100644 --- a/nix/machines/_common/default.nix +++ b/nix/nixos-modules/services/default.nix @@ -1,7 +1,8 @@ +{ ... }: { imports = [ - ./base.nix - ./users.nix + ./gitlab.nix ./prometheus.nix + ./ssh4vms.nix ]; } diff --git a/nix/nixos-modules/services/gitlab.nix b/nix/nixos-modules/services/gitlab.nix new file mode 100644 index 00000000..c34f1dde --- /dev/null +++ b/nix/nixos-modules/services/gitlab.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.scale-network.services.gitlab; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.services.gitlab.enable = mkEnableOption "SCaLE network GitLab runner"; + + config = mkIf cfg.enable { + services.gitlab-runner = { + enable = true; + gracefulTermination = true; + services = { + shell = { + # make sure this is a quote path so it doesnt end up in /nix/store + authenticationTokenConfigFile = "/persist/etc/gitlab/shellAuthToken.env"; + executor = "shell"; + }; + }; + }; + + # include for gl-runner cli + environment.systemPackages = [ + pkgs.gitlab-runner + ]; + }; +} diff --git a/nix/nixos-modules/services/prometheus.nix b/nix/nixos-modules/services/prometheus.nix new file mode 100644 index 00000000..c2326928 --- /dev/null +++ b/nix/nixos-modules/services/prometheus.nix @@ -0,0 +1,36 @@ +{ config, lib, ... }: +let + cfg = config.scale-network.services.prometheus; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.services.prometheus.enable = mkEnableOption "SCaLE network prometheus exporter"; + + config = + let + port = 9100; + in + mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ port ]; + + services.prometheus.exporters.node = { + enable = true; + port = port; + enabledCollectors = [ + "logind" + "systemd" + "network_route" + ]; + disabledCollectors = [ + "textfile" + ]; + }; + }; +} diff --git a/nix/nixos-modules/services/ssh4vms.nix b/nix/nixos-modules/services/ssh4vms.nix new file mode 100644 index 00000000..ea8993b6 --- /dev/null +++ b/nix/nixos-modules/services/ssh4vms.nix @@ -0,0 +1,41 @@ +{ + config, + lib, + ... +}: +let + cfg = config.scale-network.services.ssh4vms; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.services.ssh4vms.enable = mkEnableOption "SCaLE network SSH for VMs setup"; + + config = mkIf cfg.enable { + services.openssh = { + enable = true; + hostKeys = [ + { + path = "/var/lib/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/var/lib/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + }; +} diff --git a/nix/nixos-modules/time.nix b/nix/nixos-modules/time.nix new file mode 100644 index 00000000..b6ee1084 --- /dev/null +++ b/nix/nixos-modules/time.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: +let + cfg = config.scale-network.timeServers; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.timeServers.enable = mkEnableOption "SCaLE network time servers setup"; + + config = mkIf cfg.enable { + # Sets the default timeservers for everything thats using the default: systemd-timesyncd + networking.timeServers = [ + "ntpconf.scale.lan" + "ntpexpo.scale.lan" + ]; + }; +} diff --git a/nix/nixos-modules/users/berkhan.nix b/nix/nixos-modules/users/berkhan.nix new file mode 100644 index 00000000..de04b3c8 --- /dev/null +++ b/nix/nixos-modules/users/berkhan.nix @@ -0,0 +1,32 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.berkhan; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.berkhan.enable = mkEnableOption "user berkhan"; + + config = mkIf cfg.enable { + users.users = { + berkhan = { + isNormalUser = true; + uid = 2100; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6UhZ/oPqiFzCOxoZWeUqeGZCVLLNQbHH3uuIa6PCTz" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/default.nix b/nix/nixos-modules/users/default.nix new file mode 100644 index 00000000..1c38bbef --- /dev/null +++ b/nix/nixos-modules/users/default.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + imports = [ + ./berkhan.nix + ./dlang.nix + ./jsh.nix + ./kylerisse.nix + ./owen.nix + ./rhamel.nix + ./rob.nix + ./root.nix + ./ruebenramirez.nix + ]; +} diff --git a/nix/nixos-modules/users/dlang.nix b/nix/nixos-modules/users/dlang.nix new file mode 100644 index 00000000..aff6d462 --- /dev/null +++ b/nix/nixos-modules/users/dlang.nix @@ -0,0 +1,31 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.dlang; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.dlang.enable = mkEnableOption "user dlang"; + + config = mkIf cfg.enable { + users.users = { + dlang = { + isNormalUser = true; + uid = 2008; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqPnzsYPKyURdnUpZx1nt9RFQjaz9q7m5wh525Crsho" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/jsh.nix b/nix/nixos-modules/users/jsh.nix new file mode 100644 index 00000000..b8fd5e05 --- /dev/null +++ b/nix/nixos-modules/users/jsh.nix @@ -0,0 +1,31 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.jsh; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.jsh.enable = mkEnableOption "user jsh"; + + config = mkIf cfg.enable { + users.users = { + jsh = { + isNormalUser = true; + uid = 2011; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfK7f1WvpQRhhB6UFeTOY5cB5uCzHFgP1DZZMwf75WZ" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/kylerisse.nix b/nix/nixos-modules/users/kylerisse.nix new file mode 100644 index 00000000..dcfa4145 --- /dev/null +++ b/nix/nixos-modules/users/kylerisse.nix @@ -0,0 +1,33 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.kylerisse; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.kylerisse.enable = mkEnableOption "user kylerisse"; + + config = mkIf cfg.enable { + users.users = { + kylerisse = { + isNormalUser = true; + uid = 2007; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcTYYr/TGH4vRCaY4WU4Qc7RlzzBOHv2XYxGwCzV+fg p" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX8NM1OQECwhNTQE0qAm422uq9L0i0Y/hvPPc4tHIOX a" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlEPbMnefiPfCTKb9lOzPzfnOVAohO08myWWMm9EJxZ" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/owen.nix b/nix/nixos-modules/users/owen.nix new file mode 100644 index 00000000..e663a2b7 --- /dev/null +++ b/nix/nixos-modules/users/owen.nix @@ -0,0 +1,31 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.owen; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.owen.enable = mkEnableOption "user owen"; + + config = mkIf cfg.enable { + users.users = { + owen = { + isNormalUser = true; + uid = 2006; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjcUJLTENGrV6K/nrPOswcBVMMuS4sLSs0UyTRw8wU87PDUzJz8Ht2SgHqeEQJdRm1+b6iLsx2uKOf+/pU8qE= root@kiev.delong.com" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/rhamel.nix b/nix/nixos-modules/users/rhamel.nix new file mode 100644 index 00000000..2f384270 --- /dev/null +++ b/nix/nixos-modules/users/rhamel.nix @@ -0,0 +1,31 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.rhamel; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.rhamel.enable = mkEnableOption "user rhamel"; + + config = mkIf cfg.enable { + users.users = { + rhamel = { + isNormalUser = true; + uid = 2010; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVZ7n1EOezedsbphq5atGtHm11xeGpLZBzEbgV7eZdb" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/rob.nix b/nix/nixos-modules/users/rob.nix new file mode 100644 index 00000000..428932e1 --- /dev/null +++ b/nix/nixos-modules/users/rob.nix @@ -0,0 +1,31 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.rob; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.rob.enable = mkEnableOption "user rob"; + + config = mkIf cfg.enable { + users.users = { + rob = { + isNormalUser = true; + uid = 2005; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEiESod7DOT2cmT2QEYjBIrzYqTDnJLld1em3doDROq" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/root.nix b/nix/nixos-modules/users/root.nix new file mode 100644 index 00000000..a8e3d559 --- /dev/null +++ b/nix/nixos-modules/users/root.nix @@ -0,0 +1,30 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.root; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.root.enable = mkEnableOption "user root and sudo configs"; + + config = mkIf cfg.enable { + security.sudo = { + extraConfig = '' + Defaults rootpw + Defaults lecture="never" + ''; + }; + + users.mutableUsers = false; + users.extraUsers.root.hashedPassword = "$6$3Hm/K5fbR3UEMK6H$3aaegtdwvejGk9Bk0ttN5bNJn4z2Yt6LWXD3nGI7.44Pbm7A1TpKuxG9XQLwsj7M9NEk8eB5Exg0qVRV//6br/"; + }; +} diff --git a/nix/nixos-modules/users/ruebenramirez.nix b/nix/nixos-modules/users/ruebenramirez.nix new file mode 100644 index 00000000..b6768f32 --- /dev/null +++ b/nix/nixos-modules/users/ruebenramirez.nix @@ -0,0 +1,31 @@ +{ + lib, + config, + ... +}: +let + cfg = config.scale-network.users.ruebenramirez; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.ruebenramirez.enable = mkEnableOption "user ruebenramirez"; + + config = mkIf cfg.enable { + users.users = { + ruebenramirez = { + isNormalUser = true; + uid = 2009; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkQS5ohCDizq24WfDgP/dEOonD/0WfrI0EAZFCyS0Ea" + ]; + }; + }; + }; +} diff --git a/nix/overlays/default.nix b/nix/overlays/default.nix new file mode 100644 index 00000000..831589b0 --- /dev/null +++ b/nix/overlays/default.nix @@ -0,0 +1,43 @@ +inputs: +let + inherit (builtins) + attrNames + attrValues + readDir + ; + + inherit (inputs.nixpkgs-unstable) + lib + ; + + inherit (lib.attrsets) + filterAttrs + genAttrs + mapAttrs' + ; + + inherit (lib.fixedPoints) + composeManyExtensions + ; + + inherit (inputs.self.library) + attrNamesKebabToCamel + kebabToCamel + ; + + getDirectories = + path: attrNames (filterAttrs (_: fileType: fileType == "directory") (readDir path)); + + allLocalPackages = attrNamesKebabToCamel ( + genAttrs (getDirectories ../packages) ( + dir: final: prev: { + scale-network = prev.scale-network or { } // { + "${kebabToCamel dir}" = final.callPackage ../packages/${dir}/package.nix { }; + }; + } + ) + ); + + default = composeManyExtensions (attrValues allLocalPackages); +in +allLocalPackages // { inherit default; } diff --git a/nix/packages/default.nix b/nix/packages/default.nix new file mode 100644 index 00000000..68f83b55 --- /dev/null +++ b/nix/packages/default.nix @@ -0,0 +1,13 @@ +inputs: +inputs.nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + (system: { + inherit (inputs.self.legacyPackages.${system}.scale-network) + massflash + scaleInventory + serverspec + ; + }) diff --git a/nix/pkgs/massflash.nix b/nix/packages/massflash/package.nix similarity index 90% rename from nix/pkgs/massflash.nix rename to nix/packages/massflash/package.nix index a05293d5..5639c529 100644 --- a/nix/pkgs/massflash.nix +++ b/nix/packages/massflash/package.nix @@ -8,7 +8,7 @@ }: let local_manifests = copyPathsToStore [ - ../../openwrt/scripts/massflash/massflash + ../../../openwrt/scripts/massflash/massflash ]; in stdenvNoCC.mkDerivation { diff --git a/nix/pkgs/scaleInventory.nix b/nix/packages/scale-inventory/package.nix similarity index 91% rename from nix/pkgs/scaleInventory.nix rename to nix/packages/scale-inventory/package.nix index cc9d723d..433f4b40 100644 --- a/nix/pkgs/scaleInventory.nix +++ b/nix/packages/scale-inventory/package.nix @@ -7,8 +7,8 @@ }: let local_manifests = copyPathsToStore [ - ../../switch-configuration - ../../facts + ../../../switch-configuration + ../../../facts ]; in stdenvNoCC.mkDerivation { diff --git a/nix/pkgs/serverspec/Gemfile b/nix/packages/serverspec/Gemfile similarity index 100% rename from nix/pkgs/serverspec/Gemfile rename to nix/packages/serverspec/Gemfile diff --git a/nix/pkgs/serverspec/Gemfile.lock b/nix/packages/serverspec/Gemfile.lock similarity index 100% rename from nix/pkgs/serverspec/Gemfile.lock rename to nix/packages/serverspec/Gemfile.lock diff --git a/nix/pkgs/serverspec/README.md b/nix/packages/serverspec/README.md similarity index 85% rename from nix/pkgs/serverspec/README.md rename to nix/packages/serverspec/README.md index 518e4721..e75041ae 100644 --- a/nix/pkgs/serverspec/README.md +++ b/nix/packages/serverspec/README.md @@ -2,7 +2,7 @@ ## Notes for updating -Build an apppriate Gemfile (by hand seems ok) then get into a `nix shell`: +Build an appropriate Gemfile (by hand seems ok) then get into a `nix shell`: ``` $ nix shell nixpkgs#ruby nixpkgs#bundix diff --git a/nix/pkgs/serverspec/gemset.nix b/nix/packages/serverspec/gemset.nix similarity index 100% rename from nix/pkgs/serverspec/gemset.nix rename to nix/packages/serverspec/gemset.nix diff --git a/nix/pkgs/serverspec/default.nix b/nix/packages/serverspec/package.nix similarity index 100% rename from nix/pkgs/serverspec/default.nix rename to nix/packages/serverspec/package.nix diff --git a/nix/pkgs/flake-module.nix b/nix/pkgs/flake-module.nix deleted file mode 100644 index 68449f26..00000000 --- a/nix/pkgs/flake-module.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - perSystem = - { pkgs, ... }: - { - packages = { - serverspec = pkgs.callPackage ./serverspec { }; - massflash = pkgs.callPackage ./massflash.nix { }; - scaleInventory = pkgs.callPackage ./scaleInventory.nix { }; - }; - }; -} diff --git a/nix/tests/flake-module.nix b/nix/tests/flake-module.nix deleted file mode 100644 index b5227dc9..00000000 --- a/nix/tests/flake-module.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ - withSystem, - inputs, - pkgs, - ... -}: - -{ - flake.checks.x86_64-linux = withSystem "x86_64-linux" ( - { pkgs, ... }: - { - core = pkgs.testers.runNixOSTest (import ./core.nix { inherit inputs pkgs; }); - loghost = pkgs.testers.runNixOSTest ./loghost.nix; - } - ); - - perSystem = - { - pkgs, - lib, - system, - ... - }: - { - checks = { - # python tests for the data found in facts - # disabling persistence and cache for py utils to avoid warnings - # since caching is taken care of by nix - pytest-facts = - let - testPython = ( - pkgs.python3.withPackages ( - pythonPackages: with pythonPackages; [ - pylint - pytest - jinja2 - ] - ) - ); - in - (pkgs.runCommand "pytest-facts" { } '' - cp -r --no-preserve=mode ${pkgs.lib.cleanSource inputs.self}/* . - cd facts - ${testPython}/bin/pylint --persistent n *.py - ${testPython}/bin/pytest -vv -p no:cacheprovider - touch $out - ''); - duplicates-facts = ( - pkgs.runCommand "duplicates-facts" { buildInputs = [ pkgs.fish ]; } '' - cp -r --no-preserve=mode ${pkgs.lib.cleanSource inputs.self}/* . - cd facts - fish test_duplicates.fish - touch $out - '' - ); - perl-switches = ( - pkgs.runCommand "perl-switches" - { - buildInputs = [ - pkgs.gnumake - pkgs.perl - ]; - } - '' - cp -r --no-preserve=mode ${lib.cleanSource inputs.self}/* . - cd switch-configuration - make .lint - make .build-switch-configs - touch $out - '' - ); - openwrt-golden = - pkgs.runCommand "openwrt-golden" - { - buildInputs = [ - pkgs.diffutils - pkgs.gomplate - ]; - } - '' - cp -r --no-preserve=mode ${pkgs.lib.cleanSource inputs.self}/* . - cd tests/unit/openwrt - mkdir -p $out/tmp/ar71xx - ${pkgs.bash}/bin/bash test.sh -t ar71xx -o $out - ''; - - formatting = inputs.self.formatterModule.${system}.config.build.check inputs.self; - - }; - }; -}