From ed0870c232bd538889c54ed50642eb80e3adbd50 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sat, 23 Nov 2024 15:33:11 -0800 Subject: [PATCH 01/15] nix.nixosModules: fix modules Create a new home for nixos modules. Moved most of them over. Gated them all behind enable flags. --- flake.nix | 1 + nix/flake-module.nix | 2 - nix/machines/_common/base.nix | 71 --------------- nix/machines/_common/ssh/vm.nix | 21 ----- nix/machines/_common/time.nix | 7 -- nix/machines/_common/users.nix | 81 ----------------- nix/machines/devServer/gitlab.nix | 17 ---- nix/machines/hypervisor/libvirt.nix | 19 ---- nix/modules/flake-module.nix | 4 - nix/nixos-modules/base.nix | 91 +++++++++++++++++++ .../bhyve-image.nix | 0 nix/nixos-modules/default.nix | 15 +++ nix/{modules => nixos-modules}/facts.nix | 21 ++++- nix/nixos-modules/libvirt.nix | 44 +++++++++ .../services}/default.nix | 4 +- nix/nixos-modules/services/gitlab.nix | 39 ++++++++ .../services}/prometheus.nix | 0 nix/nixos-modules/services/ssh4vms.nix | 41 +++++++++ nix/nixos-modules/time.nix | 27 ++++++ nix/nixos-modules/users/berkhan.nix | 30 ++++++ nix/nixos-modules/users/default.nix | 6 ++ nix/nixos-modules/users/dlang.nix | 30 ++++++ nix/nixos-modules/users/jsh.nix | 30 ++++++ nix/nixos-modules/users/kylerisse.nix | 32 +++++++ nix/nixos-modules/users/owen.nix | 30 ++++++ nix/nixos-modules/users/rhamel.nix | 30 ++++++ nix/nixos-modules/users/rob.nix | 30 ++++++ nix/nixos-modules/users/root.nix | 29 ++++++ nix/nixos-modules/users/ruebenramirez.nix | 30 ++++++ 29 files changed, 554 insertions(+), 228 deletions(-) delete mode 100644 nix/machines/_common/base.nix delete mode 100644 nix/machines/_common/ssh/vm.nix delete mode 100644 nix/machines/_common/time.nix delete mode 100644 nix/machines/_common/users.nix delete mode 100644 nix/machines/devServer/gitlab.nix delete mode 100644 nix/machines/hypervisor/libvirt.nix delete mode 100644 nix/modules/flake-module.nix create mode 100644 nix/nixos-modules/base.nix rename nix/{modules => nixos-modules}/bhyve-image.nix (100%) create mode 100644 nix/nixos-modules/default.nix rename nix/{modules => nixos-modules}/facts.nix (55%) create mode 100644 nix/nixos-modules/libvirt.nix rename nix/{machines/_common => nixos-modules/services}/default.nix (58%) create mode 100644 nix/nixos-modules/services/gitlab.nix rename nix/{machines/_common => nixos-modules/services}/prometheus.nix (100%) create mode 100644 nix/nixos-modules/services/ssh4vms.nix create mode 100644 nix/nixos-modules/time.nix create mode 100644 nix/nixos-modules/users/berkhan.nix create mode 100644 nix/nixos-modules/users/default.nix create mode 100644 nix/nixos-modules/users/dlang.nix create mode 100644 nix/nixos-modules/users/jsh.nix create mode 100644 nix/nixos-modules/users/kylerisse.nix create mode 100644 nix/nixos-modules/users/owen.nix create mode 100644 nix/nixos-modules/users/rhamel.nix create mode 100644 nix/nixos-modules/users/rob.nix create mode 100644 nix/nixos-modules/users/root.nix create mode 100644 nix/nixos-modules/users/ruebenramirez.nix diff --git a/flake.nix b/flake.nix index 8fbdf5fd..c26703fd 100644 --- a/flake.nix +++ b/flake.nix @@ -35,5 +35,6 @@ // { formatter = import ./nix/formatter inputs; formatterModule = import ./nix/formatterModule inputs; + nixosModules = import ./nix/nixos-modules inputs; }; } diff --git a/nix/flake-module.nix b/nix/flake-module.nix index 781cba8f..7292e2e1 100644 --- a/nix/flake-module.nix +++ b/nix/flake-module.nix @@ -2,8 +2,6 @@ imports = [ ./pkgs/flake-module.nix ./tests/flake-module.nix - ./modules/flake-module.nix - ./machines/flake-module.nix ./dev/flake-module.nix ]; } diff --git a/nix/machines/_common/base.nix b/nix/machines/_common/base.nix deleted file mode 100644 index 88a46ce0..00000000 --- a/nix/machines/_common/base.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ config, pkgs, ... }: -{ - # default to stateVersion for current lock - system.stateVersion = config.system.nixos.version; - - # remove the annoying experimental warnings - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - environment.systemPackages = with pkgs; [ - bc - binutils - btop - cachix - curl - dig - dmidecode - file - git - git-lfs - gptfdisk # sgdisk, sfdisk, etc. - inetutils # telnet,ftp,etc - iproute2 - jq - lsof - mtr - nmap - openssh - openssl - pciutils - psmisc # fuser - silver-searcher - strace - tcpdump - tmux - usbutils - unixtools.nettools - wget - ((vim_configurable.override { }).customize { - name = "vim"; - # Install plugins for syntax highlighting of nix files - vimrcConfig.packages.myplugins = with pkgs.vimPlugins; { - start = [ - vim-nix - ]; - opt = [ ]; - }; - vimrcConfig.customRC = '' - " Turn on syntax highlighting by default - syntax on - " Disable mouse - set mouse-=a - ''; - }) - ]; - - # Purge nano from being the default - environment.variables = { - EDITOR = "vim"; - }; - - # set 24h military time - i18n.extraLocaleSettings = { - LC_TIME = "C.UTF-8"; - }; - - # Force noXlibs per recommendation in microVMs - # ref: https://github.com/astro/microvm.nix/issues/167 - environment.noXlibs = false; -} diff --git a/nix/machines/_common/ssh/vm.nix b/nix/machines/_common/ssh/vm.nix deleted file mode 100644 index 9743ad51..00000000 --- a/nix/machines/_common/ssh/vm.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - services.openssh = { - enable = true; - hostKeys = [ - { - path = "/var/lib/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/var/lib/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; -} diff --git a/nix/machines/_common/time.nix b/nix/machines/_common/time.nix deleted file mode 100644 index 753b7ac9..00000000 --- a/nix/machines/_common/time.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - # Sets the default timeservers for everything thats using the default: systemd-timesyncd - networking.timeServers = [ - "ntpconf.scale.lan" - "ntpexpo.scale.lan" - ]; -} diff --git a/nix/machines/_common/users.nix b/nix/machines/_common/users.nix deleted file mode 100644 index aab0beaa..00000000 --- a/nix/machines/_common/users.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -{ - - security.sudo = { - extraConfig = '' - Defaults rootpw - Defaults lecture="never" - ''; - }; - - users.mutableUsers = false; - users.extraUsers.root.hashedPassword = "$6$3Hm/K5fbR3UEMK6H$3aaegtdwvejGk9Bk0ttN5bNJn4z2Yt6LWXD3nGI7.44Pbm7A1TpKuxG9XQLwsj7M9NEk8eB5Exg0qVRV//6br/"; - - users.users = { - rob = { - isNormalUser = true; - uid = 2005; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEiESod7DOT2cmT2QEYjBIrzYqTDnJLld1em3doDROq" - ]; - }; - owen = { - isNormalUser = true; - uid = 2006; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjcUJLTENGrV6K/nrPOswcBVMMuS4sLSs0UyTRw8wU87PDUzJz8Ht2SgHqeEQJdRm1+b6iLsx2uKOf+/pU8qE= root@kiev.delong.com" - ]; - }; - dlang = { - isNormalUser = true; - uid = 2008; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqPnzsYPKyURdnUpZx1nt9RFQjaz9q7m5wh525Crsho" - ]; - }; - kylerisse = { - isNormalUser = true; - uid = 2007; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcTYYr/TGH4vRCaY4WU4Qc7RlzzBOHv2XYxGwCzV+fg p" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX8NM1OQECwhNTQE0qAm422uq9L0i0Y/hvPPc4tHIOX a" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlEPbMnefiPfCTKb9lOzPzfnOVAohO08myWWMm9EJxZ" - ]; - }; - ruebenramirez = { - isNormalUser = true; - uid = 2009; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkQS5ohCDizq24WfDgP/dEOonD/0WfrI0EAZFCyS0Ea" - ]; - }; - rhamel = { - isNormalUser = true; - uid = 2010; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVZ7n1EOezedsbphq5atGtHm11xeGpLZBzEbgV7eZdb" - ]; - }; - jsh = { - isNormalUser = true; - uid = 2011; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfK7f1WvpQRhhB6UFeTOY5cB5uCzHFgP1DZZMwf75WZ" - ]; - }; - }; - -} diff --git a/nix/machines/devServer/gitlab.nix b/nix/machines/devServer/gitlab.nix deleted file mode 100644 index 51e5e1b1..00000000 --- a/nix/machines/devServer/gitlab.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - services.gitlab-runner = { - enable = true; - gracefulTermination = true; - services = { - shell = { - # make sure this is a quote path so it doesnt end up in /nix/store - authenticationTokenConfigFile = "/persist/etc/gitlab/shellAuthToken.env"; - executor = "shell"; - }; - }; - }; - - # include for gl-runner cli - environment.systemPackages = [ pkgs.gitlab-runner ]; -} diff --git a/nix/machines/hypervisor/libvirt.nix b/nix/machines/hypervisor/libvirt.nix deleted file mode 100644 index 4e08f186..00000000 --- a/nix/machines/hypervisor/libvirt.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: -{ - security.polkit.enable = true; - - virtualisation.libvirtd = { - enable = true; - qemu = { - ovmf.enable = true; - runAsRoot = false; - }; - onBoot = "ignore"; - onShutdown = "shutdown"; - }; - - # Add any users in the 'wheel' group to the 'libvirt' group. - users.groups.libvirt.members = builtins.filter ( - x: builtins.elem "wheel" config.users.users."${x}".extraGroups - ) (builtins.attrNames config.users.users); -} diff --git a/nix/modules/flake-module.nix b/nix/modules/flake-module.nix deleted file mode 100644 index a6de6716..00000000 --- a/nix/modules/flake-module.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - flake.nixosModules.bhyve-image = ./bhyve-image.nix; - flake.nixosModules.facts = ./facts.nix; -} diff --git a/nix/nixos-modules/base.nix b/nix/nixos-modules/base.nix new file mode 100644 index 00000000..a8961bca --- /dev/null +++ b/nix/nixos-modules/base.nix @@ -0,0 +1,91 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.scale-network.base; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.base.enable = mkEnableOption "SCaLE network base setup"; + + config = mkIf cfg.enable { + # default to stateVersion for current lock + system.stateVersion = config.system.nixos.version; + + # remove the annoying experimental warnings + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + environment.systemPackages = with pkgs; [ + bc + binutils + btop + cachix + curl + dig + dmidecode + file + git + git-lfs + gptfdisk # sgdisk, sfdisk, etc. + inetutils # telnet,ftp,etc + iproute2 + jq + lsof + mtr + nmap + openssh + openssl + pciutils + psmisc # fuser + silver-searcher + strace + tcpdump + tmux + usbutils + unixtools.nettools + wget + ((vim_configurable.override { }).customize { + name = "vim"; + # Install plugins for syntax highlighting of nix files + vimrcConfig.packages.myplugins = with pkgs.vimPlugins; { + start = [ + vim-nix + ]; + opt = [ ]; + }; + vimrcConfig.customRC = '' + " Turn on syntax highlighting by default + syntax on + " Disable mouse + set mouse-=a + ''; + }) + ]; + + # Purge nano from being the default + environment.variables = { + EDITOR = "vim"; + }; + + # set 24h military time + i18n.extraLocaleSettings = { + LC_TIME = "C.UTF-8"; + }; + + # Force noXlibs per recommendation in microVMs + # ref: https://github.com/astro/microvm.nix/issues/167 + environment.noXlibs = false; + }; +} diff --git a/nix/modules/bhyve-image.nix b/nix/nixos-modules/bhyve-image.nix similarity index 100% rename from nix/modules/bhyve-image.nix rename to nix/nixos-modules/bhyve-image.nix diff --git a/nix/nixos-modules/default.nix b/nix/nixos-modules/default.nix new file mode 100644 index 00000000..87a5c9cf --- /dev/null +++ b/nix/nixos-modules/default.nix @@ -0,0 +1,15 @@ +inputs: { + default = + { ... }: + { + imports = [ + ./base.nix + ./facts.nix + ./libvirt.nix + ./time.nix + + ./services + ./users + ]; + }; +} diff --git a/nix/modules/facts.nix b/nix/nixos-modules/facts.nix similarity index 55% rename from nix/modules/facts.nix rename to nix/nixos-modules/facts.nix index 23af0032..9c763b0b 100644 --- a/nix/modules/facts.nix +++ b/nix/nixos-modules/facts.nix @@ -1,17 +1,30 @@ -{ config, lib, ... }: - -with lib; +{ + lib, + ... +}: +let + inherit (lib) + types + ; + inherit (lib.options) + mkOption + ; +in { - options.facts = { + options.scale-network.facts = { + ipv4 = mkOption { type = types.str; }; + ipv6 = mkOption { type = types.str; }; + eth = mkOption { type = types.str; }; + }; } diff --git a/nix/nixos-modules/libvirt.nix b/nix/nixos-modules/libvirt.nix new file mode 100644 index 00000000..ef67a2c1 --- /dev/null +++ b/nix/nixos-modules/libvirt.nix @@ -0,0 +1,44 @@ +{ + config, + lib, + ... +}: +let + cfg = config.scale-network.libvirt; + + inherit (builtins) + attrNames + elem + filter + ; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.libvirt.enable = mkEnableOption "SCaLE network libvirt setup"; + + config = mkIf cfg.enable { + security.polkit.enable = true; + + virtualisation.libvirtd = { + enable = true; + qemu = { + ovmf.enable = true; + runAsRoot = false; + }; + onBoot = "ignore"; + onShutdown = "shutdown"; + }; + + # Add any users in the 'wheel' group to the 'libvirt' group. + users.groups.libvirt.members = ( + filter (x: elem "wheel" config.users.users."${x}".extraGroups) (attrNames config.users.users) + ); + }; +} diff --git a/nix/machines/_common/default.nix b/nix/nixos-modules/services/default.nix similarity index 58% rename from nix/machines/_common/default.nix rename to nix/nixos-modules/services/default.nix index 0e36f749..819dd8c3 100644 --- a/nix/machines/_common/default.nix +++ b/nix/nixos-modules/services/default.nix @@ -1,7 +1,7 @@ +{ ... }: { imports = [ - ./base.nix - ./users.nix + ./gitlab.nix ./prometheus.nix ]; } diff --git a/nix/nixos-modules/services/gitlab.nix b/nix/nixos-modules/services/gitlab.nix new file mode 100644 index 00000000..c34f1dde --- /dev/null +++ b/nix/nixos-modules/services/gitlab.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.scale-network.services.gitlab; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.services.gitlab.enable = mkEnableOption "SCaLE network GitLab runner"; + + config = mkIf cfg.enable { + services.gitlab-runner = { + enable = true; + gracefulTermination = true; + services = { + shell = { + # make sure this is a quote path so it doesnt end up in /nix/store + authenticationTokenConfigFile = "/persist/etc/gitlab/shellAuthToken.env"; + executor = "shell"; + }; + }; + }; + + # include for gl-runner cli + environment.systemPackages = [ + pkgs.gitlab-runner + ]; + }; +} diff --git a/nix/machines/_common/prometheus.nix b/nix/nixos-modules/services/prometheus.nix similarity index 100% rename from nix/machines/_common/prometheus.nix rename to nix/nixos-modules/services/prometheus.nix diff --git a/nix/nixos-modules/services/ssh4vms.nix b/nix/nixos-modules/services/ssh4vms.nix new file mode 100644 index 00000000..ea8993b6 --- /dev/null +++ b/nix/nixos-modules/services/ssh4vms.nix @@ -0,0 +1,41 @@ +{ + config, + lib, + ... +}: +let + cfg = config.scale-network.services.ssh4vms; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.services.ssh4vms.enable = mkEnableOption "SCaLE network SSH for VMs setup"; + + config = mkIf cfg.enable { + services.openssh = { + enable = true; + hostKeys = [ + { + path = "/var/lib/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/var/lib/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + }; +} diff --git a/nix/nixos-modules/time.nix b/nix/nixos-modules/time.nix new file mode 100644 index 00000000..b6ee1084 --- /dev/null +++ b/nix/nixos-modules/time.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: +let + cfg = config.scale-network.timeServers; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.timeServers.enable = mkEnableOption "SCaLE network time servers setup"; + + config = mkIf cfg.enable { + # Sets the default timeservers for everything thats using the default: systemd-timesyncd + networking.timeServers = [ + "ntpconf.scale.lan" + "ntpexpo.scale.lan" + ]; + }; +} diff --git a/nix/nixos-modules/users/berkhan.nix b/nix/nixos-modules/users/berkhan.nix new file mode 100644 index 00000000..3a71be96 --- /dev/null +++ b/nix/nixos-modules/users/berkhan.nix @@ -0,0 +1,30 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.berkhan; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.berkhan.enable = mkEnableOption "user berkhan"; + + config = mkIf cfg.enable { + users.users = { + berkhan = { + isNormalUser = true; + uid = 2100; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6UhZ/oPqiFzCOxoZWeUqeGZCVLLNQbHH3uuIa6PCTz" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/default.nix b/nix/nixos-modules/users/default.nix new file mode 100644 index 00000000..b70a714a --- /dev/null +++ b/nix/nixos-modules/users/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ + ]; +} + diff --git a/nix/nixos-modules/users/dlang.nix b/nix/nixos-modules/users/dlang.nix new file mode 100644 index 00000000..7ed7e0fb --- /dev/null +++ b/nix/nixos-modules/users/dlang.nix @@ -0,0 +1,30 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.dlang; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.dlang.enable = mkEnableOption "user dlang"; + + config = mkIf cfg.enable { + users.users = { + dlang = { + isNormalUser = true; + uid = 2008; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqPnzsYPKyURdnUpZx1nt9RFQjaz9q7m5wh525Crsho" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/jsh.nix b/nix/nixos-modules/users/jsh.nix new file mode 100644 index 00000000..d4266c82 --- /dev/null +++ b/nix/nixos-modules/users/jsh.nix @@ -0,0 +1,30 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.jsh; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.jsh.enable = mkEnableOption "user jsh"; + + config = mkIf cfg.enable { + users.users = { + jsh = { + isNormalUser = true; + uid = 2011; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfK7f1WvpQRhhB6UFeTOY5cB5uCzHFgP1DZZMwf75WZ" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/kylerisse.nix b/nix/nixos-modules/users/kylerisse.nix new file mode 100644 index 00000000..a2e604f0 --- /dev/null +++ b/nix/nixos-modules/users/kylerisse.nix @@ -0,0 +1,32 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.kylerisse; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.kylerisse.enable = mkEnableOption "user kylerisse"; + + config = mkIf cfg.enable { + users.users = { + kylerisse = { + isNormalUser = true; + uid = 2007; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcTYYr/TGH4vRCaY4WU4Qc7RlzzBOHv2XYxGwCzV+fg p" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX8NM1OQECwhNTQE0qAm422uq9L0i0Y/hvPPc4tHIOX a" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlEPbMnefiPfCTKb9lOzPzfnOVAohO08myWWMm9EJxZ" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/owen.nix b/nix/nixos-modules/users/owen.nix new file mode 100644 index 00000000..cffc8483 --- /dev/null +++ b/nix/nixos-modules/users/owen.nix @@ -0,0 +1,30 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.owen; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.owen.enable = mkEnableOption "user owen"; + + config = mkIf cfg.enable { + users.users = { + owen = { + isNormalUser = true; + uid = 2006; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjcUJLTENGrV6K/nrPOswcBVMMuS4sLSs0UyTRw8wU87PDUzJz8Ht2SgHqeEQJdRm1+b6iLsx2uKOf+/pU8qE= root@kiev.delong.com" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/rhamel.nix b/nix/nixos-modules/users/rhamel.nix new file mode 100644 index 00000000..6016201b --- /dev/null +++ b/nix/nixos-modules/users/rhamel.nix @@ -0,0 +1,30 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.rhamel; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.rhamel.enable = mkEnableOption "user rhamel"; + + config = mkIf cfg.enable { + users.users = { + rhamel = { + isNormalUser = true; + uid = 2010; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVZ7n1EOezedsbphq5atGtHm11xeGpLZBzEbgV7eZdb" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/rob.nix b/nix/nixos-modules/users/rob.nix new file mode 100644 index 00000000..5340ccaa --- /dev/null +++ b/nix/nixos-modules/users/rob.nix @@ -0,0 +1,30 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.rob; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.rob.enable = mkEnableOption "user rob"; + + config = mkIf cfg.enable { + users.users = { + rob = { + isNormalUser = true; + uid = 2005; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEiESod7DOT2cmT2QEYjBIrzYqTDnJLld1em3doDROq" + ]; + }; + }; + }; +} diff --git a/nix/nixos-modules/users/root.nix b/nix/nixos-modules/users/root.nix new file mode 100644 index 00000000..e24e5492 --- /dev/null +++ b/nix/nixos-modules/users/root.nix @@ -0,0 +1,29 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.root; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.root.enable = mkEnableOption "user root and sudo configs"; + + config = mkIf cfg.enable { + security.sudo = { + extraConfig = '' + Defaults rootpw + Defaults lecture="never" + ''; + }; + + users.mutableUsers = false; + users.extraUsers.root.hashedPassword = "$6$3Hm/K5fbR3UEMK6H$3aaegtdwvejGk9Bk0ttN5bNJn4z2Yt6LWXD3nGI7.44Pbm7A1TpKuxG9XQLwsj7M9NEk8eB5Exg0qVRV//6br/"; + }; +} diff --git a/nix/nixos-modules/users/ruebenramirez.nix b/nix/nixos-modules/users/ruebenramirez.nix new file mode 100644 index 00000000..dc393f3a --- /dev/null +++ b/nix/nixos-modules/users/ruebenramirez.nix @@ -0,0 +1,30 @@ +{ + lib, + config, +}: +let + cfg = config.scale-network.users.ruebenramirez; + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; +in +{ + options.scale-network.users.ruebenramirez.enable = mkEnableOption "user ruebenramirez"; + + config = mkIf cfg.enable { + users.users = { + ruebenramirez = { + isNormalUser = true; + uid = 2009; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkQS5ohCDizq24WfDgP/dEOonD/0WfrI0EAZFCyS0Ea" + ]; + }; + }; + }; +} From 741357a3fa2d33a6deb6862d3f8e2576305adc1e Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sat, 23 Nov 2024 19:03:43 -0800 Subject: [PATCH 02/15] nix.nixosConfigurations: fix configurations Create a new home for nixos configurations. Moved them all over. --- flake.lock | 17 +- flake.nix | 9 +- nix/library/default.nix | 26 +++ nix/machines/devServer/default.nix | 9 +- nix/machines/devServer/libvirt.nix | 19 --- nix/machines/flake-module.nix | 156 ------------------ .../bootstrap-image}/bootstrap.sh | 0 .../bootstrap-image/default.nix | 73 ++++++++ .../cache/cachecache.nix | 0 .../cache/configuration.nix} | 2 - nix/nixos-configurations/cache/default.nix | 38 +++++ .../cache/microvm-config.nix | 0 .../core-master}/common.nix | 4 +- .../core-master/configuration.nix} | 6 +- .../core-master/default.nix | 38 +++++ .../core-master}/microvm-config.nix | 0 .../core-slave/common.nix | 95 +++++++++++ .../core-slave/configuration.nix} | 8 +- .../core-slave/default.nix | 38 +++++ .../core-slave/microvm-config.nix | 29 ++++ nix/nixos-configurations/default.nix | 47 ++++++ .../dev-server/default.nix | 74 +++++++++ .../dev-server}/disko.nix | 0 .../dev-server}/hardware-configuration.nix | 0 .../hypervisor1/configuration.nix} | 4 - .../hypervisor1/default.nix | 36 ++++ .../hypervisor1}/hardware-configuration.nix | 0 .../hypervisor2/configuration.nix} | 0 .../hypervisor2/default.nix | 36 ++++ .../hypervisor2/hardware-configuration.nix | 83 ++++++++++ nix/nixos-configurations/loghost/default.nix | 67 ++++++++ .../massflash/configuration.nix} | 1 - .../massflash/default.nix | 34 ++++ .../monitor/configuration.nix} | 16 -- nix/nixos-configurations/monitor/default.nix | 38 +++++ .../monitor/microvm-config.nix | 0 .../signs/configuration.nix} | 0 nix/nixos-configurations/signs/default.nix | 38 +++++ .../signs/microvm-config.nix | 0 nix/nixos-modules/base.nix | 2 +- nix/nixos-modules/services/default.nix | 1 + nix/nixos-modules/services/prometheus.nix | 46 ++++-- nix/nixos-modules/users/berkhan.nix | 2 + nix/nixos-modules/users/default.nix | 10 +- nix/nixos-modules/users/dlang.nix | 1 + nix/nixos-modules/users/jsh.nix | 1 + nix/nixos-modules/users/kylerisse.nix | 1 + nix/nixos-modules/users/owen.nix | 1 + nix/nixos-modules/users/rhamel.nix | 1 + nix/nixos-modules/users/rob.nix | 1 + nix/nixos-modules/users/root.nix | 1 + nix/nixos-modules/users/ruebenramirez.nix | 1 + nix/tests/core.nix | 6 +- 53 files changed, 874 insertions(+), 242 deletions(-) create mode 100644 nix/library/default.nix delete mode 100644 nix/machines/devServer/libvirt.nix delete mode 100644 nix/machines/flake-module.nix rename nix/{machines/bootstrap => nixos-configurations/bootstrap-image}/bootstrap.sh (100%) create mode 100644 nix/nixos-configurations/bootstrap-image/default.nix rename nix/{machines => nixos-configurations}/cache/cachecache.nix (100%) rename nix/{machines/cache/cache.nix => nixos-configurations/cache/configuration.nix} (97%) create mode 100644 nix/nixos-configurations/cache/default.nix rename nix/{machines => nixos-configurations}/cache/microvm-config.nix (100%) rename nix/{machines/core => nixos-configurations/core-master}/common.nix (94%) rename nix/{machines/core/master.nix => nixos-configurations/core-master/configuration.nix} (97%) create mode 100644 nix/nixos-configurations/core-master/default.nix rename nix/{machines/core => nixos-configurations/core-master}/microvm-config.nix (100%) create mode 100644 nix/nixos-configurations/core-slave/common.nix rename nix/{machines/core/slave.nix => nixos-configurations/core-slave/configuration.nix} (92%) create mode 100644 nix/nixos-configurations/core-slave/default.nix create mode 100644 nix/nixos-configurations/core-slave/microvm-config.nix create mode 100644 nix/nixos-configurations/default.nix create mode 100644 nix/nixos-configurations/dev-server/default.nix rename nix/{machines/devServer => nixos-configurations/dev-server}/disko.nix (100%) rename nix/{machines/devServer => nixos-configurations/dev-server}/hardware-configuration.nix (100%) rename nix/{machines/hypervisor/hypervisor1.nix => nixos-configurations/hypervisor1/configuration.nix} (97%) create mode 100644 nix/nixos-configurations/hypervisor1/default.nix rename nix/{machines/hypervisor => nixos-configurations/hypervisor1}/hardware-configuration.nix (100%) rename nix/{machines/hypervisor/hypervisor2.nix => nixos-configurations/hypervisor2/configuration.nix} (100%) create mode 100644 nix/nixos-configurations/hypervisor2/default.nix create mode 100644 nix/nixos-configurations/hypervisor2/hardware-configuration.nix create mode 100644 nix/nixos-configurations/loghost/default.nix rename nix/{machines/massflash.nix => nixos-configurations/massflash/configuration.nix} (99%) create mode 100644 nix/nixos-configurations/massflash/default.nix rename nix/{machines/monitor/monitor.nix => nixos-configurations/monitor/configuration.nix} (90%) create mode 100644 nix/nixos-configurations/monitor/default.nix rename nix/{machines => nixos-configurations}/monitor/microvm-config.nix (100%) rename nix/{machines/signs/signs.nix => nixos-configurations/signs/configuration.nix} (100%) create mode 100644 nix/nixos-configurations/signs/default.nix rename nix/{machines => nixos-configurations}/signs/microvm-config.nix (100%) diff --git a/flake.lock b/flake.lock index ec3ddcd2..78bb4aaf 100644 --- a/flake.lock +++ b/flake.lock @@ -24,7 +24,7 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ - "nixpkgs" + "nixpkgs-2405" ] }, "locked": { @@ -63,7 +63,7 @@ "inputs": { "flake-utils": "flake-utils", "nixpkgs": [ - "nixpkgs" + "nixpkgs-2405" ], "spectrum": [] }, @@ -82,13 +82,13 @@ "type": "github" } }, - "nixpkgs": { + "nixpkgs-2405": { "locked": { - "lastModified": 1728500571, - "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "type": "github" }, "original": { @@ -119,7 +119,10 @@ "disko": "disko", "flake-parts": "flake-parts", "microvm": "microvm", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs-2405" + ], + "nixpkgs-2405": "nixpkgs-2405", "nixpkgs-unstable": "nixpkgs-unstable", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index c26703fd..2ff02e1a 100644 --- a/flake.nix +++ b/flake.nix @@ -4,14 +4,15 @@ inputs = { flake-parts = { url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; + inputs.nixpkgs-lib.follows = "nixpkgs-2405"; }; microvm = { url = "github:sarcasticadmin/microvm.nix/rh/1707108673virtio"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-2405"; inputs.spectrum.follows = ""; }; # Currently using this fork since the upstream seems to be causing an issue - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs-2405.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.follows = "nixpkgs-2405"; # get rid of this once flake parts is gone nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; treefmt-nix = { url = "github:numtide/treefmt-nix"; @@ -35,6 +36,8 @@ // { formatter = import ./nix/formatter inputs; formatterModule = import ./nix/formatterModule inputs; + library = import ./nix/library inputs; nixosModules = import ./nix/nixos-modules inputs; + nixosConfigurations = import ./nix/nixos-configurations inputs; }; } diff --git a/nix/library/default.nix b/nix/library/default.nix new file mode 100644 index 00000000..36ad4730 --- /dev/null +++ b/nix/library/default.nix @@ -0,0 +1,26 @@ +inputs: +let + inherit (inputs.nixpkgs-unstable) lib; + + inherit (lib.strings) + splitString + substring + toLower + toUpper + concatMapStrings + ; +in +rec { + + mutFirstChar = + f: s: + let + firstChar = f (substring 0 1 s); + rest = substring 1 (-1) s; + in + firstChar + rest; + + kebabToCamel = + s: mutFirstChar toLower (concatMapStrings (mutFirstChar toUpper) (splitString "-" s)); + +} diff --git a/nix/machines/devServer/default.nix b/nix/machines/devServer/default.nix index e568be70..377865be 100644 --- a/nix/machines/devServer/default.nix +++ b/nix/machines/devServer/default.nix @@ -1,10 +1,9 @@ -{ config, pkgs, ... }: +{ + pkgs, + ... +}: { - imports = [ - ./libvirt.nix - ./gitlab.nix - ]; # remove the annoying experimental warnings nix.extraOptions = '' experimental-features = nix-command flakes diff --git a/nix/machines/devServer/libvirt.nix b/nix/machines/devServer/libvirt.nix deleted file mode 100644 index 4e08f186..00000000 --- a/nix/machines/devServer/libvirt.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: -{ - security.polkit.enable = true; - - virtualisation.libvirtd = { - enable = true; - qemu = { - ovmf.enable = true; - runAsRoot = false; - }; - onBoot = "ignore"; - onShutdown = "shutdown"; - }; - - # Add any users in the 'wheel' group to the 'libvirt' group. - users.groups.libvirt.members = builtins.filter ( - x: builtins.elem "wheel" config.users.users."${x}".extraGroups - ) (builtins.attrNames config.users.users); -} diff --git a/nix/machines/flake-module.nix b/nix/machines/flake-module.nix deleted file mode 100644 index 8f8fc32c..00000000 --- a/nix/machines/flake-module.nix +++ /dev/null @@ -1,156 +0,0 @@ -{ lib, inputs, ... }: - -let - # All scale common modules - system = "x86_64-linux"; - common = { - imports = [ - inputs.microvm.nixosModules.microvm - inputs.self.nixosModules.facts - ./_common - ./_common/time.nix - ./_common/ssh/vm.nix - ]; - }; -in -{ - flake.nixosConfigurations = { - bootstrapImage = lib.nixosSystem { - inherit system; - modules = [ - ( - { modulesPath, ... }: - { - imports = [ - "${toString modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" - ]; - } - ) - ./_common/base.nix - ./_common/users.nix - ./bootstrap - ]; - }; - devServer = lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - inputs.disko.nixosModules.disko - ./devServer/disko.nix - ./_common/base.nix - ./_common/users.nix - ./devServer/default.nix - ./devServer/hardware-configuration.nix - ]; - }; - loghost = lib.nixosSystem { - inherit system; - modules = [ - common - ./loghost.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - monitor = lib.nixosSystem { - inherit system; - modules = [ - common - ./monitor/monitor.nix - ./monitor/microvm-config.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - massflash = lib.nixosSystem { - inherit system; - modules = [ - ( - { modulesPath, ... }: - { - imports = [ - "${toString modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" - ]; - } - ) - ./_common/base.nix - ./_common/users.nix - ./massflash.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - coreMaster = lib.nixosSystem { - inherit system; - modules = [ - common - ./core/microvm-config.nix - ./core/master.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - coreSlave = lib.nixosSystem { - inherit system; - modules = [ - common - ./core/microvm-config.nix - ./core/slave.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - hypervisor1 = lib.nixosSystem { - inherit system; - modules = [ - ./_common - inputs.microvm.nixosModules.host - ./hypervisor/hypervisor1.nix - ./hypervisor/hardware-configuration.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - hypervisor2 = lib.nixosSystem { - inherit system; - modules = [ - ./_common - inputs.microvm.nixosModules.host - ./hypervisor/hypervisor2.nix - ./hypervisor/hardware-configuration.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - signs = lib.nixosSystem { - inherit system; - modules = [ - common - ./signs/microvm-config.nix - ./signs/signs.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - cache = lib.nixosSystem { - inherit system; - modules = [ - common - ./cache/microvm-config.nix - ./cache/cache.nix - ]; - specialArgs = { - inherit inputs; - }; - }; - - }; - -} diff --git a/nix/machines/bootstrap/bootstrap.sh b/nix/nixos-configurations/bootstrap-image/bootstrap.sh similarity index 100% rename from nix/machines/bootstrap/bootstrap.sh rename to nix/nixos-configurations/bootstrap-image/bootstrap.sh diff --git a/nix/nixos-configurations/bootstrap-image/default.nix b/nix/nixos-configurations/bootstrap-image/default.nix new file mode 100644 index 00000000..8d3ca57b --- /dev/null +++ b/nix/nixos-configurations/bootstrap-image/default.nix @@ -0,0 +1,73 @@ +{ + release = "2405"; + + modules = + { + modulesPath, + pkgs, + ... + }: + let + mybootstrap = pkgs.writeShellScriptBin "mybootstrap" (builtins.readFile ./bootstrap.sh); + in + { + imports = [ + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = true; + }; + + systemd.network = { + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "eno1"; + enable = true; + networkConfig.DHCP = "yes"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + wget + git + vim + efibootmgr + gptfdisk + screen + mybootstrap + ]; + + services.openssh = { + enable = true; + openFirewall = true; + }; + + }; + }; +} diff --git a/nix/machines/cache/cachecache.nix b/nix/nixos-configurations/cache/cachecache.nix similarity index 100% rename from nix/machines/cache/cachecache.nix rename to nix/nixos-configurations/cache/cachecache.nix diff --git a/nix/machines/cache/cache.nix b/nix/nixos-configurations/cache/configuration.nix similarity index 97% rename from nix/machines/cache/cache.nix rename to nix/nixos-configurations/cache/configuration.nix index ddef479c..58e6bdc3 100644 --- a/nix/machines/cache/cache.nix +++ b/nix/nixos-configurations/cache/configuration.nix @@ -1,6 +1,4 @@ { - config, - lib, pkgs, ... }: diff --git a/nix/nixos-configurations/cache/default.nix b/nix/nixos-configurations/cache/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/cache/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/cache/microvm-config.nix b/nix/nixos-configurations/cache/microvm-config.nix similarity index 100% rename from nix/machines/cache/microvm-config.nix rename to nix/nixos-configurations/cache/microvm-config.nix diff --git a/nix/machines/core/common.nix b/nix/nixos-configurations/core-master/common.nix similarity index 94% rename from nix/machines/core/common.nix rename to nix/nixos-configurations/core-master/common.nix index 26a39c51..0ed55d2c 100644 --- a/nix/machines/core/common.nix +++ b/nix/nixos-configurations/core-master/common.nix @@ -70,8 +70,8 @@ inputs.self.packages.${pkgs.system}.scaleInventory }/config/dhcp6-server.conf $TMP/dhcp6-server.conf substituteInPlace "$TMP/dhcp6-server.conf" \ - --replace '@@SERVERADDRESS@@' '${builtins.head (lib.splitString "/" config.facts.ipv6)}' \ - --replace '@@INTERFACE@@' '${config.facts.eth}' + --replace '@@SERVERADDRESS@@' '${builtins.head (lib.splitString "/" config.scale-network.facts.ipv6)}' \ + --replace '@@INTERFACE@@' '${config.scale-network.facts.eth}' cp $TMP/dhcp6-server.conf $out ''; diff --git a/nix/machines/core/master.nix b/nix/nixos-configurations/core-master/configuration.nix similarity index 97% rename from nix/machines/core/master.nix rename to nix/nixos-configurations/core-master/configuration.nix index 4a857fef..ced11e29 100644 --- a/nix/machines/core/master.nix +++ b/nix/nixos-configurations/core-master/configuration.nix @@ -14,7 +14,7 @@ in ./common.nix ]; - facts = { + scale-network.facts = { ipv4 = "10.128.3.5/24"; ipv6 = "2001:470:f026:503::5/64"; eth = "eth0"; @@ -41,8 +41,8 @@ in name = "e*0*"; enable = true; address = [ - config.facts.ipv4 - config.facts.ipv6 + config.scale-network.facts.ipv4 + config.scale-network.facts.ipv6 ]; routes = [ { routeConfig.Gateway = "10.128.3.1"; } diff --git a/nix/nixos-configurations/core-master/default.nix b/nix/nixos-configurations/core-master/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/core-master/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/core/microvm-config.nix b/nix/nixos-configurations/core-master/microvm-config.nix similarity index 100% rename from nix/machines/core/microvm-config.nix rename to nix/nixos-configurations/core-master/microvm-config.nix diff --git a/nix/nixos-configurations/core-slave/common.nix b/nix/nixos-configurations/core-slave/common.nix new file mode 100644 index 00000000..0ed55d2c --- /dev/null +++ b/nix/nixos-configurations/core-slave/common.nix @@ -0,0 +1,95 @@ +{ + config, + lib, + pkgs, + inputs, + options, + ... +}: + +{ + boot.kernelParams = [ "console=ttyS0" ]; + + # disable legacy networking bits as recommended by: + # https://github.com/NixOS/nixpkgs/issues/10001#issuecomment-905532069 + # https://github.com/NixOS/nixpkgs/blob/82935bfed15d680aa66d9020d4fe5c4e8dc09123/nixos/tests/systemd-networkd-dhcpserver.nix + networking = { + useDHCP = false; + useNetworkd = true; + firewall.allowedTCPPorts = [ + 53 + 67 + 68 + ]; + firewall.allowedUDPPorts = [ + 53 + 67 + 68 + 123 + 547 + ]; + }; + + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + ldns + bind + kea + inputs.self.packages.${pkgs.system}.scaleInventory + vim + git + ]; + + environment.etc."bind/named.conf".source = config.services.bind.configFile; + + systemd.services.bind = + let + # Get original config + cfg = config.services.bind; + in + { + serviceConfig.ExecStart = lib.mkForce "${cfg.package.out}/sbin/named -u named ${lib.strings.optionalString cfg.ipv4Only "-4"} -c /etc/bind/named.conf -f"; + restartTriggers = [ + cfg.configFile + ]; + }; + + services = { + resolved.enable = false; + kea = { + dhcp4 = { + enable = true; + configFile = "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/dhcp4-server.conf"; + }; + dhcp6 = + let + dhcp6PopulateConfig = pkgs.runCommand "replace" { } '' + mkdir $out + cp ${ + inputs.self.packages.${pkgs.system}.scaleInventory + }/config/dhcp6-server.conf $TMP/dhcp6-server.conf + substituteInPlace "$TMP/dhcp6-server.conf" \ + --replace '@@SERVERADDRESS@@' '${builtins.head (lib.splitString "/" config.scale-network.facts.ipv6)}' \ + --replace '@@INTERFACE@@' '${config.scale-network.facts.eth}' + cp $TMP/dhcp6-server.conf $out + ''; + + in + { + enable = true; + configFile = "${dhcp6PopulateConfig}/dhcp6-server.conf"; + }; + }; + ntp = { + enable = true; + # Default to time servers that are not Scales since we have to get time from somewhere + servers = options.networking.timeServers.default; + extraConfig = '' + # Hosts on the local network(s) are not permitted because of the "restrict default" + restrict 10.0.0.0/8 kod nomodify notrap nopeer + restrict 2001:470:f026::/48 kod nomodify notrap nopeer + ''; + }; + }; +} diff --git a/nix/machines/core/slave.nix b/nix/nixos-configurations/core-slave/configuration.nix similarity index 92% rename from nix/machines/core/slave.nix rename to nix/nixos-configurations/core-slave/configuration.nix index c961a8d1..ba6b7dc0 100644 --- a/nix/machines/core/slave.nix +++ b/nix/nixos-configurations/core-slave/configuration.nix @@ -9,7 +9,7 @@ imports = [ ./common.nix ]; - facts = { + scale-network.facts = { ipv4 = "10.0.3.5/24"; ipv6 = "2001:470:f026:103::5/64"; eth = "eth0"; @@ -32,8 +32,8 @@ name = "e*0"; enable = true; address = [ - config.facts.ipv4 - config.facts.ipv6 + config.scale-network.facts.ipv4 + config.scale-network.facts.ipv6 ]; routes = [ { routeConfig.Gateway = "10.0.3.1"; } @@ -57,7 +57,7 @@ "8.8.4.4" ]; extraOptions = '' - transfer-source-v6 ${builtins.head (lib.splitString "/" config.facts.ipv6)}; + transfer-source-v6 ${builtins.head (lib.splitString "/" config.scale-network.facts.ipv6)}; ''; zones = { "scale.lan." = { diff --git a/nix/nixos-configurations/core-slave/default.nix b/nix/nixos-configurations/core-slave/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/core-slave/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/nixos-configurations/core-slave/microvm-config.nix b/nix/nixos-configurations/core-slave/microvm-config.nix new file mode 100644 index 00000000..6d19c306 --- /dev/null +++ b/nix/nixos-configurations/core-slave/microvm-config.nix @@ -0,0 +1,29 @@ +{ config, ... }: + +{ + microvm.qemu.serialConsole = false; + microvm.qemu.extraArgs = [ + "-serial" + "pty" + ]; + + microvm.vcpu = 4; + microvm.mem = 8192; + microvm.interfaces = [ + { + type = "tap"; + id = "vm-${config.networking.hostName}"; + # Will eventually pull this from facts + mac = + if config.networking.hostName == "coremaster" then "4c:72:b9:7c:41:17" else "58:9c:fc:00:38:5f"; + } + ]; + + microvm.volumes = [ + { + image = "/persist/microvm/${config.networking.hostName}.img"; + mountPoint = "/var"; + size = 40000; + } + ]; +} diff --git a/nix/nixos-configurations/default.nix b/nix/nixos-configurations/default.nix new file mode 100644 index 00000000..39a527d8 --- /dev/null +++ b/nix/nixos-configurations/default.nix @@ -0,0 +1,47 @@ +inputs: +let + inherit (builtins) + readDir + ; + + inherit (inputs.nixpkgs-unstable) lib; + + inherit (lib.attrsets) + filterAttrs + mapAttrs' + nameValuePair + ; + + inherit (lib.modules) + mkDefault + ; + + inherit (inputs.self.library) + kebabToCamel + ; +in +mapAttrs' ( + hostDirectory: _: + nameValuePair (kebabToCamel hostDirectory) ( + let + inherit (import ./${hostDirectory}) release modules; + in + inputs."nixpkgs-${release}".lib.nixosSystem { + modules = [ + ( + { ... }: + { + networking.hostName = mkDefault hostDirectory; + } + ) + inputs.disko.nixosModules.disko + inputs.self.nixosModules.default + modules + ]; + + specialArgs = { + inherit inputs; + }; + } + ) +) (filterAttrs (_: fileType: fileType == "directory") (readDir ./.)) diff --git a/nix/nixos-configurations/dev-server/default.nix b/nix/nixos-configurations/dev-server/default.nix new file mode 100644 index 00000000..f9c6d5ce --- /dev/null +++ b/nix/nixos-configurations/dev-server/default.nix @@ -0,0 +1,74 @@ +{ + release = "2405"; + + modules = + { + pkgs, + ... + }: + { + imports = [ + ./disko.nix + ./hardware-configuration.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + libvirt.enable = true; + services.gitlab.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = true; + }; + + systemd.network = { + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "eno1"; + enable = true; + networkConfig.DHCP = "yes"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + wget + git + vim + efibootmgr + gptfdisk + screen + ]; + + services.openssh = { + enable = true; + openFirewall = true; + }; + + }; + }; +} diff --git a/nix/machines/devServer/disko.nix b/nix/nixos-configurations/dev-server/disko.nix similarity index 100% rename from nix/machines/devServer/disko.nix rename to nix/nixos-configurations/dev-server/disko.nix diff --git a/nix/machines/devServer/hardware-configuration.nix b/nix/nixos-configurations/dev-server/hardware-configuration.nix similarity index 100% rename from nix/machines/devServer/hardware-configuration.nix rename to nix/nixos-configurations/dev-server/hardware-configuration.nix diff --git a/nix/machines/hypervisor/hypervisor1.nix b/nix/nixos-configurations/hypervisor1/configuration.nix similarity index 97% rename from nix/machines/hypervisor/hypervisor1.nix rename to nix/nixos-configurations/hypervisor1/configuration.nix index 10d30540..5e2b4253 100644 --- a/nix/machines/hypervisor/hypervisor1.nix +++ b/nix/nixos-configurations/hypervisor1/configuration.nix @@ -5,10 +5,6 @@ ... }: { - imports = [ - ./libvirt.nix - ]; - # ZFS uniq system ID # to generate: head -c4 /dev/urandom | od -A none -t x4 networking.hostId = "25c531dc"; diff --git a/nix/nixos-configurations/hypervisor1/default.nix b/nix/nixos-configurations/hypervisor1/default.nix new file mode 100644 index 00000000..83b0b8e1 --- /dev/null +++ b/nix/nixos-configurations/hypervisor1/default.nix @@ -0,0 +1,36 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + inputs.microvm.nixosModules.host + ./configuration.nix + ./hardware-configuration.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/hypervisor/hardware-configuration.nix b/nix/nixos-configurations/hypervisor1/hardware-configuration.nix similarity index 100% rename from nix/machines/hypervisor/hardware-configuration.nix rename to nix/nixos-configurations/hypervisor1/hardware-configuration.nix diff --git a/nix/machines/hypervisor/hypervisor2.nix b/nix/nixos-configurations/hypervisor2/configuration.nix similarity index 100% rename from nix/machines/hypervisor/hypervisor2.nix rename to nix/nixos-configurations/hypervisor2/configuration.nix diff --git a/nix/nixos-configurations/hypervisor2/default.nix b/nix/nixos-configurations/hypervisor2/default.nix new file mode 100644 index 00000000..83b0b8e1 --- /dev/null +++ b/nix/nixos-configurations/hypervisor2/default.nix @@ -0,0 +1,36 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + inputs.microvm.nixosModules.host + ./configuration.nix + ./hardware-configuration.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/nixos-configurations/hypervisor2/hardware-configuration.nix b/nix/nixos-configurations/hypervisor2/hardware-configuration.nix new file mode 100644 index 00000000..6b45a090 --- /dev/null +++ b/nix/nixos-configurations/hypervisor2/hardware-configuration.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + # *sas drivers required for Lenovo System x3650 M5 Machine Type: 8871AC1 + boot.initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + "mpt3sas" + "megaraid_sas" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "zroot/root"; + fsType = "zfs"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + options = [ "nofail" ]; + }; + fileSystems."/boot2" = { + device = "/dev/disk/by-label/BOOT2"; + fsType = "vfat"; + options = [ "nofail" ]; + }; + fileSystems."/nix" = { + device = "zroot/nix"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "zroot/home"; + fsType = "zfs"; + }; + + fileSystems."/persist" = { + device = "zroot/persist"; + fsType = "zfs"; + }; + + # Make sure we have a place to storage persistent volumes + system.activationScripts.persist_microvm = lib.stringAfter [ "stdio" ] '' + mkdir -m 750 -p /persist/microvm + chown microvm:kvm /persist/microvm + ''; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + boot.loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + mirroredBoots = [ + { + devices = [ "nodev" ]; + path = "/boot"; + } + { + devices = [ "nodev" ]; + path = "/boot2"; + } + ]; + }; +} diff --git a/nix/nixos-configurations/loghost/default.nix b/nix/nixos-configurations/loghost/default.nix new file mode 100644 index 00000000..2811f333 --- /dev/null +++ b/nix/nixos-configurations/loghost/default.nix @@ -0,0 +1,67 @@ +{ + release = "2405"; + + modules = + { + inputs, + pkgs, + ... + }: + { + imports = [ + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + boot.kernelParams = [ "console=ttyS0" ]; + + networking = { + firewall.allowedTCPPorts = [ 514 ]; + }; + + # TODO: How to handle sudo esculation + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + rsyslog + vim + git + ]; + + # Easy test of the service using logger + # logger -n 127.0.0.1 -P 514 --tcp "simple test" + # cat /var/log/rsyslog//root.log + services.rsyslogd = { + enable = true; + defaultConfig = '' + module(load="imtcp") + input(type="imtcp" port="514") + + $template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log" + *.* ?RemoteLogs + & ~ + ''; + }; + + }; + }; +} diff --git a/nix/machines/massflash.nix b/nix/nixos-configurations/massflash/configuration.nix similarity index 99% rename from nix/machines/massflash.nix rename to nix/nixos-configurations/massflash/configuration.nix index 0291463f..9312ca94 100644 --- a/nix/machines/massflash.nix +++ b/nix/nixos-configurations/massflash/configuration.nix @@ -1,5 +1,4 @@ { - config, lib, pkgs, inputs, diff --git a/nix/nixos-configurations/massflash/default.nix b/nix/nixos-configurations/massflash/default.nix new file mode 100644 index 00000000..e8997d17 --- /dev/null +++ b/nix/nixos-configurations/massflash/default.nix @@ -0,0 +1,34 @@ +{ + release = "2405"; + + modules = + { + modulesPath, + ... + }: + { + imports = [ + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + ./configuration.nix + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/monitor/monitor.nix b/nix/nixos-configurations/monitor/configuration.nix similarity index 90% rename from nix/machines/monitor/monitor.nix rename to nix/nixos-configurations/monitor/configuration.nix index ae6d6fa1..be8b551a 100644 --- a/nix/machines/monitor/monitor.nix +++ b/nix/nixos-configurations/monitor/configuration.nix @@ -1,6 +1,5 @@ { config, - lib, pkgs, inputs, ... @@ -10,26 +9,11 @@ let dashboard = pkgs.copyPathToStore ../../../monitoring/openwrt_dashboard.json; in { - imports = [ - ../_common/prometheus.nix - ]; - boot.kernelParams = [ "console=ttyS0" "boot.shell_on_fail" ]; - users.users = { - berkhan = { - isNormalUser = true; - uid = 2100; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6UhZ/oPqiFzCOxoZWeUqeGZCVLLNQbHH3uuIa6PCTz" - ]; - }; - }; - systemd.network = { enable = true; networks = { diff --git a/nix/nixos-configurations/monitor/default.nix b/nix/nixos-configurations/monitor/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/monitor/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/monitor/microvm-config.nix b/nix/nixos-configurations/monitor/microvm-config.nix similarity index 100% rename from nix/machines/monitor/microvm-config.nix rename to nix/nixos-configurations/monitor/microvm-config.nix diff --git a/nix/machines/signs/signs.nix b/nix/nixos-configurations/signs/configuration.nix similarity index 100% rename from nix/machines/signs/signs.nix rename to nix/nixos-configurations/signs/configuration.nix diff --git a/nix/nixos-configurations/signs/default.nix b/nix/nixos-configurations/signs/default.nix new file mode 100644 index 00000000..94a9c7d7 --- /dev/null +++ b/nix/nixos-configurations/signs/default.nix @@ -0,0 +1,38 @@ +{ + release = "2405"; + + modules = + { + inputs, + ... + }: + { + imports = [ + ./configuration.nix + ./microvm-config.nix + inputs.microvm.nixosModules.microvm + ]; + + config = { + nixpkgs.hostPlatform = "x86_64-linux"; + + scale-network = { + base.enable = true; + services.prometheus.enable = true; + services.ssh4vms.enable = true; + timeServers.enable = true; + + users.berkhan.enable = true; + users.dlang.enable = true; + users.jsh.enable = true; + users.kylerisse.enable = true; + users.owen.enable = true; + users.rhamel.enable = true; + users.rob.enable = true; + users.root.enable = true; + users.ruebenramirez.enable = true; + }; + + }; + }; +} diff --git a/nix/machines/signs/microvm-config.nix b/nix/nixos-configurations/signs/microvm-config.nix similarity index 100% rename from nix/machines/signs/microvm-config.nix rename to nix/nixos-configurations/signs/microvm-config.nix diff --git a/nix/nixos-modules/base.nix b/nix/nixos-modules/base.nix index a8961bca..11a433f8 100644 --- a/nix/nixos-modules/base.nix +++ b/nix/nixos-modules/base.nix @@ -20,7 +20,7 @@ in config = mkIf cfg.enable { # default to stateVersion for current lock - system.stateVersion = config.system.nixos.version; + system.stateVersion = config.system.nixos.release; # remove the annoying experimental warnings nix.extraOptions = '' diff --git a/nix/nixos-modules/services/default.nix b/nix/nixos-modules/services/default.nix index 819dd8c3..86c7c7f3 100644 --- a/nix/nixos-modules/services/default.nix +++ b/nix/nixos-modules/services/default.nix @@ -3,5 +3,6 @@ imports = [ ./gitlab.nix ./prometheus.nix + ./ssh4vms.nix ]; } diff --git a/nix/nixos-modules/services/prometheus.nix b/nix/nixos-modules/services/prometheus.nix index 0b2ac413..c2326928 100644 --- a/nix/nixos-modules/services/prometheus.nix +++ b/nix/nixos-modules/services/prometheus.nix @@ -1,20 +1,36 @@ -{ ... }: +{ config, lib, ... }: let - port = 9100; + cfg = config.scale-network.services.prometheus; + + inherit (lib.modules) + mkIf + ; + + inherit (lib.options) + mkEnableOption + ; in { - networking.firewall.allowedTCPPorts = [ port ]; + options.scale-network.services.prometheus.enable = mkEnableOption "SCaLE network prometheus exporter"; + + config = + let + port = 9100; + in + mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ port ]; - services.prometheus.exporters.node = { - enable = true; - port = port; - enabledCollectors = [ - "logind" - "systemd" - "network_route" - ]; - disabledCollectors = [ - "textfile" - ]; - }; + services.prometheus.exporters.node = { + enable = true; + port = port; + enabledCollectors = [ + "logind" + "systemd" + "network_route" + ]; + disabledCollectors = [ + "textfile" + ]; + }; + }; } diff --git a/nix/nixos-modules/users/berkhan.nix b/nix/nixos-modules/users/berkhan.nix index 3a71be96..de04b3c8 100644 --- a/nix/nixos-modules/users/berkhan.nix +++ b/nix/nixos-modules/users/berkhan.nix @@ -1,9 +1,11 @@ { lib, config, + ... }: let cfg = config.scale-network.users.berkhan; + inherit (lib.modules) mkIf ; diff --git a/nix/nixos-modules/users/default.nix b/nix/nixos-modules/users/default.nix index b70a714a..1c38bbef 100644 --- a/nix/nixos-modules/users/default.nix +++ b/nix/nixos-modules/users/default.nix @@ -1,6 +1,14 @@ { ... }: { imports = [ + ./berkhan.nix + ./dlang.nix + ./jsh.nix + ./kylerisse.nix + ./owen.nix + ./rhamel.nix + ./rob.nix + ./root.nix + ./ruebenramirez.nix ]; } - diff --git a/nix/nixos-modules/users/dlang.nix b/nix/nixos-modules/users/dlang.nix index 7ed7e0fb..aff6d462 100644 --- a/nix/nixos-modules/users/dlang.nix +++ b/nix/nixos-modules/users/dlang.nix @@ -1,6 +1,7 @@ { lib, config, + ... }: let cfg = config.scale-network.users.dlang; diff --git a/nix/nixos-modules/users/jsh.nix b/nix/nixos-modules/users/jsh.nix index d4266c82..b8fd5e05 100644 --- a/nix/nixos-modules/users/jsh.nix +++ b/nix/nixos-modules/users/jsh.nix @@ -1,6 +1,7 @@ { lib, config, + ... }: let cfg = config.scale-network.users.jsh; diff --git a/nix/nixos-modules/users/kylerisse.nix b/nix/nixos-modules/users/kylerisse.nix index a2e604f0..dcfa4145 100644 --- a/nix/nixos-modules/users/kylerisse.nix +++ b/nix/nixos-modules/users/kylerisse.nix @@ -1,6 +1,7 @@ { lib, config, + ... }: let cfg = config.scale-network.users.kylerisse; diff --git a/nix/nixos-modules/users/owen.nix b/nix/nixos-modules/users/owen.nix index cffc8483..e663a2b7 100644 --- a/nix/nixos-modules/users/owen.nix +++ b/nix/nixos-modules/users/owen.nix @@ -1,6 +1,7 @@ { lib, config, + ... }: let cfg = config.scale-network.users.owen; diff --git a/nix/nixos-modules/users/rhamel.nix b/nix/nixos-modules/users/rhamel.nix index 6016201b..2f384270 100644 --- a/nix/nixos-modules/users/rhamel.nix +++ b/nix/nixos-modules/users/rhamel.nix @@ -1,6 +1,7 @@ { lib, config, + ... }: let cfg = config.scale-network.users.rhamel; diff --git a/nix/nixos-modules/users/rob.nix b/nix/nixos-modules/users/rob.nix index 5340ccaa..428932e1 100644 --- a/nix/nixos-modules/users/rob.nix +++ b/nix/nixos-modules/users/rob.nix @@ -1,6 +1,7 @@ { lib, config, + ... }: let cfg = config.scale-network.users.rob; diff --git a/nix/nixos-modules/users/root.nix b/nix/nixos-modules/users/root.nix index e24e5492..a8e3d559 100644 --- a/nix/nixos-modules/users/root.nix +++ b/nix/nixos-modules/users/root.nix @@ -1,6 +1,7 @@ { lib, config, + ... }: let cfg = config.scale-network.users.root; diff --git a/nix/nixos-modules/users/ruebenramirez.nix b/nix/nixos-modules/users/ruebenramirez.nix index dc393f3a..b6768f32 100644 --- a/nix/nixos-modules/users/ruebenramirez.nix +++ b/nix/nixos-modules/users/ruebenramirez.nix @@ -1,6 +1,7 @@ { lib, config, + ... }: let cfg = config.scale-network.users.ruebenramirez; diff --git a/nix/tests/core.nix b/nix/tests/core.nix index 7e49a134..c003b568 100644 --- a/nix/tests/core.nix +++ b/nix/tests/core.nix @@ -75,11 +75,11 @@ in inherit inputs; }; imports = [ - ../machines/core/master.nix - ../modules/facts.nix + ../nixos-configurations/core-master/configuration.nix + ../nixos-modules/facts.nix ]; - facts = lib.mkForce { + scale-network.facts = lib.mkForce { ipv4 = "${coremasterAddr.ipv4}/24"; ipv6 = "${coremasterAddr.ipv6}/64"; eth = "eth1"; From cb964646b37c366def9ed3a7e2a896d20989dfba Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 17:05:26 -0800 Subject: [PATCH 03/15] nix.treewide: step 999 of removing flake-parts Move pkgs to packages and follow the by-name schema from upstream. Create overlays for all the packages and expose them in the flake outputs. Use the overlays to create an exposed legacy-packages output. Had to modify the devshells and test for now because they were causing failures. --- flake.nix | 2 + nix/dev/flake-module.nix | 36 +++++++++------- nix/flake-module.nix | 1 - nix/legacy-packages/default.nix | 13 ++++++ nix/library/default.nix | 7 +++ .../core-master/common.nix | 11 ++--- .../core-master/configuration.nix | 12 ++---- .../core-slave/common.nix | 8 ++-- nix/nixos-configurations/default.nix | 1 + .../massflash/configuration.nix | 4 +- .../monitor/configuration.nix | 2 +- nix/overlays/default.nix | 43 +++++++++++++++++++ nix/{pkgs => packages}/flake-module.nix | 0 .../massflash/package.nix} | 2 +- .../scale-inventory/package.nix} | 4 +- nix/{pkgs => packages}/serverspec/Gemfile | 0 .../serverspec/Gemfile.lock | 0 nix/{pkgs => packages}/serverspec/README.md | 2 +- nix/{pkgs => packages}/serverspec/gemset.nix | 0 .../serverspec/package.nix} | 0 nix/tests/core.nix | 2 +- nix/tests/flake-module.nix | 2 +- 22 files changed, 105 insertions(+), 47 deletions(-) create mode 100644 nix/legacy-packages/default.nix create mode 100644 nix/overlays/default.nix rename nix/{pkgs => packages}/flake-module.nix (100%) rename nix/{pkgs/massflash.nix => packages/massflash/package.nix} (90%) rename nix/{pkgs/scaleInventory.nix => packages/scale-inventory/package.nix} (91%) rename nix/{pkgs => packages}/serverspec/Gemfile (100%) rename nix/{pkgs => packages}/serverspec/Gemfile.lock (100%) rename nix/{pkgs => packages}/serverspec/README.md (85%) rename nix/{pkgs => packages}/serverspec/gemset.nix (100%) rename nix/{pkgs/serverspec/default.nix => packages/serverspec/package.nix} (100%) diff --git a/flake.nix b/flake.nix index 2ff02e1a..7810b4f4 100644 --- a/flake.nix +++ b/flake.nix @@ -36,8 +36,10 @@ // { formatter = import ./nix/formatter inputs; formatterModule = import ./nix/formatterModule inputs; + legacyPackages = import ./nix/legacy-packages inputs; library = import ./nix/library inputs; nixosModules = import ./nix/nixos-modules inputs; nixosConfigurations = import ./nix/nixos-configurations inputs; + overlays = import ./nix/overlays inputs; }; } diff --git a/nix/dev/flake-module.nix b/nix/dev/flake-module.nix index c45a3eed..cea807ee 100644 --- a/nix/dev/flake-module.nix +++ b/nix/dev/flake-module.nix @@ -30,21 +30,21 @@ ] )) ]; - openwrt_sub = with pkgs; [ - expect - gomplate - magic-wormhole - tftp-hpa - nettools - unixtools.ping - iperf3 - ncurses - ncurses.dev - pkg-config - gcc - stdenv - inputs.self.packages.${pkgs.system}.serverspec - ]; + # openwrt_sub = with pkgs; [ + # expect + # gomplate + # magic-wormhole + # tftp-hpa + # nettools + # unixtools.ping + # iperf3 + # ncurses + # ncurses.dev + # pkg-config + # gcc + # stdenv + # inputs.self.packages.${pkgs.system}.serverspec + # ]; network_sub = with pkgs; [ perl ghostscript @@ -52,7 +52,11 @@ in { devShells.default = pkgs.mkShell { - packages = global ++ openwrt_sub ++ network_sub; + packages = ( + global + # ++ openwrt_sub + ++ network_sub + ); }; }; } diff --git a/nix/flake-module.nix b/nix/flake-module.nix index 7292e2e1..e1de00d5 100644 --- a/nix/flake-module.nix +++ b/nix/flake-module.nix @@ -1,6 +1,5 @@ { imports = [ - ./pkgs/flake-module.nix ./tests/flake-module.nix ./dev/flake-module.nix ]; diff --git a/nix/legacy-packages/default.nix b/nix/legacy-packages/default.nix new file mode 100644 index 00000000..a2d197a0 --- /dev/null +++ b/nix/legacy-packages/default.nix @@ -0,0 +1,13 @@ +inputs: +inputs.nixpkgs-unstable.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + ( + system: + import inputs.nixpkgs-unstable { + inherit system; + overlays = [ inputs.self.overlays.default ]; + } + ) diff --git a/nix/library/default.nix b/nix/library/default.nix index 36ad4730..45578f55 100644 --- a/nix/library/default.nix +++ b/nix/library/default.nix @@ -2,6 +2,11 @@ inputs: let inherit (inputs.nixpkgs-unstable) lib; + inherit (lib.attrsets) + mapAttrs' + nameValuePair + ; + inherit (lib.strings) splitString substring @@ -23,4 +28,6 @@ rec { kebabToCamel = s: mutFirstChar toLower (concatMapStrings (mutFirstChar toUpper) (splitString "-" s)); + attrNamesKebabToCamel = mapAttrs' (name: value: nameValuePair (kebabToCamel name) value); + } diff --git a/nix/nixos-configurations/core-master/common.nix b/nix/nixos-configurations/core-master/common.nix index 0ed55d2c..7d861cc9 100644 --- a/nix/nixos-configurations/core-master/common.nix +++ b/nix/nixos-configurations/core-master/common.nix @@ -1,9 +1,8 @@ { config, lib, - pkgs, - inputs, options, + pkgs, ... }: @@ -36,7 +35,7 @@ ldns bind kea - inputs.self.packages.${pkgs.system}.scaleInventory + scale-network.scaleInventory vim git ]; @@ -60,15 +59,13 @@ kea = { dhcp4 = { enable = true; - configFile = "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/dhcp4-server.conf"; + configFile = "${pkgs.scale-network.scaleInventory}/config/dhcp4-server.conf"; }; dhcp6 = let dhcp6PopulateConfig = pkgs.runCommand "replace" { } '' mkdir $out - cp ${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/dhcp6-server.conf $TMP/dhcp6-server.conf + cp ${pkgs.scale-network.scaleInventory}/config/dhcp6-server.conf $TMP/dhcp6-server.conf substituteInPlace "$TMP/dhcp6-server.conf" \ --replace '@@SERVERADDRESS@@' '${builtins.head (lib.splitString "/" config.scale-network.facts.ipv6)}' \ --replace '@@INTERFACE@@' '${config.scale-network.facts.eth}' diff --git a/nix/nixos-configurations/core-master/configuration.nix b/nix/nixos-configurations/core-master/configuration.nix index ced11e29..037023c0 100644 --- a/nix/nixos-configurations/core-master/configuration.nix +++ b/nix/nixos-configurations/core-master/configuration.nix @@ -84,9 +84,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/db.scale.lan.records") + (builtins.readFile "${pkgs.scale-network.scaleInventory}/config/db.scale.lan.records") ] ); }; @@ -108,9 +106,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/db.ipv4.arpa.records") + (builtins.readFile "${pkgs.scale-network.scaleInventory}/config/db.ipv4.arpa.records") ] ); }; @@ -133,9 +129,7 @@ in IN NS coreexpo.scale.lan. IN NS coreconf.scale.lan. '' - (builtins.readFile "${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/db.ipv6.arpa.records") + (builtins.readFile "${pkgs.scale-network.scaleInventory}/config/db.ipv6.arpa.records") ] ); }; diff --git a/nix/nixos-configurations/core-slave/common.nix b/nix/nixos-configurations/core-slave/common.nix index 0ed55d2c..85b3b41b 100644 --- a/nix/nixos-configurations/core-slave/common.nix +++ b/nix/nixos-configurations/core-slave/common.nix @@ -36,7 +36,7 @@ ldns bind kea - inputs.self.packages.${pkgs.system}.scaleInventory + scale-network.scaleInventory vim git ]; @@ -60,15 +60,13 @@ kea = { dhcp4 = { enable = true; - configFile = "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/dhcp4-server.conf"; + configFile = "${pkgs.scale-network.scaleInventory}/config/dhcp4-server.conf"; }; dhcp6 = let dhcp6PopulateConfig = pkgs.runCommand "replace" { } '' mkdir $out - cp ${ - inputs.self.packages.${pkgs.system}.scaleInventory - }/config/dhcp6-server.conf $TMP/dhcp6-server.conf + cp ${pkgs.scale-network.scaleInventory}/config/dhcp6-server.conf $TMP/dhcp6-server.conf substituteInPlace "$TMP/dhcp6-server.conf" \ --replace '@@SERVERADDRESS@@' '${builtins.head (lib.splitString "/" config.scale-network.facts.ipv6)}' \ --replace '@@INTERFACE@@' '${config.scale-network.facts.eth}' diff --git a/nix/nixos-configurations/default.nix b/nix/nixos-configurations/default.nix index 39a527d8..ab76ecdb 100644 --- a/nix/nixos-configurations/default.nix +++ b/nix/nixos-configurations/default.nix @@ -32,6 +32,7 @@ mapAttrs' ( { ... }: { networking.hostName = mkDefault hostDirectory; + nixpkgs.overlays = [ inputs.self.overlays.default ]; } ) inputs.disko.nixosModules.disko diff --git a/nix/nixos-configurations/massflash/configuration.nix b/nix/nixos-configurations/massflash/configuration.nix index 9312ca94..e79c2957 100644 --- a/nix/nixos-configurations/massflash/configuration.nix +++ b/nix/nixos-configurations/massflash/configuration.nix @@ -121,7 +121,7 @@ in expect git kea - inputs.self.packages.${pkgs.system}.massflash + scale-network.massflash unixtools.ping tmux vim @@ -163,7 +163,7 @@ in "hooks-libraries": [{ "library": "${pkgs.kea}/lib/kea/hooks/libdhcp_run_script.so", "parameters": { - "name": "${inputs.self.packages.${pkgs.system}.massflash}/bin/massflash", + "name": "${pkgs.scale-network.massflash}/bin/massflash", "sync": false } }] diff --git a/nix/nixos-configurations/monitor/configuration.nix b/nix/nixos-configurations/monitor/configuration.nix index be8b551a..0616e8be 100644 --- a/nix/nixos-configurations/monitor/configuration.nix +++ b/nix/nixos-configurations/monitor/configuration.nix @@ -66,7 +66,7 @@ in { job_name = "ap"; static_configs = builtins.fromJSON ( - builtins.readFile "${inputs.self.packages.${pkgs.system}.scaleInventory}/config/prom.json" + builtins.readFile "${pkgs.scale-network.scaleInventory}/config/prom.json" ); } ]; diff --git a/nix/overlays/default.nix b/nix/overlays/default.nix new file mode 100644 index 00000000..831589b0 --- /dev/null +++ b/nix/overlays/default.nix @@ -0,0 +1,43 @@ +inputs: +let + inherit (builtins) + attrNames + attrValues + readDir + ; + + inherit (inputs.nixpkgs-unstable) + lib + ; + + inherit (lib.attrsets) + filterAttrs + genAttrs + mapAttrs' + ; + + inherit (lib.fixedPoints) + composeManyExtensions + ; + + inherit (inputs.self.library) + attrNamesKebabToCamel + kebabToCamel + ; + + getDirectories = + path: attrNames (filterAttrs (_: fileType: fileType == "directory") (readDir path)); + + allLocalPackages = attrNamesKebabToCamel ( + genAttrs (getDirectories ../packages) ( + dir: final: prev: { + scale-network = prev.scale-network or { } // { + "${kebabToCamel dir}" = final.callPackage ../packages/${dir}/package.nix { }; + }; + } + ) + ); + + default = composeManyExtensions (attrValues allLocalPackages); +in +allLocalPackages // { inherit default; } diff --git a/nix/pkgs/flake-module.nix b/nix/packages/flake-module.nix similarity index 100% rename from nix/pkgs/flake-module.nix rename to nix/packages/flake-module.nix diff --git a/nix/pkgs/massflash.nix b/nix/packages/massflash/package.nix similarity index 90% rename from nix/pkgs/massflash.nix rename to nix/packages/massflash/package.nix index a05293d5..5639c529 100644 --- a/nix/pkgs/massflash.nix +++ b/nix/packages/massflash/package.nix @@ -8,7 +8,7 @@ }: let local_manifests = copyPathsToStore [ - ../../openwrt/scripts/massflash/massflash + ../../../openwrt/scripts/massflash/massflash ]; in stdenvNoCC.mkDerivation { diff --git a/nix/pkgs/scaleInventory.nix b/nix/packages/scale-inventory/package.nix similarity index 91% rename from nix/pkgs/scaleInventory.nix rename to nix/packages/scale-inventory/package.nix index cc9d723d..433f4b40 100644 --- a/nix/pkgs/scaleInventory.nix +++ b/nix/packages/scale-inventory/package.nix @@ -7,8 +7,8 @@ }: let local_manifests = copyPathsToStore [ - ../../switch-configuration - ../../facts + ../../../switch-configuration + ../../../facts ]; in stdenvNoCC.mkDerivation { diff --git a/nix/pkgs/serverspec/Gemfile b/nix/packages/serverspec/Gemfile similarity index 100% rename from nix/pkgs/serverspec/Gemfile rename to nix/packages/serverspec/Gemfile diff --git a/nix/pkgs/serverspec/Gemfile.lock b/nix/packages/serverspec/Gemfile.lock similarity index 100% rename from nix/pkgs/serverspec/Gemfile.lock rename to nix/packages/serverspec/Gemfile.lock diff --git a/nix/pkgs/serverspec/README.md b/nix/packages/serverspec/README.md similarity index 85% rename from nix/pkgs/serverspec/README.md rename to nix/packages/serverspec/README.md index 518e4721..e75041ae 100644 --- a/nix/pkgs/serverspec/README.md +++ b/nix/packages/serverspec/README.md @@ -2,7 +2,7 @@ ## Notes for updating -Build an apppriate Gemfile (by hand seems ok) then get into a `nix shell`: +Build an appropriate Gemfile (by hand seems ok) then get into a `nix shell`: ``` $ nix shell nixpkgs#ruby nixpkgs#bundix diff --git a/nix/pkgs/serverspec/gemset.nix b/nix/packages/serverspec/gemset.nix similarity index 100% rename from nix/pkgs/serverspec/gemset.nix rename to nix/packages/serverspec/gemset.nix diff --git a/nix/pkgs/serverspec/default.nix b/nix/packages/serverspec/package.nix similarity index 100% rename from nix/pkgs/serverspec/default.nix rename to nix/packages/serverspec/package.nix diff --git a/nix/tests/core.nix b/nix/tests/core.nix index c003b568..c7b1f5ff 100644 --- a/nix/tests/core.nix +++ b/nix/tests/core.nix @@ -89,7 +89,7 @@ in systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; systemd.network = { networks = { - # Override the phyiscal interface config + # Override the physical interface config "10-lan" = lib.mkForce { name = "eth1"; enable = true; diff --git a/nix/tests/flake-module.nix b/nix/tests/flake-module.nix index b5227dc9..1dce246a 100644 --- a/nix/tests/flake-module.nix +++ b/nix/tests/flake-module.nix @@ -9,7 +9,7 @@ flake.checks.x86_64-linux = withSystem "x86_64-linux" ( { pkgs, ... }: { - core = pkgs.testers.runNixOSTest (import ./core.nix { inherit inputs pkgs; }); + # core = pkgs.testers.runNixOSTest (import ./core.nix { inherit inputs pkgs; }); loghost = pkgs.testers.runNixOSTest ./loghost.nix; } ); From b0d8f578abe30ad9f60ab206a28a0b236b748891 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 19:56:51 -0800 Subject: [PATCH 04/15] nix.devShells: fix devShells Create a new home for devShells. Moved them all over and created new individual ones for smaller package sets. --- nix/dev-shells/default.nix | 78 ++++++++++++++++++++++++++++++++++++++ nix/dev/flake-module.nix | 62 ------------------------------ nix/flake-module.nix | 1 - 3 files changed, 78 insertions(+), 63 deletions(-) create mode 100644 nix/dev-shells/default.nix delete mode 100644 nix/dev/flake-module.nix diff --git a/nix/dev-shells/default.nix b/nix/dev-shells/default.nix new file mode 100644 index 00000000..00c7fa0c --- /dev/null +++ b/nix/dev-shells/default.nix @@ -0,0 +1,78 @@ +inputs: +inputs.nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + ( + system: + let + pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ inputs.self.overlays.default ]; + }; + + scalePython = [ + (pkgs.python3.withPackages ( + ps: with ps; [ + pytest + pylint + ipdb + ] + )) + ]; + + global = with pkgs; [ + bash + curl + fish + git + jq + kermit + screen + glibcLocales + ]; + + openwrtSub = with pkgs; [ + expect + gomplate + magic-wormhole + tftp-hpa + nettools + unixtools.ping + iperf3 + ncurses + ncurses.dev + pkg-config + gcc + stdenv + scale-network.serverspec + ]; + + networkSub = with pkgs; [ + perl + ghostscript + ]; + in + { + scalePython = pkgs.mkShellNoCC { + packages = scalePython; + }; + + global = pkgs.mkShellNoCC { + packages = global; + }; + + openwrtSub = pkgs.mkShellNoCC { + packages = openwrtSub; + }; + + networkSub = pkgs.mkShellNoCC { + packages = networkSub; + }; + + default = pkgs.mkShellNoCC { + packages = (scalePython ++ global ++ openwrtSub ++ networkSub); + }; + } + ) diff --git a/nix/dev/flake-module.nix b/nix/dev/flake-module.nix deleted file mode 100644 index cea807ee..00000000 --- a/nix/dev/flake-module.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { pkgs, ... }: - let - scale_python = pkgs.python3.withPackages ( - p: with p; [ - pytest - pylint - ipdb - ] - ); - - # Trying to keep these pkg sets separate for later - global = with pkgs; [ - bash - curl - fish - git - jq - kermit - screen - glibcLocales - (pkgs.python3.withPackages ( - p: with p; [ - pytest - pylint - ipdb - ] - )) - ]; - # openwrt_sub = with pkgs; [ - # expect - # gomplate - # magic-wormhole - # tftp-hpa - # nettools - # unixtools.ping - # iperf3 - # ncurses - # ncurses.dev - # pkg-config - # gcc - # stdenv - # inputs.self.packages.${pkgs.system}.serverspec - # ]; - network_sub = with pkgs; [ - perl - ghostscript - ]; - in - { - devShells.default = pkgs.mkShell { - packages = ( - global - # ++ openwrt_sub - ++ network_sub - ); - }; - }; -} diff --git a/nix/flake-module.nix b/nix/flake-module.nix index e1de00d5..e53d48af 100644 --- a/nix/flake-module.nix +++ b/nix/flake-module.nix @@ -1,6 +1,5 @@ { imports = [ ./tests/flake-module.nix - ./dev/flake-module.nix ]; } From d549219964722c15f302ed6a514db17cb4316e7b Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 20:03:07 -0800 Subject: [PATCH 05/15] nix.flake.inputs: cleanup Flatten the flake inputs. Makes it easier to see all inputs at once when they are sorted. --- flake.nix | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/flake.nix b/flake.nix index 7810b4f4..29a4f3dc 100644 --- a/flake.nix +++ b/flake.nix @@ -2,26 +2,19 @@ nixConfig.bash-prompt = "\\[\\033[01;32m\\][nix-flakes \\W] \$\\[\\033[00m\\] "; inputs = { - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs-2405"; - }; - microvm = { - url = "github:sarcasticadmin/microvm.nix/rh/1707108673virtio"; - inputs.nixpkgs.follows = "nixpkgs-2405"; - inputs.spectrum.follows = ""; - }; # Currently using this fork since the upstream seems to be causing an issue + disko.inputs.nixpkgs.follows = "nixpkgs-unstable"; + disko.url = "github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe"; + flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs-2405"; + flake-parts.url = "github:hercules-ci/flake-parts"; + microvm.inputs.nixpkgs.follows = "nixpkgs-2405"; + microvm.inputs.spectrum.follows = ""; + # Currently using this fork since the upstream seems to be causing an issue + microvm.url = "github:sarcasticadmin/microvm.nix/rh/1707108673virtio"; nixpkgs-2405.url = "github:NixOS/nixpkgs/nixos-24.05"; - nixpkgs.follows = "nixpkgs-2405"; # get rid of this once flake parts is gone nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - treefmt-nix = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; - disko = { - url = "github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; + nixpkgs.follows = "nixpkgs-2405"; # get rid of this once flake parts is gone + treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; + treefmt-nix.url = "github:numtide/treefmt-nix"; }; outputs = @@ -34,6 +27,7 @@ imports = [ ./nix/flake-module.nix ]; }) // { + devShells = import ./nix/dev-shells inputs; formatter = import ./nix/formatter inputs; formatterModule = import ./nix/formatterModule inputs; legacyPackages = import ./nix/legacy-packages inputs; From 0a4f15c86d71e18d76708893c7e369893c58c3a2 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 20:04:36 -0800 Subject: [PATCH 06/15] nix.legacyPackages: change package set Change the legacyPackages to us nixpkgs and not nixpkgs-unstable. Unless for good reason, when using nixpkgs from inputs, it should use the nixpkgs input which can be rebound to any other input. But it stays consistent across its use in the repository. --- nix/legacy-packages/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nix/legacy-packages/default.nix b/nix/legacy-packages/default.nix index a2d197a0..42474297 100644 --- a/nix/legacy-packages/default.nix +++ b/nix/legacy-packages/default.nix @@ -1,12 +1,12 @@ inputs: -inputs.nixpkgs-unstable.lib.genAttrs +inputs.nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] ( system: - import inputs.nixpkgs-unstable { + import inputs.nixpkgs { inherit system; overlays = [ inputs.self.overlays.default ]; } From 0a8bcb88f88a86632c4c5f614e5667efcf6e1ba0 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 20:06:27 -0800 Subject: [PATCH 07/15] nix.devShells: rebind package set Since legacyPackages is now bound to the nixpkgs input, it can be used in other places like devShells. If another package set is needed, it can be brought into scope but the default one bound to `pkgs` should come from legacyPackages as it will have the necessary local overlays. --- nix/dev-shells/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/nix/dev-shells/default.nix b/nix/dev-shells/default.nix index 00c7fa0c..73e04d7b 100644 --- a/nix/dev-shells/default.nix +++ b/nix/dev-shells/default.nix @@ -7,10 +7,7 @@ inputs.nixpkgs.lib.genAttrs ( system: let - pkgs = import inputs.nixpkgs { - inherit system; - overlays = [ inputs.self.overlays.default ]; - }; + pkgs = inputs.self.legacyPackages.${system}; scalePython = [ (pkgs.python3.withPackages ( From 347301e45e7272d0e50f5628d3d420c3eb78db13 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 20:36:14 -0800 Subject: [PATCH 08/15] nix.checks: fix checks Created a new home for checks. Moved them all over. --- flake.nix | 32 ++++------- nix/{tests => checks}/core.nix | 2 +- nix/checks/default.nix | 93 +++++++++++++++++++++++++++++++ nix/{tests => checks}/loghost.nix | 0 nix/flake-module.nix | 5 -- 5 files changed, 106 insertions(+), 26 deletions(-) rename nix/{tests => checks}/core.nix (99%) create mode 100644 nix/checks/default.nix rename nix/{tests => checks}/loghost.nix (100%) delete mode 100644 nix/flake-module.nix diff --git a/flake.nix b/flake.nix index 29a4f3dc..e703489a 100644 --- a/flake.nix +++ b/flake.nix @@ -12,28 +12,20 @@ microvm.url = "github:sarcasticadmin/microvm.nix/rh/1707108673virtio"; nixpkgs-2405.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs.follows = "nixpkgs-2405"; # get rid of this once flake parts is gone + nixpkgs.follows = "nixpkgs-2405"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; treefmt-nix.url = "github:numtide/treefmt-nix"; }; - outputs = - inputs: - (inputs.flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - imports = [ ./nix/flake-module.nix ]; - }) - // { - devShells = import ./nix/dev-shells inputs; - formatter = import ./nix/formatter inputs; - formatterModule = import ./nix/formatterModule inputs; - legacyPackages = import ./nix/legacy-packages inputs; - library = import ./nix/library inputs; - nixosModules = import ./nix/nixos-modules inputs; - nixosConfigurations = import ./nix/nixos-configurations inputs; - overlays = import ./nix/overlays inputs; - }; + outputs = inputs: { + checks = import ./nix/checks inputs; + devShells = import ./nix/dev-shells inputs; + formatter = import ./nix/formatter inputs; + formatterModule = import ./nix/formatterModule inputs; + legacyPackages = import ./nix/legacy-packages inputs; + library = import ./nix/library inputs; + nixosModules = import ./nix/nixos-modules inputs; + nixosConfigurations = import ./nix/nixos-configurations inputs; + overlays = import ./nix/overlays inputs; + }; } diff --git a/nix/tests/core.nix b/nix/checks/core.nix similarity index 99% rename from nix/tests/core.nix rename to nix/checks/core.nix index c7b1f5ff..c93ad426 100644 --- a/nix/tests/core.nix +++ b/nix/checks/core.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, ... }: +{ inputs }: let chomp = "103"; prefix = "2001:470:f026:${chomp}"; diff --git a/nix/checks/default.nix b/nix/checks/default.nix new file mode 100644 index 00000000..15245e91 --- /dev/null +++ b/nix/checks/default.nix @@ -0,0 +1,93 @@ +inputs: +let + inherit (inputs.nixpkgs) + lib + ; + + inherit (lib.attrsets) + genAttrs + ; + + inherit (lib.sources) + cleanSource + ; +in +genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + ( + system: + let + pkgs = inputs.self.legacyPackages.${system}; + in + { + core = pkgs.testers.runNixOSTest (import ./core.nix { inherit inputs; }); + loghost = pkgs.testers.runNixOSTest ./loghost.nix; + + pytest-facts = + let + testPython = ( + pkgs.python3.withPackages ( + pythonPackages: with pythonPackages; [ + pylint + pytest + jinja2 + ] + ) + ); + in + (pkgs.runCommand "pytest-facts" { } '' + cp -r --no-preserve=mode ${cleanSource inputs.self}/* . + cd facts + ${testPython}/bin/pylint --persistent n *.py + ${testPython}/bin/pytest -vv -p no:cacheprovider + touch $out + ''); + + duplicates-facts = ( + pkgs.runCommand "duplicates-facts" { buildInputs = [ pkgs.fish ]; } '' + cp -r --no-preserve=mode ${cleanSource inputs.self}/* . + cd facts + fish test_duplicates.fish + touch $out + '' + ); + + perl-switches = ( + pkgs.runCommand "perl-switches" + { + buildInputs = [ + pkgs.gnumake + pkgs.perl + ]; + } + '' + cp -r --no-preserve=mode ${cleanSource inputs.self}/* . + cd switch-configuration + make .lint + make .build-switch-configs + touch $out + '' + ); + + openwrt-golden = + pkgs.runCommand "openwrt-golden" + { + buildInputs = [ + pkgs.diffutils + pkgs.gomplate + ]; + } + '' + cp -r --no-preserve=mode ${cleanSource inputs.self}/* . + cd tests/unit/openwrt + mkdir -p $out/tmp/ar71xx + ${pkgs.bash}/bin/bash test.sh -t ar71xx -o $out + ''; + + formatting = inputs.self.formatterModule.${system}.config.build.check inputs.self; + + } + ) diff --git a/nix/tests/loghost.nix b/nix/checks/loghost.nix similarity index 100% rename from nix/tests/loghost.nix rename to nix/checks/loghost.nix diff --git a/nix/flake-module.nix b/nix/flake-module.nix deleted file mode 100644 index e53d48af..00000000 --- a/nix/flake-module.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./tests/flake-module.nix - ]; -} From 6b5e2948d679f6fd6b74dfbd4a3a9b416b16c6c2 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 20:38:54 -0800 Subject: [PATCH 09/15] nix.flake.inputs: remove flake-parts flake-parts is no longer necessary and has been removed. --- flake.lock | 21 --------------------- flake.nix | 2 -- 2 files changed, 23 deletions(-) diff --git a/flake.lock b/flake.lock index 78bb4aaf..48a5ac45 100644 --- a/flake.lock +++ b/flake.lock @@ -21,26 +21,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs-2405" - ] - }, - "locked": { - "lastModified": 1693611461, - "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -117,7 +97,6 @@ "root": { "inputs": { "disko": "disko", - "flake-parts": "flake-parts", "microvm": "microvm", "nixpkgs": [ "nixpkgs-2405" diff --git a/flake.nix b/flake.nix index e703489a..835c8f24 100644 --- a/flake.nix +++ b/flake.nix @@ -4,8 +4,6 @@ inputs = { disko.inputs.nixpkgs.follows = "nixpkgs-unstable"; disko.url = "github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe"; - flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs-2405"; - flake-parts.url = "github:hercules-ci/flake-parts"; microvm.inputs.nixpkgs.follows = "nixpkgs-2405"; microvm.inputs.spectrum.follows = ""; # Currently using this fork since the upstream seems to be causing an issue From 125263f75ec17a89faa7a2ea88cf03fe3467dc98 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 20:41:34 -0800 Subject: [PATCH 10/15] nix.treewide: cleanup chore Removing leftover directories from the flake-parts migration. --- nix/machines/bootstrap/default.nix | 45 --------------- nix/machines/devServer/default.nix | 42 -------------- nix/machines/loghost.nix | 38 ------------- nix/tests/flake-module.nix | 91 ------------------------------ 4 files changed, 216 deletions(-) delete mode 100644 nix/machines/bootstrap/default.nix delete mode 100644 nix/machines/devServer/default.nix delete mode 100644 nix/machines/loghost.nix delete mode 100644 nix/tests/flake-module.nix diff --git a/nix/machines/bootstrap/default.nix b/nix/machines/bootstrap/default.nix deleted file mode 100644 index 7df9dc31..00000000 --- a/nix/machines/bootstrap/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, pkgs, ... }: -let - # without readFile the bootstrap script is not executable because its referenced to its path as regular file in the store - # ref: https://discourse.nixos.org/t/cannot-run-basic-shell-using-writeshellscriptbin/28835/2 - mybootstrap = pkgs.writeShellScriptBin "mybootstrap" (builtins.readFile ./bootstrap.sh); -in -{ - # remove the annoying experimental warnings - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - networking = { - # use systemd.networkd - useNetworkd = true; - useDHCP = false; - firewall.enable = true; - }; - - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "eno1"; - enable = true; - networkConfig.DHCP = "yes"; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - wget - git - vim - efibootmgr - gptfdisk - screen - mybootstrap - ]; - - services.openssh = { - enable = true; - openFirewall = true; - }; -} diff --git a/nix/machines/devServer/default.nix b/nix/machines/devServer/default.nix deleted file mode 100644 index 377865be..00000000 --- a/nix/machines/devServer/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - pkgs, - ... -}: - -{ - # remove the annoying experimental warnings - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - networking = { - useNetworkd = true; - useDHCP = false; - firewall.enable = true; - }; - - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "eno1"; - enable = true; - networkConfig.DHCP = "yes"; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - wget - git - vim - efibootmgr - gptfdisk - screen - ]; - - services.openssh = { - enable = true; - openFirewall = true; - }; -} diff --git a/nix/machines/loghost.nix b/nix/machines/loghost.nix deleted file mode 100644 index 4b74ce0a..00000000 --- a/nix/machines/loghost.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - - boot.kernelParams = [ "console=ttyS0" ]; - - networking = { - firewall.allowedTCPPorts = [ 514 ]; - }; - - # TODO: How to handle sudo esculation - security.sudo.wheelNeedsPassword = false; - - environment.systemPackages = with pkgs; [ - rsyslog - vim - git - ]; - - # Easy test of the service using logger - # logger -n 127.0.0.1 -P 514 --tcp "simple test" - # cat /var/log/rsyslog//root.log - services.rsyslogd = { - enable = true; - defaultConfig = '' - module(load="imtcp") - input(type="imtcp" port="514") - - $template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log" - *.* ?RemoteLogs - & ~ - ''; - }; -} diff --git a/nix/tests/flake-module.nix b/nix/tests/flake-module.nix deleted file mode 100644 index 1dce246a..00000000 --- a/nix/tests/flake-module.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ - withSystem, - inputs, - pkgs, - ... -}: - -{ - flake.checks.x86_64-linux = withSystem "x86_64-linux" ( - { pkgs, ... }: - { - # core = pkgs.testers.runNixOSTest (import ./core.nix { inherit inputs pkgs; }); - loghost = pkgs.testers.runNixOSTest ./loghost.nix; - } - ); - - perSystem = - { - pkgs, - lib, - system, - ... - }: - { - checks = { - # python tests for the data found in facts - # disabling persistence and cache for py utils to avoid warnings - # since caching is taken care of by nix - pytest-facts = - let - testPython = ( - pkgs.python3.withPackages ( - pythonPackages: with pythonPackages; [ - pylint - pytest - jinja2 - ] - ) - ); - in - (pkgs.runCommand "pytest-facts" { } '' - cp -r --no-preserve=mode ${pkgs.lib.cleanSource inputs.self}/* . - cd facts - ${testPython}/bin/pylint --persistent n *.py - ${testPython}/bin/pytest -vv -p no:cacheprovider - touch $out - ''); - duplicates-facts = ( - pkgs.runCommand "duplicates-facts" { buildInputs = [ pkgs.fish ]; } '' - cp -r --no-preserve=mode ${pkgs.lib.cleanSource inputs.self}/* . - cd facts - fish test_duplicates.fish - touch $out - '' - ); - perl-switches = ( - pkgs.runCommand "perl-switches" - { - buildInputs = [ - pkgs.gnumake - pkgs.perl - ]; - } - '' - cp -r --no-preserve=mode ${lib.cleanSource inputs.self}/* . - cd switch-configuration - make .lint - make .build-switch-configs - touch $out - '' - ); - openwrt-golden = - pkgs.runCommand "openwrt-golden" - { - buildInputs = [ - pkgs.diffutils - pkgs.gomplate - ]; - } - '' - cp -r --no-preserve=mode ${pkgs.lib.cleanSource inputs.self}/* . - cd tests/unit/openwrt - mkdir -p $out/tmp/ar71xx - ${pkgs.bash}/bin/bash test.sh -t ar71xx -o $out - ''; - - formatting = inputs.self.formatterModule.${system}.config.build.check inputs.self; - - }; - }; -} From abfa105b334b9ce93beb8dc4aeb4a9a9ae4b7262 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 21:04:03 -0800 Subject: [PATCH 11/15] nix.nixos-configurations.loghost: fix An old file from the flake-parts migration was still being referenced and was removed near the end of the clean up. The `loghost` NixOS configuration has now been split so the test can refer to the since configuration as before and the host can still be built as normal. --- nix/checks/loghost.nix | 4 ++- nix/nixos-configurations/loghost/base.nix | 34 ++++++++++++++++++++ nix/nixos-configurations/loghost/default.nix | 32 +----------------- 3 files changed, 38 insertions(+), 32 deletions(-) create mode 100644 nix/nixos-configurations/loghost/base.nix diff --git a/nix/checks/loghost.nix b/nix/checks/loghost.nix index 0c7d2acc..8368bc0f 100644 --- a/nix/checks/loghost.nix +++ b/nix/checks/loghost.nix @@ -2,7 +2,9 @@ name = "loghost"; nodes.machine1 = { - imports = [ ../machines/loghost.nix ]; + imports = [ + ../nixos-configurations/loghost/base.nix + ]; virtualisation.graphics = false; }; diff --git a/nix/nixos-configurations/loghost/base.nix b/nix/nixos-configurations/loghost/base.nix new file mode 100644 index 00000000..d59f597b --- /dev/null +++ b/nix/nixos-configurations/loghost/base.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: +{ + config = { + boot.kernelParams = [ "console=ttyS0" ]; + + networking = { + firewall.allowedTCPPorts = [ 514 ]; + }; + + # TODO: How to handle sudo esculation + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + rsyslog + vim + git + ]; + + # Easy test of the service using logger + # logger -n 127.0.0.1 -P 514 --tcp "simple test" + # cat /var/log/rsyslog//root.log + services.rsyslogd = { + enable = true; + defaultConfig = '' + module(load="imtcp") + input(type="imtcp" port="514") + + $template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log" + *.* ?RemoteLogs + & ~ + ''; + }; + }; +} diff --git a/nix/nixos-configurations/loghost/default.nix b/nix/nixos-configurations/loghost/default.nix index 2811f333..b8d02ef7 100644 --- a/nix/nixos-configurations/loghost/default.nix +++ b/nix/nixos-configurations/loghost/default.nix @@ -10,6 +10,7 @@ { imports = [ inputs.microvm.nixosModules.microvm + ./base.nix ]; config = { @@ -31,37 +32,6 @@ users.root.enable = true; users.ruebenramirez.enable = true; }; - - boot.kernelParams = [ "console=ttyS0" ]; - - networking = { - firewall.allowedTCPPorts = [ 514 ]; - }; - - # TODO: How to handle sudo esculation - security.sudo.wheelNeedsPassword = false; - - environment.systemPackages = with pkgs; [ - rsyslog - vim - git - ]; - - # Easy test of the service using logger - # logger -n 127.0.0.1 -P 514 --tcp "simple test" - # cat /var/log/rsyslog//root.log - services.rsyslogd = { - enable = true; - defaultConfig = '' - module(load="imtcp") - input(type="imtcp" port="514") - - $template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log" - *.* ?RemoteLogs - & ~ - ''; - }; - }; }; } From 1939939398402b22538694048a8a05a277cefed4 Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 21:14:45 -0800 Subject: [PATCH 12/15] nix.treewide: cleanup chore Missed one more file from the flake-parts migration. --- nix/packages/flake-module.nix | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 nix/packages/flake-module.nix diff --git a/nix/packages/flake-module.nix b/nix/packages/flake-module.nix deleted file mode 100644 index 68449f26..00000000 --- a/nix/packages/flake-module.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - perSystem = - { pkgs, ... }: - { - packages = { - serverspec = pkgs.callPackage ./serverspec { }; - massflash = pkgs.callPackage ./massflash.nix { }; - scaleInventory = pkgs.callPackage ./scaleInventory.nix { }; - }; - }; -} From aea59658d970609865930dfa166bc916383840bb Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Sun, 24 Nov 2024 21:18:52 -0800 Subject: [PATCH 13/15] nix.packages: init Added the locally provided packages back as flake outputs. This is how they are accessed and build in github CI. --- flake.nix | 3 ++- nix/packages/default.nix | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 nix/packages/default.nix diff --git a/flake.nix b/flake.nix index 835c8f24..975f1ff6 100644 --- a/flake.nix +++ b/flake.nix @@ -22,8 +22,9 @@ formatterModule = import ./nix/formatterModule inputs; legacyPackages = import ./nix/legacy-packages inputs; library = import ./nix/library inputs; - nixosModules = import ./nix/nixos-modules inputs; nixosConfigurations = import ./nix/nixos-configurations inputs; + nixosModules = import ./nix/nixos-modules inputs; overlays = import ./nix/overlays inputs; + packages = import ./nix/packages inputs; }; } diff --git a/nix/packages/default.nix b/nix/packages/default.nix new file mode 100644 index 00000000..68f83b55 --- /dev/null +++ b/nix/packages/default.nix @@ -0,0 +1,13 @@ +inputs: +inputs.nixpkgs.lib.genAttrs + [ + "x86_64-linux" + "aarch64-linux" + ] + (system: { + inherit (inputs.self.legacyPackages.${system}.scale-network) + massflash + scaleInventory + serverspec + ; + }) From 960ce8a26aeae941cf13828d3464d38ff77a8acd Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Mon, 25 Nov 2024 20:26:39 -0800 Subject: [PATCH 14/15] nix.flake.inputs.nixpkgs-2405: pin for parity While removing flake-parts, this input got bumped and is changing the closures for packages and nixos systems. One of the goals during the migration from flake-parts was to not have the closures change, effectively a no-op. This input is being pinned so closures can be compared between this branch and master to verify closures have not changed. --- flake.lock | 8 ++++---- flake.nix | 4 +++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 48a5ac45..c6a3640a 100644 --- a/flake.lock +++ b/flake.lock @@ -64,17 +64,17 @@ }, "nixpkgs-2405": { "locked": { - "lastModified": 1731797254, - "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", + "lastModified": 1728500571, + "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", "repo": "nixpkgs", + "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 975f1ff6..dde5bb83 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,9 @@ microvm.inputs.spectrum.follows = ""; # Currently using this fork since the upstream seems to be causing an issue microvm.url = "github:sarcasticadmin/microvm.nix/rh/1707108673virtio"; - nixpkgs-2405.url = "github:NixOS/nixpkgs/nixos-24.05"; + # nixpkgs-2405 has been pinned to this rev to maintain parity from before flake-parts was removed + # If you want to bump this input, change it back to `github:NixOS/nixpkgs/nixos-24.05` and lock the flake again + nixpkgs-2405.url = "github:NixOS/nixpkgs?rev=d51c28603def282a24fa034bcb007e2bcb5b5dd0"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.follows = "nixpkgs-2405"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; From 0951e6fe3306e0b8a9c73537ec1614f2a781652d Mon Sep 17 00:00:00 2001 From: Daniel Baker Date: Tue, 26 Nov 2024 18:35:28 -0800 Subject: [PATCH 15/15] nix.nixos-configurations.{devServer,hypervisor1}: fix configuration devServer and hypervisor1 had configurations that were different from how they were on master before the flake-parts migration. Fixed these and checked the closure differences with @sarcasticadmin. Now the only apparent difference besides dumb system packages strings is coreMaster's bind serial number which is expected to be different. --- nix/nixos-configurations/dev-server/default.nix | 6 +++--- nix/nixos-configurations/hypervisor1/default.nix | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/nix/nixos-configurations/dev-server/default.nix b/nix/nixos-configurations/dev-server/default.nix index f9c6d5ce..cc02d11e 100644 --- a/nix/nixos-configurations/dev-server/default.nix +++ b/nix/nixos-configurations/dev-server/default.nix @@ -19,9 +19,9 @@ base.enable = true; libvirt.enable = true; services.gitlab.enable = true; - services.prometheus.enable = true; - services.ssh4vms.enable = true; - timeServers.enable = true; + services.prometheus.enable = false; + services.ssh4vms.enable = false; + timeServers.enable = false; users.berkhan.enable = true; users.dlang.enable = true; diff --git a/nix/nixos-configurations/hypervisor1/default.nix b/nix/nixos-configurations/hypervisor1/default.nix index 83b0b8e1..d4b39cfb 100644 --- a/nix/nixos-configurations/hypervisor1/default.nix +++ b/nix/nixos-configurations/hypervisor1/default.nix @@ -19,6 +19,7 @@ scale-network = { base.enable = true; services.prometheus.enable = true; + libvirt.enable = true; users.berkhan.enable = true; users.dlang.enable = true;