diff --git a/README.md b/README.md new file mode 100644 index 0000000..fff8bbf --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# nix-infra + +nix infrastructure configuration for CCCHH. + +For deployment we're using [infra-rebuild](https://git.hamburg.ccc.de/CCCHH/infra-rebuild). \ +To easily get a shell with `infra-rebuild` going, use the following command: + +``` +nix shell git+https://git.hamburg.ccc.de/CCCHH/infra-rebuild#infra-rebuild +``` + +After that you can simply run the following to deploy e.g. the git and matrix hosts: + +``` +infra-rebuild switch git matrix +``` + +By default infra-rebuild tries to use the FQDN from the nixosConfiguration of the host for deployment. +However to override individual parts of the deployment target, a [`deployment_configuration.json`](./deployment_configuration.json) can be used. +This is exactly what we're doing to set the default deployment user to `colmena-deploy` and have custom target hostnames for Chaosknoten hosts, since they don't have an FQDN defined in their nixosConfiguration. diff --git a/config/hosts/audio-hauptraum-kueche/configuration.nix b/config/hosts/audio-hauptraum-kueche/configuration.nix index afab440..93a6b53 100644 --- a/config/hosts/audio-hauptraum-kueche/configuration.nix +++ b/config/hosts/audio-hauptraum-kueche/configuration.nix @@ -2,6 +2,7 @@ { networking = { hostName = "audio-hauptraum-kueche"; + domain = "z9.ccchh.net"; }; system.stateVersion = "23.05"; diff --git a/config/hosts/audio-hauptraum-tafel/configuration.nix b/config/hosts/audio-hauptraum-tafel/configuration.nix index d7b128c..2f14d0c 100644 --- a/config/hosts/audio-hauptraum-tafel/configuration.nix +++ b/config/hosts/audio-hauptraum-tafel/configuration.nix @@ -2,6 +2,7 @@ { networking = { hostName = "audio-hauptraum-tafel"; + domain = "z9.ccchh.net"; }; system.stateVersion = "23.05"; diff --git a/config/hosts/esphome/configuration.nix b/config/hosts/esphome/configuration.nix index fc13d89..0ef1dce 100644 --- a/config/hosts/esphome/configuration.nix +++ b/config/hosts/esphome/configuration.nix @@ -2,6 +2,7 @@ { networking = { hostName = "esphome"; + domain = "z9.ccchh.net"; }; system.stateVersion = "23.05"; diff --git a/config/hosts/nix-box-june/default.nix b/config/hosts/nix-box-june/default.nix index cb94765..489fd67 100644 --- a/config/hosts/nix-box-june/default.nix +++ b/config/hosts/nix-box-june/default.nix @@ -3,6 +3,7 @@ { imports = [ ./configuration.nix + ./emulated-systems.nix ./networking.nix ./users.nix ]; diff --git a/config/hosts/nix-box-june/emulated-systems.nix b/config/hosts/nix-box-june/emulated-systems.nix new file mode 100644 index 0000000..b6065dd --- /dev/null +++ b/config/hosts/nix-box-june/emulated-systems.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: + +{ + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; +} diff --git a/config/hosts/ptouch-print-server/configuration.nix b/config/hosts/ptouch-print-server/configuration.nix index 1bb1448..33f9681 100644 --- a/config/hosts/ptouch-print-server/configuration.nix +++ b/config/hosts/ptouch-print-server/configuration.nix @@ -1,7 +1,10 @@ { ... }: { - networking.hostName = "ptouch-print-server"; + networking = { + hostName = "ptouch-print-server"; + domain = "z9.ccchh.net"; + }; system.stateVersion = "23.11"; } diff --git a/config/hosts/public-reverse-proxy/configuration.nix b/config/hosts/public-reverse-proxy/configuration.nix index 31aa8e8..a80f516 100644 --- a/config/hosts/public-reverse-proxy/configuration.nix +++ b/config/hosts/public-reverse-proxy/configuration.nix @@ -1,7 +1,10 @@ { config, pkgs, ... }: { - networking.hostName = "public-reverse-proxy"; + networking = { + hostName = "public-reverse-proxy"; + domain = "z9.ccchh.net"; + }; system.stateVersion = "23.05"; } diff --git a/deployment_configuration.json b/deployment_configuration.json new file mode 100644 index 0000000..2cc3215 --- /dev/null +++ b/deployment_configuration.json @@ -0,0 +1,28 @@ +{ + "default": { + "targetUser": "colmena-deploy" + }, + "hosts": { + "netbox": { + "targetHostname": "netbox-intern.hamburg.ccc.de" + }, + "matrix": { + "targetHostname": "matrix-intern.hamburg.ccc.de" + }, + "public-web-static": { + "targetHostname": "public-web-static-intern.hamburg.ccc.de" + }, + "git": { + "targetHostname": "git.hamburg.ccc.de" + }, + "forgejo-actions-runner": { + "targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de" + }, + "eh22-wiki": { + "targetHostname": "eh22-wiki-intern.hamburg.ccc.de" + }, + "nix-box-june": { + "targetHostname": "nix-box-june-intern.hamburg.ccc.de" + } + } +} diff --git a/flake.nix b/flake.nix index 8f76279..dd47820 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,7 @@ outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }: let + system = "x86_64-linux"; # Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support. shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: { shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: { @@ -67,82 +68,48 @@ pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; in { - colmena = { - meta = { - nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; - nodeNixpkgs = { - audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; - audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; - }; - nodeSpecialArgs = { - git = { inherit pkgs-unstable; }; - }; - }; - - audio-hauptraum-kueche = { - deployment = { - targetHost = "audio-hauptraum-kueche.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + nixosConfigurations = { + audio-hauptraum-kueche = nixpkgs-unstable.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm + { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; } ./config/hosts/audio-hauptraum-kueche ]; }; - audio-hauptraum-tafel = { - deployment = { - targetHost = "audio-hauptraum-tafel.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + audio-hauptraum-tafel = nixpkgs-unstable.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm + { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; } ./config/hosts/audio-hauptraum-tafel ]; }; - esphome = { - deployment = { - targetHost = "esphome.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + esphome = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/esphome ]; }; - public-reverse-proxy = { - deployment = { - targetHost = "public-reverse-proxy.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + public-reverse-proxy = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/public-reverse-proxy ]; }; - netbox = { - deployment = { - targetHost = "netbox-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + netbox = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops @@ -150,14 +117,9 @@ ]; }; - matrix = { - deployment = { - targetHost = "matrix-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + matrix = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops @@ -165,14 +127,9 @@ ]; }; - public-web-static = { - deployment = { - targetHost = "public-web-static-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + public-web-static = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops @@ -180,29 +137,22 @@ ]; }; - git = { - deployment = { - targetHost = "git.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + git = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops ./config/hosts/git ]; + specialArgs = { + inherit pkgs-unstable; + }; }; - forgejo-actions-runner = { - deployment = { - targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + forgejo-actions-runner = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops @@ -210,41 +160,27 @@ ]; }; - ptouch-print-server = { - deployment = { - targetHost = "ptouch-print-server.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + ptouch-print-server = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/ptouch-print-server ]; }; - eh22-wiki = { - deployment = { - targetHost = "eh22-wiki-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + eh22-wiki = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/eh22-wiki ]; }; - nix-box-june = { - deployment = { - targetHost = "nix-box-june-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - }; - imports = [ + nix-box-june = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/nix-box-june