From 41f04732c2f9bbb6b30f8564a0dabb2d1e2565c1 Mon Sep 17 00:00:00 2001 From: June Date: Mon, 27 May 2024 01:43:53 +0200 Subject: [PATCH 1/3] Switch from colmena to standard nixosConfigurations Those can then be deployed using for example nixos-rebuild or bij. Also ensure all hosts have an fqdn, where possible, in order for bij to be able to work with them more easily. Tho not really, since for actual deployment one still needs to set the target manually to set usage of the colmena-deploy user. https://git.clerie.de/clerie/bij --- .../audio-hauptraum-kueche/configuration.nix | 1 + .../audio-hauptraum-tafel/configuration.nix | 1 + config/hosts/esphome/configuration.nix | 1 + .../ptouch-print-server/configuration.nix | 5 +- .../public-reverse-proxy/configuration.nix | 5 +- flake.nix | 150 +++++------------- 6 files changed, 54 insertions(+), 109 deletions(-) diff --git a/config/hosts/audio-hauptraum-kueche/configuration.nix b/config/hosts/audio-hauptraum-kueche/configuration.nix index afab440..93a6b53 100644 --- a/config/hosts/audio-hauptraum-kueche/configuration.nix +++ b/config/hosts/audio-hauptraum-kueche/configuration.nix @@ -2,6 +2,7 @@ { networking = { hostName = "audio-hauptraum-kueche"; + domain = "z9.ccchh.net"; }; system.stateVersion = "23.05"; diff --git a/config/hosts/audio-hauptraum-tafel/configuration.nix b/config/hosts/audio-hauptraum-tafel/configuration.nix index d7b128c..2f14d0c 100644 --- a/config/hosts/audio-hauptraum-tafel/configuration.nix +++ b/config/hosts/audio-hauptraum-tafel/configuration.nix @@ -2,6 +2,7 @@ { networking = { hostName = "audio-hauptraum-tafel"; + domain = "z9.ccchh.net"; }; system.stateVersion = "23.05"; diff --git a/config/hosts/esphome/configuration.nix b/config/hosts/esphome/configuration.nix index fc13d89..0ef1dce 100644 --- a/config/hosts/esphome/configuration.nix +++ b/config/hosts/esphome/configuration.nix @@ -2,6 +2,7 @@ { networking = { hostName = "esphome"; + domain = "z9.ccchh.net"; }; system.stateVersion = "23.05"; diff --git a/config/hosts/ptouch-print-server/configuration.nix b/config/hosts/ptouch-print-server/configuration.nix index 1bb1448..33f9681 100644 --- a/config/hosts/ptouch-print-server/configuration.nix +++ b/config/hosts/ptouch-print-server/configuration.nix @@ -1,7 +1,10 @@ { ... }: { - networking.hostName = "ptouch-print-server"; + networking = { + hostName = "ptouch-print-server"; + domain = "z9.ccchh.net"; + }; system.stateVersion = "23.11"; } diff --git a/config/hosts/public-reverse-proxy/configuration.nix b/config/hosts/public-reverse-proxy/configuration.nix index 31aa8e8..a80f516 100644 --- a/config/hosts/public-reverse-proxy/configuration.nix +++ b/config/hosts/public-reverse-proxy/configuration.nix @@ -1,7 +1,10 @@ { config, pkgs, ... }: { - networking.hostName = "public-reverse-proxy"; + networking = { + hostName = "public-reverse-proxy"; + domain = "z9.ccchh.net"; + }; system.stateVersion = "23.05"; } diff --git a/flake.nix b/flake.nix index 8f76279..dd47820 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,7 @@ outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }: let + system = "x86_64-linux"; # Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support. shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: { shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: { @@ -67,82 +68,48 @@ pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; in { - colmena = { - meta = { - nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; - nodeNixpkgs = { - audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; - audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; - }; - nodeSpecialArgs = { - git = { inherit pkgs-unstable; }; - }; - }; - - audio-hauptraum-kueche = { - deployment = { - targetHost = "audio-hauptraum-kueche.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + nixosConfigurations = { + audio-hauptraum-kueche = nixpkgs-unstable.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm + { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; } ./config/hosts/audio-hauptraum-kueche ]; }; - audio-hauptraum-tafel = { - deployment = { - targetHost = "audio-hauptraum-tafel.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + audio-hauptraum-tafel = nixpkgs-unstable.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm + { nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; } ./config/hosts/audio-hauptraum-tafel ]; }; - esphome = { - deployment = { - targetHost = "esphome.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + esphome = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/esphome ]; }; - public-reverse-proxy = { - deployment = { - targetHost = "public-reverse-proxy.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + public-reverse-proxy = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/public-reverse-proxy ]; }; - netbox = { - deployment = { - targetHost = "netbox-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + netbox = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops @@ -150,14 +117,9 @@ ]; }; - matrix = { - deployment = { - targetHost = "matrix-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + matrix = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops @@ -165,14 +127,9 @@ ]; }; - public-web-static = { - deployment = { - targetHost = "public-web-static-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + public-web-static = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops @@ -180,29 +137,22 @@ ]; }; - git = { - deployment = { - targetHost = "git.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + git = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops ./config/hosts/git ]; + specialArgs = { + inherit pkgs-unstable; + }; }; - forgejo-actions-runner = { - deployment = { - targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + forgejo-actions-runner = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm sops-nix.nixosModules.sops @@ -210,41 +160,27 @@ ]; }; - ptouch-print-server = { - deployment = { - targetHost = "ptouch-print-server.z9.ccchh.net"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "thinkcccluster" ]; - }; - imports = [ + ptouch-print-server = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/ptouch-print-server ]; }; - eh22-wiki = { - deployment = { - targetHost = "eh22-wiki-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - tags = [ "chaosknoten" ]; - }; - imports = [ + eh22-wiki = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/eh22-wiki ]; }; - nix-box-june = { - deployment = { - targetHost = "nix-box-june-intern.hamburg.ccc.de"; - targetPort = 22; - targetUser = "colmena-deploy"; - }; - imports = [ + nix-box-june = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./config/common ./config/proxmox-vm ./config/hosts/nix-box-june From 9d7f9d0ec82445b47d44ef46d9bee5fde6cb6b25 Mon Sep 17 00:00:00 2001 From: June Date: Thu, 6 Jun 2024 20:17:00 +0200 Subject: [PATCH 2/3] Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs --- config/hosts/nix-box-june/default.nix | 1 + config/hosts/nix-box-june/emulated-systems.nix | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 config/hosts/nix-box-june/emulated-systems.nix diff --git a/config/hosts/nix-box-june/default.nix b/config/hosts/nix-box-june/default.nix index cb94765..489fd67 100644 --- a/config/hosts/nix-box-june/default.nix +++ b/config/hosts/nix-box-june/default.nix @@ -3,6 +3,7 @@ { imports = [ ./configuration.nix + ./emulated-systems.nix ./networking.nix ./users.nix ]; diff --git a/config/hosts/nix-box-june/emulated-systems.nix b/config/hosts/nix-box-june/emulated-systems.nix new file mode 100644 index 0000000..b6065dd --- /dev/null +++ b/config/hosts/nix-box-june/emulated-systems.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: + +{ + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; +} From 46e43e51aaca3865ed1eaaff86b3307d00b645cb Mon Sep 17 00:00:00 2001 From: June Date: Sat, 8 Jun 2024 19:57:40 +0200 Subject: [PATCH 3/3] Add deployment_configuration to make deployment using infra-rebuild work Also document usage of infra-rebuild and its configuration file. --- README.md | 20 ++++++++++++++++++++ deployment_configuration.json | 28 ++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 README.md create mode 100644 deployment_configuration.json diff --git a/README.md b/README.md new file mode 100644 index 0000000..fff8bbf --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# nix-infra + +nix infrastructure configuration for CCCHH. + +For deployment we're using [infra-rebuild](https://git.hamburg.ccc.de/CCCHH/infra-rebuild). \ +To easily get a shell with `infra-rebuild` going, use the following command: + +``` +nix shell git+https://git.hamburg.ccc.de/CCCHH/infra-rebuild#infra-rebuild +``` + +After that you can simply run the following to deploy e.g. the git and matrix hosts: + +``` +infra-rebuild switch git matrix +``` + +By default infra-rebuild tries to use the FQDN from the nixosConfiguration of the host for deployment. +However to override individual parts of the deployment target, a [`deployment_configuration.json`](./deployment_configuration.json) can be used. +This is exactly what we're doing to set the default deployment user to `colmena-deploy` and have custom target hostnames for Chaosknoten hosts, since they don't have an FQDN defined in their nixosConfiguration. diff --git a/deployment_configuration.json b/deployment_configuration.json new file mode 100644 index 0000000..2cc3215 --- /dev/null +++ b/deployment_configuration.json @@ -0,0 +1,28 @@ +{ + "default": { + "targetUser": "colmena-deploy" + }, + "hosts": { + "netbox": { + "targetHostname": "netbox-intern.hamburg.ccc.de" + }, + "matrix": { + "targetHostname": "matrix-intern.hamburg.ccc.de" + }, + "public-web-static": { + "targetHostname": "public-web-static-intern.hamburg.ccc.de" + }, + "git": { + "targetHostname": "git.hamburg.ccc.de" + }, + "forgejo-actions-runner": { + "targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de" + }, + "eh22-wiki": { + "targetHostname": "eh22-wiki-intern.hamburg.ccc.de" + }, + "nix-box-june": { + "targetHostname": "nix-box-june-intern.hamburg.ccc.de" + } + } +}