Compare commits

...

3 commits

Author SHA1 Message Date
June 46e43e51aa
Add deployment_configuration to make deployment using infra-rebuild work
Also document usage of infra-rebuild and its configuration file.
2024-06-08 19:57:40 +02:00
June 9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs 2024-06-06 20:17:00 +02:00
June 41f04732c2
Switch from colmena to standard nixosConfigurations
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00
10 changed files with 108 additions and 109 deletions

20
README.md Normal file
View file

@ -0,0 +1,20 @@
# nix-infra
nix infrastructure configuration for CCCHH.
For deployment we're using [infra-rebuild](https://git.hamburg.ccc.de/CCCHH/infra-rebuild). \
To easily get a shell with `infra-rebuild` going, use the following command:
```
nix shell git+https://git.hamburg.ccc.de/CCCHH/infra-rebuild#infra-rebuild
```
After that you can simply run the following to deploy e.g. the git and matrix hosts:
```
infra-rebuild switch git matrix
```
By default infra-rebuild tries to use the FQDN from the nixosConfiguration of the host for deployment.
However to override individual parts of the deployment target, a [`deployment_configuration.json`](./deployment_configuration.json) can be used.
This is exactly what we're doing to set the default deployment user to `colmena-deploy` and have custom target hostnames for Chaosknoten hosts, since they don't have an FQDN defined in their nixosConfiguration.

View file

@ -2,6 +2,7 @@
{ {
networking = { networking = {
hostName = "audio-hauptraum-kueche"; hostName = "audio-hauptraum-kueche";
domain = "z9.ccchh.net";
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

View file

@ -2,6 +2,7 @@
{ {
networking = { networking = {
hostName = "audio-hauptraum-tafel"; hostName = "audio-hauptraum-tafel";
domain = "z9.ccchh.net";
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

View file

@ -2,6 +2,7 @@
{ {
networking = { networking = {
hostName = "esphome"; hostName = "esphome";
domain = "z9.ccchh.net";
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

View file

@ -3,6 +3,7 @@
{ {
imports = [ imports = [
./configuration.nix ./configuration.nix
./emulated-systems.nix
./networking.nix ./networking.nix
./users.nix ./users.nix
]; ];

View file

@ -0,0 +1,5 @@
{ config, pkgs, ... }:
{
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}

View file

@ -1,7 +1,10 @@
{ ... }: { ... }:
{ {
networking.hostName = "ptouch-print-server"; networking = {
hostName = "ptouch-print-server";
domain = "z9.ccchh.net";
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

View file

@ -1,7 +1,10 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
networking.hostName = "public-reverse-proxy"; networking = {
hostName = "public-reverse-proxy";
domain = "z9.ccchh.net";
};
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

View file

@ -0,0 +1,28 @@
{
"default": {
"targetUser": "colmena-deploy"
},
"hosts": {
"netbox": {
"targetHostname": "netbox-intern.hamburg.ccc.de"
},
"matrix": {
"targetHostname": "matrix-intern.hamburg.ccc.de"
},
"public-web-static": {
"targetHostname": "public-web-static-intern.hamburg.ccc.de"
},
"git": {
"targetHostname": "git.hamburg.ccc.de"
},
"forgejo-actions-runner": {
"targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de"
},
"eh22-wiki": {
"targetHostname": "eh22-wiki-intern.hamburg.ccc.de"
},
"nix-box-june": {
"targetHostname": "nix-box-june-intern.hamburg.ccc.de"
}
}
}

150
flake.nix
View file

@ -25,6 +25,7 @@
outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }: outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
let let
system = "x86_64-linux";
# Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support. # Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: { shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: { shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
@ -67,82 +68,48 @@
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in in
{ {
colmena = { nixosConfigurations = {
meta = { audio-hauptraum-kueche = nixpkgs-unstable.lib.nixosSystem {
nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; inherit system;
nodeNixpkgs = { modules = [
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
};
nodeSpecialArgs = {
git = { inherit pkgs-unstable; };
};
};
audio-hauptraum-kueche = {
deployment = {
targetHost = "audio-hauptraum-kueche.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-kueche ./config/hosts/audio-hauptraum-kueche
]; ];
}; };
audio-hauptraum-tafel = { audio-hauptraum-tafel = nixpkgs-unstable.lib.nixosSystem {
deployment = { inherit system;
targetHost = "audio-hauptraum-tafel.z9.ccchh.net"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-tafel ./config/hosts/audio-hauptraum-tafel
]; ];
}; };
esphome = { esphome = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "esphome.z9.ccchh.net"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/esphome ./config/hosts/esphome
]; ];
}; };
public-reverse-proxy = { public-reverse-proxy = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "public-reverse-proxy.z9.ccchh.net"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/public-reverse-proxy ./config/hosts/public-reverse-proxy
]; ];
}; };
netbox = { netbox = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "netbox-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -150,14 +117,9 @@
]; ];
}; };
matrix = { matrix = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "matrix-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -165,14 +127,9 @@
]; ];
}; };
public-web-static = { public-web-static = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "public-web-static-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -180,29 +137,22 @@
]; ];
}; };
git = { git = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "git.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./config/hosts/git ./config/hosts/git
]; ];
specialArgs = {
inherit pkgs-unstable;
};
}; };
forgejo-actions-runner = { forgejo-actions-runner = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -210,41 +160,27 @@
]; ];
}; };
ptouch-print-server = { ptouch-print-server = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "ptouch-print-server.z9.ccchh.net"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/ptouch-print-server ./config/hosts/ptouch-print-server
]; ];
}; };
eh22-wiki = { eh22-wiki = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "eh22-wiki-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/eh22-wiki ./config/hosts/eh22-wiki
]; ];
}; };
nix-box-june = { nix-box-june = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "nix-box-june-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/nix-box-june ./config/hosts/nix-box-june