CCCHH/nix-infra
CCCHH/nix-infra
59
2
Fork 2
Code Issues Pull requests 3 Projects Wiki Activity

Compare commits

base: CCCHH:a7541eefa8fc17ccd72bccd84a0831fea8d18bef
Branches Tags
CCCHH:main
CCCHH:simple-clean-up
CCCHH:howto-build-proxmox-ve-template
CCCHH:yate
CCCHH:ptouch-print-server
CCCHH:Bendodroid-ldflagsSpaceapid
...
compare: CCCHH:46e43e51aaca3865ed1eaaff86b3307d00b645cb
Branches Tags
CCCHH:simple-clean-up
CCCHH:main
CCCHH:howto-build-proxmox-ve-template
CCCHH:yate
CCCHH:ptouch-print-server
CCCHH:Bendodroid-ldflagsSpaceapid

3 commits
a7541eefa8 ... 46e43e51aa

Author SHA1 Message Date
June 46e43e51aa
Add deployment_configuration to make deployment using infra-rebuild work 
Also document usage of infra-rebuild and its configuration file.
 2024-06-08 19:57:40 +02:00
June 9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs 2024-06-06 20:17:00 +02:00
June 41f04732c2
Switch from colmena to standard nixosConfigurations 
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
 2024-05-27 01:43:53 +02:00
10 changed files with 108 additions and 109 deletions
Show stats Expand all files Collapse all files

20
README.md Normal file
View file

@ -0,0 +1,20 @@
# nix-infra
nix infrastructure configuration for CCCHH.
For deployment we're using [infra-rebuild](https://git.hamburg.ccc.de/CCCHH/infra-rebuild). \
To easily get a shell with `infra-rebuild` going, use the following command:
```
nix shell git+https://git.hamburg.ccc.de/CCCHH/infra-rebuild#infra-rebuild
```
After that you can simply run the following to deploy e.g. the git and matrix hosts:
```
infra-rebuild switch git matrix
```
By default infra-rebuild tries to use the FQDN from the nixosConfiguration of the host for deployment.
However to override individual parts of the deployment target, a [`deployment_configuration.json`](./deployment_configuration.json) can be used.
This is exactly what we're doing to set the default deployment user to `colmena-deploy` and have custom target hostnames for Chaosknoten hosts, since they don't have an FQDN defined in their nixosConfiguration.

1
config/hosts/audio-hauptraum-kueche/configuration.nix
View file

@ -2,6 +2,7 @@
{ {
networking = { networking = {
hostName = "audio-hauptraum-kueche"; hostName = "audio-hauptraum-kueche";
domain = "z9.ccchh.net";
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

1
config/hosts/audio-hauptraum-tafel/configuration.nix
View file

@ -2,6 +2,7 @@
{ {
networking = { networking = {
hostName = "audio-hauptraum-tafel"; hostName = "audio-hauptraum-tafel";
domain = "z9.ccchh.net";
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

1
config/hosts/esphome/configuration.nix
View file

@ -2,6 +2,7 @@
{ {
networking = { networking = {
hostName = "esphome"; hostName = "esphome";
domain = "z9.ccchh.net";
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

1
config/hosts/nix-box-june/default.nix
View file

@ -3,6 +3,7 @@
{ {
imports = [ imports = [
./configuration.nix ./configuration.nix
./emulated-systems.nix
./networking.nix ./networking.nix
./users.nix ./users.nix
]; ];

5
config/hosts/nix-box-june/emulated-systems.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, pkgs, ... }:
{
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}

5
config/hosts/ptouch-print-server/configuration.nix
View file

@ -1,7 +1,10 @@
{ ... }: { ... }:
{ {
networking.hostName = "ptouch-print-server"; networking = {
hostName = "ptouch-print-server";
domain = "z9.ccchh.net";
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

5
config/hosts/public-reverse-proxy/configuration.nix
View file

@ -1,7 +1,10 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
networking.hostName = "public-reverse-proxy"; networking = {
hostName = "public-reverse-proxy";
domain = "z9.ccchh.net";
};
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

28
deployment_configuration.json Normal file
View file

@ -0,0 +1,28 @@
{
"default": {
"targetUser": "colmena-deploy"
},
"hosts": {
"netbox": {
"targetHostname": "netbox-intern.hamburg.ccc.de"
},
"matrix": {
"targetHostname": "matrix-intern.hamburg.ccc.de"
},
"public-web-static": {
"targetHostname": "public-web-static-intern.hamburg.ccc.de"
},
"git": {
"targetHostname": "git.hamburg.ccc.de"
},
"forgejo-actions-runner": {
"targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de"
},
"eh22-wiki": {
"targetHostname": "eh22-wiki-intern.hamburg.ccc.de"
},
"nix-box-june": {
"targetHostname": "nix-box-june-intern.hamburg.ccc.de"
}
}
}

150
flake.nix
View file

@ -25,6 +25,7 @@
outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }: outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
let let
system = "x86_64-linux";
# Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support. # Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: { shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: { shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
@ -67,82 +68,48 @@
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in in
{ {
colmena = { nixosConfigurations = {
meta = { audio-hauptraum-kueche = nixpkgs-unstable.lib.nixosSystem {
nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; inherit system;
nodeNixpkgs = { modules = [
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
};
nodeSpecialArgs = {
git = { inherit pkgs-unstable; };
};
};
audio-hauptraum-kueche = {
deployment = {
targetHost = "audio-hauptraum-kueche.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-kueche ./config/hosts/audio-hauptraum-kueche
]; ];
}; };
audio-hauptraum-tafel = { audio-hauptraum-tafel = nixpkgs-unstable.lib.nixosSystem {
deployment = { inherit system;
targetHost = "audio-hauptraum-tafel.z9.ccchh.net"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-tafel ./config/hosts/audio-hauptraum-tafel
]; ];
}; };
esphome = { esphome = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "esphome.z9.ccchh.net"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/esphome ./config/hosts/esphome
]; ];
}; };
public-reverse-proxy = { public-reverse-proxy = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "public-reverse-proxy.z9.ccchh.net"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/public-reverse-proxy ./config/hosts/public-reverse-proxy
]; ];
}; };
netbox = { netbox = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "netbox-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -150,14 +117,9 @@
]; ];
}; };
matrix = { matrix = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "matrix-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -165,14 +127,9 @@
]; ];
}; };
public-web-static = { public-web-static = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "public-web-static-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -180,29 +137,22 @@
]; ];
}; };
git = { git = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "git.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
./config/hosts/git ./config/hosts/git
]; ];
specialArgs = {
inherit pkgs-unstable;
};
}; };
forgejo-actions-runner = { forgejo-actions-runner = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
@ -210,41 +160,27 @@
]; ];
}; };
ptouch-print-server = { ptouch-print-server = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "ptouch-print-server.z9.ccchh.net"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/ptouch-print-server ./config/hosts/ptouch-print-server
]; ];
}; };
eh22-wiki = { eh22-wiki = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "eh22-wiki-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/eh22-wiki ./config/hosts/eh22-wiki
]; ];
}; };
nix-box-june = { nix-box-june = nixpkgs.lib.nixosSystem {
deployment = { inherit system;
targetHost = "nix-box-june-intern.hamburg.ccc.de"; modules = [
targetPort = 22;
targetUser = "colmena-deploy";
};
imports = [
./config/common ./config/common
./config/proxmox-vm ./config/proxmox-vm
./config/hosts/nix-box-june ./config/hosts/nix-box-june