diff options
| -rw-r--r-- | flake.lock | 100 | ||||
| -rw-r--r-- | flake.nix | 27 | ||||
| -rw-r--r-- | hardware_config_server2.nix.nixos-facter.json (renamed from hardware_config_server2.nix) | 0 | ||||
| -rw-r--r-- | hosts/by-name/server1/configuration.nix | 1 | ||||
| -rw-r--r-- | hosts/by-name/server2/hardware.nix | 3 | ||||
| -rw-r--r-- | hosts/by-name/server2/networking.nix | 10 | ||||
| -rw-r--r-- | modules/by-name/ba/back/module.nix | 3 | ||||
| -rwxr-xr-x | scripts/deploy.sh | 3 | ||||
| -rwxr-xr-x | scripts/mk_network_config.sh | 86 |
9 files changed, 213 insertions, 20 deletions
diff --git a/flake.lock b/flake.lock index ed95f0b..1671f50 100644 --- a/flake.lock +++ b/flake.lock @@ -78,6 +78,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -101,6 +121,22 @@ "flake-compat": { "flake": false, "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", @@ -188,16 +224,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734522913, - "narHash": "sha256-tyReZKZRdyODkbcwYnO7xowXx7VCFJ6XzAY7w2aFjs0=", + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bf383789c497270e8e20ccc2261cf2c6e18dbda8", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11-small", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -233,6 +269,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1734522913, + "narHash": "sha256-tyReZKZRdyODkbcwYnO7xowXx7VCFJ6XzAY7w2aFjs0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bf383789c497270e8e20ccc2261cf2c6e18dbda8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11-small", + "repo": "nixpkgs", + "type": "github" + } + }, "ragenix": { "inputs": { "agenix": [ @@ -269,17 +321,18 @@ "inputs": { "agenix": "agenix", "crane": "crane", + "deploy-rs": "deploy-rs", "disko": "disko", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", "impermanence": "impermanence", "library": "library", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "ragenix": "ragenix", "rust-overlay": "rust-overlay", "simple-nixos-mailserver": "simple-nixos-mailserver", - "systems": "systems", + "systems": "systems_2", "treefmt-nix": "treefmt-nix" } }, @@ -331,6 +384,21 @@ }, "systems": { "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { "lastModified": 1680978846, "narHash": "sha256-Gtqg8b/v49BFDpDetjclCYXm8mAnTrUzR0JnE2nv5aw=", "owner": "nix-systems", @@ -363,6 +431,24 @@ "repo": "treefmt-nix", "type": "github" } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a462584..a4ba578 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,9 @@ nixpkgs.follows = "nixpkgs"; }; }; + deploy-rs = { + url = "github:serokell/deploy-rs"; + }; # inputs for following systems = { @@ -84,6 +87,7 @@ nixpkgs-unstable, library, treefmt-nix, + deploy-rs, # modules simple-nixos-mailserver, impermanence, @@ -121,10 +125,13 @@ in { nixosConfigurations = hosts; - checks."${system}" = nixLib.warnMerge tests { - formatting = - treefmtEval.config.build.check self; - } "the flake checks"; + checks."${system}" = + nixLib.warnMerge (nixLib.warnMerge tests { + formatting = + treefmtEval.config.build.check self; + } "the flake checks and formatting") + (deploy-rs.lib."${system}".deployChecks self.deploy) + "the flake checks and deploy-rs"; packages."${system}" = vhackPackages; formatter."${system}" = treefmtEval.config.build.wrapper; @@ -135,12 +142,22 @@ # used for certificate generation in the taskserver setup gnutls + pkgs.deploy-rs + git-bug cocogitto - # ragenix.packages."${system}".default + ragenix.packages."${system}".default ]; }; }; + + deploy.nodes.server2 = { + hostname = "server2.vhack.eu"; + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.server2; + }; + }; }; } diff --git a/hardware_config_server2.nix b/hardware_config_server2.nix.nixos-facter.json index 4e55b91..4e55b91 100644 --- a/hardware_config_server2.nix +++ b/hardware_config_server2.nix.nixos-facter.json diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix index c0e76db..ab7c02a 100644 --- a/hosts/by-name/server1/configuration.nix +++ b/hosts/by-name/server1/configuration.nix @@ -25,6 +25,7 @@ postgresql.enable = true; redlib.enable = true; users.enable = true; + persist.enable = true; }; boot.tmp.cleanOnBoot = true; diff --git a/hosts/by-name/server2/hardware.nix b/hosts/by-name/server2/hardware.nix index 9abc64c..a6e4e40 100644 --- a/hosts/by-name/server2/hardware.nix +++ b/hosts/by-name/server2/hardware.nix @@ -9,6 +9,7 @@ # FIXME: Find a better way to specify the disk disk = "/dev/vda"; }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; - boot.initrd.kernelModules = []; + nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/hosts/by-name/server2/networking.nix b/hosts/by-name/server2/networking.nix index 73ca88a..e6a96c2 100644 --- a/hosts/by-name/server2/networking.nix +++ b/hosts/by-name/server2/networking.nix @@ -2,22 +2,24 @@ ipv4 = "185.16.61.132"; ipv6 = "2a03:4000:a:106::1"; in { - # This file was populated at runtime with the networking - # details gathered from the active system. networking = { nameservers = [ "8.8.8.8" ]; + defaultGateway = { - address = ipv4; + address = "89.58.56.1"; interface = "eth0"; }; defaultGateway6 = { - address = ipv6; + address = "fe80::1"; interface = "eth0"; }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { eth0 = { ipv4.addresses = [ diff --git a/modules/by-name/ba/back/module.nix b/modules/by-name/ba/back/module.nix index 7d67fbc..f732f02 100644 --- a/modules/by-name/ba/back/module.nix +++ b/modules/by-name/ba/back/module.nix @@ -2,7 +2,6 @@ config, lib, vhackPackages, - pkgs, ... }: let cfg = config.vhack.back; @@ -15,7 +14,7 @@ environment = { ROCKET_PORT = builtins.toString port; - SOURCE_CODE_REPOSITORY_URL = "https://git.vhack.eu/vhack.eu/nixos-server/tree/pkgs/by-name/ba/back"; + BACK_SOURCE_CODE_REPOSITORY_URL = "https://git.vhack.eu/vhack.eu/nixos-server/tree/pkgs/by-name/ba/back"; }; serviceConfig = { diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 9d27e5a..00e9011 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -11,6 +11,7 @@ root="$(git rev-parse --show-toplevel)" nix run github:numtide/nixos-anywhere -- \ --flake ".#$host_name" \ --target-host "$ssh_url" \ - --generate-hardware-config nixos-facter "$root/hardware_config_$host_name.nix" + --generate-hardware-config nixos-generate-config "$root/hardware_config_$host_name.nix" \ + --generate-hardware-config nixos-facter "$root/hardware_config_$host_name.json" # vim: ft=sh diff --git a/scripts/mk_network_config.sh b/scripts/mk_network_config.sh new file mode 100755 index 0000000..d929530 --- /dev/null +++ b/scripts/mk_network_config.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash + +# Taken from: https://github.com/elitak/nixos-infect +set -e -o pipefail + +makeNetworkingConf() { + # XXX It'd be better if we used procfs for all this... + local IFS=$'\n' + eth0_name=$(ip address show | grep '^2:' | awk -F': ' '{print $2}') + eth0_ip4s=$(ip address show dev "$eth0_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|') + eth0_ip6s=$(ip address show dev "$eth0_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || true) + gateway=$(ip route show dev "$eth0_name" | grep default | sed -r 's|default via ([0-9.]+).*|\1|') + gateway6=$(ip -6 route show dev "$eth0_name" | grep default | sed -r 's|default via ([0-9a-f:]+).*|\1|' || true) + ether0=$(ip address show dev "$eth0_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|') + + eth1_name=$(ip address show | grep '^3:' | awk -F': ' '{print $2}') || true + if [ -n "$eth1_name" ]; then + eth1_ip4s=$(ip address show dev "$eth1_name" | grep 'inet ' | sed -r 's|.*inet ([0-9.]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|') + eth1_ip6s=$(ip address show dev "$eth1_name" | grep 'inet6 ' | sed -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|{ address="\1"; prefixLength=\2; }|' || true) + ether1=$(ip address show dev "$eth1_name" | grep link/ether | sed -r 's|.*link/ether ([0-9a-f:]+) .*|\1|') + interfaces1=$( + cat <<EOF + $eth1_name = { + ipv4.addresses = [$(for a in "${eth1_ip4s[@]}"; do echo -n " + $a"; done) + ]; + ipv6.addresses = [$(for a in "${eth1_ip6s[@]}"; do echo -n " + $a"; done) + ]; + }; +EOF + ) + extraRules1="ATTR{address}==\"${ether1}\", NAME=\"${eth1_name}\"" + else + interfaces1="" + extraRules1="" + fi + + readarray nameservers < <(grep ^nameserver /etc/resolv.conf | sed -r \ + -e 's/^nameserver[[:space:]]+([0-9.a-fA-F:]+).*/"\1"/' \ + -e 's/127[0-9.]+/8.8.8.8/' \ + -e 's/::1/8.8.8.8/') + + if [[ "$eth0_name" = eth* ]]; then + predictable_inames="usePredictableInterfaceNames = lib.mkForce false;" + else + predictable_inames="usePredictableInterfaceNames = lib.mkForce true;" + fi + cat <<EOF +{ lib, ... }: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ ${nameservers[@]} ]; + defaultGateway = "${gateway}"; + defaultGateway6 = { + address = "${gateway6}"; + interface = "${eth0_name}"; + }; + dhcpcd.enable = false; + $predictable_inames + interfaces = { + $eth0_name = { + ipv4.addresses = [$(for a in "${eth0_ip4s[@]}"; do echo -n " + $a"; done) + ]; + ipv6.addresses = [$(for a in "${eth0_ip6s[@]}"; do echo -n " + $a"; done) + ]; + ipv4.routes = [ { address = "${gateway}"; prefixLength = 32; } ]; + ipv6.routes = [ { address = "${gateway6}"; prefixLength = 128; } ]; + }; + $interfaces1 + }; + }; + services.udev.extraRules = '' + ATTR{address}=="${ether0}", NAME="${eth0_name}" + $extraRules1 + ''; +} +EOF +} + +makeNetworkingConf + +# vim: ft=sh |