From 6978c1271db8cc76e5c3198449378dbef569164e Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 5 Oct 2024 18:04:51 +0200 Subject: [PATCH] feat: introduce floral and lix common modules This way, we can mark tenancy appropriately in a common expression and add all machines altogether in the same entrypoint. Signed-off-by: Raito Bezarius --- flake.nix | 56 +++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 44 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index a0d0564..f3ae25f 100644 --- a/flake.nix +++ b/flake.nix @@ -113,7 +113,9 @@ ./services ./common + ]; + floralInfraModules = commonModules ++ [ ({ config, lib, ... }: { # This means that anyone with @floral-infra permissions # can ssh on root of every machines handled here. @@ -121,35 +123,65 @@ "floral-infra" ]; - # Tag all machines which have local boot as local bootables. + # Tag all machines which have local boot as local bootables. deployment.tags = lib.mkIf (config.bagel.baremetal.builders.enable -> !config.bagel.baremetal.builders.netboot) - [ "localboot" ]; + [ "localboot" ]; + + bagel.secrets.tenant = "floral"; + bagel.builders.extra-build-capacity.provider.tenant = "floral"; }) ]; + # These are Floral baremetal builders. makeBuilder = i: let enableNetboot = i >= 6; in lib.nameValuePair "builder-${toString i}" { - imports = commonModules; + imports = floralInfraModules; bagel.baremetal.builders = { enable = true; num = i; netboot = enableNetboot; }; }; + lixInfraModules = commonModules ++ [ + { + # This means that anyone with @lix-infra permissions + # can ssh on root of every machines handled here. + bagel.admins.allowedGroups = [ + "lix-infra" + ]; + + # Tag all machines which have local boot as local bootables. + # Lix has no netbootable machine. + deployment.tags = [ "localboot" ]; + + + bagel.secrets.tenant = "lix"; + bagel.builders.extra-build-capacity.provider.tenant = "lix"; + } + ]; + builders = lib.listToAttrs (lib.genList makeBuilder 11); in { meta.nixpkgs = systemBits.x86_64-linux.pkgs; + # Add any non-x86_64 native systems here. + # Cross compilation is not supported yet. + meta.nodeNixpkgs = + let + aarch64-systems = systems: lib.genAttrs systems (system: systemBits.aarch64-linux.pkgs); + in + aarch64-systems [ + ]; meta.specialArgs.inputs = inputs; - bagel-box.imports = commonModules ++ [ ./hosts/bagel-box ]; - meta01.imports = commonModules ++ [ ./hosts/meta01 ]; - gerrit01.imports = commonModules ++ [ ./hosts/gerrit01 ]; - fodwatch.imports = commonModules ++ [ ./hosts/fodwatch ]; - git.imports = commonModules ++ [ ./hosts/git ]; - wob-vpn-gw.imports = commonModules ++ [ ./hosts/wob-vpn-gw ]; - buildbot.imports = commonModules ++ [ ./hosts/buildbot ]; - public01.imports = commonModules ++ [ ./hosts/public01 ]; - build-coord.imports = commonModules ++ [ ./hosts/build-coord ]; + bagel-box.imports = floralInfraModules ++ [ ./hosts/bagel-box ]; + meta01.imports = floralInfraModules ++ [ ./hosts/meta01 ]; + gerrit01.imports = floralInfraModules ++ [ ./hosts/gerrit01 ]; + fodwatch.imports = floralInfraModules ++ [ ./hosts/fodwatch ]; + git.imports = floralInfraModules ++ [ ./hosts/git ]; + wob-vpn-gw.imports = floralInfraModules ++ [ ./hosts/wob-vpn-gw ]; + buildbot.imports = floralInfraModules ++ [ ./hosts/buildbot ]; + public01.imports = floralInfraModules ++ [ ./hosts/public01 ]; + build-coord.imports = floralInfraModules ++ [ ./hosts/build-coord ]; } // builders; hydraJobs = builtins.mapAttrs (n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel) self.nixosConfigurations;