feat: introduce floral and lix common modules

This way, we can mark tenancy appropriately in a common expression and
add all machines altogether in the same entrypoint.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
raito 2024-10-05 18:04:51 +02:00
parent 92560708b8
commit 6978c1271d

View file

@ -113,7 +113,9 @@
./services ./services
./common ./common
];
floralInfraModules = commonModules ++ [
({ config, lib, ... }: { ({ config, lib, ... }: {
# This means that anyone with @floral-infra permissions # This means that anyone with @floral-infra permissions
# can ssh on root of every machines handled here. # can ssh on root of every machines handled here.
@ -124,32 +126,62 @@
# Tag all machines which have local boot as local bootables. # Tag all machines which have local boot as local bootables.
deployment.tags = lib.mkIf (config.bagel.baremetal.builders.enable -> !config.bagel.baremetal.builders.netboot) deployment.tags = lib.mkIf (config.bagel.baremetal.builders.enable -> !config.bagel.baremetal.builders.netboot)
[ "localboot" ]; [ "localboot" ];
bagel.secrets.tenant = "floral";
bagel.builders.extra-build-capacity.provider.tenant = "floral";
}) })
]; ];
# These are Floral baremetal builders.
makeBuilder = i: makeBuilder = i:
let let
enableNetboot = i >= 6; enableNetboot = i >= 6;
in in
lib.nameValuePair "builder-${toString i}" { lib.nameValuePair "builder-${toString i}" {
imports = commonModules; imports = floralInfraModules;
bagel.baremetal.builders = { enable = true; num = i; netboot = enableNetboot; }; bagel.baremetal.builders = { enable = true; num = i; netboot = enableNetboot; };
}; };
lixInfraModules = commonModules ++ [
{
# This means that anyone with @lix-infra permissions
# can ssh on root of every machines handled here.
bagel.admins.allowedGroups = [
"lix-infra"
];
# Tag all machines which have local boot as local bootables.
# Lix has no netbootable machine.
deployment.tags = [ "localboot" ];
bagel.secrets.tenant = "lix";
bagel.builders.extra-build-capacity.provider.tenant = "lix";
}
];
builders = lib.listToAttrs (lib.genList makeBuilder 11); builders = lib.listToAttrs (lib.genList makeBuilder 11);
in { in {
meta.nixpkgs = systemBits.x86_64-linux.pkgs; meta.nixpkgs = systemBits.x86_64-linux.pkgs;
# Add any non-x86_64 native systems here.
# Cross compilation is not supported yet.
meta.nodeNixpkgs =
let
aarch64-systems = systems: lib.genAttrs systems (system: systemBits.aarch64-linux.pkgs);
in
aarch64-systems [
];
meta.specialArgs.inputs = inputs; meta.specialArgs.inputs = inputs;
bagel-box.imports = commonModules ++ [ ./hosts/bagel-box ]; bagel-box.imports = floralInfraModules ++ [ ./hosts/bagel-box ];
meta01.imports = commonModules ++ [ ./hosts/meta01 ]; meta01.imports = floralInfraModules ++ [ ./hosts/meta01 ];
gerrit01.imports = commonModules ++ [ ./hosts/gerrit01 ]; gerrit01.imports = floralInfraModules ++ [ ./hosts/gerrit01 ];
fodwatch.imports = commonModules ++ [ ./hosts/fodwatch ]; fodwatch.imports = floralInfraModules ++ [ ./hosts/fodwatch ];
git.imports = commonModules ++ [ ./hosts/git ]; git.imports = floralInfraModules ++ [ ./hosts/git ];
wob-vpn-gw.imports = commonModules ++ [ ./hosts/wob-vpn-gw ]; wob-vpn-gw.imports = floralInfraModules ++ [ ./hosts/wob-vpn-gw ];
buildbot.imports = commonModules ++ [ ./hosts/buildbot ]; buildbot.imports = floralInfraModules ++ [ ./hosts/buildbot ];
public01.imports = commonModules ++ [ ./hosts/public01 ]; public01.imports = floralInfraModules ++ [ ./hosts/public01 ];
build-coord.imports = commonModules ++ [ ./hosts/build-coord ]; build-coord.imports = floralInfraModules ++ [ ./hosts/build-coord ];
} // builders; } // builders;
hydraJobs = builtins.mapAttrs (n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel) self.nixosConfigurations; hydraJobs = builtins.mapAttrs (n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel) self.nixosConfigurations;