Compare commits
2 commits
9bab95bab7
...
464a726664
Author | SHA1 | Date | |
---|---|---|---|
464a726664 | |||
e3b6cb72b4 |
5 changed files with 63 additions and 3 deletions
|
@ -63,6 +63,7 @@
|
||||||
modules = [
|
modules = [
|
||||||
./terraform
|
./terraform
|
||||||
{
|
{
|
||||||
|
bagel.dnsimple.enable = true;
|
||||||
bagel.gandi.enable = true;
|
bagel.gandi.enable = true;
|
||||||
bagel.hydra.enable = true;
|
bagel.hydra.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -135,7 +135,7 @@ in
|
||||||
{ address = "2a01:584:11::1:${toString cfg.num}"; prefixLength = 64; }
|
{ address = "2a01:584:11::1:${toString cfg.num}"; prefixLength = 64; }
|
||||||
];
|
];
|
||||||
networking.defaultGateway6 = { interface = "uplink"; address = "2a01:584:11::1"; };
|
networking.defaultGateway6 = { interface = "uplink"; address = "2a01:584:11::1"; };
|
||||||
deployment.targetHost = "2a01:584:11::1:${toString cfg.num}";
|
deployment.targetHost = lib.mkIf (!cfg.netboot) "2a01:584:11::1:${toString cfg.num}";
|
||||||
deployment.tags = [ "builders" ];
|
deployment.tags = [ "builders" ];
|
||||||
|
|
||||||
# Why can't we have nice things? https://bugs.openjdk.org/browse/JDK-8170568
|
# Why can't we have nice things? https://bugs.openjdk.org/browse/JDK-8170568
|
||||||
|
|
|
@ -21,13 +21,22 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# machines with the netboot module enabled should only be updated by appliying wob-vpn-gw and rebooting
|
||||||
|
deployment.targetHost = "invalid.example.com";
|
||||||
|
# fixes initrd eval warning, and allows `colmena build` to succed
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "none";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = [ "defaults" "size=64G" "mode=755" ];
|
||||||
|
};
|
||||||
|
|
||||||
system.build = {
|
system.build = {
|
||||||
|
|
||||||
# Build a kernel and initramfs which will download the IPXE script from hydra using
|
# Build a kernel and initramfs which will download the IPXE script from hydra using
|
||||||
# u-root pxeboot tool and kexec into the final netbooted system.
|
# u-root pxeboot tool and kexec into the final netbooted system.
|
||||||
notipxe = import (modulesPath + "/..") {
|
notipxe = import (modulesPath + "/..") {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
configuration =
|
configuration =
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -57,7 +66,7 @@ in
|
||||||
script = ''
|
script = ''
|
||||||
ln -sf /dev/console /dev/tty
|
ln -sf /dev/console /dev/tty
|
||||||
until ${pkgs.iputils}/bin/ping -c 1 hydra.forkos.org; do sleep 1; done
|
until ${pkgs.iputils}/bin/ping -c 1 hydra.forkos.org; do sleep 1; done
|
||||||
${pkgs.u-root}/bin/pxeboot -v -ipv4=false -file https://hydra.forkos.org/job/infra/main/${node.config.networking.hostName}/latest/download-by-type/file/ipxe
|
${pkgs.u-root}/bin/pxeboot -v -ipv4=false -file https://hydra.forkos.org/job/infra/main/${node.config.networking.hostName}/latest/download-by-type/file/ipxe
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
boot.initrd.systemd.contents."/etc/ssl/certs/ca-certificates.crt".source = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
boot.initrd.systemd.contents."/etc/ssl/certs/ca-certificates.crt".source = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./common.nix
|
./common.nix
|
||||||
./gandi.nix
|
./gandi.nix
|
||||||
|
./dnsimple.nix
|
||||||
./hydra.nix
|
./hydra.nix
|
||||||
./state.nix
|
./state.nix
|
||||||
];
|
];
|
||||||
|
|
49
terraform/dnsimple.nix
Normal file
49
terraform/dnsimple.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
{ lib, config, ... }:
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption mkIf tf genList;
|
||||||
|
cfg = config.bagel.dnsimple;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.bagel.dnsimple = {
|
||||||
|
enable = mkEnableOption "the DNSimple configuration";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
terraform.required_providers.dnsimple = {
|
||||||
|
version = "~> 1.7.0";
|
||||||
|
source = "dnsimple/dnsimple";
|
||||||
|
};
|
||||||
|
|
||||||
|
resource.secret_resource.dnsimple_token.lifecycle.prevent_destroy = true;
|
||||||
|
resource.secret_resource.dnsimple_account.lifecycle.prevent_destroy = true;
|
||||||
|
|
||||||
|
provider.dnsimple = {
|
||||||
|
token = tf.ref "resource.secret_resource.dnsimple_token.value";
|
||||||
|
account = tf.ref "resource.secret_resource.dnsimple_account.value";
|
||||||
|
};
|
||||||
|
|
||||||
|
resource.dnsimple_zone.forkos_org = {
|
||||||
|
name = "forkos.org";
|
||||||
|
};
|
||||||
|
|
||||||
|
resource.dnsimple_zone.fleurixos_org = {
|
||||||
|
name = "fleurixos.org";
|
||||||
|
};
|
||||||
|
|
||||||
|
resource.dnsimple_zone.floral_systems = {
|
||||||
|
name = "floral.systems";
|
||||||
|
};
|
||||||
|
|
||||||
|
resource.dnsimple_zone.flowery_systems = {
|
||||||
|
name = "flowery.systems";
|
||||||
|
};
|
||||||
|
|
||||||
|
resource.dnsimple_zone.petalpkgs_org = {
|
||||||
|
name = "petalpkgs.org";
|
||||||
|
};
|
||||||
|
|
||||||
|
resource.dnsimple_zone.vzfdfp_de = {
|
||||||
|
name = "vzfdfp.de";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue