diff --git a/clusters/fs2/default.nix b/clusters/fs2/default.nix index bd460c4..af2d1bc 100644 --- a/clusters/fs2/default.nix +++ b/clusters/fs2/default.nix @@ -1,43 +1,43 @@ with import {}; +with import ../../lib/base.nix { inherit pkgs lib config; }; let - settings = { - initca = ./ca; - clusterName = "fs2"; - hosts = [ - { name = "fs2-0"; address = "10.1.2.117"; } - ]; - clusterHosts = '' - 10.253.18.106 fs0-0 fs0-0.itpartner.no fs0-0.itpartner.intern - - 10.253.18.100 k0-0 k0-0.itpartner.no k0-0.itpartner.intern - 10.253.18.101 k0-1 k0-1.itpartner.no k0-1.itpartner.intern - 10.253.18.102 k0-2 k0-2.itpartner.no k0-2.itpartner.intern - - 10.253.18.109 k1-0 k1-0.itpartner.no k1-0.itpartner.intern - 10.253.18.110 k1-1 k1-1.itpartner.no k1-1.itpartner.intern - 10.253.18.111 k1-2 k1-2.itpartner.no k1-2.itpartner.intern - 10.253.18.108 k1-3 k1-3.itpartner.no k1-3.itpartner.intern - 10.253.18.107 k0-4 k1-4.itpartner.no k1-4.itpartner.intern - - 10.253.18.114 k2-0 k2-0.itpartner.no k2-0.itpartner.intern - 10.253.18.115 k2-1 k2-1.itpartner.no k2-1.itpartner.intern - 10.253.18.116 k2-2 k2-2.itpartner.no k2-2.itpartner.intern - 10.253.18.117 k2-3 k2-3.itpartner.no k2-3.itpartner.intern - 10.253.18.118 k2-4 k2-4.itpartner.no k2-4.itpartner.intern - 10.253.18.103 k2-5 k2-5.itpartner.no k2-5.itpartner.intern - ''; - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - }; - - base = import ../../lib/base.nix { inherit pkgs lib settings here; }; + hosts = [ + { name = "fs2-0"; address = "10.1.2.117"; } + ]; fsConfig = node: - let cert = base.hostCerts.${node}; - in - { + let + cert = base.hostCerts.${node}; + in { + k8s = { + initca = ./ca; + clusterName = "fs2"; + clusterHosts = '' + 10.253.18.106 fs0-0 fs0-0.itpartner.no fs0-0.itpartner.intern + + 10.253.18.100 k0-0 k0-0.itpartner.no k0-0.itpartner.intern + 10.253.18.101 k0-1 k0-1.itpartner.no k0-1.itpartner.intern + 10.253.18.102 k0-2 k0-2.itpartner.no k0-2.itpartner.intern + + 10.253.18.109 k1-0 k1-0.itpartner.no k1-0.itpartner.intern + 10.253.18.110 k1-1 k1-1.itpartner.no k1-1.itpartner.intern + 10.253.18.111 k1-2 k1-2.itpartner.no k1-2.itpartner.intern + 10.253.18.108 k1-3 k1-3.itpartner.no k1-3.itpartner.intern + 10.253.18.107 k0-4 k1-4.itpartner.no k1-4.itpartner.intern + + 10.253.18.114 k2-0 k2-0.itpartner.no k2-0.itpartner.intern + 10.253.18.115 k2-1 k2-1.itpartner.no k2-1.itpartner.intern + 10.253.18.116 k2-2 k2-2.itpartner.no k2-2.itpartner.intern + 10.253.18.117 k2-3 k2-3.itpartner.no k2-3.itpartner.intern + 10.253.18.118 k2-4 k2-4.itpartner.no k2-4.itpartner.intern + 10.253.18.103 k2-5 k2-5.itpartner.no k2-5.itpartner.intern + ''; + adminAuthorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" + ]; + }; + boot.kernelModules = [ "dm_snapshot" "dm_mirror" @@ -69,13 +69,10 @@ let }; environment.systemPackages = [ pkgs.lvm2 ]; + + imports = [ ./fs2-0.nix ]; }; in -{ - local = { - }; -} - -# base.baseDeployment { -# fs2-0 = fsConfig "fs2-0"; -# } + baseDeployment hosts { + fs2-0 = fsConfig "fs2-0"; + } diff --git a/clusters/fs2/options.nix b/clusters/fs2/options.nix deleted file mode 100644 index 090f350..0000000 --- a/clusters/fs2/options.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, config, ...}: -{ - hostName = ""; - desktop = false; - lan = false; - uefi = false; - bootdisk = "/dev/sda"; - eth = "ens32"; - virtualization = "vmware-guest"; - kernelExtras = false; -} diff --git a/lib/base.nix b/lib/base.nix index 9fdb5a5..9b7e6ca 100644 --- a/lib/base.nix +++ b/lib/base.nix @@ -1,11 +1,13 @@ -{ pkgs, config, lib, ... }: +{ pkgs, lib, config, ... }: with lib; let cfg = config.k8s; - +in +rec { pki = import ./pki.nix { inherit pkgs; ca = cfg.initca; }; - baseNixos = name: { + baseNixos = name: + { users.extraUsers.admin.openssh.authorizedKeys.keys = cfg.adminAuthorizedKeys; @@ -18,9 +20,7 @@ let ./nixos/configuration.nix ]; - security.pki.certificateFiles = [ - pki.ca.cert - ]; + security.pki.certificateFiles = [ pki.ca.cert ]; networking = { hostName = name; @@ -50,41 +50,13 @@ let ]; }; - baseDeployment = attrs: + baseDeployment = nodes: attrs: let hosts = builtins.foldl' - (a: x: a // { ${x.name} = mkHost x _; }) {} cfg.hosts; + (a: x: a // { ${x.name} = mkHost x _; }) {} nodes; hosts' = lib.recursiveUpdate hosts attrs; names = builtins.attrNames hosts; in builtins.foldl' (a: x: a // { ${x} = self: hosts'.${x}; }) {} names; -in -{ - options.k8s = { - initca = mkOption { - type = types.path; - }; - - clusterName = mkOption { - type = types.str; - }; - - hosts = mkOption { - type = types.listOf types.set; - default = []; - }; - - clusterHosts = mkOption { - type = types.str; - }; - - adminAuthorizedKeys = mkOption { - type = types.listOf types.str; - default = []; - }; - }; - - config = { - }; } diff --git a/lib/module.nix b/lib/module.nix new file mode 100644 index 0000000..a94cc34 --- /dev/null +++ b/lib/module.nix @@ -0,0 +1,33 @@ +{ pkgs, config, lib, ... }: +with lib; +let + cfg = config.k8s; +in +{ + options.k8s = { + initca = mkOption { + type = types.path; + }; + + clusterName = mkOption { + type = types.str; + }; + + hosts = mkOption { + type = types.listOf types.set; + default = []; + }; + + clusterHosts = mkOption { + type = types.str; + }; + + adminAuthorizedKeys = mkOption { + type = types.listOf types.str; + default = []; + }; + }; + + config = { + }; +}