From 7b59038e50dff8e14d814382c852e2c3eac8f333 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@itpartner.no>
Date: Sat, 23 Feb 2019 16:11:21 +0100
Subject: [PATCH] Add fs0 cluster to new deployment infra

---
 fs0/build.nix                 |  2 ++
 fs0/certs.nix                 | 11 +++++++++++
 fs0.nix => fs0/deployment.nix | 15 ++++++++-------
 lib/pki.nix                   | 18 +++++++++++-------
 4 files changed, 32 insertions(+), 14 deletions(-)
 create mode 100644 fs0/build.nix
 create mode 100644 fs0/certs.nix
 rename fs0.nix => fs0/deployment.nix (81%)

diff --git a/fs0/build.nix b/fs0/build.nix
new file mode 100644
index 0000000..0961011
--- /dev/null
+++ b/fs0/build.nix
@@ -0,0 +1,2 @@
+with import <nixpkgs> {};
+pkgs.callPackage ./certs.nix {}
diff --git a/fs0/certs.nix b/fs0/certs.nix
new file mode 100644
index 0000000..51719e9
--- /dev/null
+++ b/fs0/certs.nix
@@ -0,0 +1,11 @@
+{ pkgs, ...}:
+let
+  pki = pkgs.callPackage ../lib/pki.nix {};
+in
+{
+    initca = pki.initca;
+    ca = pki.ca;
+    fs0-0 = pki.trust "fs0-0" ''"10.253.18.106", "127.0.0.1"'';
+    fs0-1 = pki.trust "fs0-1" ''"10.1.2.164", "127.0.0.1"'';
+}
+
diff --git a/fs0.nix b/fs0/deployment.nix
similarity index 81%
rename from fs0.nix
rename to fs0/deployment.nix
index 2129cf6..b4769c7 100644
--- a/fs0.nix
+++ b/fs0/deployment.nix
@@ -1,20 +1,21 @@
 with import <nixpkgs> {};
 let
-  pki = pkgs.callPackage ./lib/pki.nix {};
+  pki = pkgs.callPackage ../lib/pki.nix {};
+  certs = pkgs.callPackage ./certs.nix {};
   clusterHosts = ''
     10.253.18.106 fs0-0 fs0-0.local
     10.1.2.164    fs0-1 fs0-1.local
     10.253.18.100 fs0-2 fs0-2.local
   '';
 
-  nixosConfig = node: ip:
+  nixosConfig = node:
     let
-      cert = pki.trust node ''"${node}", "${ip}", "127.0.0.1"'';
+      cert = pki.toSet certs.${node};
     in
     {
       imports = [
-        (./nixos/hardware-configuration + "/${node}.nix")
-        ./nixos/configuration.nix
+        (../nixos/hardware-configuration + "/${node}.nix")
+        ../nixos/configuration.nix
       ];
       boot.kernelModules = [
         "dm_snapshot"
@@ -42,7 +43,7 @@ in
 {
   fs0-0 = { ... }:
     let
-      base = nixosConfig "fs0-0" "10.253.18.106";
+      base = nixosConfig "fs0-0";
     in
     {
       deployment.targetHost = "10.253.18.106";
@@ -58,7 +59,7 @@ in
     };
   fs0-1 = { ... }:
     let
-      base = nixosConfig "fs0-1" "10.1.2.164";
+      base = nixosConfig "fs0-1";
     in
     {
       deployment.targetHost = "10.1.2.164";
diff --git a/lib/pki.nix b/lib/pki.nix
index 671ae6e..7418c60 100644
--- a/lib/pki.nix
+++ b/lib/pki.nix
@@ -112,14 +112,18 @@
     };
   };
 
-  trust = name: hosts: gencert rec {
-    inherit name;
-    csr = gencsr {
-      inherit name hosts;
-      cn = name;
-      o = name;
+  trust = name: hosts:
+    let
+      hosts' = "\"${name}\", " + hosts;
+    in gencert rec {
+      inherit name;
+      csr = gencsr {
+        inherit name;
+        hosts = hosts';
+        cn = name;
+        o = name;
+      };
     };
-  };
 
   kube-proxy = gencert rec {
     name = "kube-proxy";