{ pkgs, cfg, lib, config, ... }: with lib; let pki = import ./pki.nix { inherit pkgs; ca = cfg.initca; }; mkCert = host: { ${host.name} = pki.gencert { cn = host.name; ca = cfg.ca; o = cfg.clusterName; }; }; hostCerts = builtins.foldl' (a: x: a // { ${x.name} = pki.gencert { cn = x.name; ca = x.ca; o = cfg.clusterName; }; }) {} cfg.hosts; mkHost = host: self: { deployment.targetHost = host.address; require = [ (baseNixos host.name) ]; }; baseDeployment = nodes: attrs: let hosts = builtins.foldl' (a: x: a // { ${x.name} = mkHost x _; }) {} nodes; hosts' = lib.recursiveUpdate hosts attrs; names = builtins.attrNames hosts; in builtins.foldl' (a: x: a // { ${x} = self: hosts'.${x}; }) {} names; in { k8s = rec { apiserver = host: self: { deployment.targetHost = host.address; cluster = cfg // { hostName = host.name; cert = mkCert host.name; k8s.master.enable = true; k8s.node.enable = true; }; imports = [ host.hw ./k8s.nix ]; }; node = host: self: { deployment.targetHost = host.address; cluster = cfg // { hostName = host.name; cert = mkCert host.name; k8s.node.enable = true; }; imports = [ host.hw ./k8s.nix ]; }; mkDeployment = master: nodes: let server = { "${master.name}" = apiserver master; }; in builtins.foldl' (a: x: a // { "${x.name}" = node x; }) server nodes; }; fs = rec { mkNode = host: self: { deployment.targetHost = host.address; cluster = cfg // { hostName = host.name; cert = mkCert host.name; }; imports = [ host.hw ./fs.nix ]; }; mkDeployment = nodes: builtins.foldl' (a: x: a // { "${x.name}" = mkNode x; }) {} nodes; } ; host = rec { node = host: self: { deployment.targetHost = host.address; cluster = cfg // { hostName = host.name; cert = mkCert host.name; }; imports = [ host.hw ./os.nix ]; }; mkDeployment = masterNode: workerNodes: let master = { "${master.name}" = apiserver masterNode; }; in builtins.foldl' (a: x: a // { "${x.name}" = mkWorker x; }) master workerNodes; }; }