diff --git a/ops/nixos/bvm-nixosmgmt/default.nix b/ops/nixos/bvm-nixosmgmt/default.nix index e35a30c76b..9b2ee4599f 100644 --- a/ops/nixos/bvm-nixosmgmt/default.nix +++ b/ops/nixos/bvm-nixosmgmt/default.nix @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -{ ... }: +{ depot, lib, ... }: { imports = [ ../lib/bvm.nix @@ -22,5 +22,21 @@ services.rundeck.enable = true; + environment.etc."rundeck.nodes.yaml" = let + content = builtins.mapAttrs (name: value: { + nodename = name; + hostname = value.config.networking.fqdn; + tags = lib.concatStringsSep "," value.config.my.rundeck.tags; + username = "deployer"; + osFamily = "unix"; + osName = "Linux"; + }) (lib.filterAttrs + (name: value: value.config.my.rundeck.expectedOnline) + depot.ops.nixos.systemConfigs + ); + in { + text = builtins.toJSON content; + }; + system.stateVersion = "21.05"; } diff --git a/ops/nixos/lib/blade.nix b/ops/nixos/lib/blade.nix index 0df9b005fd..0d879ae3bb 100644 --- a/ops/nixos/lib/blade.nix +++ b/ops/nixos/lib/blade.nix @@ -42,6 +42,8 @@ in { "mitigations=off" ]; + + my.rundeck.tags = [ "blade" ]; fileSystems = let zfs = device: { diff --git a/ops/nixos/lib/bvm.nix b/ops/nixos/lib/bvm.nix index f20b627f00..3ea0845104 100644 --- a/ops/nixos/lib/bvm.nix +++ b/ops/nixos/lib/bvm.nix @@ -44,6 +44,8 @@ boot.loader.efi.canTouchEfiVariables = true; nix.maxJobs = lib.mkDefault 2; + + my.rundeck.tags = [ "bvm" ]; # Networking! networking = { diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index 7aa519e25a..5721cbb47b 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -11,6 +11,15 @@ in { imports = [ ../../../third_party/home-manager/nixos ]; + options.my.rundeck.expectedOnline = lib.mkOption { + type = lib.types.bool; + default = true; + }; + options.my.rundeck.tags = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "nixos" ]; + }; + options.my.home-manager.imports = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ ./home-manager/common.nix ]; @@ -46,6 +55,8 @@ in "as205479.net" ]; + my.rundeck.tags = [ "nixos" ]; + nix = { nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; trustedUsers = [ "root" "@wheel" "deployer" ]; @@ -110,6 +121,7 @@ in createHome = true; openssh.authorizedKeys.keyFiles = [ ../../secrets/deployer_ed25519.pub + ../../secrets/rundeck_deployer_rsa.pub ]; }; }; diff --git a/ops/nixos/porcorosso/default.nix b/ops/nixos/porcorosso/default.nix index 78b1fdb5f2..7ab72e35f3 100644 --- a/ops/nixos/porcorosso/default.nix +++ b/ops/nixos/porcorosso/default.nix @@ -39,6 +39,8 @@ in { "abi.vsyscall32" = "0"; }; + my.rundeck.expectedOnline = false; + fileSystems = let zfs = device: { device = device;