ops/nixos: set up things for generating rundeck nodes
This commit is contained in:
parent
5533fd502a
commit
ecd086eae4
5 changed files with 35 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
{ ... }:
|
{ depot, lib, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../lib/bvm.nix
|
../lib/bvm.nix
|
||||||
|
@ -22,5 +22,21 @@
|
||||||
|
|
||||||
services.rundeck.enable = true;
|
services.rundeck.enable = true;
|
||||||
|
|
||||||
|
environment.etc."rundeck.nodes.yaml" = let
|
||||||
|
content = builtins.mapAttrs (name: value: {
|
||||||
|
nodename = name;
|
||||||
|
hostname = value.config.networking.fqdn;
|
||||||
|
tags = lib.concatStringsSep "," value.config.my.rundeck.tags;
|
||||||
|
username = "deployer";
|
||||||
|
osFamily = "unix";
|
||||||
|
osName = "Linux";
|
||||||
|
}) (lib.filterAttrs
|
||||||
|
(name: value: value.config.my.rundeck.expectedOnline)
|
||||||
|
depot.ops.nixos.systemConfigs
|
||||||
|
);
|
||||||
|
in {
|
||||||
|
text = builtins.toJSON content;
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,6 +42,8 @@ in {
|
||||||
|
|
||||||
"mitigations=off"
|
"mitigations=off"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
my.rundeck.tags = [ "blade" ];
|
||||||
|
|
||||||
fileSystems = let
|
fileSystems = let
|
||||||
zfs = device: {
|
zfs = device: {
|
||||||
|
|
|
@ -44,6 +44,8 @@
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 2;
|
nix.maxJobs = lib.mkDefault 2;
|
||||||
|
|
||||||
|
my.rundeck.tags = [ "bvm" ];
|
||||||
|
|
||||||
# Networking!
|
# Networking!
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
@ -11,6 +11,15 @@ in
|
||||||
{
|
{
|
||||||
imports = [ ../../../third_party/home-manager/nixos ];
|
imports = [ ../../../third_party/home-manager/nixos ];
|
||||||
|
|
||||||
|
options.my.rundeck.expectedOnline = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
options.my.rundeck.tags = lib.mkOption {
|
||||||
|
type = lib.types.listOf lib.types.str;
|
||||||
|
default = [ "nixos" ];
|
||||||
|
};
|
||||||
|
|
||||||
options.my.home-manager.imports = lib.mkOption {
|
options.my.home-manager.imports = lib.mkOption {
|
||||||
type = lib.types.listOf lib.types.path;
|
type = lib.types.listOf lib.types.path;
|
||||||
default = [ ./home-manager/common.nix ];
|
default = [ ./home-manager/common.nix ];
|
||||||
|
@ -46,6 +55,8 @@ in
|
||||||
"as205479.net"
|
"as205479.net"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
my.rundeck.tags = [ "nixos" ];
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ];
|
nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ];
|
||||||
trustedUsers = [ "root" "@wheel" "deployer" ];
|
trustedUsers = [ "root" "@wheel" "deployer" ];
|
||||||
|
@ -110,6 +121,7 @@ in
|
||||||
createHome = true;
|
createHome = true;
|
||||||
openssh.authorizedKeys.keyFiles = [
|
openssh.authorizedKeys.keyFiles = [
|
||||||
../../secrets/deployer_ed25519.pub
|
../../secrets/deployer_ed25519.pub
|
||||||
|
../../secrets/rundeck_deployer_rsa.pub
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -39,6 +39,8 @@ in {
|
||||||
"abi.vsyscall32" = "0";
|
"abi.vsyscall32" = "0";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
my.rundeck.expectedOnline = false;
|
||||||
|
|
||||||
fileSystems = let
|
fileSystems = let
|
||||||
zfs = device: {
|
zfs = device: {
|
||||||
device = device;
|
device = device;
|
||||||
|
|
Loading…
Reference in a new issue