ops/nixos: set up things for generating rundeck nodes
This commit is contained in:
parent
5533fd502a
commit
ecd086eae4
5 changed files with 35 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
{ ... }:
|
||||
{ depot, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../lib/bvm.nix
|
||||
|
@ -22,5 +22,21 @@
|
|||
|
||||
services.rundeck.enable = true;
|
||||
|
||||
environment.etc."rundeck.nodes.yaml" = let
|
||||
content = builtins.mapAttrs (name: value: {
|
||||
nodename = name;
|
||||
hostname = value.config.networking.fqdn;
|
||||
tags = lib.concatStringsSep "," value.config.my.rundeck.tags;
|
||||
username = "deployer";
|
||||
osFamily = "unix";
|
||||
osName = "Linux";
|
||||
}) (lib.filterAttrs
|
||||
(name: value: value.config.my.rundeck.expectedOnline)
|
||||
depot.ops.nixos.systemConfigs
|
||||
);
|
||||
in {
|
||||
text = builtins.toJSON content;
|
||||
};
|
||||
|
||||
system.stateVersion = "21.05";
|
||||
}
|
||||
|
|
|
@ -43,6 +43,8 @@ in {
|
|||
"mitigations=off"
|
||||
];
|
||||
|
||||
my.rundeck.tags = [ "blade" ];
|
||||
|
||||
fileSystems = let
|
||||
zfs = device: {
|
||||
device = device;
|
||||
|
|
|
@ -45,6 +45,8 @@
|
|||
|
||||
nix.maxJobs = lib.mkDefault 2;
|
||||
|
||||
my.rundeck.tags = [ "bvm" ];
|
||||
|
||||
# Networking!
|
||||
networking = {
|
||||
domain = "blade.as205479.net";
|
||||
|
|
|
@ -11,6 +11,15 @@ in
|
|||
{
|
||||
imports = [ ../../../third_party/home-manager/nixos ];
|
||||
|
||||
options.my.rundeck.expectedOnline = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
};
|
||||
options.my.rundeck.tags = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ "nixos" ];
|
||||
};
|
||||
|
||||
options.my.home-manager.imports = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.path;
|
||||
default = [ ./home-manager/common.nix ];
|
||||
|
@ -46,6 +55,8 @@ in
|
|||
"as205479.net"
|
||||
];
|
||||
|
||||
my.rundeck.tags = [ "nixos" ];
|
||||
|
||||
nix = {
|
||||
nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ];
|
||||
trustedUsers = [ "root" "@wheel" "deployer" ];
|
||||
|
@ -110,6 +121,7 @@ in
|
|||
createHome = true;
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
../../secrets/deployer_ed25519.pub
|
||||
../../secrets/rundeck_deployer_rsa.pub
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -39,6 +39,8 @@ in {
|
|||
"abi.vsyscall32" = "0";
|
||||
};
|
||||
|
||||
my.rundeck.expectedOnline = false;
|
||||
|
||||
fileSystems = let
|
||||
zfs = device: {
|
||||
device = device;
|
||||
|
|
Loading…
Reference in a new issue