ops/nixos: set up things for generating rundeck nodes

This commit is contained in:
Luke Granger-Brown 2021-04-10 19:59:56 +00:00
parent 5533fd502a
commit ecd086eae4
5 changed files with 35 additions and 1 deletions

View file

@ -2,7 +2,7 @@
#
# SPDX-License-Identifier: Apache-2.0
{ ... }:
{ depot, lib, ... }:
{
imports = [
../lib/bvm.nix
@ -22,5 +22,21 @@
services.rundeck.enable = true;
environment.etc."rundeck.nodes.yaml" = let
content = builtins.mapAttrs (name: value: {
nodename = name;
hostname = value.config.networking.fqdn;
tags = lib.concatStringsSep "," value.config.my.rundeck.tags;
username = "deployer";
osFamily = "unix";
osName = "Linux";
}) (lib.filterAttrs
(name: value: value.config.my.rundeck.expectedOnline)
depot.ops.nixos.systemConfigs
);
in {
text = builtins.toJSON content;
};
system.stateVersion = "21.05";
}

View file

@ -42,6 +42,8 @@ in {
"mitigations=off"
];
my.rundeck.tags = [ "blade" ];
fileSystems = let
zfs = device: {

View file

@ -44,6 +44,8 @@
boot.loader.efi.canTouchEfiVariables = true;
nix.maxJobs = lib.mkDefault 2;
my.rundeck.tags = [ "bvm" ];
# Networking!
networking = {

View file

@ -11,6 +11,15 @@ in
{
imports = [ ../../../third_party/home-manager/nixos ];
options.my.rundeck.expectedOnline = lib.mkOption {
type = lib.types.bool;
default = true;
};
options.my.rundeck.tags = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "nixos" ];
};
options.my.home-manager.imports = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [ ./home-manager/common.nix ];
@ -46,6 +55,8 @@ in
"as205479.net"
];
my.rundeck.tags = [ "nixos" ];
nix = {
nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ];
trustedUsers = [ "root" "@wheel" "deployer" ];
@ -110,6 +121,7 @@ in
createHome = true;
openssh.authorizedKeys.keyFiles = [
../../secrets/deployer_ed25519.pub
../../secrets/rundeck_deployer_rsa.pub
];
};
};

View file

@ -39,6 +39,8 @@ in {
"abi.vsyscall32" = "0";
};
my.rundeck.expectedOnline = false;
fileSystems = let
zfs = device: {
device = device;