depot/ops/nixos/bvm-nixosmgmt/default.nix

# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, lib, pkgs, ... }:
{
  imports = [
    ../lib/bvm.nix
    ../lib/nhsenglandtests.nix
    ../../../nix/pkgs/rundeck-bin/module.nix
  ];

  # Networking!
  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
  networking = {
    hostName = "bvm-nixosmgmt";
    hostId = "49b0fbc7";

    interfaces.enp1s0 = {
      ipv4.addresses = [{ address = "10.100.0.200"; prefixLength = 23; }];
    };
    interfaces.enp6s0 = {
      ipv4.addresses = [{ address = "92.118.28.5"; prefixLength = 24; }];
      ipv6.addresses = [{ address = "2a09:a441::5"; prefixLength = 32; }];
    };
    defaultGateway = { address = "92.118.28.1"; interface = "enp6s0"; };
    defaultGateway6 = { address = "2a09:a441::1"; interface = "enp6s0"; };
  };
  my.ip.tailscale = "100.65.226.19";

  services.rundeck = {
    enable = true;
    user = "deployer";
    pathPackages = with pkgs; [
      depot.nix.pkgs.mercurial
      openssh
      nix
    ];
  };

  environment.etc."rundeck.nodes.yaml" = let
    content = builtins.mapAttrs (name: value: {
      nodename = name;
      hostname = value.config.my.rundeck.hostname;
      tags = lib.concatStringsSep "," value.config.my.rundeck.tags;
      username = "deployer";
      osFamily = "unix";
      osName = "Linux";
    }) (lib.filterAttrs
      (name: value: value.config.my.rundeck.expectedOnline)
      depot.ops.nixos.systemConfigs
    );
  in {
    text = builtins.toJSON content;
  };

  system.stateVersion = "21.05";
}