chore: reworked node generation

2023-08-26 21:01:58 +09:00 · 2023-08-26 21:01:58 +09:00 · a137d46aa1
parent 21c5f9d77e
commit a137d46aa1
12 changed files with 86 additions and 65 deletions
--- a/README.md
+++ b/README.md
@ -59,7 +59,6 @@
 - `colmenaNodes` per node configuration
 - `nodes` alias to `colmenaNodes`
 - `devshell` development shell using devshell
- `extraLib` additional library function defined in `nix/lib.nix`
 - `formatter` nix code formatter
 - `hosts` host meta declaration
 - `pkgs` nixpkgs
@ -68,7 +67,9 @@

 ## How-To

-...TODO
+### Add additional hosts
+
+1. Add host definition to `hosts.toml`

 ## Deploy

--- a/flake.nix
+++ b/flake.nix
@ -79,12 +79,7 @@

      stateVersion = "23.05";

-      hosts = {
-        patricknix = {
-          type = "nixos";
-          system = "x86_64-linux";
-        };
-      };
+      hosts = builtins.fromTOML (builtins.readFile ./hosts.toml);

      colmena = import ./nix/colmena.nix inputs;
      # all bare metal nodes
--- a/hosts.toml
+++ b/hosts.toml
@ -0,0 +1,7 @@
+[patricknix]
+type = "nixos"
+system = "x86_64-linux"
+
+[desktopnix]
+type = "nixos"
+system = "x86_64-linux"
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -1,4 +1,4 @@
-{
+{inputs, ...}: {
  imports = [
    ./efi.nix
    ./home-manager.nix
@ -14,6 +14,12 @@
    ../../../users/root

    ../../../modules/secrets.nix
+    ../../../modules/meta.nix
+
+    inputs.home-manager.nixosModules.default
+    inputs.impermanence.nixosModules.impermanence
+    inputs.agenix.nixosModules.default
+    inputs.agenix-rekey.nixosModules.default
  ];
  age.identityPaths = ["/state/etc/ssh/ssh_host_ed25519_key"];
 }
--- a/hosts/common/core/home-manager.nix
+++ b/hosts/common/core/home-manager.nix
@ -1,8 +1,7 @@
 {
-  impermanence,
-  hyprland,
  stateVersion,
  config,
+  inputs,
  pkgs,
  ...
 }: {
@ -14,8 +13,8 @@
      {
        home.stateVersion = stateVersion;
      }
-      impermanence.home-manager.impermanence
-      hyprland.homeManagerModules.default
+      inputs.impermanence.nixosModules.home-manager.impermanence
+      inputs.hyprland.homeManagerModules.default
    ];
    extraSpecialArgs = {
      nixosConfig = config;
--- a/hosts/common/core/net.nix
+++ b/hosts/common/core/net.nix
@ -1,8 +1,7 @@
-{nodeName, ...}: {
+{
  networking = {
    useNetworkd = true;
    dhcpcd.enable = false;
-    hostName = nodeName;
  };
  # Should remain enabled since nscd from glibc is kinda ass
  services.nscd.enableNsncd = true;
--- a/hosts/common/core/system.nix
+++ b/hosts/common/core/system.nix
@ -1,9 +1,8 @@
 {
  inputs,
  lib,
-  nodePath,
  pkgs,
-  nodeName,
+  config,
  ...
 }: {
  age.rekey = {
@ -15,9 +14,9 @@

    forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
    hostPubkey = let
-      pubkeyPath = nodePath + "/secrets/host.pub";
+      pubkeyPath = config.node.secretsDir + "/host.pub";
    in
-      lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${nodeName}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
+      lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${config.node.name}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
      pubkeyPath;
  };
  boot = {
@ -59,10 +58,10 @@
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

  secrets.secretFiles = let
-    local = nodePath + "/secrets/secrets.nix.age";
+    local = config.node.secretsDir + "/secrets.nix.age";
  in
    {
      global = ../../../secrets/secrets.nix.age;
    }
-    // lib.optionalAttrs (nodePath != null && lib.pathExists local) {inherit local;};
+    // lib.optionalAttrs (config.node.name != null && lib.pathExists local) {inherit local;};
 }
--- a/hosts/patricknix/default.nix
+++ b/hosts/patricknix/default.nix
@ -1,9 +1,9 @@
-{nixos-hardware, ...}: {
+{inputs, ...}: {
  imports = [
-    nixos-hardware.common-cpu-intel
-    nixos-hardware.common-gpu-intel
-    nixos-hardware.common-pc-laptop
-    nixos-hardware.common-pc-laptop-ssd
+    inputs.nixos-hardware.nixosModules.common-cpu-intel
+    inputs.nixos-hardware.nixosModules.common-gpu-intel
+    inputs.nixos-hardware.nixosModules.common-pc-laptop
+    inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd

    ../common/core
    ../common/dev
--- a/hosts/patricknix/net.nix
+++ b/hosts/patricknix/net.nix
@ -1,8 +1,4 @@
-{
-  nodePath,
-  config,
-  ...
-}: {
+{config, ...}: {
  networking = {
    inherit (config.secrets.secrets.local.networking) hostId;
    wireless.iwd.enable = true;
@ -29,11 +25,11 @@
    };
  };
  age.secrets.eduroam = {
-    rekeyFile = nodePath + "/secrets/iwd/eduroam.8021x.age";
+    rekeyFile = ./secrets/iwd/eduroam.8021x.age;
    path = "/var/lib/iwd/eduroam.8021x";
  };
  age.secrets.devoloog = {
-    rekeyFile = nodePath + "/secrets/iwd/devolo-og.psk.age";
+    rekeyFile = ./secrets/iwd/devolo-og.psk.age;
    path = "/var/lib/iwd/devolo-og.psk";
  };
 }
--- a/modules/meta.nix
+++ b/modules/meta.nix
@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit
+    (lib)
+    mdDoc
+    mkOption
+    types
+    ;
+in {
+  options.node = {
+    name = mkOption {
+      description = mdDoc "A unique name for this node (host) in the repository. Defines the default hostname, but this can be overwritten.";
+      type = types.str;
+    };
+
+    secretsDir = mkOption {
+      description = mdDoc "Path to the secrets directory for this node.";
+      type = types.path;
+    };
+  };
+
+  config = {
+    networking.hostName = config.node.name;
+  };
+}
--- a/nix/colmena.nix
+++ b/nix/colmena.nix
@ -7,17 +7,23 @@
    (nixpkgs.lib)
    filterAttrs
    mapAttrs
+    flip
    ;

  nixosNodes = filterAttrs (_: x: x.type == "nixos") self.hosts;
-  nodes = mapAttrs (import ./generate-node.nix inputs) nixosNodes;
-  generateColmenaNode = nodeName: _: {
-    inherit (nodes.${nodeName}) imports;
-  };
+  nodes = flip mapAttrs nixosNodes (name: hostCfg:
+    import ./generate-node.nix inputs {
+      inherit name;
+      inherit (hostCfg) system;
+      modules = [
+        ../hosts/${name}
+        {node.secretsDir = ../hosts/${name}/secrets;}
+      ];
+    });
 in
  {
    meta = {
-      description = "Patrick's colmena configuration(Eigenhändig geklaut von oddlama";
+      description = "Patrick's colmena configuration(Eigenhändig geklaut von oddlama)";
      # Just a required dummy for colmena, overwritten on a per-node basis by nodeNixpkgs below.
      nixpkgs = self.pkgs.x86_64-linux;
      # This is so colmena uses the correct nixpkgs and specialarges for each host
@ -25,4 +31,4 @@ in
      nodeSpecialArgs = mapAttrs (_: node: node.specialArgs) nodes;
    };
  }
-  // mapAttrs generateColmenaNode nodes
+  // mapAttrs (_: node: {inherit (node) imports;}) nodes
--- a/nix/generate-node.nix
+++ b/nix/generate-node.nix
@ -9,37 +9,22 @@
  agenix-rekey,
  hyprland,
  ...
-} @ inputs: nodeName: {configPath ? null, ...} @ nodeMeta: let
-  path = ../hosts + "/${nodeName}/";
-  nodePath =
-    if configPath == null && builtins.isPath path && nixpkgs.lib.pathIsDirectory path
-    then path
-    else if configPath != null
-    then configPath
-    else null;
-in {
-  inherit (nodeMeta) system;
-  pkgs = self.pkgs.${nodeMeta.system};
+} @ inputs: {
+  name,
+  # Additional modules to import
+  modules ? [],
+  system,
+  ...
+}: {
+  inherit system;
+  pkgs = self.pkgs.${system};
  specialArgs = {
-    inherit (self.pkgs.${nodeMeta.system}) lib;
+    inherit (self.pkgs.${system}) lib;
    inherit (self) nodes stateVersion;
    inherit
      inputs
-      nodeName
-      nodePath
      ;
-
-    inherit hyprland;
-
-    nixos-hardware = nixos-hardware.nixosModules;
-    impermanence = impermanence.nixosModules;
  };
  imports =
-    [
-      home-manager.nixosModules.default
-      impermanence.nixosModules.impermanence
-      agenix.nixosModules.default
-      agenix-rekey.nixosModules.default
-    ]
-    ++ nixpkgs.lib.optional (nodePath != null) nodePath;
+    modules ++ [{node.name = name;}];
 }