Merge branch 'main' into binarycache

tiiuae · Nov 10, 2023 · 7b1bd28 · 7b1bd28
2 parents 9157ccb + f071822
commit 7b1bd28
Show file tree

Hide file tree

Showing 39 changed files with 558 additions and 362 deletions.
diff --git a/.envrc b/.envrc
@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# try to use flake initially, fallback to non-flake use otherwise
+if nix flake show &> /dev/null; then
+  use flake
+else
+  use nix
+fi
diff --git a/.gitignore b/.gitignore
@@ -10,4 +10,5 @@ result-*
 .terraform
 .terraform.*
 terraform.tfstate
-terraform.tfstate.backup
+terraform.tfstate.backup
+.idea
diff --git a/README.md b/README.md
@@ -77,6 +77,20 @@ Current ghaf-infra targets:
 ╘═══════════════╧═══════════════╧══════════════╛
 ```
 
+In case `hostname` is not directly accessible for your current `$USER`, use `~/.ssh/config` to specify the ssh connection details such as username, port, or key file used to access the specific host.
+
+As an example, to access host `51.12.56.79` with a specific username and key, you would add the following to `~/.ssh/config`:
+
+```
+$ cat ~/.ssh/config
+Host 51.12.56.79
+    HostName 51.12.56.79
+    User my_remote_user_name
+    IdentityFile /path/to/my/private_key
+```
+
+Since `task.py` internally uses ssh when accessing hosts, the above example configuration would be applied when accessing the `ghafhydra-dev` alias.
+
 #### build-local
 The `build-local` task builds the given alias configuration locally. If the alias name is not specified `build-local` builds all alias configurations:
 

diff --git a/default.nix b/default.nix
@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII)
+# SPDX-FileCopyrightText: 2020-2023 Eelco Dolstra and the flake-compat contributors
+#
+# SPDX-License-Identifier: MIT
+# This file originates from:
+# https://github.com/nix-community/flake-compat
+# This file provides backward compatibility to nix < 2.4 clients
+{system ? builtins.currentSystem}: let
+  lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+
+  inherit (lock.nodes.flake-compat.locked) owner repo rev narHash;
+
+  flake-compat = fetchTarball {
+    url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz";
+    sha256 = narHash;
+  };
+
+  flake = import flake-compat {
+    inherit system;
+    src = ./.;
+  };
+in
+  flake.defaultNix
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -7,6 +7,9 @@
   inputs = {
     # Nixpkgs
     nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+    # Allows us to structure the flake with the NixOS module system
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    flake-root.url = "github:srid/flake-root";
     # Secrets with sops-nix
     sops-nix = {
       url = "github:mic92/sops-nix";
@@ -15,68 +18,49 @@
     };
     # Binary cache with nix-serve-ng
     nix-serve-ng = {
-      url = github:aristanetworks/nix-serve-ng;
+      url = "github:aristanetworks/nix-serve-ng";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     # Disko for disk partitioning
     disko = {
-      url = github:nix-community/disko;
+      url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    # Format all the things
+    treefmt-nix = {
+      url = "github:numtide/treefmt-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    # For preserving compatibility with non-Flake users
+    flake-compat = {
+      url = "github:nix-community/flake-compat";
+      flake = false;
+    };
   };
-  outputs = {
-    self,
+
+  outputs = inputs @ {
+    flake-parts,
     nixpkgs,
-    disko,
     ...
-  } @ inputs: let
-    inherit (self) outputs;
-    # Supported systems for your flake packages, shell, etc.
-    systems = ["x86_64-linux"];
-    # forEachSystem [ "x86_64-linux" ] { example = true; } -> { x86_64-linux.example = true }
-    forEachSystem = nixpkgs.lib.genAttrs systems;
-    # Imports a module expecting a system to be passed in
-    importExpectingSystem = module: system:
-      import module {
-        pkgs = import nixpkgs {inherit system;};
-      };
-    ghaf-infra-shell = importExpectingSystem ./shell.nix;
-    terraform-shell = importExpectingSystem ./terraform/shell.nix;
-    templateTargets = import ./hosts/templates/targets.nix {inherit nixpkgs disko;};
-  in {
-    # nix fmt
-    formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.alejandra);
-
-    # Development shells
-    devShells = forEachSystem (system: {
-      # nix develop
-      default = ghaf-infra-shell system;
-      # nix develop .#terraform
-      terraform = terraform-shell system;
-    });
-
-    # NixOS configuration entrypoint
-    nixosConfigurations = {
-      # Generic template configurations
-      template-azure-x86_64-linux = templateTargets.azure-x86_64-linux;
-      template-generic-x86_64-linux = templateTargets.generic-x86_64-linux;
-
-      # Hydra host: ghafhydra
-      ghafhydra = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [./hosts/ghafhydra/configuration.nix];
-      };
-
-      # Builder host: build01
-      build01 = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [./hosts/build01/configuration.nix];
-      };
-
-      binarycache = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        modules = [./hosts/binarycache/configuration.nix];
+  }:
+    flake-parts.lib.mkFlake
+    {
+      inherit inputs;
+      specialArgs = {
+        inherit (nixpkgs) lib;
       };
+    } {
+      systems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
+      ];
+      imports = [
+        ./hosts
+        ./nix
+        ./services
+        ./users
+      ];
     };
-  };
 }
diff --git a/hosts/azure-common.nix b/hosts/azure-common.nix
@@ -1,13 +1,7 @@
 # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII)
 #
 # SPDX-License-Identifier: Apache-2.0
-{
-  inputs,
-  lib,
-  config,
-  pkgs,
-  ...
-}: {
+{inputs, ...}: {
   require = [
     "${inputs.nixpkgs}/nixos/modules/virtualisation/azure-agent.nix"
   ];

diff --git a/hosts/build01/configuration.nix → hosts/build01/default.nix b/hosts/build01/configuration.nix → hosts/build01/default.nix
@@ -2,21 +2,24 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 {
+  self,
   inputs,
   lib,
-  config,
-  pkgs,
   ...
 }: {
-  imports = [
-    inputs.disko.nixosModules.disko
-    ../generic-disk-config.nix
-    ../common.nix
-    ../azure-common.nix
-    ../../services/openssh/openssh.nix
-    ../../users/builder.nix
-    ../../users/hrosten.nix
-    ../../users/bmg.nix
+  imports = lib.flatten [
+    [
+      inputs.disko.nixosModules.disko
+    ]
+    (with self.nixosModules; [
+      common
+      azure-common
+      generic-disk-config
+      service-openssh
+      user-bmg
+      user-builder
+      user-hrosten
+    ])
   ];
   networking.hostName = "build01";
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";