From 740ed6725ae9a802db82fa730afbfc19e7c15bc6 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 3 Nov 2025 23:51:20 +0100 Subject: [PATCH] move clan config to its own directory --- clan/flake-module.nix | 223 +++++++++++++++++++++++++++++++++ clan/machines.nix | 28 +++++ clan/network.nix | 20 +++ flake.nix | 3 +- machines/flake-module.nix | 253 -------------------------------------- 5 files changed, 272 insertions(+), 255 deletions(-) create mode 100644 clan/flake-module.nix create mode 100644 clan/machines.nix create mode 100644 clan/network.nix delete mode 100644 machines/flake-module.nix diff --git a/clan/flake-module.nix b/clan/flake-module.nix new file mode 100644 index 0000000..c1346bb --- /dev/null +++ b/clan/flake-module.nix @@ -0,0 +1,223 @@ +{ self, lib, ... }: +{ + imports = [ + ./machines.nix + ./network.nix + ]; + + clan.meta.name = "blossom"; + + clan.inventory.instances."rpqt-admin" = { + module.input = "clan-core"; + module.name = "admin"; + roles.default.tags.server = { }; + roles.default.machines.haze = { }; + roles.default.settings.allowedKeys = { + rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"; + nixbld_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyNC2sn5m7m52r4kVZqg0T7abqdz5xh/blU3cYtHKAE nixbld@haze"; + }; + }; + + clan.inventory.instances."sshd" = { + module.input = "clan-core"; + module.name = "sshd"; + roles.server.tags.all = { }; + roles.server.extraModules = [ + self.nixosModules.hardened-ssh-server + ]; + roles.server.settings = { + certificate.searchDomains = [ + "home.rpqt.fr" + ]; + }; + + roles.client.tags.all = { }; + roles.client.settings = { + certificate.searchDomains = [ + "home.rpqt.fr" + ]; + }; + }; + + clan.inventory.instances.user-rpqt = { + module.input = "clan-core"; + module.name = "users"; + roles.default.machines.haze = { + settings = { + user = "rpqt"; + }; + }; + roles.default.extraModules = [ + self.nixosModules.user-rpqt + ]; + }; + + clan.inventory.instances.common-config = { + module = { + input = "clan-core"; + name = "importer"; + }; + roles.default.tags.all = { }; + roles.default.extraModules = [ self.nixosModules.common ]; + }; + + clan.inventory.instances.server-config = { + module = { + input = "clan-core"; + name = "importer"; + }; + roles.default.tags.server = { }; + roles.default.extraModules = [ + { + nix.gc.automatic = lib.mkDefault true; + nix.gc.dates = lib.mkDefault "Mon 3:15"; + nix.gc.randomizedDelaySec = lib.mkDefault "30min"; + nix.gc.options = lib.mkDefault "--delete-older-than 30d"; + } + ]; + }; + + clan.inventory.instances."garage" = { + module.input = "clan-core"; + module.name = "garage"; + roles.default.tags.garage = { }; + }; + + clan.inventory.instances."garage-config" = { + module.input = "clan-core"; + module.name = "importer"; + roles.default.tags.garage = { }; + roles.default.extraModules = [ ../modules/garage.nix ]; + }; + + clan.inventory.instances."trusted-nix-caches" = { + module.input = "clan-core"; + module.name = "trusted-nix-caches"; + roles.default.tags.all = { }; + }; + + clan.inventory.instances."borgbackup-storagebox" = { + module.input = "clan-core"; + module.name = "borgbackup"; + + roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] ( + machine: + let + config = self.nixosConfigurations.${machine}.config; + user = "u422292"; + host = "${user}.your-storagebox.de"; + in + { + settings.destinations."storagebox-${config.networking.hostName}" = { + repo = "${user}@${host}:./borgbackup/${config.networking.hostName}"; + rsh = "ssh -oPort=23 -i ${ + config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path + } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; + }; + } + ); + roles.client.extraModules = [ + ../modules/storagebox.nix + ]; + roles.server.machines = { }; + }; + + clan.inventory.instances.prometheus = { + module.input = "self"; + module.name = "@rpqt/prometheus"; + + roles.scraper.machines.genepi = { }; + roles.scraper.settings = { + extraScrapeConfigs = [ + { + job_name = "garage"; + static_configs = [ + { + labels.instance = "crocus"; + targets = [ "crocus.home.rpqt.fr:3903" ]; + } + { + labels.instance = "genepi"; + targets = [ "genepi.home.rpqt.fr:3903" ]; + } + { + labels.instance = "verbena"; + targets = [ "verbena.home.rpqt.fr:3903" ]; + } + ]; + authorization = { + type = "Bearer"; + credentials_file = + self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path; + }; + } + ]; + }; + + roles.target.tags.server = { }; + roles.target.settings = { + exporters = { + node = { + enabledCollectors = [ + "systemd" + ]; + }; + }; + }; + }; + + clan.inventory.instances.syncthing = { + roles.peer.tags.syncthing = { }; + roles.peer.settings.folders = { + Documents = { + path = "~/Documents"; + }; + Music = { + path = "~/Music"; + }; + Pictures = { + path = "~/Pictures"; + }; + Videos = { + path = "~/Videos"; + }; + }; + roles.peer.settings.extraDevices = { + pixel-7a = { + id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; + name = "Pixel 7a"; + addresses = [ "dynamic" ]; + }; + }; + }; + + clan.inventory.instances.buildbot = { + module.input = "self"; + module.name = "@rpqt/buildbot"; + + roles.master.machines.verbena = { + settings = { + domain = "buildbot.turifer.dev"; + admins = [ "rpqt" ]; + topic = "buildbot-nix"; + gitea.instanceUrl = "https://git.turifer.dev"; + }; + }; + + roles.master.extraModules = [ + { + services.nginx.virtualHosts."buildbot.turifer.dev" = { + enableACME = true; + forceSSL = true; + }; + + security.acme.certs."buildbot.turifer.dev" = { + email = "admin@turifer.dev"; + }; + } + ]; + + roles.worker.machines.verbena = { }; + }; + +} diff --git a/clan/machines.nix b/clan/machines.nix new file mode 100644 index 0000000..8910a89 --- /dev/null +++ b/clan/machines.nix @@ -0,0 +1,28 @@ +{ + clan.inventory.machines = { + crocus = { + tags = [ + "garage" + "server" + ]; + }; + genepi = { + tags = [ + "garage" + "server" + "syncthing" + ]; + }; + haze = { + tags = [ + "syncthing" + ]; + }; + verbena = { + tags = [ + "garage" + "server" + ]; + }; + }; +} diff --git a/clan/network.nix b/clan/network.nix new file mode 100644 index 0000000..ee0286e --- /dev/null +++ b/clan/network.nix @@ -0,0 +1,20 @@ +{ + clan.inventory.instances.zerotier = { + roles.controller.machines.crocus = { }; + roles.moon.machines.crocus = { + settings = { + stableEndpoints = [ + "116.203.18.122" + "2a01:4f8:1c1e:e415::/64" + ]; + }; + }; + roles.peer.tags."all" = { }; + }; + + clan.inventory.instances.internet = { + roles.default.machines.verbena = { + settings.host = "git.turifer.dev"; + }; + }; +} diff --git a/flake.nix b/flake.nix index 10d9033..7019ce5 100644 --- a/flake.nix +++ b/flake.nix @@ -15,11 +15,10 @@ flake-parts.lib.mkFlake { inherit inputs; } ({ imports = [ inputs.clan-core.flakeModules.default - + ./clan/flake-module.nix ./clanServices/flake-module.nix ./devShells/flake-module.nix ./home-manager/flake-module.nix - ./machines/flake-module.nix ./modules/flake-module.nix ./packages/flake-module.nix ]; diff --git a/machines/flake-module.nix b/machines/flake-module.nix deleted file mode 100644 index 78a8862..0000000 --- a/machines/flake-module.nix +++ /dev/null @@ -1,253 +0,0 @@ -{ self, lib, ... }: -{ - clan = { - meta.name = "blossom"; - inventory.machines = { - crocus = { - tags = [ - "garage" - "server" - ]; - }; - genepi = { - tags = [ - "garage" - "server" - "syncthing" - ]; - }; - haze = { - tags = [ - "syncthing" - ]; - }; - verbena = { - tags = [ - "garage" - "server" - ]; - }; - }; - - inventory.instances = { - "rpqt-admin" = { - module.input = "clan-core"; - module.name = "admin"; - roles.default.tags.server = { }; - roles.default.machines.haze = { }; - roles.default.settings.allowedKeys = { - rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze"; - }; - }; - - zerotier = { - roles.controller.machines.crocus = { }; - roles.moon.machines.crocus = { - settings = { - stableEndpoints = [ - "116.203.18.122" - "2a01:4f8:1c1e:e415::/64" - ]; - }; - }; - roles.peer.tags."all" = { }; - }; - - internet = { - roles.default.machines.verbena = { - settings.host = "git.turifer.dev"; - }; - }; - - "sshd" = { - module.input = "clan-core"; - module.name = "sshd"; - roles.server.tags.all = { }; - roles.server.extraModules = [ - self.nixosModules.hardened-ssh-server - ]; - }; - - user-rpqt = { - module.input = "clan-core"; - module.name = "users"; - roles.default.machines.haze = { - settings = { - user = "rpqt"; - }; - }; - roles.default.extraModules = [ - self.nixosModules.user-rpqt - ]; - }; - - common-config = { - module = { - input = "clan-core"; - name = "importer"; - }; - roles.default.tags.all = { }; - roles.default.extraModules = [ self.nixosModules.common ]; - }; - - server-config = { - module = { - input = "clan-core"; - name = "importer"; - }; - roles.default.tags.server = { }; - roles.default.extraModules = [ - { - nix.gc.automatic = lib.mkDefault true; - nix.gc.dates = lib.mkDefault "Mon 3:15"; - nix.gc.randomizedDelaySec = lib.mkDefault "30min"; - nix.gc.options = lib.mkDefault "--delete-older-than 30d"; - } - ]; - }; - - "garage" = { - module.input = "clan-core"; - module.name = "garage"; - roles.default.tags.garage = { }; - }; - - "garage-config" = { - module.input = "clan-core"; - module.name = "importer"; - roles.default.tags.garage = { }; - roles.default.extraModules = [ ../modules/garage.nix ]; - }; - - "trusted-nix-caches" = { - module.input = "clan-core"; - module.name = "trusted-nix-caches"; - roles.default.tags.all = { }; - }; - - "borgbackup-storagebox" = { - module.input = "clan-core"; - module.name = "borgbackup"; - - roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] ( - machine: - let - config = self.nixosConfigurations.${machine}.config; - user = "u422292"; - host = "${user}.your-storagebox.de"; - in - { - settings.destinations."storagebox-${config.networking.hostName}" = { - repo = "${user}@${host}:./borgbackup/${config.networking.hostName}"; - rsh = "ssh -oPort=23 -i ${ - config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path - } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"; - }; - } - ); - roles.client.extraModules = [ - ../modules/storagebox.nix - ]; - roles.server.machines = { }; - }; - - prometheus = { - module.input = "self"; - module.name = "@rpqt/prometheus"; - - roles.scraper.machines.genepi = { }; - roles.scraper.settings = { - extraScrapeConfigs = [ - { - job_name = "garage"; - static_configs = [ - { - labels.instance = "crocus"; - targets = [ "crocus.home.rpqt.fr:3903" ]; - } - { - labels.instance = "genepi"; - targets = [ "genepi.home.rpqt.fr:3903" ]; - } - { - labels.instance = "verbena"; - targets = [ "verbena.home.rpqt.fr:3903" ]; - } - ]; - authorization = { - type = "Bearer"; - credentials_file = - self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path; - }; - } - ]; - }; - - roles.target.tags.server = { }; - roles.target.settings = { - exporters = { - node = { - enabledCollectors = [ - "systemd" - ]; - }; - }; - }; - }; - - syncthing = { - roles.peer.tags.syncthing = { }; - roles.peer.settings.folders = { - Documents = { - path = "~/Documents"; - }; - Music = { - path = "~/Music"; - }; - Pictures = { - path = "~/Pictures"; - }; - Videos = { - path = "~/Videos"; - }; - }; - roles.peer.settings.extraDevices = { - pixel-7a = { - id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU"; - name = "Pixel 7a"; - addresses = [ "dynamic" ]; - }; - }; - }; - - buildbot = { - module.input = "self"; - module.name = "@rpqt/buildbot"; - - roles.master.machines.verbena = { - settings = { - domain = "buildbot.turifer.dev"; - admins = [ "rpqt" ]; - topic = "buildbot-nix"; - gitea.instanceUrl = "https://git.turifer.dev"; - }; - }; - - roles.master.extraModules = [ - { - services.nginx.virtualHosts."buildbot.turifer.dev" = { - enableACME = true; - forceSSL = true; - }; - - security.acme.certs."buildbot.turifer.dev" = { - email = "admin@turifer.dev"; - }; - } - ]; - - roles.worker.machines.verbena = { }; - }; - }; - }; -}