From 93f640e0fa70ba39883b405965df9fff66bcfd12 Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 8 Dec 2025 09:12:57 +0100 Subject: [PATCH 1/4] poc host file --- hosts.nix | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++ variables.nix | 8 ++++++ 2 files changed, 77 insertions(+) create mode 100644 hosts.nix create mode 100644 variables.nix diff --git a/hosts.nix b/hosts.nix new file mode 100644 index 0000000..e904252 --- /dev/null +++ b/hosts.nix @@ -0,0 +1,69 @@ +{adm,srv,srv-nat,san, adh}: +{ + physiques = [ + { + name = "cephirot"; + id = 3; + vlans = [ + adm + san + ]; + serveur_type = ["san"]; + description = '' + Un serveur avec peut etre un jour ceph + ''; + } + { + name = "thot"; + id = 14; + vlans = [ + adm + san + ]; + serveur_type = ["backup"]; + description = '' + Serveur de backup du Crans, actuellement en SQ39 + ''; + } + ]; + + vms = [ + { + name = "romanesco"; + is_debian = true; + id = 145; + vlans = [ + adm + (adh "185.230.78.252") + (srv "185.230.79.5") + ]; + description = '' + DNS récursif + ''; + } + { + name = "neo"; + id = 145; + vlans = [ + adm + # pas besoin de spécifier l'ipv6 car elle est construite depuis l'id + (srv "180.230.79.5") + ]; + description = '' + Matrix du crans, heberge également le bridge IRC <-> Matrix + ''; + } + { + name = "NextCloud"; + id = 146; + vlans = [ + adm + san + srv-nat + ]; + description = '' + NextCloud du Crans + ''; + } + ]; +} diff --git a/variables.nix b/variables.nix new file mode 100644 index 0000000..00f475a --- /dev/null +++ b/variables.nix @@ -0,0 +1,8 @@ +let + machines = import ./hosts.nix; +in +{ + + dns-recursif = machines.vms.romanesco.id; + +} From 164c1e22db9f60854d5e09c3c0ba3d399ee6341d Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 15 Dec 2025 13:09:41 +0100 Subject: [PATCH 2/4] add ssh public key --- hosts.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts.nix b/hosts.nix index e904252..086d03b 100644 --- a/hosts.nix +++ b/hosts.nix @@ -12,6 +12,7 @@ description = '' Un serveur avec peut etre un jour ceph ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; } { name = "thot"; @@ -24,6 +25,7 @@ description = '' Serveur de backup du Crans, actuellement en SQ39 ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; } ]; @@ -40,6 +42,7 @@ description = '' DNS récursif ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; } { name = "neo"; @@ -52,6 +55,7 @@ description = '' Matrix du crans, heberge également le bridge IRC <-> Matrix ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; } { name = "NextCloud"; @@ -64,6 +68,7 @@ description = '' NextCloud du Crans ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; } ]; } From c0b76bba4ded69e6d31592fa829c3bfaa1db5a2a Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 15 Dec 2025 20:17:16 +0100 Subject: [PATCH 3/4] continue POC refactor --- flake.nix | 71 +++++++------------------- hosts.nix | 147 ++++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 137 insertions(+), 81 deletions(-) diff --git a/flake.nix b/flake.nix index d841f39..2c031ea 100644 --- a/flake.nix +++ b/flake.nix @@ -38,63 +38,26 @@ ./modules agenix.nixosModules.default ]; + hosts = import ./hosts.nix; in - { - apprentix = nixosSystem { + # Physiques + (mapAttrs (name: value: + nixosSystem { specialArgs = inputs; - modules = [ ./hosts/vm/apprentix ] ++ baseModules; - }; - - jitsi = nixosSystem { + modules = [./hosts/physiques/${name}] ++ baseModules; + } + ) + (filterAttrs (n: v: !(attrByPath ["is_debian"] false v)) hosts.physiques) + )// + # VMs + (mapAttrs (name: value: + nixosSystem { specialArgs = inputs; - modules = [ ./hosts/vm/jitsi ] ++ baseModules; - }; - - livre = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/livre ] ++ baseModules; - }; - - neo = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/neo ] ++ baseModules; - }; - - nextcloud = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/nextcloud ] ++ baseModules; - }; - - periodique = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/periodique ] ++ baseModules; - }; - - redite = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/redite ] ++ baseModules; - }; - - reverseproxy = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/reverseproxy ] ++ baseModules; - }; - - thot = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/physiques/thot ] ++ baseModules; - }; - - two = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/two ] ++ baseModules; - }; - - vaultwarden = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/vaultwarden ] ++ baseModules; - }; - }; + modules = [./hosts/vm/${name}] ++ baseModules; + } + ) + (filterAttrs (n: v: !(attrByPath ["is_debian"] false v)) hosts.vms) + ); }; perSystem = diff --git a/hosts.nix b/hosts.nix index 086d03b..d85a6d3 100644 --- a/hosts.nix +++ b/hosts.nix @@ -1,20 +1,26 @@ -{adm,srv,srv-nat,san, adh}: +let + adm = 10; + srv = n: 4; + srv-nat = 2; + san = 3; + adh = 42; +in { - physiques = [ - { - name = "cephirot"; - id = 3; - vlans = [ - adm - san - ]; - serveur_type = ["san"]; - description = '' - Un serveur avec peut etre un jour ceph - ''; - public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; - } - { + physiques ={ + # cephirot = { + # name = "cephirot"; + # id = 3; + # vlans = [ + # adm + # san + # ]; + # serveur_type = ["san"]; + # description = '' + # Un serveur avec peut etre un jour ceph + # ''; + # public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + # }; + thot = { name = "thot"; id = 14; vlans = [ @@ -26,11 +32,11 @@ Serveur de backup du Crans, actuellement en SQ39 ''; public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; - } - ]; + }; + }; - vms = [ - { + vms = { + romanesco = { name = "romanesco"; is_debian = true; id = 145; @@ -43,8 +49,8 @@ DNS récursif ''; public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; - } - { + }; + neo = { name = "neo"; id = 145; vlans = [ @@ -56,9 +62,8 @@ Matrix du crans, heberge également le bridge IRC <-> Matrix ''; public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; - } - { - name = "NextCloud"; + }; + nextcloud = { id = 146; vlans = [ adm @@ -69,6 +74,94 @@ NextCloud du Crans ''; public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; - } - ]; + }; + apprentix = { + id = 150; + vlans = [ + adm + ]; + description = '' + VM NixOs apprentie + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + jitsi = { + id = 163; + vlans = [ + adm + (srv "185.230.79.15") + ]; + description = '' + Jitsi du crans + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + livre = { + id = 140; + vlans = [ + adm + srv-nat + ]; + description = '' + Stirling PDF + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + periodique = { + id = 118; + vlans = [ + adm + srv-nat + ]; + description = '' + Client matrix web (element) + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + redite = { + id = 139; + vlans = [ + adm + srv-nat + ]; + description = '' + Redite + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + reverseproxy = { + id = 151; + vlans = [ + adm + srv-nat + (srv "185.230.79.42") + ]; + description = '' + NextCloud du Crans + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + two = { + id = 135; + vlans = [ + adm + srv-nat + ]; + description = '' + Une vm de test + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + vaultwarden = { + id = 159; + vlans = [ + adm + srv-nat + ]; + description = '' + Vaultwarden + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + }; } From e1fd5d8406e39dcefee6c11999bbdd8161fbcfef Mon Sep 17 00:00:00 2001 From: Lzebulon Date: Mon, 15 Dec 2025 20:21:26 +0100 Subject: [PATCH 4/4] add comment --- flake.nix | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/flake.nix b/flake.nix index 2c031ea..f467ac0 100644 --- a/flake.nix +++ b/flake.nix @@ -19,12 +19,11 @@ }; outputs = - inputs@{ - self, - nixpkgs, - flake-parts, - agenix, - ... + inputs@{ self + , nixpkgs + , flake-parts + , agenix + , ... }: flake-parts.lib.mkFlake { inherit inputs; } { imports = [ inputs.treefmt-nix.flakeModule ]; @@ -41,22 +40,26 @@ hosts = import ./hosts.nix; in # Physiques - (mapAttrs (name: value: - nixosSystem { - specialArgs = inputs; - modules = [./hosts/physiques/${name}] ++ baseModules; - } - ) - (filterAttrs (n: v: !(attrByPath ["is_debian"] false v)) hosts.physiques) - )// + (mapAttrs + (name: value: + nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/physiques/${name} ] ++ baseModules; + } + ) + # Filtre que c'est bien une machine Nixos + (filterAttrs (n: v: !(attrByPath [ "is_debian" ] false v)) hosts.physiques) + ) // # VMs - (mapAttrs (name: value: - nixosSystem { - specialArgs = inputs; - modules = [./hosts/vm/${name}] ++ baseModules; - } - ) - (filterAttrs (n: v: !(attrByPath ["is_debian"] false v)) hosts.vms) + (mapAttrs + (name: value: + nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/${name} ] ++ baseModules; + } + ) + # Filtre que c'est bien une machine Nixos + (filterAttrs (n: v: !(attrByPath [ "is_debian" ] false v)) hosts.vms) ); };