diff --git a/flake.nix b/flake.nix index d841f39..f467ac0 100644 --- a/flake.nix +++ b/flake.nix @@ -19,12 +19,11 @@ }; outputs = - inputs@{ - self, - nixpkgs, - flake-parts, - agenix, - ... + inputs@{ self + , nixpkgs + , flake-parts + , agenix + , ... }: flake-parts.lib.mkFlake { inherit inputs; } { imports = [ inputs.treefmt-nix.flakeModule ]; @@ -38,63 +37,30 @@ ./modules agenix.nixosModules.default ]; + hosts = import ./hosts.nix; in - { - apprentix = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/apprentix ] ++ baseModules; - }; - - jitsi = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/jitsi ] ++ baseModules; - }; - - livre = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/livre ] ++ baseModules; - }; - - neo = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/neo ] ++ baseModules; - }; - - nextcloud = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/nextcloud ] ++ baseModules; - }; - - periodique = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/periodique ] ++ baseModules; - }; - - redite = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/redite ] ++ baseModules; - }; - - reverseproxy = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/reverseproxy ] ++ baseModules; - }; - - thot = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/physiques/thot ] ++ baseModules; - }; - - two = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/two ] ++ baseModules; - }; - - vaultwarden = nixosSystem { - specialArgs = inputs; - modules = [ ./hosts/vm/vaultwarden ] ++ baseModules; - }; - }; + # Physiques + (mapAttrs + (name: value: + nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/physiques/${name} ] ++ baseModules; + } + ) + # Filtre que c'est bien une machine Nixos + (filterAttrs (n: v: !(attrByPath [ "is_debian" ] false v)) hosts.physiques) + ) // + # VMs + (mapAttrs + (name: value: + nixosSystem { + specialArgs = inputs; + modules = [ ./hosts/vm/${name} ] ++ baseModules; + } + ) + # Filtre que c'est bien une machine Nixos + (filterAttrs (n: v: !(attrByPath [ "is_debian" ] false v)) hosts.vms) + ); }; perSystem = diff --git a/hosts.nix b/hosts.nix new file mode 100644 index 0000000..43ecad4 --- /dev/null +++ b/hosts.nix @@ -0,0 +1,470 @@ +rec { + vlans = { + void = { + id = 1; + description = "VLAN par défaut des switchs"; + }; + srv = { + id = 2; + description = "Serveurs du Crans à IP publiques"; + ipv4 = "185.230.79.0/26"; + ipv6 = "2a0c:700:2::/64"; + }; + srv-nat = { + id = 3; + description = "Serveur du Crans derrière un NAT"; + ipv4 = "172.16.3.0/24"; + ipv6 = "2a0c:700:3::/64"; + }; + san = { + id = 4; + description = "Interconnexion avec les baies de stockage"; + }; + ceph = { + id = 6; + description = "VLan interne pour ceph (synchronisation des nodes ceph)"; + }; + adm = { + id = 10; + description = "Administration des serveurs"; + }; + adh = { + id = 12; + description = "Machines des adhérent·e·s à IP publiques"; + }; + adm-adh = { + id = 13; + description = "Administration des machines des adhérent·e·s"; + }; + viarezo = { + id = 27; + description = "Interconnexion avec viarezo"; + }; + aurore = { + id = 28; + description = "Interconnexion avec aurore"; + }; + ens = { + id = 38; + description = "Interconnexion avec l'ENS (arrive détaggé & vlan 2751 pour l'ENS)"; + }; + lp = { + id = 56; + description = "Connexion avec l'imprimante (vlan 2756 pour l'ENS)"; + }; + }; + + reseaux = { + aurore = { + vlans = with vlans; [ + aurore + ]; + switch = { + carapuce = 19; + }; + }; + # vr = { + # vlans = with vlans; [ + # viarezo + # ]; + # switch = { + # arceus = 21; + # }; + # }; + ens = { + vlans = with vlans; [ + ens + lp + ]; + switch = { + carapuce = 17; + }; + }; + }; + + physiques ={ + thot = { + id = 14; + vlans = with vlans; [ + adm + ]; + serveur_type = ["backup"]; + description = '' + Serveur de backup du Crans, actuellement en SQ39 + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + ft = { + is_debian = true; + id = 15; + vlans = with vlans; [ + adm + ]; + serveur_type = ["backup"]; + description = '' + Serveur de backup du Crans, actuellement en SQ39 + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + switch = { + carapuce = 13; + arceus = 13; + }; + }; + + tealc = { + is_debian = true; + id = 1; + vlans = with vlans; [ + adm + san + ]; + serveur_type = ["san"]; + description = '' + Stockage adm + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + switch = { + carapuce = 10; + arceus = 10; + }; + ilo = { + id = 51; + switch.salameche = 18; + }; + }; + cameron = { + is_debian = true; + id = 2; + vlans = with vlans; [ + adm + san + ]; + serveur_type = ["san"]; + description = '' + Stockage adh + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + switch = { + # TODO: temp rebasculer sur fibre + salameche = -1 ; + }; + ilo = { + id = 52; + switch.salameche = 16; + }; + }; + # cephirot = { + # id = 3; + # vlans = with vlans; [ + # adm + # san + # ]; + # serveur_type = ["san"]; + # description = '' + # Un serveur avec peut etre un jour ceph + # ''; + # public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + # }; + + arceus = { + is_debian = true; + id = 7; + vlans = vlans; + serveur_type = ["switch"]; + description = '' + Switch principal + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + carapuce = { + is_debian = true; + id = 8; + vlans = vlans; + serveur_type = ["switch"]; + description = '' + Switch principal + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + rodney = { + is_debian = true; + id = 9; + vlans = with vlans; [ + adh + adm + adm-adh + san + ]; + serveur_type = ["switch"]; + description = '' + Switch adh + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + salameche = { + is_debian = true; + id = 10; + vlans = with vlans; [ + adm + san + ]; + serveur_type = ["switch"]; + description = '' + Switch ilo + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + + sam = { + is_debian = true; + id = 11; + vlans = with vlans; [ + adm + san + srv-nat + ]; + serveur_type = ["pve"]; + description = '' + PVE adm + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + switch = { + carapuce = 1; + arceus = 1; + }; + ilo = { + id = 21; + switch.salameche = 2; # TODO + }; + }; + daniel = { + is_debian = true; + id = 12; + vlans = with vlans; [ + adm + san + srv-nat + ]; + serveur_type = ["pve"]; + description = '' + PVE adm + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + switch = { + carapuce = 3; + arceus = 3; + }; + ilo = { + id = 22; + switch.salameche = 4; # TODO + }; + }; + jack = { + is_debian = true; + id = 13; + vlans = with vlans; [ + adm + san + srv-nat + ]; + serveur_type = ["pve"]; + description = '' + PVE adm + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + switch = { + carapuce = 5; + arceus = 5; + }; + ilo = { + id = 23; + switch.salameche = 6; # TODO + }; + }; + + odlyd = { + is_debian = true; + id = 16; + vlans = with vlans; [ + adh + adm + ]; + serveur_type = ["pve"]; + description = '' + PVE adh, fait actuellement le mort + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + stitch = { + is_debian = true; + id = 17; + vlans = with vlans; [ + adh + adm + ]; + serveur_type = ["pve"]; + description = '' + PVE adh + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + gulp = with vlans; { + is_debian = true; + id = 18; + vlans = [ + adh + adm + ]; + serveur_type = ["pve"]; + description = '' + PVE adh + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + + zamok = with vlans; { + is_debian = true; + id = 31; + vlans = [ + adh + adm + san + ]; + serveur_type = ["pve"]; + description = '' + Serveur de calcul adhérent + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + }; + + vms = { + romanesco = { + name = "romanesco"; + is_debian = true; + id = 145; + vlans = with vlans; [ + adm + (adh "185.230.78.252") + (srv "185.230.79.59") + ]; + description = '' + DNS récursif + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + neo = with vlans; { + name = "neo"; + id = 145; + vlans = [ + adm + # pas besoin de spécifier l'ipv6 car elle est construite depuis l'id + (srv "185.230.79.5") + ]; + description = '' + Matrix du crans, heberge également le bridge IRC <-> Matrix + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + nextcloud = { + id = 146; + vlans = with vlans; [ + adm + san + srv-nat + ]; + description = '' + NextCloud du Crans + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + apprentix = { + id = 150; + vlans = with vlans; [ + adm + ]; + description = '' + VM NixOs apprentie + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + jitsi = { + id = 163; + vlans = with vlans; [ + adm + (srv "185.230.79.15") + ]; + description = '' + Jitsi du crans + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + livre = { + id = 140; + vlans = with vlans; [ + adm + srv-nat + ]; + description = '' + Stirling PDF + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + periodique = { + id = 118; + vlans = with vlans; [ + adm + srv-nat + ]; + description = '' + Client matrix web (element) + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + redite = { + id = 139; + vlans = with vlans; [ + adm + srv-nat + ]; + description = '' + Redite + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + reverseproxy = with vlans; { + id = 151; + vlans = [ + adm + srv-nat + (srv "185.230.79.42") + ]; + description = '' + NextCloud du Crans + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + two = { + id = 135; + vlans = with vlans; [ + adm + srv-nat + ]; + description = '' + Une vm de test + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + vaultwarden = { + id = 159; + vlans = with vlans; [ + adm + srv-nat + ]; + description = '' + Vaultwarden + ''; + public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO"; + }; + }; +} diff --git a/variables.nix b/variables.nix new file mode 100644 index 0000000..00f475a --- /dev/null +++ b/variables.nix @@ -0,0 +1,8 @@ +let + machines = import ./hosts.nix; +in +{ + + dns-recursif = machines.vms.romanesco.id; + +}