crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'refactor-host' into 'main' 

Draft: Refactor repo avec un fichier host

See merge request nounous/nixos!44
merge-requests/44/merge
lzebulon 2026-02-08 16:43:53 +01:00
parent d64a3ea9dc 63741ae107
commit a505c54876
3 changed files with 506 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
flake.nix
View File

@ -19,12 +19,11 @@
}; };
outputs = outputs =
inputs@{ inputs@{ self
self, , nixpkgs
nixpkgs, , flake-parts
flake-parts, , agenix
agenix, , ...
...
}: }:
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
imports = [ inputs.treefmt-nix.flakeModule ]; imports = [ inputs.treefmt-nix.flakeModule ];
@ -38,63 +37,30 @@
./modules ./modules
agenix.nixosModules.default agenix.nixosModules.default
]; ];
hosts = import ./hosts.nix;
in in
{ # Physiques
apprentix = nixosSystem { (mapAttrs
specialArgs = inputs; (name: value:
modules = [ ./hosts/vm/apprentix ] ++ baseModules; nixosSystem {
}; specialArgs = inputs;
modules = [ ./hosts/physiques/${name} ] ++ baseModules;
jitsi = nixosSystem { }
specialArgs = inputs; )
modules = [ ./hosts/vm/jitsi ] ++ baseModules; # Filtre que c'est bien une machine Nixos
}; (filterAttrs (n: v: !(attrByPath [ "is_debian" ] false v)) hosts.physiques)
) //
livre = nixosSystem { # VMs
specialArgs = inputs; (mapAttrs
modules = [ ./hosts/vm/livre ] ++ baseModules; (name: value:
}; nixosSystem {
specialArgs = inputs;
neo = nixosSystem { modules = [ ./hosts/vm/${name} ] ++ baseModules;
specialArgs = inputs; }
modules = [ ./hosts/vm/neo ] ++ baseModules; )
}; # Filtre que c'est bien une machine Nixos
(filterAttrs (n: v: !(attrByPath [ "is_debian" ] false v)) hosts.vms)
nextcloud = nixosSystem { );
specialArgs = inputs;
modules = [ ./hosts/vm/nextcloud ] ++ baseModules;
};
periodique = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/periodique ] ++ baseModules;
};
redite = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/redite ] ++ baseModules;
};
reverseproxy = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/reverseproxy ] ++ baseModules;
};
thot = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/physiques/thot ] ++ baseModules;
};
two = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/two ] ++ baseModules;
};
vaultwarden = nixosSystem {
specialArgs = inputs;
modules = [ ./hosts/vm/vaultwarden ] ++ baseModules;
};
};
}; };
perSystem = perSystem =

470
hosts.nix 100644
View File

@ -0,0 +1,470 @@
rec {
vlans = {
void = {
id = 1;
description = "VLAN par défaut des switchs";
};
srv = {
id = 2;
description = "Serveurs du Crans à IP publiques";
ipv4 = "185.230.79.0/26";
ipv6 = "2a0c:700:2::/64";
};
srv-nat = {
id = 3;
description = "Serveur du Crans derrière un NAT";
ipv4 = "172.16.3.0/24";
ipv6 = "2a0c:700:3::/64";
};
san = {
id = 4;
description = "Interconnexion avec les baies de stockage";
};
ceph = {
id = 6;
description = "VLan interne pour ceph (synchronisation des nodes ceph)";
};
adm = {
id = 10;
description = "Administration des serveurs";
};
adh = {
id = 12;
description = "Machines des adhérent·e·s à IP publiques";
};
adm-adh = {
id = 13;
description = "Administration des machines des adhérent·e·s";
};
viarezo = {
id = 27;
description = "Interconnexion avec viarezo";
};
aurore = {
id = 28;
description = "Interconnexion avec aurore";
};
ens = {
id = 38;
description = "Interconnexion avec l'ENS (arrive détaggé & vlan 2751 pour l'ENS)";
};
lp = {
id = 56;
description = "Connexion avec l'imprimante (vlan 2756 pour l'ENS)";
};
};
reseaux = {
aurore = {
vlans = with vlans; [
aurore
];
switch = {
carapuce = 19;
};
};
# vr = {
# vlans = with vlans; [
# viarezo
# ];
# switch = {
# arceus = 21;
# };
# };
ens = {
vlans = with vlans; [
ens
lp
];
switch = {
carapuce = 17;
};
};
};
physiques ={
thot = {
id = 14;
vlans = with vlans; [
adm
];
serveur_type = ["backup"];
description = ''
Serveur de backup du Crans, actuellement en SQ39
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
ft = {
is_debian = true;
id = 15;
vlans = with vlans; [
adm
];
serveur_type = ["backup"];
description = ''
Serveur de backup du Crans, actuellement en SQ39
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 13;
arceus = 13;
};
};
tealc = {
is_debian = true;
id = 1;
vlans = with vlans; [
adm
san
];
serveur_type = ["san"];
description = ''
Stockage adm
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 10;
arceus = 10;
};
ilo = {
id = 51;
switch.salameche = 18;
};
};
cameron = {
is_debian = true;
id = 2;
vlans = with vlans; [
adm
san
];
serveur_type = ["san"];
description = ''
Stockage adh
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
# TODO: temp rebasculer sur fibre
salameche = -1 ;
};
ilo = {
id = 52;
switch.salameche = 16;
};
};
# cephirot = {
# id = 3;
# vlans = with vlans; [
# adm
# san
# ];
# serveur_type = ["san"];
# description = ''
# Un serveur avec peut etre un jour ceph
# '';
# public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
# };
arceus = {
is_debian = true;
id = 7;
vlans = vlans;
serveur_type = ["switch"];
description = ''
Switch principal
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
carapuce = {
is_debian = true;
id = 8;
vlans = vlans;
serveur_type = ["switch"];
description = ''
Switch principal
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
rodney = {
is_debian = true;
id = 9;
vlans = with vlans; [
adh
adm
adm-adh
san
];
serveur_type = ["switch"];
description = ''
Switch adh
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
salameche = {
is_debian = true;
id = 10;
vlans = with vlans; [
adm
san
];
serveur_type = ["switch"];
description = ''
Switch ilo
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
sam = {
is_debian = true;
id = 11;
vlans = with vlans; [
adm
san
srv-nat
];
serveur_type = ["pve"];
description = ''
PVE adm
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 1;
arceus = 1;
};
ilo = {
id = 21;
switch.salameche = 2; # TODO
};
};
daniel = {
is_debian = true;
id = 12;
vlans = with vlans; [
adm
san
srv-nat
];
serveur_type = ["pve"];
description = ''
PVE adm
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 3;
arceus = 3;
};
ilo = {
id = 22;
switch.salameche = 4; # TODO
};
};
jack = {
is_debian = true;
id = 13;
vlans = with vlans; [
adm
san
srv-nat
];
serveur_type = ["pve"];
description = ''
PVE adm
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
switch = {
carapuce = 5;
arceus = 5;
};
ilo = {
id = 23;
switch.salameche = 6; # TODO
};
};
odlyd = {
is_debian = true;
id = 16;
vlans = with vlans; [
adh
adm
];
serveur_type = ["pve"];
description = ''
PVE adh, fait actuellement le mort
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
stitch = {
is_debian = true;
id = 17;
vlans = with vlans; [
adh
adm
];
serveur_type = ["pve"];
description = ''
PVE adh
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
gulp = with vlans; {
is_debian = true;
id = 18;
vlans = [
adh
adm
];
serveur_type = ["pve"];
description = ''
PVE adh
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
zamok = with vlans; {
is_debian = true;
id = 31;
vlans = [
adh
adm
san
];
serveur_type = ["pve"];
description = ''
Serveur de calcul adhérent
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
};
vms = {
romanesco = {
name = "romanesco";
is_debian = true;
id = 145;
vlans = with vlans; [
adm
(adh "185.230.78.252")
(srv "185.230.79.59")
];
description = ''
DNS récursif
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
neo = with vlans; {
name = "neo";
id = 145;
vlans = [
adm
# pas besoin de spécifier l'ipv6 car elle est construite depuis l'id
(srv "185.230.79.5")
];
description = ''
Matrix du crans, heberge également le bridge IRC <-> Matrix
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
nextcloud = {
id = 146;
vlans = with vlans; [
adm
san
srv-nat
];
description = ''
NextCloud du Crans
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
apprentix = {
id = 150;
vlans = with vlans; [
adm
];
description = ''
VM NixOs apprentie
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
jitsi = {
id = 163;
vlans = with vlans; [
adm
(srv "185.230.79.15")
];
description = ''
Jitsi du crans
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
livre = {
id = 140;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Stirling PDF
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
periodique = {
id = 118;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Client matrix web (element)
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
redite = {
id = 139;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Redite
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
reverseproxy = with vlans; {
id = 151;
vlans = [
adm
srv-nat
(srv "185.230.79.42")
];
description = ''
NextCloud du Crans
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
two = {
id = 135;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Une vm de test
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
vaultwarden = {
id = 159;
vlans = with vlans; [
adm
srv-nat
];
description = ''
Vaultwarden
'';
public-ssh = "ssh-rsa TODOTODOTODOTODOTODOTODOTODO";
};
};
}

8
variables.nix 100644
View File

@ -0,0 +1,8 @@
let
machines = import ./hosts.nix;
in
{
dns-recursif = machines.vms.romanesco.id;
}