Add cj.deployment module

That way we can configure the depployment tags and everything in a single location.
2023-07-28 10:31:36 +02:00 · 2023-07-28 10:31:36 +02:00 · 047d73dc78
commit 047d73dc78
parent 52a0991bfb
9 changed files with 54 additions and 16 deletions
--- a/common/default.nix
+++ b/common/default.nix
@ -1,6 +1,7 @@
 { config, lib, pkgs, inputs, ... }: {
  imports = [
    ./users.nix
    ../modules/deployment.nix
    # Monitoring is applicable to all hosts, thus placing it here
    ../services/monitoring
  ];
--- a/flake.nix
+++ b/flake.nix
@ -57,7 +57,7 @@
      };
      defaults = { name, config, ... }: {
        deployment = {
-          tags = if name == "shirley" then [ "prod" ] else [ "dev" ];
+          tags = [ config.cj.deployment.environment ];
          targetHost = config.networking.fqdn;
          targetUser = null;
        };
--- a/hosts/goldberg/configuration.nix
+++ b/hosts/goldberg/configuration.nix
@ -1,5 +1,5 @@
 { lib, pkgs, baseDomain, ... }: {
-  _module.args.baseDomain = "dev.chaos.jetzt";
+  cj.deployment.environment = "dev";
  imports = [
    ./hardware-config.nix
--- a/hosts/shirley/configuration.nix
+++ b/hosts/shirley/configuration.nix
@ -1,5 +1,5 @@
 { pkgs, baseDomain, ... }: {
-  _module.args.baseDomain = "chaos.jetzt";
+  cj.deployment.environment = "prod";
  imports = [
    ./hardware-config.nix
--- a/modules/deployment.nix
+++ b/modules/deployment.nix
@ -0,0 +1,26 @@
 { config
 , options
 , lib
 , ... }:
 let
  inherit (lib) mkOption types optionalString;
  cfg = config.cj.deployment;
  isDev = cfg.environment == "dev";
 in
 {
  options.cj.deployment = {
    environment = mkOption {
      description = "Environment this host will be used for. Affects both colmena deploy groups and the baseDomain";
      type = types.enum [ "dev" "prod" ];
    };
  };
  config = {
    _module.args = {
      inherit isDev;
      baseDomain = "${optionalString isDev "dev."}chaos.jetzt";
    };
  };
 }
--- a/services/dokuwiki.nix
+++ b/services/dokuwiki.nix
@ -1,10 +1,12 @@
-{
+{ pkgs
-  pkgs,
+, config
-  config,
+, lib
-  lib,
+, baseDomain
-  baseDomain,
+, isDev
-  ...
+, ...
-}: let
+}:
 let
  fpm_pool = "dokuwiki-${dw_domain}";
  fpm_cfg = config.services.phpfpm.pools.${fpm_pool};
  dw_domain = "wiki.${baseDomain}";
@ -143,7 +145,7 @@ in {
      };
      plugin.oauthkeycloak = {
        key = get_secret "dokuwiki/keycloak_key";
-        openidurl = "https://sso.chaos.jetzt/auth/realms/chaos-jetzt/.well-known/openid-configuration";
+        openidurl = "https://sso.chaos.jetzt/auth/realms/${if isDev then "dev" else "chaos-jetzt"}/.well-known/openid-configuration";
      };
    };
--- a/services/monitoring/default.nix
+++ b/services/monitoring/default.nix
@ -37,7 +37,7 @@
  isMe = host: host.config.networking.fqdn == fqdn;
  others = filterAttrs (_: !isMe) outputs.nixosConfigurations;
-  isDev = host: (substring 0 3 host._module.args.baseDomain) == "dev";
+  isDev = host: host._module.args.isDev;
  allHosts = outputs.nixosConfigurations // externalTargets;
  /*
    Right now we only have one non-dev host in our NixOS setup (the ansible hosts don't monitor the NixOS hosts).
--- a/services/vaultwarden.nix
+++ b/services/vaultwarden.nix
@ -1,9 +1,13 @@
-{ lib, config, pkgs, baseDomain, ... }:
+{ lib
 , config
 , pkgs
 , baseDomain
 , isDev
 , ... }:
 let
  vwDbUser = config.users.users.vaultwarden.name;
  vwDbName = config.users.users.vaultwarden.name;
  isDev = (builtins.substring 0 3 baseDomain) == "dev";
  isDevStr = lib.optionalString isDev;
 in {
  sops.secrets = {
--- a/services/website.nix
+++ b/services/website.nix
@ -1,4 +1,10 @@
-{ lib, pkgs, config, baseDomain, ...}:
+{ lib
 , pkgs
 , config
 , baseDomain
 , isDev
 , ...}:
 let
  matrixWellKnown = {
    client."m.homeserver".base_url = "https://matrix.${baseDomain}/";
@ -6,7 +12,6 @@ let
  };
  toJSONFile = name: value: pkgs.writeText name (builtins.toJSON value);
  matrixWellKnownDir = pkgs.linkFarm "matrix-well-known" (builtins.mapAttrs toJSONFile matrixWellKnown);
  isDev = (builtins.substring 0 3 baseDomain) == "dev";
  webroot = "${config.users.users."web-deploy".home}/public";
  deployPubKey = if isDev then
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINRmpgMjXQCjA/YPNJvaNdKMjr0jnLtwKKbLCIisjeBw dev-deploykey@chaos.jetzt"