confctl 1.0.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.editorconfig +1 -1
- data/.gitignore +1 -0
- data/.rubocop.yml +1 -0
- data/CHANGELOG.md +18 -1
- data/README.md +3 -9
- data/confctl.gemspec +14 -14
- data/docs/carrier.md +138 -0
- data/lib/confctl/cli/app.rb +3 -0
- data/lib/confctl/cli/cluster.rb +73 -44
- data/lib/confctl/cli/configuration.rb +7 -2
- data/lib/confctl/cli/gen_data.rb +19 -1
- data/lib/confctl/cli/generation.rb +5 -3
- data/lib/confctl/generation/host_list.rb +3 -3
- data/lib/confctl/git_repo_mirror.rb +2 -2
- data/lib/confctl/machine.rb +101 -11
- data/lib/confctl/machine_control.rb +7 -0
- data/lib/confctl/machine_list.rb +14 -1
- data/lib/confctl/machine_status.rb +51 -4
- data/lib/confctl/nix.rb +28 -5
- data/lib/confctl/swpins/specs/git.rb +1 -1
- data/lib/confctl/version.rb +1 -1
- data/man/man8/confctl-options.nix.8 +165 -1
- data/man/man8/confctl-options.nix.8.md +165 -1
- data/man/man8/confctl.8 +21 -1
- data/man/man8/confctl.8.md +16 -1
- data/nix/evaluator.nix +18 -7
- data/nix/lib/default.nix +64 -17
- data/nix/lib/machine/default.nix +14 -11
- data/nix/lib/machine/info.nix +3 -3
- data/nix/modules/cluster/default.nix +142 -3
- data/nix/modules/confctl/carrier/base.nix +35 -0
- data/nix/modules/confctl/carrier/carrier-env.rb +81 -0
- data/nix/modules/confctl/carrier/netboot/build-netboot-server.rb +803 -0
- data/nix/modules/confctl/carrier/netboot/nixos.nix +185 -0
- data/nix/modules/system-list.nix +8 -0
- metadata +12 -7
- data/.ruby-version +0 -1
@@ -0,0 +1,185 @@
|
|
1
|
+
{ config, lib, pkgs, confMachine, ... }:
|
2
|
+
let
|
3
|
+
inherit (lib) concatStringsSep flip mkOption mkEnableOption mkIf
|
4
|
+
optional optionalString types;
|
5
|
+
|
6
|
+
concatNl = concatStringsSep "\n";
|
7
|
+
|
8
|
+
cfg = config.confctl.carrier.netboot;
|
9
|
+
|
10
|
+
isoImage =
|
11
|
+
{ config, ... }:
|
12
|
+
{
|
13
|
+
options = {
|
14
|
+
file = mkOption {
|
15
|
+
type = types.path;
|
16
|
+
description = ''
|
17
|
+
Path to the ISO image file
|
18
|
+
|
19
|
+
If it is a path, the file must be available on the build machine,
|
20
|
+
it will be copied into the Nix store and deployed to the target machine.
|
21
|
+
If it is a string, then the file must be available on the target machine
|
22
|
+
at the given path.
|
23
|
+
'';
|
24
|
+
};
|
25
|
+
|
26
|
+
label = mkOption {
|
27
|
+
type = types.str;
|
28
|
+
default = "";
|
29
|
+
description = "Menu label for this image";
|
30
|
+
};
|
31
|
+
};
|
32
|
+
};
|
33
|
+
|
34
|
+
baseDir = "/var/lib/confctl/carrier/netboot";
|
35
|
+
|
36
|
+
tftpRoot = "${baseDir}/tftp";
|
37
|
+
|
38
|
+
httpRoot = "${baseDir}/http";
|
39
|
+
|
40
|
+
builderConfig = builtins.toJSON {
|
41
|
+
ruby = pkgs.ruby;
|
42
|
+
coreutils = pkgs.coreutils;
|
43
|
+
syslinux = pkgs.syslinux;
|
44
|
+
inherit tftpRoot httpRoot;
|
45
|
+
hostName = config.networking.hostName;
|
46
|
+
httpUrl = "http://${cfg.host}";
|
47
|
+
memtest =
|
48
|
+
if cfg.memtest86.enable then
|
49
|
+
{ package = pkgs.memtest86plus; params = cfg.memtest86.params; }
|
50
|
+
else
|
51
|
+
null;
|
52
|
+
isoImages = cfg.isoImages;
|
53
|
+
};
|
54
|
+
|
55
|
+
builder = pkgs.substituteAll {
|
56
|
+
src = ./build-netboot-server.rb;
|
57
|
+
name = "build-netboot-server";
|
58
|
+
dir = "bin";
|
59
|
+
isExecutable = true;
|
60
|
+
ruby = pkgs.ruby;
|
61
|
+
jsonConfig = pkgs.writeText "netboot-server.json" builderConfig;
|
62
|
+
};
|
63
|
+
in {
|
64
|
+
options = {
|
65
|
+
confctl.carrier.netboot = {
|
66
|
+
enable = mkEnableOption ''
|
67
|
+
Enable netboot server generated from confctl carrier
|
68
|
+
'';
|
69
|
+
|
70
|
+
host = mkOption {
|
71
|
+
type = types.str;
|
72
|
+
description = "Hostname or IP address of the netboot server";
|
73
|
+
};
|
74
|
+
|
75
|
+
enableACME = mkOption {
|
76
|
+
type = types.bool;
|
77
|
+
description = "Enable ACME and SSL for netboot host";
|
78
|
+
default = false;
|
79
|
+
};
|
80
|
+
|
81
|
+
memtest86 = {
|
82
|
+
enable = mkOption {
|
83
|
+
type = types.bool;
|
84
|
+
description = "Include memtest in boot menu";
|
85
|
+
default = true;
|
86
|
+
};
|
87
|
+
|
88
|
+
params = mkOption {
|
89
|
+
type = types.listOf types.str;
|
90
|
+
default = [];
|
91
|
+
example = [ "console=ttyS0,115200" ];
|
92
|
+
description = "See {option}`boot.loader.grub.memtest86.params`";
|
93
|
+
};
|
94
|
+
};
|
95
|
+
|
96
|
+
isoImages = mkOption {
|
97
|
+
type = types.listOf (types.submodule isoImage);
|
98
|
+
default = [];
|
99
|
+
description = "A list of ISO images to be included in boot menu";
|
100
|
+
};
|
101
|
+
|
102
|
+
allowedIPv4Ranges = mkOption {
|
103
|
+
type = types.listOf types.str;
|
104
|
+
description = ''
|
105
|
+
Allow HTTP access for these IP ranges, if not specified
|
106
|
+
access is not restricted.
|
107
|
+
'';
|
108
|
+
default = [];
|
109
|
+
example = "10.0.0.0/24";
|
110
|
+
};
|
111
|
+
|
112
|
+
tftp.bindAddress = mkOption {
|
113
|
+
type = types.nullOr types.str;
|
114
|
+
default = null;
|
115
|
+
description = ''
|
116
|
+
The address for the TFTP server to bind on
|
117
|
+
'';
|
118
|
+
};
|
119
|
+
};
|
120
|
+
};
|
121
|
+
|
122
|
+
config = mkIf cfg.enable {
|
123
|
+
confctl.carrier.onChangeCommands = ''
|
124
|
+
${builder}/bin/build-netboot-server
|
125
|
+
rc=$?
|
126
|
+
|
127
|
+
if [ $rc != 0 ] ; then
|
128
|
+
echo "build-netboot-server failed with $rc"
|
129
|
+
exit 1
|
130
|
+
fi
|
131
|
+
'';
|
132
|
+
|
133
|
+
environment.systemPackages = [ builder ];
|
134
|
+
|
135
|
+
networking.firewall = {
|
136
|
+
extraCommands = mkIf (cfg.allowedIPv4Ranges != []) (concatNl (map (net: ''
|
137
|
+
# Allow access from ${net} for netboot
|
138
|
+
iptables -A nixos-fw -p udp -s ${net} ${optionalString (!isNull cfg.tftp.bindAddress) "-d ${cfg.tftp.bindAddress}"} --dport 68 -j nixos-fw-accept
|
139
|
+
iptables -A nixos-fw -p udp -s ${net} ${optionalString (!isNull cfg.tftp.bindAddress) "-d ${cfg.tftp.bindAddress}"} --dport 69 -j nixos-fw-accept
|
140
|
+
iptables -A nixos-fw -p tcp -s ${net} --dport 80 -j nixos-fw-accept
|
141
|
+
${optionalString cfg.enableACME "iptables -A nixos-fw -p tcp -s ${net} --dport 443 -j nixos-fw-accept"}
|
142
|
+
'') cfg.allowedIPv4Ranges));
|
143
|
+
};
|
144
|
+
|
145
|
+
systemd.services.netboot-atftpd = {
|
146
|
+
description = "TFTP Server for Netboot";
|
147
|
+
after = [ "network.target" ];
|
148
|
+
wantedBy = [ "multi-user.target" ];
|
149
|
+
# runs as nobody
|
150
|
+
serviceConfig.ExecStart = toString ([
|
151
|
+
"${pkgs.atftp}/sbin/atftpd"
|
152
|
+
"--daemon"
|
153
|
+
"--no-fork"
|
154
|
+
] ++ (optional (!isNull cfg.tftp.bindAddress) [ "--bind-address" cfg.tftp.bindAddress ])
|
155
|
+
++ [ tftpRoot ]);
|
156
|
+
};
|
157
|
+
|
158
|
+
services.nginx = {
|
159
|
+
enable = true;
|
160
|
+
|
161
|
+
appendConfig = ''
|
162
|
+
worker_processes auto;
|
163
|
+
'';
|
164
|
+
|
165
|
+
virtualHosts = {
|
166
|
+
"${cfg.host}" = {
|
167
|
+
root = httpRoot;
|
168
|
+
addSSL = cfg.enableACME;
|
169
|
+
enableACME = cfg.enableACME;
|
170
|
+
locations = {
|
171
|
+
"/" = {
|
172
|
+
extraConfig = ''
|
173
|
+
autoindex on;
|
174
|
+
${optionalString (cfg.allowedIPv4Ranges != []) ''
|
175
|
+
${concatNl (flip map cfg.allowedIPv4Ranges (range: "allow ${range};"))}
|
176
|
+
deny all;
|
177
|
+
''}
|
178
|
+
'';
|
179
|
+
};
|
180
|
+
};
|
181
|
+
};
|
182
|
+
};
|
183
|
+
};
|
184
|
+
};
|
185
|
+
}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: confctl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jakub Skokan
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 2.
|
33
|
+
version: 2.22.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 2.
|
40
|
+
version: 2.22.0
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: json
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -184,14 +184,14 @@ dependencies:
|
|
184
184
|
requirements:
|
185
185
|
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
|
-
version: 0.
|
187
|
+
version: 0.19.0
|
188
188
|
type: :runtime
|
189
189
|
prerelease: false
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
191
191
|
requirements:
|
192
192
|
- - "~>"
|
193
193
|
- !ruby/object:Gem::Version
|
194
|
-
version: 0.
|
194
|
+
version: 0.19.0
|
195
195
|
description: Nix deployment management tool
|
196
196
|
email: jakub.skokan@vpsfree.cz
|
197
197
|
executables:
|
@@ -204,7 +204,6 @@ files:
|
|
204
204
|
- ".overcommit.yml"
|
205
205
|
- ".rubocop.yml"
|
206
206
|
- ".rubocop_todo.yml"
|
207
|
-
- ".ruby-version"
|
208
207
|
- CHANGELOG.md
|
209
208
|
- Gemfile
|
210
209
|
- LICENSE.txt
|
@@ -212,6 +211,7 @@ files:
|
|
212
211
|
- Rakefile
|
213
212
|
- bin/confctl
|
214
213
|
- confctl.gemspec
|
214
|
+
- docs/carrier.md
|
215
215
|
- example/.gitignore
|
216
216
|
- example/README.md
|
217
217
|
- example/cluster/cluster.nix
|
@@ -319,11 +319,16 @@ files:
|
|
319
319
|
- nix/lib/swpins/options.nix
|
320
320
|
- nix/machines.nix
|
321
321
|
- nix/modules/cluster/default.nix
|
322
|
+
- nix/modules/confctl/carrier/base.nix
|
323
|
+
- nix/modules/confctl/carrier/carrier-env.rb
|
324
|
+
- nix/modules/confctl/carrier/netboot/build-netboot-server.rb
|
325
|
+
- nix/modules/confctl/carrier/netboot/nixos.nix
|
322
326
|
- nix/modules/confctl/cli.nix
|
323
327
|
- nix/modules/confctl/generations.nix
|
324
328
|
- nix/modules/confctl/nix.nix
|
325
329
|
- nix/modules/confctl/swpins.nix
|
326
330
|
- nix/modules/module-list.nix
|
331
|
+
- nix/modules/system-list.nix
|
327
332
|
- shell.nix
|
328
333
|
- template/confctl-options.nix/main.erb
|
329
334
|
- template/confctl-options.nix/options.erb
|
@@ -346,7 +351,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
346
351
|
- !ruby/object:Gem::Version
|
347
352
|
version: '0'
|
348
353
|
requirements: []
|
349
|
-
rubygems_version: 3.
|
354
|
+
rubygems_version: 3.5.9
|
350
355
|
signing_key:
|
351
356
|
specification_version: 4
|
352
357
|
summary: Nix deployment management tool
|
data/.ruby-version
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
3.1.0
|