confctl 1.0.0

data/nix/modules/cluster/default.nix

@@ -0,0 +1,459 @@
+{ config, lib, confLib, ... }@args:
+with lib;
+let
+  machine =
+    { config, ...}:
+    {
+      options = {
+        managed = mkOption {
+          type = types.nullOr types.bool;
+          default = null;
+          apply = v:
+            if !isNull v then v
+            else if elem config.spin [ "nixos" "vpsadminos" ] then true
+            else false;
+          description = ''
+            Determines whether the machine is managed using confctl or not
+
+            By default, NixOS and vpsAdminOS machines are managed by confctl.
+          '';
+        };
+
+        spin = mkOption {
+          type = types.enum [ "openvz" "nixos" "vpsadminos" "other" ];
+          description = "OS type";
+        };
+
+        swpins = {
+          channels = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = ''
+              List of channels from <option>confctl.swpins.channels</option>
+              to use on this machine
+            '';
+          };
+
+          pins = mkOption {
+            type = types.attrsOf (types.submodule swpinOptions.specModule);
+            default = {};
+            description = ''
+              List of swpins for this machine, which can supplement or
+              override swpins from configured channels
+            '';
+          };
+        };
+
+        addresses = mkOption {
+          type = types.nullOr (types.submodule addresses);
+          default = null;
+          description = ''
+            IP addresses
+          '';
+        };
+
+        netboot = {
+          enable = mkEnableOption "Include this system on pxe servers";
+          macs = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = ''
+              List of MAC addresses for iPXE node auto-detection
+            '';
+          };
+        };
+
+        host = mkOption {
+          type = types.nullOr (types.submodule host);
+          default = null;
+        };
+
+        labels = mkOption {
+          type = types.attrs;
+          default = {};
+          description = ''
+            Optional user-defined labels to classify the machine
+          '';
+        };
+
+        tags = mkOption {
+          type = types.listOf types.str;
+          default = [];
+          description = ''
+            Optional user-defined tags to classify the machine
+          '';
+        };
+
+        nix = {
+          nixPath = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = ''
+              List of extra paths added to environment variable
+              <literal>NIX_PATH</literal> for <literal>nix-build</literal>
+            '';
+          };
+        };
+
+        buildGenerations = {
+          min = mkOption {
+            type = types.nullOr types.int;
+            default = null;
+            description = ''
+              The minimum number of build generations to be kept on the build
+              machine.
+            '';
+          };
+
+          max = mkOption {
+            type = types.nullOr types.int;
+            default = null;
+            description = ''
+              The maximum number of build generations to be kept on the build
+              machine.
+            '';
+          };
+
+          maxAge = mkOption {
+            type = types.nullOr types.int;
+            default = null;
+            description = ''
+              Delete build generations older than
+              <option>cluster.&lt;name&gt;.buildGenerations.maxAge</option>
+              seconds from the build machine. Old generations are deleted even
+              if <option>cluster.&lt;name&gt;.buildGenerations.max</option> is
+              not reached.
+            '';
+          };
+        };
+
+        hostGenerations = {
+          min = mkOption {
+            type = types.nullOr types.int;
+            default = null;
+            description = ''
+              The minimum number of generations to be kept on the machine.
+            '';
+          };
+
+          max = mkOption {
+            type = types.nullOr types.int;
+            default = null;
+            description = ''
+              The maximum number of generations to be kept on the machine.
+            '';
+          };
+
+          maxAge = mkOption {
+            type = types.nullOr types.int;
+            default = null;
+            description = ''
+              Delete generations older than
+              <option>cluster.&lt;name&gt;.hostGenerations.maxAge</option>
+              seconds from the machine. Old generations are deleted even
+              if <option>cluster.&lt;name&gt;.hostGenerations.max</option> is
+              not reached.
+            '';
+          };
+
+          collectGarbage = mkOption {
+            type = types.nullOr types.bool;
+            default = null;
+            description = "Run nix-collect-garbage";
+          };
+        };
+
+        healthChecks = {
+          systemd = {
+            enable = mkOption {
+              type = types.bool;
+              default = true;
+              description = ''
+                Enable systemd checks, enabled by default
+              '';
+            };
+
+            systemProperties = mkOption {
+              type = types.listOf (types.submodule systemdProperty);
+              default = [
+                { property = "SystemState"; value = "running"; }
+              ];
+              description = ''
+                Check systemd manager properties reported by systemctl show
+              '';
+            };
+
+            unitProperties = mkOption {
+              type = types.attrsOf (types.listOf (types.submodule systemdProperty));
+              default = {};
+              example = literalExpression ''
+                {
+                  "firewall.service" = [
+                    { property = "ActiveState"; value = "active"; }
+                  ];
+                }
+              '';
+              description = ''
+                Check systemd unit properties reported by systemctl show <unit>
+              '';
+            };
+          };
+
+          builderCommands = mkOption {
+            type = types.listOf (types.submodule checkCommand);
+            default = [];
+            example = literalExpression ''
+              [
+                { description = "ping"; command = [ "ping" "-c1" "{host.fqdn}" ]; }
+              ]
+            '';
+            description = ''
+              Check commands run on the build machine
+            '';
+          };
+
+          machineCommands = mkOption {
+            type = types.listOf (types.submodule checkCommand);
+            default = [];
+            example = literalExpression ''
+              [
+                { description = "curl"; command = [ "curl" "-s" "http://localhost:80" ]; }
+              ]
+            '';
+            description = ''
+              Check commands run on the target machine
+
+              Note that the commands have to be available on the machine.
+            '';
+          };
+        };
+      };
+    };
+
+  swpinOptions = import ../../lib/swpins/options.nix { inherit lib; };
+
+  addresses =
+    { config, ... }:
+    {
+      options = {
+        primary = mkOption {
+          type = types.nullOr (types.submodule (confLib.mkOptions.addresses 4));
+          default =
+            if config.v4 != [] then
+              head config.v4
+            else if config.v6 != [] then
+              head config.v6
+            else
+              null;
+          description = ''
+            Default address other machines should use to connect to this machine
+
+            Defaults to the first IPv4 address if not set
+          '';
+        };
+
+        v4 = mkOption {
+          type = types.listOf (types.submodule (confLib.mkOptions.addresses 4));
+          default = [];
+          description = ''
+            List of IPv4 addresses this machine responds to
+          '';
+        };
+
+        v6 = mkOption {
+          type = types.listOf (types.submodule (confLib.mkOptions.addresses 6));
+          default = [];
+          description = ''
+            List of IPv6 addresses this machine responds to
+          '';
+        };
+      };
+    };
+
+  host =
+    { config, ... }:
+    {
+      options = {
+        name = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+           Host name
+          '';
+        };
+
+        location = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            Host location domain
+          '';
+        };
+
+        domain = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            Host domain
+          '';
+        };
+
+        fullDomain = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            Domain including location, i.e. FQDN without host name
+          '';
+          apply = v:
+            if isNull v && !isNull config.domain then
+              concatStringsSep "." (
+                (optional (!isNull config.location) config.location)
+                ++ [ config.domain ]
+              )
+            else
+              v;
+        };
+
+        fqdn = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            Host FQDN
+          '';
+          apply = v:
+            if isNull v && !isNull config.name && !isNull config.domain then
+              concatStringsSep "." (
+                [ config.name ]
+                ++ (optional (!isNull config.location) config.location)
+                ++ [ config.domain ]
+              )
+            else
+              v;
+        };
+
+        target = mkOption {
+          type = types.nullOr types.str;
+          default = config.fqdn;
+          description = ''
+            Address/host to which the configuration is deployed to
+          '';
+        };
+      };
+    };
+
+  systemdProperty =
+    { config, ... }:
+    {
+      options = {
+        property = mkOption {
+          type = types.str;
+          description = "systemd property name";
+        };
+
+        value = mkOption {
+          type = types.str;
+          description = "value to be checked";
+        };
+
+        timeout = mkOption {
+          type = types.ints.unsigned;
+          default = 60;
+          description = "Max number of seconds to wait for the check to pass";
+        };
+
+        cooldown = mkOption {
+          type = types.ints.unsigned;
+          default = 3;
+          description = "Number of seconds in between check attempts";
+        };
+      };
+    };
+
+  checkCommand =
+    { config, ... }:
+    {
+      options = {
+        description = mkOption {
+          type = types.str;
+          default = "";
+          description = "Command description";
+        };
+
+        command = mkOption {
+          type = types.listOf types.str;
+          description = ''
+            Command and its arguments
+
+            It is possible to access machine attributes as from CLI using curly
+            brackets. For example, {host.fqdn} would be replaced by machine FQDN.
+            See confctl ls -L for a list of available attributes.
+          '';
+        };
+
+        exitStatus = mkOption {
+          type = types.ints.unsigned;
+          default = 0;
+          description = "Expected exit status";
+        };
+
+        standardOutput = {
+          match = mkOption {
+            type = types.nullOr types.str;
+            default = null;
+            description = "Standard output must match this string";
+          };
+
+          include = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = "Strings that must be included in standard output";
+          };
+
+          exclude = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = "Strings that must not be included in standard output";
+          };
+        };
+
+        standardError = {
+          match = mkOption {
+            type = types.nullOr types.str;
+            default = null;
+            description = "Standard error must match this string";
+          };
+
+          include = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = "String that must be included in standard error";
+          };
+
+          exclude = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = "String that must not be included in standard error";
+          };
+        };
+
+        timeout = mkOption {
+          type = types.ints.unsigned;
+          default = 60;
+          description = "Max number of seconds to wait for the check to pass";
+        };
+
+        cooldown = mkOption {
+          type = types.ints.unsigned;
+          default = 3;
+          description = "Number of seconds in between check attempts";
+        };
+      };
+    };
+in {
+  options = {
+    cluster = mkOption {
+      type = types.attrsOf (types.submodule machine);
+      default = {};
+    };
+  };
+}

data/nix/modules/confctl/cli.nix

@@ -0,0 +1,21 @@
+{ config, lib, ... }:
+with lib;
+{
+  options = {
+    confctl = {
+      list.columns = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "name"
+          "spin"
+          "host.fqdn"
+        ];
+        description = ''
+          Configure which columns should <literal>confctl ls</literal> show.
+          Names correspond to options within <literal>cluster.&lt;name&gt;</literal>
+          module.
+        '';
+      };
+    };
+  };
+}

data/nix/modules/confctl/generations.nix

@@ -0,0 +1,84 @@
+{ config, lib, ... }:
+with lib;
+{
+  options = {
+    confctl = {
+      buildGenerations = {
+        min = mkOption {
+          type = types.int;
+          default = 5;
+          description = ''
+            The minimum number of build generations to be kept.
+
+            This is the default value, which can be overriden per host.
+          '';
+        };
+
+        max = mkOption {
+          type = types.int;
+          default = 30;
+          description = ''
+            The maximum number of build generations to be kept.
+
+            This is the default value, which can be overriden per host.
+          '';
+        };
+
+        maxAge = mkOption {
+          type = types.int;
+          default = 180*24*60*60;
+          description = ''
+            Delete build generations older than
+            <option>confctl.buildGenerations.maxAge</option> seconds. Old generations
+            are deleted even if <option>confctl.buildGenerations.max</option> is
+            not reached.
+
+            This is the default value, which can be overriden per host.
+          '';
+        };
+      };
+
+      hostGenerations = {
+        min = mkOption {
+          type = types.int;
+          default = 5;
+          description = ''
+            The minimum number of generations to be kept on machines.
+
+            This is the default value, which can be overriden per host.
+          '';
+        };
+
+        max = mkOption {
+          type = types.int;
+          default = 30;
+          description = ''
+            The maximum number of generations to be kept on machines.
+
+            This is the default value, which can be overriden per host.
+          '';
+        };
+
+        maxAge = mkOption {
+          type = types.int;
+          default = 180*24*60*60;
+          description = ''
+            Delete generations older than
+            <option>confctl.hostGenerations.maxAge</option> seconds from
+            machines. Old generations
+            are deleted even if <option>confctl.hostGenerations.max</option> is
+            not reached.
+
+            This is the default value, which can be overriden per host.
+          '';
+        };
+
+        collectGarbage = mkOption {
+          type = types.bool;
+          default = true;
+          description = "Run nix-collect-garbage";
+        };
+      };
+    };
+  };
+}

data/nix/modules/confctl/nix.nix

@@ -0,0 +1,28 @@
+{ config, lib, ... }:
+with lib;
+{
+  options = {
+    confctl = {
+      nix = {
+        maxJobs = mkOption {
+          type = types.nullOr (types.either types.int (types.enum [ "auto" ]));
+          default = null;
+          description = ''
+            Maximum number of build jobs, passed to <literal>nix-build</literal>
+            commands.
+          '';
+        };
+
+        nixPath = mkOption {
+          type = types.listOf types.str;
+          default = [];
+          description = ''
+            List of extra paths added to environment variable
+            <literal>NIX_PATH</literal> for all <literal>nix-build</literal>
+            invokations
+          '';
+        };
+      };
+    };
+  };
+}

data/nix/modules/confctl/swpins.nix

@@ -0,0 +1,55 @@
+{ config, pkgs, lib, swpinsInfo, ... }:
+with lib;
+let
+  swpinOptions = import ../../lib/swpins/options.nix { inherit lib; };
+
+  machineSwpinsInfo = pkgs.writeText "swpins-info.json" (builtins.toJSON swpinsInfo);
+in {
+  options = {
+    confctl = {
+      swpins.core = {
+        pins = mkOption {
+          type = types.attrsOf (types.submodule swpinOptions.specModule);
+          default = {
+            nixpkgs = {
+              type = "git-rev";
+              git-rev = {
+                url = "https://github.com/NixOS/nixpkgs";
+                update.ref = "refs/heads/nixos-unstable";
+                update.auto = true;
+                update.interval = 30*24*60*60; # 1 month
+              };
+            };
+          };
+          description = ''
+            Core software packages used internally by confctl
+
+            It has to contain package <literal>nixpkgs</literal>, which is used
+            to resolve other software pins from channels or cluster machines.
+          '';
+        };
+
+        channels = mkOption {
+          type = types.listOf types.str;
+          default = [];
+          description = ''
+            List of channels from <option>confctl.swpins.channels</option>
+            to use for core swpins
+          '';
+        };
+      };
+
+      swpins.channels = mkOption {
+        type = types.attrsOf (types.attrsOf (types.submodule swpinOptions.specModule));
+        default = {};
+        description = ''
+          Software pin channels
+        '';
+      };
+    };
+  };
+
+  config = {
+    environment.etc."confctl/swpins-info.json".source = machineSwpinsInfo;
+  };
+}

data/nix/modules/module-list.nix

@@ -0,0 +1,19 @@
+let
+  shared = [
+    ./cluster
+    ./confctl/generations.nix
+    ./confctl/cli.nix
+    ./confctl/nix.nix
+    ./confctl/swpins.nix
+  ];
+
+  nixos = [
+  ];
+
+  vpsadminos = [
+  ];
+in {
+  nixos = shared ++ nixos;
+  vpsadminos = shared ++ vpsadminos;
+  all = shared ++ nixos ++ vpsadminos;
+}

data/shell.nix

@@ -0,0 +1,42 @@
+let
+  pkgs = import <nixpkgs> {};
+  lib = pkgs.lib;
+  stdenv = pkgs.stdenv;
+in stdenv.mkDerivation rec {
+  name = "confctl-shell";
+
+  buildInputs = with pkgs; [
+    git
+    ncurses
+    nix-prefetch-git
+    openssl
+    ruby
+  ];
+
+  shellHook = ''
+    CONFCTL="${toString ./.}"
+    BASEDIR="$(realpath `pwd`)"
+    export GEM_HOME="$(pwd)/.gems"
+    BINDIR="$(ruby -e 'puts Gem.bindir')"
+    mkdir -p "$BINDIR"
+    export PATH="$BINDIR:$PATH"
+    export RUBYLIB="$GEM_HOME:$CONFCTL/lib"
+    export MANPATH="$CONFCTL/man:$(man --path)"
+    gem install --no-document bundler overcommit rubocop
+    pushd "$CONFCTL"
+    bundle install
+    bundle exec rake md2man:man
+    popd
+
+    cat <<EOF > "$BINDIR/confctl"
+    #!${pkgs.ruby}/bin/ruby
+    ENV['BUNDLE_GEMFILE'] = "$CONFCTL/Gemfile"
+
+    require 'bundler'
+    Bundler.setup
+
+    load File.join('$CONFCTL', 'bin/confctl')
+    EOF
+    chmod +x "$BINDIR/confctl"
+  '';
+}