Torjus Håkestad
408554b477
Implements Phase 2 of the automated deployment pipeline. This commit adds a Python CLI tool that automates the creation of NixOS host configurations, eliminating manual boilerplate and reducing errors. Features: - Python CLI using typer framework with rich terminal UI - Comprehensive validation (hostname format/uniqueness, IP subnet/uniqueness) - Jinja2 templates for NixOS configurations - Automatic updates to flake.nix and terraform/vms.tf - Support for both static IP and DHCP configurations - Dry-run mode for safe previews - Packaged as Nix derivation and added to devShell Usage: create-host --hostname myhost --ip 10.69.13.50/24 The tool generates: - hosts/<hostname>/default.nix - hosts/<hostname>/configuration.nix - Updates flake.nix with new nixosConfigurations entry - Updates terraform/vms.tf with new VM definition All generated configurations include full system imports (monitoring, SOPS, autoupgrade, etc.) and are validated with nix flake check and tofu validate. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
68 lines
1.4 KiB
Django/Jinja
68 lines
1.4 KiB
Django/Jinja
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
../template/hardware-configuration.nix
|
|
|
|
../../system
|
|
../../common/vm
|
|
];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/sda";
|
|
|
|
networking.hostName = "{{ hostname }}";
|
|
networking.domain = "{{ domain }}";
|
|
networking.useNetworkd = true;
|
|
networking.useDHCP = false;
|
|
services.resolved.enable = false;
|
|
networking.nameservers = [
|
|
{% for ns in nameservers %}
|
|
"{{ ns }}"
|
|
{% endfor %}
|
|
];
|
|
|
|
systemd.network.enable = true;
|
|
systemd.network.networks."ens18" = {
|
|
matchConfig.Name = "ens18";
|
|
{% if is_static_ip %}
|
|
address = [
|
|
"{{ ip }}"
|
|
];
|
|
routes = [
|
|
{ Gateway = "{{ gateway }}"; }
|
|
];
|
|
{% else %}
|
|
networkConfig.DHCP = "ipv4";
|
|
{% endif %}
|
|
linkConfig.RequiredForOnline = "routable";
|
|
};
|
|
time.timeZone = "Europe/Oslo";
|
|
|
|
nix.settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
nix.settings.tarball-ttl = 0;
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
wget
|
|
git
|
|
];
|
|
|
|
# Open ports in the firewall.
|
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
# Or disable the firewall altogether.
|
|
networking.firewall.enable = false;
|
|
|
|
system.stateVersion = "{{ state_version }}"; # Did you read the comment?
|
|
}
|