yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update inventory implementation

Browse Source
This commit is contained in:
Johannes Kirschbauer
2024-06-21 16:45:38 +02:00
committed by hsjobeki
parent b4a8a3d047
commit 1b226c9e09
13 changed files with 349 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
inventory/README.md
View File

@@ -3,19 +3,24 @@
The inventory is our concept for distributed services. Users can configure multiple machines with minimal effort.
- The inventory acts as a declarative source of truth for all machine configurations.
- Users can easily add or remove machines and services.
- Users can easily add or remove machines to/from services.
- Ensures that all machines and services are configured consistently, across multiple nixosConfigs.
- Defaults and predefined roles in our modules minimizes the need for manual configuration.
Design questions:
- [ ] Is the service config interface the same as the module config interface ?
- [ ] As a user i dont want to see borgbackup as the high level category ?
- [x] Must roles be a list ?
-> Yes. In zerotier you can be "moon" and "controller" at the same time.
-> Yes. In zerotier a machine can be "moon" and "controller" at the same time.
- [x] Is role client different from peer ? Do we have one example where we use client and peer together and they are different?
-> There are many roles. And they depend on the service.
- [x] Should we use the module name in the path of the service?
-> YES
```json
// ${module_name}.${instance_name}
services.borgbackup-static.backup1 = {
@@ -32,8 +37,10 @@ Design questions:
Neutral: Module name is hard to change. Exists anyways.
- [x] Should the machine specific service config be part of the service?
-> The config implements the schema of the module, which is declared in the service.
-> If the config is placed in the machine, it becomes unclear that the scope is ONLY the service and NOT the global nixos config.
-> NO. because ...
- The config implements the schema of the module, which is declared in the service.
- If the config is placed in the machine, it becomes unclear that the scope is ONLY the service and NOT the global nixos config.
- If the config is placed in the machine it is de-located into another top-level field. In the module this complicates access.
Architecture

125
inventory/default.nix
View File

@@ -7,22 +7,25 @@ let
machines = machinesFromInventory syncthing_inventory;
resolveGroups =
inventory: members:
lib.unique (
builtins.foldl' (
acc: currMember:
let
groupName = builtins.substring 6 (builtins.stringLength currMember - 6) currMember;
groupMembers =
if inventory.groups.machines ? ${groupName} then
inventory.groups.machines.${groupName}
else
throw "Machine group ${currMember} not found. Key: groups.machines.${groupName} not in inventory.";
in
if lib.hasPrefix "group:" currMember then (acc ++ groupMembers) else acc ++ [ currMember ]
) [ ] members
);
resolveTags =
# Inventory, { machines :: [string], tags :: [string] }
inventory: members: {
machines =
members.machines or [ ]
++ (builtins.foldl' (
acc: tag:
let
tagMembers = builtins.attrNames (
lib.filterAttrs (_n: v: builtins.elem tag v.tags or [ ]) inventory.machines
);
in
# throw "Machine tag ${tag} not found. Not machine with: tag ${tagName} not in inventory.";
if tagMembers == [ ] then
throw "Machine tag ${tag} not found. Not machine with: tag ${tag} not in inventory."
else
acc ++ tagMembers
) [ ] members.tags or [ ]);
};
/*
Returns a NixOS configuration for every machine in the inventory.
@@ -45,29 +48,53 @@ let
acc2: instanceName: serviceConfig:
let
resolvedRoles = builtins.mapAttrs (
_roleName: members: resolveGroups inventory members
_roleName: members: resolveTags inventory members
) serviceConfig.roles;
isInService = builtins.any (members: builtins.elem machineName members) (
isInService = builtins.any (members: builtins.elem machineName members.machines) (
builtins.attrValues resolvedRoles
);
# Inverse map of roles. Allows for easy lookup of roles for a given machine.
# { ${machine_name} :: [roles]
inverseRoles = lib.foldlAttrs (
acc: roleName:
{ machines }:
acc
// builtins.foldl' (
acc2: machineName: acc2 // { ${machineName} = (acc.${machineName} or [ ]) ++ [ roleName ]; }
) { } machines
) { } resolvedRoles;
machineServiceConfig = (serviceConfig.machines.${machineName} or { }).config or { };
globalConfig = serviceConfig.config;
# TODO: maybe optimize this dont lookup the role in inverse roles. Imports are not lazy
roleModules = builtins.map (
role:
let
path = "${clan-core.clanModules.${moduleName}}/roles/${role}.nix";
in
if builtins.pathExists path then
path
else
throw "Role doesnt have a module: ${role}. Path: ${path} not found."
) inverseRoles.${machineName} or [ ];
in
if isInService then
acc2
++ [
{
imports = [ clan-core.clanModules.${moduleName} ];
imports = [ clan-core.clanModules.${moduleName} ] ++ roleModules;
config.clan.${moduleName} = lib.mkMerge [
globalConfig
machineServiceConfig
];
}
{
config.clan.inventory.${instanceName} = {
config.clan.inventory.${moduleName}.${instanceName} = {
roles = resolvedRoles;
# inherit inverseRoles;
};
}
]
@@ -78,8 +105,64 @@ let
) inventory.machines;
in
{
inherit clan-core;
new_clan = clan-core.lib.buildInventory {
# High level services.
# If you need multiple instances of a service configure them via:
# inventory.services.[serviceName].[instanceName] = ...
services = {
borbackup = {
roles.server.machines = [ "vyr" ];
roles.client.tags = [ "laptop" ];
machines.vyr = {
config = {
};
};
config = {
};
};
};
# Low level inventory i.e. if you need multiple instances of a service
# Or if you want to manipulate the created inventory directly.
inventory.services.borbackup.default = { };
# Machines. each machine can be referenced by its attribute name under services.
machines = {
camina = {
# This is added to machine tags
clan.tags = [ "laptop" ];
# These are the inventory machine fields
clan.meta.description = "";
clan.meta.name = "";
clan.meta.icon = "";
# Config ...
};
vyr = {
# Config ...
};
vi = {
clan.networking.targetHost = "root@78.47.164.46";
# Config ...
};
aya = {
clan.networking.targetHost = "root@78.47.164.46";
# Config ...
};
ezra = {
# Config ...
};
rianon = {
# Config ...
};
};
};
clan = clan-core.lib.buildClan {
meta.name = "vis clans";
meta.name = "vi's clans";
# Should usually point to the directory of flake.nix
directory = self;

2
inventory/src/root.cue
View File

@@ -20,6 +20,4 @@ import (
// // A map of machines
schema.#machine
schema.#groups
}

15
inventory/src/schema/schema.cue
View File

@@ -1,18 +1,10 @@
package schema
#groups: groups: {
// Machine groups
machines: {
// Group name mapped to list[machineName]
// "group1": ["machine1", "machine2"]
[string]: [...string]
}
}
#machine: machines: [string]: {
name: string,
description?: string,
icon?: string
tags: [...string]
}
#role: string
@@ -26,7 +18,10 @@ package schema
},
// We moved the machine sepcific config to "machines".
// It may be moved back depending on what makes more sense in the future.
roles: [#role]: [...string],
roles: [#role]: {
machines: [...string],
tags: [...string],
}
machines: {
[string]: {
config?: {

42
inventory/src/tests/borgbackup.json
View File

@@ -1,39 +1,51 @@
{
"machines": {
"camina_machine": {
"name": "camina"
"name": "camina",
"tags": ["laptop"]
},
"vyr_machine": {
"name": "vyr"
},
"vi_machine": {
"name": "vi"
}
},
"groups": {
"machines": {
"laptops": ["camina_machine", "vi_machine"],
"all": ["camina_machine", "vi_machine", "vyr_machine"]
"name": "vi",
"tags": ["laptop"]
}
},
"meta": {
"name": "kenjis clan"
},
"services": {
"borgbackup-static": {
"borgbackup": {
"instance_1": {
"meta": {
"name": "My backup"
},
"roles": {
"server": ["vyr_machine"],
"client": ["group:laptops"]
"server": {
"machines": ["vyr_machine"]
},
"client": {
"machines": ["vyr_machine"],
"tags": ["laptop"]
}
},
"machines": {
"vyr_machine": {},
"vi_machine": {},
"camina_machine": {}
"machines": {},
"config": {}
},
"instance_2": {
"meta": {
"name": "My backup"
},
"roles": {
"server": {
"machines": ["vi_machine"]
},
"client": {
"machines": ["camina_machine"]
}
},
"machines": {},
"config": {}
}
}

6
inventory/src/tests/syncthing.json
View File

@@ -14,13 +14,15 @@
"name": "kenjis clan"
},
"services": {
"syncthing-static-peers": {
"syncthing": {
"instance_1": {
"meta": {
"name": "My sync"
},
"roles": {
"peer": ["vyr_machine", "vi_machine", "camina_machine"]
"peer": {
"machines": ["vyr_machine", "vi_machine", "camina_machine"]
}
},
"machines": {},
"config": {

7
inventory/src/tests/zerotier.json
View File

@@ -14,14 +14,15 @@
"name": "kenjis clan"
},
"services": {
"zerotier-static": {
"zerotier": {
"instance_1": {
"meta": {
"name": "My Network"
},
"roles": {
"server": ["vyr_machine"],
"peer": ["vi_machine", "camina_machine"]
"controller": { "machines": ["vyr_machine"] },
"moon": { "machines": ["vyr_machine"] },
"peer": { "machines": ["vi_machine", "camina_machine"] }
},
"machines": {
"vyr_machine": {