2024-04-20 23:20:14 +02:00
|
|
|
{ self, nixpkgs, agenix, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs:
|
2023-03-23 16:45:30 +01:00
|
|
|
|
|
|
|
rec {
|
2023-04-16 16:37:11 +02:00
|
|
|
generateNixosSystem = {
|
|
|
|
name,
|
|
|
|
system ? "x86_64-linux",
|
2023-04-21 23:03:11 +02:00
|
|
|
group ? null,
|
2023-06-30 23:31:13 +02:00
|
|
|
modules ? [],
|
2023-04-16 16:37:11 +02:00
|
|
|
}: let
|
2023-03-23 17:09:54 +01:00
|
|
|
localNixpkgs = nixpkgs.lib.attrByPath [ "nixpkgs-${name}" ] nixpkgs inputs;
|
|
|
|
in localNixpkgs.lib.nixosSystem {
|
2023-04-16 16:37:11 +02:00
|
|
|
system = system;
|
2023-06-30 23:31:13 +02:00
|
|
|
modules = modules ++ [
|
2023-03-23 16:45:30 +01:00
|
|
|
({ ... }: {
|
|
|
|
/*
|
|
|
|
Make the contents of the flake availiable to modules.
|
|
|
|
Useful for having the monitoring server scraping the
|
|
|
|
target config from all other servers automatically.
|
|
|
|
*/
|
2023-05-04 14:35:30 +02:00
|
|
|
_module.args = {
|
|
|
|
inputs = inputs;
|
|
|
|
_nixfiles = self;
|
|
|
|
};
|
2023-03-23 16:45:30 +01:00
|
|
|
})
|
|
|
|
../configuration/common
|
2023-05-01 12:23:09 +02:00
|
|
|
../users/clerie
|
2023-03-23 16:45:30 +01:00
|
|
|
({ ... }: {
|
|
|
|
nixpkgs.overlays = [
|
2023-12-08 09:06:43 +01:00
|
|
|
self.overlays.clerie
|
2023-03-23 16:45:30 +01:00
|
|
|
(_: _: {
|
2023-05-01 12:29:55 +02:00
|
|
|
inherit (agenix.packages."x86_64-linux")
|
|
|
|
agenix;
|
2024-04-08 08:41:05 +02:00
|
|
|
inherit (bij.packages."${system}")
|
|
|
|
bij;
|
2023-06-13 17:53:45 +02:00
|
|
|
inherit (chaosevents.packages."x86_64-linux")
|
|
|
|
chaosevents;
|
2023-03-23 16:45:30 +01:00
|
|
|
})
|
|
|
|
];
|
2023-04-21 23:03:11 +02:00
|
|
|
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
|
2023-03-23 16:45:30 +01:00
|
|
|
})
|
2023-05-01 11:37:33 +02:00
|
|
|
agenix.nixosModules.default
|
2023-05-04 14:35:30 +02:00
|
|
|
fernglas.nixosModules.default
|
2023-06-20 18:58:55 +02:00
|
|
|
fieldpoc.nixosModules.default
|
2023-05-09 11:56:53 +02:00
|
|
|
nixos-exporter.nixosModules.default
|
2023-03-23 16:45:30 +01:00
|
|
|
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
|
2024-04-20 23:20:14 +02:00
|
|
|
sops-nix.nixosModules.sops
|
2023-03-23 16:45:30 +01:00
|
|
|
(../hosts + "/${name}/configuration.nix")
|
2023-05-01 12:09:47 +02:00
|
|
|
# Automatically load secrets from the hosts secrets directory
|
|
|
|
({ lib, ... }: let
|
|
|
|
secretsPath = ../hosts + "/${name}/secrets";
|
|
|
|
in {
|
|
|
|
age.secrets = lib.mapAttrs' (filename: _: lib.nameValuePair (lib.removeSuffix ".age" filename) {
|
|
|
|
file = secretsPath + "/${filename}";
|
|
|
|
}) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {}));
|
|
|
|
})
|
2024-04-20 23:20:14 +02:00
|
|
|
# Automatically load secrets from sops file for host
|
2024-04-21 15:51:25 +02:00
|
|
|
({ config, lib, ... }: {
|
2024-04-20 23:20:14 +02:00
|
|
|
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
|
2024-04-21 15:51:25 +02:00
|
|
|
sops.secrets = let
|
|
|
|
secretFile = config.sops.defaultSopsFile;
|
|
|
|
secretNames = builtins.filter (name: name != "sops") (builtins.attrNames (builtins.fromJSON (builtins.readFile secretFile)));
|
|
|
|
secrets = if builtins.pathExists secretFile then
|
|
|
|
lib.listToAttrs (builtins.map (name: lib.nameValuePair name {}) secretNames)
|
|
|
|
else
|
|
|
|
{};
|
|
|
|
in
|
|
|
|
secrets;
|
2024-04-20 23:20:14 +02:00
|
|
|
})
|
2023-03-23 16:45:30 +01:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2023-04-16 16:37:11 +02:00
|
|
|
mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts;
|
|
|
|
|
2023-03-23 16:45:30 +01:00
|
|
|
generateColmenaHost = name: hostSystem: {
|
|
|
|
deployment = {
|
2024-04-08 08:17:19 +02:00
|
|
|
targetHost = hostSystem.config.networking.fqdn;
|
2023-03-23 16:45:30 +01:00
|
|
|
targetUser = null;
|
2023-04-21 23:03:11 +02:00
|
|
|
tags = let
|
|
|
|
group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config;
|
|
|
|
in nixpkgs.lib.lists.optional (group != null) group;
|
2023-03-23 16:45:30 +01:00
|
|
|
};
|
|
|
|
nixpkgs.system = hostSystem.config.nixpkgs.system;
|
|
|
|
imports = hostSystem._module.args.modules;
|
2023-11-07 19:27:01 +01:00
|
|
|
deployment.allowLocalDeployment = builtins.any (n: n == name) [ "osmium" ];
|
2023-03-23 16:45:30 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
mapToColmenaHosts = hosts: builtins.mapAttrs (generateColmenaHost) hosts;
|
|
|
|
|
2023-04-16 15:50:10 +02:00
|
|
|
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
|
2023-03-23 16:45:30 +01:00
|
|
|
}
|