From c2062145b0d2486a4dde34b77843456310a569c0 Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 13 May 2024 13:18:10 +0200 Subject: [PATCH 1/9] flake.nix: Remove special nixpkgs tracking for krypton --- flake.lock | 17 ----------------- flake.nix | 1 - 2 files changed, 18 deletions(-) diff --git a/flake.lock b/flake.lock index 4fd0764..f06f8e4 100644 --- a/flake.lock +++ b/flake.lock @@ -190,22 +190,6 @@ "type": "github" } }, - "nixpkgs-krypton": { - "locked": { - "lastModified": 1713297878, - "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1713434076, @@ -263,7 +247,6 @@ "nixos-exporter": "nixos-exporter", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", - "nixpkgs-krypton": "nixpkgs-krypton", "solid-xmpp-alarm": "solid-xmpp-alarm", "sops-nix": "sops-nix", "ssh-to-age": "ssh-to-age" diff --git a/flake.nix b/flake.nix index a82af9f..7019623 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,6 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; bij = { url = "git+https://git.clerie.de/clerie/bij.git"; From 921076703628bb40e8227299532c7083e547be72 Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 13 May 2024 16:05:48 +0200 Subject: [PATCH 2/9] flake.nix: Centralize overlays --- flake.nix | 19 ++++--------------- flake/nixpkgs.nix | 17 +++++++++++++++++ flake/overlay.nix | 14 ++++++++++++++ lib/flake-helper.nix | 9 ++------- 4 files changed, 37 insertions(+), 22 deletions(-) create mode 100644 flake/nixpkgs.nix create mode 100644 flake/overlay.nix diff --git a/flake.nix b/flake.nix index 7019623..982a51c 100644 --- a/flake.nix +++ b/flake.nix @@ -35,6 +35,7 @@ outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let lib = import ./lib inputs; helper = lib.flake-helper; + localNixpkgs = import ./flake/nixpkgs.nix inputs; in { clerie.hosts = { aluminium = { @@ -93,30 +94,18 @@ colmena = { meta = { - nixpkgs = import nixpkgs { - system = "x86_64-linux"; - }; + nixpkgs = localNixpkgs.x86_64-linux; }; } // helper.mapToColmenaHosts self.nixosConfigurations; overlays = { + nixfilesInputs = import ./flake/overlay.nix inputs; clerie = import ./pkgs/overlay.nix; default = self.overlays.clerie; }; packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let - pkgs = import nixpkgs { - inherit system; - overlays = [ - self.overlays.clerie - (_: _: { - inherit (chaosevents.packages.${system}) - chaosevents; - inherit (ssh-to-age.packages.${system}) - ssh-to-age; - }) - ]; - }; + pkgs = localNixpkgs.${system}; in { inherit (pkgs) clerie-keys diff --git a/flake/nixpkgs.nix b/flake/nixpkgs.nix new file mode 100644 index 0000000..08d7246 --- /dev/null +++ b/flake/nixpkgs.nix @@ -0,0 +1,17 @@ +{ self +, nixpkgs +, ... +}@inputs: + +let + mkNixpkgs = { system, ... }@args: + import nixpkgs { + inherit system; + overlays = [ + self.overlays.nixfilesInputs + self.overlays.clerie + ]; + }; + +in + nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: mkNixpkgs { inherit system; }) diff --git a/flake/overlay.nix b/flake/overlay.nix new file mode 100644 index 0000000..6b0e364 --- /dev/null +++ b/flake/overlay.nix @@ -0,0 +1,14 @@ +{ self +, bij +, chaosevents +, ssh-to-age +, ... +}@inputs: +final: prev: { + inherit (bij.packages.${final.system}) + bij; + inherit (chaosevents.packages.${final.system}) + chaosevents; + inherit (ssh-to-age.packages.${final.system}) + ssh-to-age; +} diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index 1778c7b..4557974 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -1,4 +1,4 @@ -{ self, nixpkgs, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs: +{ self, nixpkgs, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs: rec { generateNixosSystem = { @@ -26,13 +26,8 @@ rec { ../users/clerie ({ ... }: { nixpkgs.overlays = [ + self.overlays.nixfilesInputs self.overlays.clerie - (_: _: { - inherit (bij.packages."${system}") - bij; - inherit (chaosevents.packages."x86_64-linux") - chaosevents; - }) ]; clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; }; }) From 1f7ffd82ba6f9ab709b1e5c45fbb886000850641 Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 13 May 2024 16:11:09 +0200 Subject: [PATCH 3/9] flake.nix: Remove colmena --- configuration/common/programs.nix | 1 - flake.nix | 6 ------ lib/default.nix | 2 -- lib/flake-helper.nix | 15 --------------- 4 files changed, 24 deletions(-) diff --git a/configuration/common/programs.nix b/configuration/common/programs.nix index 61e70be..a970166 100644 --- a/configuration/common/programs.nix +++ b/configuration/common/programs.nix @@ -13,7 +13,6 @@ # Deployment bij - colmena clerie-sops clerie-sops-edit sops diff --git a/flake.nix b/flake.nix index 982a51c..3fac2d4 100644 --- a/flake.nix +++ b/flake.nix @@ -92,12 +92,6 @@ nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts; - colmena = { - meta = { - nixpkgs = localNixpkgs.x86_64-linux; - }; - } // helper.mapToColmenaHosts self.nixosConfigurations; - overlays = { nixfilesInputs = import ./flake/overlay.nix inputs; clerie = import ./pkgs/overlay.nix; diff --git a/lib/default.nix b/lib/default.nix index d43387f..d0ff32d 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,8 +11,6 @@ let inherit ("flake-helper") generateNixosSystem mapToNixosConfigurations - generateColmenaHost - mapToColmenaHosts buildHosts; clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix; }; diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index 4557974..eb78beb 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -55,20 +55,5 @@ rec { mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts; - generateColmenaHost = name: hostSystem: { - deployment = { - targetHost = hostSystem.config.networking.fqdn; - targetUser = null; - tags = let - group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config; - in nixpkgs.lib.lists.optional (group != null) group; - }; - nixpkgs.system = hostSystem.config.nixpkgs.system; - imports = hostSystem._module.args.modules; - deployment.allowLocalDeployment = builtins.any (n: n == name) [ "osmium" ]; - }; - - mapToColmenaHosts = hosts: builtins.mapAttrs (generateColmenaHost) hosts; - buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts); } From 6beb8db05a8ef717318186c72d10908eef8096be Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 13 May 2024 16:21:47 +0200 Subject: [PATCH 4/9] flake.nix: Move hydraJobs to seperate file --- flake.nix | 7 +------ flake/hydraJobs.nix | 15 +++++++++++++++ lib/default.nix | 3 +-- lib/flake-helper.nix | 2 -- 4 files changed, 17 insertions(+), 10 deletions(-) create mode 100644 flake/hydraJobs.nix diff --git a/flake.nix b/flake.nix index 3fac2d4..7c178b5 100644 --- a/flake.nix +++ b/flake.nix @@ -124,12 +124,7 @@ inherit lib self; - hydraJobs = { - inherit (self) - packages; - nixosConfigurations = helper.buildHosts self.nixosConfigurations; - iso = self.nixosConfigurations._iso.config.system.build.isoImage; - }; + hydraJobs = import ./flake/hydraJobs.nix inputs; nixConfig = { extra-substituters = [ diff --git a/flake/hydraJobs.nix b/flake/hydraJobs.nix new file mode 100644 index 0000000..017901b --- /dev/null +++ b/flake/hydraJobs.nix @@ -0,0 +1,15 @@ +{ self +, nixpkgs +, ... +}@inputs: + +let + + buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts); + +in { + inherit (self) + packages; + nixosConfigurations = buildHosts self.nixosConfigurations; + iso = self.nixosConfigurations._iso.config.system.build.isoImage; +} diff --git a/lib/default.nix b/lib/default.nix index d0ff32d..8d796fc 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -10,8 +10,7 @@ let flake-helper = callLibs ./flake-helper.nix; inherit ("flake-helper") generateNixosSystem - mapToNixosConfigurations - buildHosts; + mapToNixosConfigurations; clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix; }; diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index eb78beb..146b889 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -54,6 +54,4 @@ rec { }; mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts; - - buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts); } From e7775284350ae8cd848f6239011e915d6d61b81c Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 13 May 2024 16:33:20 +0200 Subject: [PATCH 5/9] flake.nix: Expose modules in flake --- configuration/common/default.nix | 2 -- flake.nix | 5 +++++ lib/flake-helper.nix | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/configuration/common/default.nix b/configuration/common/default.nix index d3f068d..a054e1c 100644 --- a/configuration/common/default.nix +++ b/configuration/common/default.nix @@ -2,8 +2,6 @@ { imports = [ - ../../modules - ./backup.nix ./locale.nix ./networking.nix diff --git a/flake.nix b/flake.nix index 7c178b5..82ccf23 100644 --- a/flake.nix +++ b/flake.nix @@ -92,6 +92,11 @@ nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts; + nixosModules = { + clerie = import ./modules; + default = self.nixosModules.clerie; + }; + overlays = { nixfilesInputs = import ./flake/overlay.nix inputs; clerie = import ./pkgs/overlay.nix; diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index 146b889..8fd9dc3 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -11,6 +11,7 @@ rec { in localNixpkgs.lib.nixosSystem { system = system; modules = modules ++ [ + self.nixosModules.clerie ({ ... }: { /* Make the contents of the flake availiable to modules. From 0453d346064e6f44507b03bc8a4b87f06bac7958 Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 13 May 2024 16:44:21 +0200 Subject: [PATCH 6/9] flake/modules.nix seperate out modules from inputs --- flake.nix | 1 + flake/modules.nix | 19 +++++++++++++++++++ lib/flake-helper.nix | 6 +----- 3 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 flake/modules.nix diff --git a/flake.nix b/flake.nix index 82ccf23..377452a 100644 --- a/flake.nix +++ b/flake.nix @@ -93,6 +93,7 @@ nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts; nixosModules = { + nixfilesInputs = import ./flake/modules.nix inputs; clerie = import ./modules; default = self.nixosModules.clerie; }; diff --git a/flake/modules.nix b/flake/modules.nix new file mode 100644 index 0000000..9ba5b94 --- /dev/null +++ b/flake/modules.nix @@ -0,0 +1,19 @@ +{ self +, fernglas +, fieldpoc +, nixos-exporter +, solid-xmpp-alarm +, sops-nix +, ... +}@inputs: +{ ... }: + +{ + imports = [ + fernglas.nixosModules.default + fieldpoc.nixosModules.default + nixos-exporter.nixosModules.default + solid-xmpp-alarm.nixosModules.solid-xmpp-alarm + sops-nix.nixosModules.sops + ]; +} diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index 8fd9dc3..d8e9878 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -11,6 +11,7 @@ rec { in localNixpkgs.lib.nixosSystem { system = system; modules = modules ++ [ + self.nixosModules.nixfilesInputs self.nixosModules.clerie ({ ... }: { /* @@ -32,11 +33,6 @@ rec { ]; clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; }; }) - fernglas.nixosModules.default - fieldpoc.nixosModules.default - nixos-exporter.nixosModules.default - solid-xmpp-alarm.nixosModules.solid-xmpp-alarm - sops-nix.nixosModules.sops (../hosts + "/${name}/configuration.nix") # Automatically load secrets from sops file for host ({ config, lib, ... }: { From 2a3281a7c4401c09fc85ea64d2561ea59f01764a Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 13 May 2024 17:00:03 +0200 Subject: [PATCH 7/9] lib/flake-helper.nix: Restrcuture host module references --- lib/flake-helper.nix | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index d8e9878..ff81862 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -13,7 +13,14 @@ rec { modules = modules ++ [ self.nixosModules.nixfilesInputs self.nixosModules.clerie - ({ ... }: { + + ({ config, lib, ... }: { + # Apply overlays + nixpkgs.overlays = [ + self.overlays.nixfilesInputs + self.overlays.clerie + ]; + /* Make the contents of the flake availiable to modules. Useful for having the monitoring server scraping the @@ -23,19 +30,11 @@ rec { inputs = inputs; _nixfiles = self; }; - }) - ../configuration/common - ../users/clerie - ({ ... }: { - nixpkgs.overlays = [ - self.overlays.nixfilesInputs - self.overlays.clerie - ]; + + # Expose host group to monitoring clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; }; - }) - (../hosts + "/${name}/configuration.nix") - # Automatically load secrets from sops file for host - ({ config, lib, ... }: { + + # Automatically load secrets from sops file for host sops.defaultSopsFile = ../hosts + "/${name}/secrets.json"; sops.secrets = let secretFile = config.sops.defaultSopsFile; @@ -47,6 +46,13 @@ rec { in secrets; }) + + # Config to be applied to every host + ../configuration/common + ../users/clerie + + # Host specific config + (../hosts + "/${name}/configuration.nix") ]; }; From d55dc358824179f8fa3758ee927a1e6d12be733d Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 13 May 2024 17:39:54 +0200 Subject: [PATCH 8/9] lib/flake-helper.nix,flake/nixosConfigurations.nix: Move functions to flake directory --- flake.nix | 2 +- lib/flake-helper.nix => flake/nixosConfigurations.nix | 11 ++++++++--- lib/default.nix | 4 ---- 3 files changed, 9 insertions(+), 8 deletions(-) rename lib/flake-helper.nix => flake/nixosConfigurations.nix (94%) diff --git a/flake.nix b/flake.nix index 377452a..573bd9f 100644 --- a/flake.nix +++ b/flake.nix @@ -90,7 +90,7 @@ _iso = { name = "_iso"; }; }; - nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts; + nixosConfigurations = import ./flake/nixosConfigurations.nix inputs; nixosModules = { nixfilesInputs = import ./flake/modules.nix inputs; diff --git a/lib/flake-helper.nix b/flake/nixosConfigurations.nix similarity index 94% rename from lib/flake-helper.nix rename to flake/nixosConfigurations.nix index ff81862..276d3c5 100644 --- a/lib/flake-helper.nix +++ b/flake/nixosConfigurations.nix @@ -1,6 +1,9 @@ -{ self, nixpkgs, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs: +{ self +, nixpkgs +, ... +}@inputs: -rec { +let generateNixosSystem = { name, system ? "x86_64-linux", @@ -57,4 +60,6 @@ rec { }; mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts; -} + +in + mapToNixosConfigurations self.clerie.hosts diff --git a/lib/default.nix b/lib/default.nix index 8d796fc..0d1d47a 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -7,10 +7,6 @@ let } // inputs); lib = { - flake-helper = callLibs ./flake-helper.nix; - inherit ("flake-helper") - generateNixosSystem - mapToNixosConfigurations; clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix; }; From d219d97389240e891e24e70abfa087dd9391f0ad Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Tue, 14 May 2024 03:04:09 +0200 Subject: [PATCH 9/9] Update nixpkgs 2024-05-14-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index f06f8e4..a524999 100644 --- a/flake.lock +++ b/flake.lock @@ -224,11 +224,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1713297878, - "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=", + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "type": "github" }, "original": {