clerie/nixfiles
1
0
Fork 0
Code Activity

Update from updated-inputs-2024-05-14-01-03

Browse Source
This commit is contained in:
clerie
2024-05-14 03:04:12 +02:00
parent f16829ad74 d219d97389
commit 643d9ff028
10 changed files with 106 additions and 99 deletions

2
configuration/common/default.nix

@ -2,8 +2,6 @@
{ {
imports = [ imports = [
../../modules
./backup.nix ./backup.nix
./locale.nix ./locale.nix
./networking.nix ./networking.nix

1
configuration/common/programs.nix

@ -13,7 +13,6 @@
# Deployment # Deployment
bij bij
colmena
clerie-sops clerie-sops
clerie-sops-edit clerie-sops-edit
sops sops

23
flake.lock generated

@ -190,22 +190,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-krypton": {
"locked": {
"lastModified": 1713297878,
"narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1713434076, "lastModified": 1713434076,
@ -240,11 +224,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1715447595, "lastModified": 1715534503,
"narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -263,7 +247,6 @@
"nixos-exporter": "nixos-exporter", "nixos-exporter": "nixos-exporter",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-krypton": "nixpkgs-krypton",
"solid-xmpp-alarm": "solid-xmpp-alarm", "solid-xmpp-alarm": "solid-xmpp-alarm",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"ssh-to-age": "ssh-to-age" "ssh-to-age": "ssh-to-age"

37
flake.nix

@ -1,7 +1,6 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
bij = { bij = {
url = "git+https://git.clerie.de/clerie/bij.git"; url = "git+https://git.clerie.de/clerie/bij.git";
@ -36,6 +35,7 @@
outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
lib = import ./lib inputs; lib = import ./lib inputs;
helper = lib.flake-helper; helper = lib.flake-helper;
localNixpkgs = import ./flake/nixpkgs.nix inputs;
in { in {
clerie.hosts = { clerie.hosts = {
aluminium = { aluminium = {
@ -90,34 +90,22 @@
_iso = { name = "_iso"; }; _iso = { name = "_iso"; };
}; };
nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts; nixosConfigurations = import ./flake/nixosConfigurations.nix inputs;
colmena = { nixosModules = {
meta = { nixfilesInputs = import ./flake/modules.nix inputs;
nixpkgs = import nixpkgs { clerie = import ./modules;
system = "x86_64-linux"; default = self.nixosModules.clerie;
}; };
};
} // helper.mapToColmenaHosts self.nixosConfigurations;
overlays = { overlays = {
nixfilesInputs = import ./flake/overlay.nix inputs;
clerie = import ./pkgs/overlay.nix; clerie = import ./pkgs/overlay.nix;
default = self.overlays.clerie; default = self.overlays.clerie;
}; };
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
pkgs = import nixpkgs { pkgs = localNixpkgs.${system};
inherit system;
overlays = [
self.overlays.clerie
(_: _: {
inherit (chaosevents.packages.${system})
chaosevents;
inherit (ssh-to-age.packages.${system})
ssh-to-age;
})
];
};
in { in {
inherit (pkgs) inherit (pkgs)
clerie-keys clerie-keys
@ -142,12 +130,7 @@
inherit lib self; inherit lib self;
hydraJobs = { hydraJobs = import ./flake/hydraJobs.nix inputs;
inherit (self)
packages;
nixosConfigurations = helper.buildHosts self.nixosConfigurations;
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
};
nixConfig = { nixConfig = {
extra-substituters = [ extra-substituters = [

15
flake/hydraJobs.nix Normal file

@ -0,0 +1,15 @@
{ self
, nixpkgs
, ...
}@inputs:
let
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
in {
inherit (self)
packages;
nixosConfigurations = buildHosts self.nixosConfigurations;
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
}

19
flake/modules.nix Normal file

@ -0,0 +1,19 @@
{ self
, fernglas
, fieldpoc
, nixos-exporter
, solid-xmpp-alarm
, sops-nix
, ...
}@inputs:
{ ... }:
{
imports = [
fernglas.nixosModules.default
fieldpoc.nixosModules.default
nixos-exporter.nixosModules.default
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
sops-nix.nixosModules.sops
];
}

70
lib/flake-helper.nix → flake/nixosConfigurations.nix

@ -1,6 +1,9 @@
{ self, nixpkgs, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs: { self
, nixpkgs
, ...
}@inputs:
rec { let
generateNixosSystem = { generateNixosSystem = {
name, name,
system ? "x86_64-linux", system ? "x86_64-linux",
@ -11,7 +14,16 @@ rec {
in localNixpkgs.lib.nixosSystem { in localNixpkgs.lib.nixosSystem {
system = system; system = system;
modules = modules ++ [ modules = modules ++ [
({ ... }: { self.nixosModules.nixfilesInputs
self.nixosModules.clerie
({ config, lib, ... }: {
# Apply overlays
nixpkgs.overlays = [
self.overlays.nixfilesInputs
self.overlays.clerie
];
/* /*
Make the contents of the flake availiable to modules. Make the contents of the flake availiable to modules.
Useful for having the monitoring server scraping the Useful for having the monitoring server scraping the
@ -21,29 +33,11 @@ rec {
inputs = inputs; inputs = inputs;
_nixfiles = self; _nixfiles = self;
}; };
})
../configuration/common # Expose host group to monitoring
../users/clerie
({ ... }: {
nixpkgs.overlays = [
self.overlays.clerie
(_: _: {
inherit (bij.packages."${system}")
bij;
inherit (chaosevents.packages."x86_64-linux")
chaosevents;
})
];
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; }; clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
})
fernglas.nixosModules.default # Automatically load secrets from sops file for host
fieldpoc.nixosModules.default
nixos-exporter.nixosModules.default
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
sops-nix.nixosModules.sops
(../hosts + "/${name}/configuration.nix")
# Automatically load secrets from sops file for host
({ config, lib, ... }: {
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json"; sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
sops.secrets = let sops.secrets = let
secretFile = config.sops.defaultSopsFile; secretFile = config.sops.defaultSopsFile;
@ -55,25 +49,17 @@ rec {
in in
secrets; secrets;
}) })
# Config to be applied to every host
../configuration/common
../users/clerie
# Host specific config
(../hosts + "/${name}/configuration.nix")
]; ];
}; };
mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts; mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts;
generateColmenaHost = name: hostSystem: { in
deployment = { mapToNixosConfigurations self.clerie.hosts
targetHost = hostSystem.config.networking.fqdn;
targetUser = null;
tags = let
group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config;
in nixpkgs.lib.lists.optional (group != null) group;
};
nixpkgs.system = hostSystem.config.nixpkgs.system;
imports = hostSystem._module.args.modules;
deployment.allowLocalDeployment = builtins.any (n: n == name) [ "osmium" ];
};
mapToColmenaHosts = hosts: builtins.mapAttrs (generateColmenaHost) hosts;
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
}

17
flake/nixpkgs.nix Normal file

@ -0,0 +1,17 @@
{ self
, nixpkgs
, ...
}@inputs:
let
mkNixpkgs = { system, ... }@args:
import nixpkgs {
inherit system;
overlays = [
self.overlays.nixfilesInputs
self.overlays.clerie
];
};
in
nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: mkNixpkgs { inherit system; })

14
flake/overlay.nix Normal file

@ -0,0 +1,14 @@
{ self
, bij
, chaosevents
, ssh-to-age
, ...
}@inputs:
final: prev: {
inherit (bij.packages.${final.system})
bij;
inherit (chaosevents.packages.${final.system})
chaosevents;
inherit (ssh-to-age.packages.${final.system})
ssh-to-age;
}

7
lib/default.nix

@ -7,13 +7,6 @@ let
} // inputs); } // inputs);
lib = { lib = {
flake-helper = callLibs ./flake-helper.nix;
inherit ("flake-helper")
generateNixosSystem
mapToNixosConfigurations
generateColmenaHost
mapToColmenaHosts
buildHosts;
clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix; clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix;
}; };