Compare commits
No commits in common. "643d9ff028605c40e29da8c332047e79bfb43849" and "f16829ad747394fbf9f153cc3416ae0ef38c1d54" have entirely different histories.
643d9ff028
...
f16829ad74
@ -2,6 +2,8 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules
|
||||
|
||||
./backup.nix
|
||||
./locale.nix
|
||||
./networking.nix
|
||||
|
@ -13,6 +13,7 @@
|
||||
|
||||
# Deployment
|
||||
bij
|
||||
colmena
|
||||
clerie-sops
|
||||
clerie-sops-edit
|
||||
sops
|
||||
|
23
flake.lock
23
flake.lock
@ -190,6 +190,22 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-krypton": {
|
||||
"locked": {
|
||||
"lastModified": 1713297878,
|
||||
"narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1713434076,
|
||||
@ -224,11 +240,11 @@
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1715534503,
|
||||
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
|
||||
"lastModified": 1715447595,
|
||||
"narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
|
||||
"rev": "062ca2a9370a27a35c524dc82d540e6e9824b652",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -247,6 +263,7 @@
|
||||
"nixos-exporter": "nixos-exporter",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-krypton": "nixpkgs-krypton",
|
||||
"solid-xmpp-alarm": "solid-xmpp-alarm",
|
||||
"sops-nix": "sops-nix",
|
||||
"ssh-to-age": "ssh-to-age"
|
||||
|
35
flake.nix
35
flake.nix
@ -1,6 +1,7 @@
|
||||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
bij = {
|
||||
url = "git+https://git.clerie.de/clerie/bij.git";
|
||||
@ -35,7 +36,6 @@
|
||||
outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
|
||||
lib = import ./lib inputs;
|
||||
helper = lib.flake-helper;
|
||||
localNixpkgs = import ./flake/nixpkgs.nix inputs;
|
||||
in {
|
||||
clerie.hosts = {
|
||||
aluminium = {
|
||||
@ -90,22 +90,34 @@
|
||||
_iso = { name = "_iso"; };
|
||||
};
|
||||
|
||||
nixosConfigurations = import ./flake/nixosConfigurations.nix inputs;
|
||||
nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts;
|
||||
|
||||
nixosModules = {
|
||||
nixfilesInputs = import ./flake/modules.nix inputs;
|
||||
clerie = import ./modules;
|
||||
default = self.nixosModules.clerie;
|
||||
colmena = {
|
||||
meta = {
|
||||
nixpkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
};
|
||||
} // helper.mapToColmenaHosts self.nixosConfigurations;
|
||||
|
||||
overlays = {
|
||||
nixfilesInputs = import ./flake/overlay.nix inputs;
|
||||
clerie = import ./pkgs/overlay.nix;
|
||||
default = self.overlays.clerie;
|
||||
};
|
||||
|
||||
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
|
||||
pkgs = localNixpkgs.${system};
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [
|
||||
self.overlays.clerie
|
||||
(_: _: {
|
||||
inherit (chaosevents.packages.${system})
|
||||
chaosevents;
|
||||
inherit (ssh-to-age.packages.${system})
|
||||
ssh-to-age;
|
||||
})
|
||||
];
|
||||
};
|
||||
in {
|
||||
inherit (pkgs)
|
||||
clerie-keys
|
||||
@ -130,7 +142,12 @@
|
||||
|
||||
inherit lib self;
|
||||
|
||||
hydraJobs = import ./flake/hydraJobs.nix inputs;
|
||||
hydraJobs = {
|
||||
inherit (self)
|
||||
packages;
|
||||
nixosConfigurations = helper.buildHosts self.nixosConfigurations;
|
||||
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
|
||||
};
|
||||
|
||||
nixConfig = {
|
||||
extra-substituters = [
|
||||
|
@ -1,15 +0,0 @@
|
||||
{ self
|
||||
, nixpkgs
|
||||
, ...
|
||||
}@inputs:
|
||||
|
||||
let
|
||||
|
||||
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
|
||||
|
||||
in {
|
||||
inherit (self)
|
||||
packages;
|
||||
nixosConfigurations = buildHosts self.nixosConfigurations;
|
||||
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
|
||||
}
|
@ -1,19 +0,0 @@
|
||||
{ self
|
||||
, fernglas
|
||||
, fieldpoc
|
||||
, nixos-exporter
|
||||
, solid-xmpp-alarm
|
||||
, sops-nix
|
||||
, ...
|
||||
}@inputs:
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
fernglas.nixosModules.default
|
||||
fieldpoc.nixosModules.default
|
||||
nixos-exporter.nixosModules.default
|
||||
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
}
|
@ -1,17 +0,0 @@
|
||||
{ self
|
||||
, nixpkgs
|
||||
, ...
|
||||
}@inputs:
|
||||
|
||||
let
|
||||
mkNixpkgs = { system, ... }@args:
|
||||
import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [
|
||||
self.overlays.nixfilesInputs
|
||||
self.overlays.clerie
|
||||
];
|
||||
};
|
||||
|
||||
in
|
||||
nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: mkNixpkgs { inherit system; })
|
@ -1,14 +0,0 @@
|
||||
{ self
|
||||
, bij
|
||||
, chaosevents
|
||||
, ssh-to-age
|
||||
, ...
|
||||
}@inputs:
|
||||
final: prev: {
|
||||
inherit (bij.packages.${final.system})
|
||||
bij;
|
||||
inherit (chaosevents.packages.${final.system})
|
||||
chaosevents;
|
||||
inherit (ssh-to-age.packages.${final.system})
|
||||
ssh-to-age;
|
||||
}
|
@ -7,6 +7,13 @@ let
|
||||
} // inputs);
|
||||
|
||||
lib = {
|
||||
flake-helper = callLibs ./flake-helper.nix;
|
||||
inherit ("flake-helper")
|
||||
generateNixosSystem
|
||||
mapToNixosConfigurations
|
||||
generateColmenaHost
|
||||
mapToColmenaHosts
|
||||
buildHosts;
|
||||
clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix;
|
||||
};
|
||||
|
||||
|
@ -1,9 +1,6 @@
|
||||
{ self
|
||||
, nixpkgs
|
||||
, ...
|
||||
}@inputs:
|
||||
{ self, nixpkgs, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs:
|
||||
|
||||
let
|
||||
rec {
|
||||
generateNixosSystem = {
|
||||
name,
|
||||
system ? "x86_64-linux",
|
||||
@ -14,16 +11,7 @@ let
|
||||
in localNixpkgs.lib.nixosSystem {
|
||||
system = system;
|
||||
modules = modules ++ [
|
||||
self.nixosModules.nixfilesInputs
|
||||
self.nixosModules.clerie
|
||||
|
||||
({ config, lib, ... }: {
|
||||
# Apply overlays
|
||||
nixpkgs.overlays = [
|
||||
self.overlays.nixfilesInputs
|
||||
self.overlays.clerie
|
||||
];
|
||||
|
||||
({ ... }: {
|
||||
/*
|
||||
Make the contents of the flake availiable to modules.
|
||||
Useful for having the monitoring server scraping the
|
||||
@ -33,11 +21,29 @@ let
|
||||
inputs = inputs;
|
||||
_nixfiles = self;
|
||||
};
|
||||
|
||||
# Expose host group to monitoring
|
||||
})
|
||||
../configuration/common
|
||||
../users/clerie
|
||||
({ ... }: {
|
||||
nixpkgs.overlays = [
|
||||
self.overlays.clerie
|
||||
(_: _: {
|
||||
inherit (bij.packages."${system}")
|
||||
bij;
|
||||
inherit (chaosevents.packages."x86_64-linux")
|
||||
chaosevents;
|
||||
})
|
||||
];
|
||||
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
|
||||
|
||||
})
|
||||
fernglas.nixosModules.default
|
||||
fieldpoc.nixosModules.default
|
||||
nixos-exporter.nixosModules.default
|
||||
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
|
||||
sops-nix.nixosModules.sops
|
||||
(../hosts + "/${name}/configuration.nix")
|
||||
# Automatically load secrets from sops file for host
|
||||
({ config, lib, ... }: {
|
||||
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
|
||||
sops.secrets = let
|
||||
secretFile = config.sops.defaultSopsFile;
|
||||
@ -49,17 +55,25 @@ let
|
||||
in
|
||||
secrets;
|
||||
})
|
||||
|
||||
# Config to be applied to every host
|
||||
../configuration/common
|
||||
../users/clerie
|
||||
|
||||
# Host specific config
|
||||
(../hosts + "/${name}/configuration.nix")
|
||||
];
|
||||
};
|
||||
|
||||
mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts;
|
||||
|
||||
in
|
||||
mapToNixosConfigurations self.clerie.hosts
|
||||
generateColmenaHost = name: hostSystem: {
|
||||
deployment = {
|
||||
targetHost = hostSystem.config.networking.fqdn;
|
||||
targetUser = null;
|
||||
tags = let
|
||||
group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config;
|
||||
in nixpkgs.lib.lists.optional (group != null) group;
|
||||
};
|
||||
nixpkgs.system = hostSystem.config.nixpkgs.system;
|
||||
imports = hostSystem._module.args.modules;
|
||||
deployment.allowLocalDeployment = builtins.any (n: n == name) [ "osmium" ];
|
||||
};
|
||||
|
||||
mapToColmenaHosts = hosts: builtins.mapAttrs (generateColmenaHost) hosts;
|
||||
|
||||
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
|
||||
}
|
Loading…
Reference in New Issue
Block a user