1
0

Compare commits

...

10 Commits

10 changed files with 106 additions and 99 deletions

View File

@ -2,8 +2,6 @@
{ {
imports = [ imports = [
../../modules
./backup.nix ./backup.nix
./locale.nix ./locale.nix
./networking.nix ./networking.nix

View File

@ -13,7 +13,6 @@
# Deployment # Deployment
bij bij
colmena
clerie-sops clerie-sops
clerie-sops-edit clerie-sops-edit
sops sops

View File

@ -190,22 +190,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-krypton": {
"locked": {
"lastModified": 1713297878,
"narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1713434076, "lastModified": 1713434076,
@ -240,11 +224,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1715447595, "lastModified": 1715534503,
"narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -263,7 +247,6 @@
"nixos-exporter": "nixos-exporter", "nixos-exporter": "nixos-exporter",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-krypton": "nixpkgs-krypton",
"solid-xmpp-alarm": "solid-xmpp-alarm", "solid-xmpp-alarm": "solid-xmpp-alarm",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"ssh-to-age": "ssh-to-age" "ssh-to-age": "ssh-to-age"

View File

@ -1,7 +1,6 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
bij = { bij = {
url = "git+https://git.clerie.de/clerie/bij.git"; url = "git+https://git.clerie.de/clerie/bij.git";
@ -36,6 +35,7 @@
outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
lib = import ./lib inputs; lib = import ./lib inputs;
helper = lib.flake-helper; helper = lib.flake-helper;
localNixpkgs = import ./flake/nixpkgs.nix inputs;
in { in {
clerie.hosts = { clerie.hosts = {
aluminium = { aluminium = {
@ -90,34 +90,22 @@
_iso = { name = "_iso"; }; _iso = { name = "_iso"; };
}; };
nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts; nixosConfigurations = import ./flake/nixosConfigurations.nix inputs;
colmena = { nixosModules = {
meta = { nixfilesInputs = import ./flake/modules.nix inputs;
nixpkgs = import nixpkgs { clerie = import ./modules;
system = "x86_64-linux"; default = self.nixosModules.clerie;
}; };
};
} // helper.mapToColmenaHosts self.nixosConfigurations;
overlays = { overlays = {
nixfilesInputs = import ./flake/overlay.nix inputs;
clerie = import ./pkgs/overlay.nix; clerie = import ./pkgs/overlay.nix;
default = self.overlays.clerie; default = self.overlays.clerie;
}; };
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
pkgs = import nixpkgs { pkgs = localNixpkgs.${system};
inherit system;
overlays = [
self.overlays.clerie
(_: _: {
inherit (chaosevents.packages.${system})
chaosevents;
inherit (ssh-to-age.packages.${system})
ssh-to-age;
})
];
};
in { in {
inherit (pkgs) inherit (pkgs)
clerie-keys clerie-keys
@ -142,12 +130,7 @@
inherit lib self; inherit lib self;
hydraJobs = { hydraJobs = import ./flake/hydraJobs.nix inputs;
inherit (self)
packages;
nixosConfigurations = helper.buildHosts self.nixosConfigurations;
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
};
nixConfig = { nixConfig = {
extra-substituters = [ extra-substituters = [

15
flake/hydraJobs.nix Normal file
View File

@ -0,0 +1,15 @@
{ self
, nixpkgs
, ...
}@inputs:
let
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
in {
inherit (self)
packages;
nixosConfigurations = buildHosts self.nixosConfigurations;
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
}

19
flake/modules.nix Normal file
View File

@ -0,0 +1,19 @@
{ self
, fernglas
, fieldpoc
, nixos-exporter
, solid-xmpp-alarm
, sops-nix
, ...
}@inputs:
{ ... }:
{
imports = [
fernglas.nixosModules.default
fieldpoc.nixosModules.default
nixos-exporter.nixosModules.default
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
sops-nix.nixosModules.sops
];
}

View File

@ -1,6 +1,9 @@
{ self, nixpkgs, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs: { self
, nixpkgs
, ...
}@inputs:
rec { let
generateNixosSystem = { generateNixosSystem = {
name, name,
system ? "x86_64-linux", system ? "x86_64-linux",
@ -11,7 +14,16 @@ rec {
in localNixpkgs.lib.nixosSystem { in localNixpkgs.lib.nixosSystem {
system = system; system = system;
modules = modules ++ [ modules = modules ++ [
({ ... }: { self.nixosModules.nixfilesInputs
self.nixosModules.clerie
({ config, lib, ... }: {
# Apply overlays
nixpkgs.overlays = [
self.overlays.nixfilesInputs
self.overlays.clerie
];
/* /*
Make the contents of the flake availiable to modules. Make the contents of the flake availiable to modules.
Useful for having the monitoring server scraping the Useful for having the monitoring server scraping the
@ -21,29 +33,11 @@ rec {
inputs = inputs; inputs = inputs;
_nixfiles = self; _nixfiles = self;
}; };
})
../configuration/common # Expose host group to monitoring
../users/clerie
({ ... }: {
nixpkgs.overlays = [
self.overlays.clerie
(_: _: {
inherit (bij.packages."${system}")
bij;
inherit (chaosevents.packages."x86_64-linux")
chaosevents;
})
];
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; }; clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
})
fernglas.nixosModules.default
fieldpoc.nixosModules.default
nixos-exporter.nixosModules.default
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
sops-nix.nixosModules.sops
(../hosts + "/${name}/configuration.nix")
# Automatically load secrets from sops file for host # Automatically load secrets from sops file for host
({ config, lib, ... }: {
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json"; sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
sops.secrets = let sops.secrets = let
secretFile = config.sops.defaultSopsFile; secretFile = config.sops.defaultSopsFile;
@ -55,25 +49,17 @@ rec {
in in
secrets; secrets;
}) })
# Config to be applied to every host
../configuration/common
../users/clerie
# Host specific config
(../hosts + "/${name}/configuration.nix")
]; ];
}; };
mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts; mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts;
generateColmenaHost = name: hostSystem: { in
deployment = { mapToNixosConfigurations self.clerie.hosts
targetHost = hostSystem.config.networking.fqdn;
targetUser = null;
tags = let
group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config;
in nixpkgs.lib.lists.optional (group != null) group;
};
nixpkgs.system = hostSystem.config.nixpkgs.system;
imports = hostSystem._module.args.modules;
deployment.allowLocalDeployment = builtins.any (n: n == name) [ "osmium" ];
};
mapToColmenaHosts = hosts: builtins.mapAttrs (generateColmenaHost) hosts;
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
}

17
flake/nixpkgs.nix Normal file
View File

@ -0,0 +1,17 @@
{ self
, nixpkgs
, ...
}@inputs:
let
mkNixpkgs = { system, ... }@args:
import nixpkgs {
inherit system;
overlays = [
self.overlays.nixfilesInputs
self.overlays.clerie
];
};
in
nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: mkNixpkgs { inherit system; })

14
flake/overlay.nix Normal file
View File

@ -0,0 +1,14 @@
{ self
, bij
, chaosevents
, ssh-to-age
, ...
}@inputs:
final: prev: {
inherit (bij.packages.${final.system})
bij;
inherit (chaosevents.packages.${final.system})
chaosevents;
inherit (ssh-to-age.packages.${final.system})
ssh-to-age;
}

View File

@ -7,13 +7,6 @@ let
} // inputs); } // inputs);
lib = { lib = {
flake-helper = callLibs ./flake-helper.nix;
inherit ("flake-helper")
generateNixosSystem
mapToNixosConfigurations
generateColmenaHost
mapToColmenaHosts
buildHosts;
clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix; clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix;
}; };