Compare commits
10 Commits
f16829ad74
...
643d9ff028
Author | SHA1 | Date | |
---|---|---|---|
643d9ff028 | |||
|
d219d97389 | ||
d55dc35882 | |||
2a3281a7c4 | |||
0453d34606 | |||
e777528435 | |||
6beb8db05a | |||
1f7ffd82ba | |||
9210767036 | |||
c2062145b0 |
@ -2,8 +2,6 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../modules
|
||||
|
||||
./backup.nix
|
||||
./locale.nix
|
||||
./networking.nix
|
||||
|
@ -13,7 +13,6 @@
|
||||
|
||||
# Deployment
|
||||
bij
|
||||
colmena
|
||||
clerie-sops
|
||||
clerie-sops-edit
|
||||
sops
|
||||
|
23
flake.lock
23
flake.lock
@ -190,22 +190,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-krypton": {
|
||||
"locked": {
|
||||
"lastModified": 1713297878,
|
||||
"narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1713434076,
|
||||
@ -240,11 +224,11 @@
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1715447595,
|
||||
"narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=",
|
||||
"lastModified": 1715534503,
|
||||
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "062ca2a9370a27a35c524dc82d540e6e9824b652",
|
||||
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -263,7 +247,6 @@
|
||||
"nixos-exporter": "nixos-exporter",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-krypton": "nixpkgs-krypton",
|
||||
"solid-xmpp-alarm": "solid-xmpp-alarm",
|
||||
"sops-nix": "sops-nix",
|
||||
"ssh-to-age": "ssh-to-age"
|
||||
|
35
flake.nix
35
flake.nix
@ -1,7 +1,6 @@
|
||||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
bij = {
|
||||
url = "git+https://git.clerie.de/clerie/bij.git";
|
||||
@ -36,6 +35,7 @@
|
||||
outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
|
||||
lib = import ./lib inputs;
|
||||
helper = lib.flake-helper;
|
||||
localNixpkgs = import ./flake/nixpkgs.nix inputs;
|
||||
in {
|
||||
clerie.hosts = {
|
||||
aluminium = {
|
||||
@ -90,34 +90,22 @@
|
||||
_iso = { name = "_iso"; };
|
||||
};
|
||||
|
||||
nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts;
|
||||
nixosConfigurations = import ./flake/nixosConfigurations.nix inputs;
|
||||
|
||||
colmena = {
|
||||
meta = {
|
||||
nixpkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
nixosModules = {
|
||||
nixfilesInputs = import ./flake/modules.nix inputs;
|
||||
clerie = import ./modules;
|
||||
default = self.nixosModules.clerie;
|
||||
};
|
||||
};
|
||||
} // helper.mapToColmenaHosts self.nixosConfigurations;
|
||||
|
||||
overlays = {
|
||||
nixfilesInputs = import ./flake/overlay.nix inputs;
|
||||
clerie = import ./pkgs/overlay.nix;
|
||||
default = self.overlays.clerie;
|
||||
};
|
||||
|
||||
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [
|
||||
self.overlays.clerie
|
||||
(_: _: {
|
||||
inherit (chaosevents.packages.${system})
|
||||
chaosevents;
|
||||
inherit (ssh-to-age.packages.${system})
|
||||
ssh-to-age;
|
||||
})
|
||||
];
|
||||
};
|
||||
pkgs = localNixpkgs.${system};
|
||||
in {
|
||||
inherit (pkgs)
|
||||
clerie-keys
|
||||
@ -142,12 +130,7 @@
|
||||
|
||||
inherit lib self;
|
||||
|
||||
hydraJobs = {
|
||||
inherit (self)
|
||||
packages;
|
||||
nixosConfigurations = helper.buildHosts self.nixosConfigurations;
|
||||
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
|
||||
};
|
||||
hydraJobs = import ./flake/hydraJobs.nix inputs;
|
||||
|
||||
nixConfig = {
|
||||
extra-substituters = [
|
||||
|
15
flake/hydraJobs.nix
Normal file
15
flake/hydraJobs.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{ self
|
||||
, nixpkgs
|
||||
, ...
|
||||
}@inputs:
|
||||
|
||||
let
|
||||
|
||||
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
|
||||
|
||||
in {
|
||||
inherit (self)
|
||||
packages;
|
||||
nixosConfigurations = buildHosts self.nixosConfigurations;
|
||||
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
|
||||
}
|
19
flake/modules.nix
Normal file
19
flake/modules.nix
Normal file
@ -0,0 +1,19 @@
|
||||
{ self
|
||||
, fernglas
|
||||
, fieldpoc
|
||||
, nixos-exporter
|
||||
, solid-xmpp-alarm
|
||||
, sops-nix
|
||||
, ...
|
||||
}@inputs:
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
fernglas.nixosModules.default
|
||||
fieldpoc.nixosModules.default
|
||||
nixos-exporter.nixosModules.default
|
||||
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
}
|
@ -1,6 +1,9 @@
|
||||
{ self, nixpkgs, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs:
|
||||
{ self
|
||||
, nixpkgs
|
||||
, ...
|
||||
}@inputs:
|
||||
|
||||
rec {
|
||||
let
|
||||
generateNixosSystem = {
|
||||
name,
|
||||
system ? "x86_64-linux",
|
||||
@ -11,7 +14,16 @@ rec {
|
||||
in localNixpkgs.lib.nixosSystem {
|
||||
system = system;
|
||||
modules = modules ++ [
|
||||
({ ... }: {
|
||||
self.nixosModules.nixfilesInputs
|
||||
self.nixosModules.clerie
|
||||
|
||||
({ config, lib, ... }: {
|
||||
# Apply overlays
|
||||
nixpkgs.overlays = [
|
||||
self.overlays.nixfilesInputs
|
||||
self.overlays.clerie
|
||||
];
|
||||
|
||||
/*
|
||||
Make the contents of the flake availiable to modules.
|
||||
Useful for having the monitoring server scraping the
|
||||
@ -21,29 +33,11 @@ rec {
|
||||
inputs = inputs;
|
||||
_nixfiles = self;
|
||||
};
|
||||
})
|
||||
../configuration/common
|
||||
../users/clerie
|
||||
({ ... }: {
|
||||
nixpkgs.overlays = [
|
||||
self.overlays.clerie
|
||||
(_: _: {
|
||||
inherit (bij.packages."${system}")
|
||||
bij;
|
||||
inherit (chaosevents.packages."x86_64-linux")
|
||||
chaosevents;
|
||||
})
|
||||
];
|
||||
|
||||
# Expose host group to monitoring
|
||||
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
|
||||
})
|
||||
fernglas.nixosModules.default
|
||||
fieldpoc.nixosModules.default
|
||||
nixos-exporter.nixosModules.default
|
||||
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
|
||||
sops-nix.nixosModules.sops
|
||||
(../hosts + "/${name}/configuration.nix")
|
||||
|
||||
# Automatically load secrets from sops file for host
|
||||
({ config, lib, ... }: {
|
||||
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
|
||||
sops.secrets = let
|
||||
secretFile = config.sops.defaultSopsFile;
|
||||
@ -55,25 +49,17 @@ rec {
|
||||
in
|
||||
secrets;
|
||||
})
|
||||
|
||||
# Config to be applied to every host
|
||||
../configuration/common
|
||||
../users/clerie
|
||||
|
||||
# Host specific config
|
||||
(../hosts + "/${name}/configuration.nix")
|
||||
];
|
||||
};
|
||||
|
||||
mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts;
|
||||
|
||||
generateColmenaHost = name: hostSystem: {
|
||||
deployment = {
|
||||
targetHost = hostSystem.config.networking.fqdn;
|
||||
targetUser = null;
|
||||
tags = let
|
||||
group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config;
|
||||
in nixpkgs.lib.lists.optional (group != null) group;
|
||||
};
|
||||
nixpkgs.system = hostSystem.config.nixpkgs.system;
|
||||
imports = hostSystem._module.args.modules;
|
||||
deployment.allowLocalDeployment = builtins.any (n: n == name) [ "osmium" ];
|
||||
};
|
||||
|
||||
mapToColmenaHosts = hosts: builtins.mapAttrs (generateColmenaHost) hosts;
|
||||
|
||||
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
|
||||
}
|
||||
in
|
||||
mapToNixosConfigurations self.clerie.hosts
|
17
flake/nixpkgs.nix
Normal file
17
flake/nixpkgs.nix
Normal file
@ -0,0 +1,17 @@
|
||||
{ self
|
||||
, nixpkgs
|
||||
, ...
|
||||
}@inputs:
|
||||
|
||||
let
|
||||
mkNixpkgs = { system, ... }@args:
|
||||
import nixpkgs {
|
||||
inherit system;
|
||||
overlays = [
|
||||
self.overlays.nixfilesInputs
|
||||
self.overlays.clerie
|
||||
];
|
||||
};
|
||||
|
||||
in
|
||||
nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: mkNixpkgs { inherit system; })
|
14
flake/overlay.nix
Normal file
14
flake/overlay.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{ self
|
||||
, bij
|
||||
, chaosevents
|
||||
, ssh-to-age
|
||||
, ...
|
||||
}@inputs:
|
||||
final: prev: {
|
||||
inherit (bij.packages.${final.system})
|
||||
bij;
|
||||
inherit (chaosevents.packages.${final.system})
|
||||
chaosevents;
|
||||
inherit (ssh-to-age.packages.${final.system})
|
||||
ssh-to-age;
|
||||
}
|
@ -7,13 +7,6 @@ let
|
||||
} // inputs);
|
||||
|
||||
lib = {
|
||||
flake-helper = callLibs ./flake-helper.nix;
|
||||
inherit ("flake-helper")
|
||||
generateNixosSystem
|
||||
mapToNixosConfigurations
|
||||
generateColmenaHost
|
||||
mapToColmenaHosts
|
||||
buildHosts;
|
||||
clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix;
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user