1
0

Compare commits

...

10 Commits

10 changed files with 106 additions and 99 deletions

View File

@ -2,8 +2,6 @@
{
imports = [
../../modules
./backup.nix
./locale.nix
./networking.nix

View File

@ -13,7 +13,6 @@
# Deployment
bij
colmena
clerie-sops
clerie-sops-edit
sops

View File

@ -190,22 +190,6 @@
"type": "github"
}
},
"nixpkgs-krypton": {
"locked": {
"lastModified": 1713297878,
"narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1713434076,
@ -240,11 +224,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1715447595,
"narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=",
"lastModified": 1715534503,
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "062ca2a9370a27a35c524dc82d540e6e9824b652",
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
"type": "github"
},
"original": {
@ -263,7 +247,6 @@
"nixos-exporter": "nixos-exporter",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nixpkgs-krypton": "nixpkgs-krypton",
"solid-xmpp-alarm": "solid-xmpp-alarm",
"sops-nix": "sops-nix",
"ssh-to-age": "ssh-to-age"

View File

@ -1,7 +1,6 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
bij = {
url = "git+https://git.clerie.de/clerie/bij.git";
@ -36,6 +35,7 @@
outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
lib = import ./lib inputs;
helper = lib.flake-helper;
localNixpkgs = import ./flake/nixpkgs.nix inputs;
in {
clerie.hosts = {
aluminium = {
@ -90,34 +90,22 @@
_iso = { name = "_iso"; };
};
nixosConfigurations = helper.mapToNixosConfigurations self.clerie.hosts;
nixosConfigurations = import ./flake/nixosConfigurations.nix inputs;
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
nixosModules = {
nixfilesInputs = import ./flake/modules.nix inputs;
clerie = import ./modules;
default = self.nixosModules.clerie;
};
};
} // helper.mapToColmenaHosts self.nixosConfigurations;
overlays = {
nixfilesInputs = import ./flake/overlay.nix inputs;
clerie = import ./pkgs/overlay.nix;
default = self.overlays.clerie;
};
packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [
self.overlays.clerie
(_: _: {
inherit (chaosevents.packages.${system})
chaosevents;
inherit (ssh-to-age.packages.${system})
ssh-to-age;
})
];
};
pkgs = localNixpkgs.${system};
in {
inherit (pkgs)
clerie-keys
@ -142,12 +130,7 @@
inherit lib self;
hydraJobs = {
inherit (self)
packages;
nixosConfigurations = helper.buildHosts self.nixosConfigurations;
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
};
hydraJobs = import ./flake/hydraJobs.nix inputs;
nixConfig = {
extra-substituters = [

15
flake/hydraJobs.nix Normal file
View File

@ -0,0 +1,15 @@
{ self
, nixpkgs
, ...
}@inputs:
let
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
in {
inherit (self)
packages;
nixosConfigurations = buildHosts self.nixosConfigurations;
iso = self.nixosConfigurations._iso.config.system.build.isoImage;
}

19
flake/modules.nix Normal file
View File

@ -0,0 +1,19 @@
{ self
, fernglas
, fieldpoc
, nixos-exporter
, solid-xmpp-alarm
, sops-nix
, ...
}@inputs:
{ ... }:
{
imports = [
fernglas.nixosModules.default
fieldpoc.nixosModules.default
nixos-exporter.nixosModules.default
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
sops-nix.nixosModules.sops
];
}

View File

@ -1,6 +1,9 @@
{ self, nixpkgs, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, sops-nix, ... }@inputs:
{ self
, nixpkgs
, ...
}@inputs:
rec {
let
generateNixosSystem = {
name,
system ? "x86_64-linux",
@ -11,7 +14,16 @@ rec {
in localNixpkgs.lib.nixosSystem {
system = system;
modules = modules ++ [
({ ... }: {
self.nixosModules.nixfilesInputs
self.nixosModules.clerie
({ config, lib, ... }: {
# Apply overlays
nixpkgs.overlays = [
self.overlays.nixfilesInputs
self.overlays.clerie
];
/*
Make the contents of the flake availiable to modules.
Useful for having the monitoring server scraping the
@ -21,29 +33,11 @@ rec {
inputs = inputs;
_nixfiles = self;
};
})
../configuration/common
../users/clerie
({ ... }: {
nixpkgs.overlays = [
self.overlays.clerie
(_: _: {
inherit (bij.packages."${system}")
bij;
inherit (chaosevents.packages."x86_64-linux")
chaosevents;
})
];
# Expose host group to monitoring
clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
})
fernglas.nixosModules.default
fieldpoc.nixosModules.default
nixos-exporter.nixosModules.default
solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
sops-nix.nixosModules.sops
(../hosts + "/${name}/configuration.nix")
# Automatically load secrets from sops file for host
({ config, lib, ... }: {
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
sops.secrets = let
secretFile = config.sops.defaultSopsFile;
@ -55,25 +49,17 @@ rec {
in
secrets;
})
# Config to be applied to every host
../configuration/common
../users/clerie
# Host specific config
(../hosts + "/${name}/configuration.nix")
];
};
mapToNixosConfigurations = hosts: builtins.mapAttrs (name: host: generateNixosSystem host) hosts;
generateColmenaHost = name: hostSystem: {
deployment = {
targetHost = hostSystem.config.networking.fqdn;
targetUser = null;
tags = let
group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config;
in nixpkgs.lib.lists.optional (group != null) group;
};
nixpkgs.system = hostSystem.config.nixpkgs.system;
imports = hostSystem._module.args.modules;
deployment.allowLocalDeployment = builtins.any (n: n == name) [ "osmium" ];
};
mapToColmenaHosts = hosts: builtins.mapAttrs (generateColmenaHost) hosts;
buildHosts = hosts: builtins.mapAttrs (name: host: host.config.system.build.toplevel) (nixpkgs.lib.filterAttrs (name: host: (builtins.substring 0 1 name) != "_") hosts);
}
in
mapToNixosConfigurations self.clerie.hosts

17
flake/nixpkgs.nix Normal file
View File

@ -0,0 +1,17 @@
{ self
, nixpkgs
, ...
}@inputs:
let
mkNixpkgs = { system, ... }@args:
import nixpkgs {
inherit system;
overlays = [
self.overlays.nixfilesInputs
self.overlays.clerie
];
};
in
nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: mkNixpkgs { inherit system; })

14
flake/overlay.nix Normal file
View File

@ -0,0 +1,14 @@
{ self
, bij
, chaosevents
, ssh-to-age
, ...
}@inputs:
final: prev: {
inherit (bij.packages.${final.system})
bij;
inherit (chaosevents.packages.${final.system})
chaosevents;
inherit (ssh-to-age.packages.${final.system})
ssh-to-age;
}

View File

@ -7,13 +7,6 @@ let
} // inputs);
lib = {
flake-helper = callLibs ./flake-helper.nix;
inherit ("flake-helper")
generateNixosSystem
mapToNixosConfigurations
generateColmenaHost
mapToColmenaHosts
buildHosts;
clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix;
};