230 lines
7.0 KiB
Nix
230 lines
7.0 KiB
Nix
{
|
|
description = "C3D2 NixOS configurations";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
|
|
secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
|
|
yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";
|
|
yammat.inputs.nixpkgs.follows = "nixpkgs";
|
|
scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git";
|
|
scrapers.flake = false;
|
|
tigger.url = "github:astro/tigger";
|
|
tigger.flake = false;
|
|
};
|
|
|
|
outputs = { self, nixpkgs, secrets, nixos-hardware, yammat, scrapers, tigger }:
|
|
let
|
|
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
|
|
|
|
hostRegistry = import ./host-registry.nix;
|
|
in {
|
|
|
|
overlay = import ./overlay;
|
|
|
|
legacyPackages = forAllSystems
|
|
(system: nixpkgs.legacyPackages.${system}.extend self.overlay);
|
|
|
|
packages = forAllSystems (system:
|
|
let
|
|
pkgs = self.legacyPackages.${system};
|
|
mkDeploy =
|
|
# Generate a small script for copying this flake to the
|
|
# remote machine and bulding and switching there.
|
|
# Can be run with nix run c3d2#deploy-…
|
|
name: host:
|
|
let target = "root@${host}";
|
|
in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
|
#!${pkgs.runtimeShell}
|
|
set -ev
|
|
nix-copy-closure --to ${target} ${secrets}
|
|
nix-copy-closure --to ${target} ${self}
|
|
if [ "$1" = "--flakify" ]; then
|
|
shift
|
|
exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command \"_NIXOS_REBUILD_REEXEC=1 nixos-rebuild --flake ${self}#${name} \"$@"
|
|
else
|
|
exec ssh -t ${target} nixos-rebuild --flake ${self}#${name} $@
|
|
fi
|
|
'';
|
|
mkWake = name:
|
|
pkgs.writeScriptBin "${name}-wake" ''
|
|
#!${pkgs.runtimeShell}
|
|
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}
|
|
'';
|
|
# TODO: check if the ethernet address is reachable and if not,
|
|
# execute wol on a machine in HQ.
|
|
in {
|
|
inherit (pkgs) bmxd;
|
|
|
|
dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;
|
|
|
|
glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
|
|
glotzbert-wake = mkWake "glotzbert";
|
|
|
|
pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";
|
|
pulsebert-wake = mkWake "pulsebert";
|
|
|
|
yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62";
|
|
|
|
freifunk-nixos-rebuild = mkDeploy "freifunk" "freifunk.core.zentralwerk.org";
|
|
|
|
matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4;
|
|
|
|
scrape-nixos-rebuild = mkDeploy "scrape" hostRegistry.hosts.scrape.ip4;
|
|
|
|
dn42-nixos-rebuild = mkDeploy "dn42" hostRegistry.hosts.dn42.ip4;
|
|
|
|
grafana-nixos-rebuild = mkDeploy "grafana" "grafana.hq.c3d2.de";
|
|
|
|
hydra-nixos-rebuild = mkDeploy "hydra" hostRegistry.hosts.hydra.ip4;
|
|
|
|
mucbot-nixos-rebuild = mkDeploy "mucbot" hostRegistry.hosts.mucbot.ip4;
|
|
|
|
kibana-nixos-rebuild = mkDeploy "kibana" hostRegistry.hosts.kibana.ip4;
|
|
});
|
|
|
|
nixosConfigurations = let
|
|
nixosSystem' =
|
|
# Our custom NixOS builder
|
|
{ extraArgs ? {}, ... }@args:
|
|
nixpkgs.lib.nixosSystem (args // {
|
|
extraArgs = extraArgs // {
|
|
inherit hostRegistry;
|
|
};
|
|
extraModules = [
|
|
self.nixosModules.c3d2
|
|
({ pkgs, ... }: {
|
|
nix = {
|
|
package = pkgs.nixFlakes;
|
|
extraOptions = "experimental-features = nix-command flakes";
|
|
};
|
|
nixpkgs.overlays = [ self.overlay ];
|
|
})
|
|
];
|
|
});
|
|
in {
|
|
|
|
dhcp = nixosSystem' {
|
|
modules = [
|
|
./hosts/containers/dhcp
|
|
secrets.nixosModules.admins
|
|
secrets.nixosModules.dhcp
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
freifunk = nixosSystem' {
|
|
modules = [
|
|
./hosts/containers/freifunk
|
|
({ ... }: {
|
|
nixpkgs.overlays = with secrets.overlays; [
|
|
freifunk ospf
|
|
];
|
|
})
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
glotzbert = nixosSystem' {
|
|
modules = [
|
|
./hosts/glotzbert
|
|
nixos-hardware.nixosModules.common-cpu-intel
|
|
nixos-hardware.nixosModules.common-pc-ssd
|
|
secrets.nixosModules.admins
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
pulsebert = nixosSystem' {
|
|
modules = [ ./hosts/pulsebert secrets.nixosModules.dhcp ];
|
|
system = "aarch64-linux";
|
|
};
|
|
|
|
yggdrasil = nixosSystem' {
|
|
modules = [
|
|
./hosts/containers/yggdrasil
|
|
./lib/lxc-container.nix
|
|
./lib/users/emery.nix
|
|
({ ... }: {
|
|
nixpkgs.overlays = [ secrets.overlays.ospf ];
|
|
})
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
matemat = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/matemat
|
|
yammat.nixosModule
|
|
secrets.nixosModules.admins
|
|
({ ... }: {
|
|
nixpkgs.overlays = [ secrets.overlays.matemat ];
|
|
})
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
scrape = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/scrape
|
|
({ ... }: {
|
|
nixpkgs.overlays = [ secrets.overlays.scrape ];
|
|
})
|
|
];
|
|
extraArgs = { inherit scrapers; };
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
dn42 = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/dn42
|
|
({ ... }: {
|
|
nixpkgs.overlays = [ secrets.overlays.dn42 ];
|
|
})
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
grafana = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/grafana
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
hydra = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/hydra
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
mucbot = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
"${tigger}/module.nix"
|
|
{ nixpkgs.overlays = [ secrets.overlays.mucbot ]; }
|
|
./hosts/containers/mucbot
|
|
];
|
|
extraArgs = { inherit tigger; };
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
kibana = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/kibana
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
};
|
|
|
|
nixosModules.c3d2 = import ./lib;
|
|
};
|
|
}
|