c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity
nix-config/flake.nix

372 lines
12 KiB
Nix
Raw Normal View History

server7: switch to flake, re-enable hydra
2020-03-25 19:52:13 +01:00
{
description = "C3D2 NixOS configurations";
Update flake inputs
2020-06-11 07:50:42 +02:00
inputs = {
flake.nix: update to nixos-21.05
2021-06-07 02:30:56 +02:00
nixpkgs.url = "github:nixos/nixpkgs/release-21.05";
mobilizon: init does not yet send mails
2021-09-20 22:11:17 +02:00
nixpkgs-mobilizon.url = "github:minijackson/nixpkgs/init-mobilizon";
Flakify dhcp
2021-02-24 11:52:19 +01:00
secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
flake.nix: pull in the zentralwerk network db
2021-09-07 00:38:16 +02:00
zentralwerk.url = "git+https://gitea.c3d2.de/zentralwerk/network.git";
matemat: 🎆 init
2021-03-06 01:13:27 +01:00
yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";
flake.nix: use flakified yammat
2021-03-10 01:54:28 +01:00
yammat.inputs.nixpkgs.follows = "nixpkgs";
scrape: convert scrapers to flake input
2021-03-06 03:11:43 +01:00
scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git";
scrapers.flake = false;
spaceapi: flakify
2021-09-10 00:21:38 +02:00
spacemsg.url = "github:astro/spacemsg";
spacemsg.flake = false;
mucbot: flakify
2021-03-22 16:22:57 +01:00
tigger.url = "github:astro/tigger";
tigger.flake = false;
ticker: flakify
2021-09-08 01:22:40 +02:00
ticker.url = "git+https://gitea.c3d2.de/astro/ticker.git";
ticker.flake = false;
Update flake inputs
2020-06-11 07:50:42 +02:00
};
server7: use sotest hydra flake
2020-04-15 19:00:56 +02:00
mobilizon: init does not yet send mails
2021-09-20 22:11:17 +02:00
outputs = inputs@{ self, nixpkgs, secrets, nixos-hardware, zentralwerk, yammat, scrapers, spacemsg, tigger, ticker, ... }:
Flakify glotzbert
2021-02-22 12:31:58 +01:00
let
Add yggdrasil configurations
2021-03-03 16:20:17 +01:00
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
Flakify dhcp
2021-02-24 11:52:19 +01:00
flake.nix: pull in the zentralwerk network db
2021-09-07 00:38:16 +02:00
inherit (nixpkgs.lib) recursiveUpdate;
extractZwHosts = { hosts4, hosts6, ... }:
recursiveUpdate (
builtins.foldl' (result: name:
recursiveUpdate result {
"${name}".ip4 = hosts4.${name};
}
) {} (builtins.attrNames hosts4)
) (
builtins.foldl' (result: ctx:
builtins.foldl' (result: name:
recursiveUpdate result {
"${name}".ip6 = hosts6.${ctx}.${name};
}
) result (builtins.attrNames hosts6.${ctx})
) {} (builtins.attrNames hosts6)
);
zwHostRegistry = {
hosts =
builtins.foldl' (result: net:
recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net.${net})
) {} [ "core" "c3d2" "serv" ];
};
extraHostRegistry = import ./host-registry.nix;
hostRegistry = nixpkgs.lib.recursiveUpdate zwHostRegistry extraHostRegistry;
Add Nixos module to flake, make check pass
2020-04-14 08:42:13 +02:00
flake.nix: remove system from host-registry.nix again
2021-09-08 00:46:51 +02:00
flakifiedHosts = nixpkgs.lib.filterAttrs (name: _: self.nixosConfigurations ? ${name}) hostRegistry.hosts;
flake.nix: use more info from host-registry.nix
2021-09-08 00:33:57 +02:00
getHostAddr = name:
let
hostConf = hostRegistry.hosts.${name};
in
if hostConf ? ip4
then hostConf.ip4
else if hostConf ? ip6
then hostConf.ip6
else null;
in {
Flakify freifunk container
2021-02-26 20:22:15 +01:00
overlay = import ./overlay;
Do not import nixpkgs again in the flake, use extend
2021-03-26 09:39:57 +01:00
legacyPackages = forAllSystems
(system: nixpkgs.legacyPackages.${system}.extend self.overlay);
Consolidate yggdrasil to c3d2.hq.yggdrasil.enableGateway Move the server7 hydra proxy to a container. The yggdrasil addresses for containers has changed now. Add yggdrasil mappings to /etc/hosts.
2020-04-21 13:44:42 +02:00
Flakify glotzbert
2021-02-22 12:31:58 +01:00
packages = forAllSystems (system:
let
pkgs = self.legacyPackages.${system};
mkDeploy =
# Generate a small script for copying this flake to the
# remote machine and bulding and switching there.
# Can be run with nix run c3d2#deploy-…
flake.nix: add support for remote builders
2021-05-26 18:50:48 +02:00
{ name
flake.nix: add -nixos-rebuild-local
2021-09-08 22:48:13 +02:00
, host
flake.nix: add support for remote builders
2021-05-26 18:50:48 +02:00
# remote builders to pass
, builders ? null
}:
Flakify glotzbert
2021-02-22 12:31:58 +01:00
let target = "root@${host}";
flake.nix: add support for remote builders
2021-05-26 18:50:48 +02:00
rebuildArg =
"--flake ${self}#${name}" +
(if builders != null
then " --builders \"" +
builtins.concatStringsSep " " builders +
"\""
else "");
Flakify glotzbert
2021-02-22 12:31:58 +01:00
in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
flake.nix: reduce deployment verbosity
2021-06-07 02:30:16 +02:00
#!${pkgs.runtimeShell} -e
flake.nix: copy secrets for deployment
2021-03-04 00:47:05 +01:00
nix-copy-closure --to ${target} ${secrets}
Flakify glotzbert
2021-02-22 12:31:58 +01:00
nix-copy-closure --to ${target} ${self}
flake.nix: implement --flakify switch for converting hosts to flakes
2021-03-05 01:26:19 +01:00
if [ "$1" = "--flakify" ]; then
shift
flake.nix: add support for remote builders
2021-05-26 18:50:48 +02:00
exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command '_NIXOS_REBUILD_REEXEC=1 nixos-rebuild ${rebuildArg} '$@"
flake.nix: implement --flakify switch for converting hosts to flakes
2021-03-05 01:26:19 +01:00
else
flake.nix: add support for remote builders
2021-05-26 18:50:48 +02:00
exec ssh -t ${target} nixos-rebuild ${rebuildArg} $@
flake.nix: implement --flakify switch for converting hosts to flakes
2021-03-05 01:26:19 +01:00
fi
Flakify glotzbert
2021-02-22 12:31:58 +01:00
'';
Flakify pulsebert
2021-02-22 13:21:31 +01:00
mkWake = name:
pkgs.writeScriptBin "${name}-wake" ''
#!${pkgs.runtimeShell}
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}
'';
Remote deploy using nixos-rebuild rather than "nix shell"
2021-02-22 13:42:42 +01:00
# TODO: check if the ethernet address is reachable and if not,
# execute wol on a machine in HQ.
Flakify glotzbert
2021-02-22 12:31:58 +01:00
in {
overlay/openwebrx: init
2021-09-22 20:33:41 +02:00
inherit (pkgs) bmxd openwebrx;
Flakify freifunk container
2021-02-26 20:22:15 +01:00
flake.nix: add list-upgradable
2021-09-08 00:34:38 +02:00
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
#! ${pkgs.runtimeShell}
NORMAL="\033[0m"
RED="\033[0;31m"
YELLOW="\033[0;33m"
GREEN="\033[0;32m"
${pkgs.lib.concatMapStringsSep "\n" (name:
let
addr = getHostAddr name;
in nixpkgs.lib.optionalString (addr != null) ''
echo -n -e "${name}: $RED"
RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system")
list-upgradable: obtain and print nixos system version
2021-09-08 01:36:26 +02:00
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
flake.nix: add list-upgradable
2021-09-08 00:34:38 +02:00
CURRENT=$(nix eval --raw ".#nixosConfigurations.${name}.config.system.build.toplevel" 2>/dev/null)
list-upgradable: obtain and print nixos system version
2021-09-08 01:36:26 +02:00
RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev)
CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev)
flake.nix: add list-upgradable
2021-09-08 00:34:38 +02:00
if [ "$RUNNING" = "$CURRENT" ]; then
list-upgradable: obtain and print nixos system version
2021-09-08 01:36:26 +02:00
echo -e "$GREEN"current"$NORMAL $RUNNING_VER"
elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then
echo -e "$GREEN"modified"$NORMAL $RUNNING_VER"
flake.nix: add list-upgradable
2021-09-08 00:34:38 +02:00
else
list-upgradable: obtain and print nixos system version
2021-09-08 01:36:26 +02:00
echo -e "$YELLOW"outdated"$NORMAL $RUNNING_VER < $CURRENT_VER"
flake.nix: add list-upgradable
2021-09-08 00:34:38 +02:00
fi
fi
echo -n -e "$NORMAL"
'') (builtins.attrNames flakifiedHosts)}
'';
flake.nix: use more info from host-registry.nix
2021-09-08 00:33:57 +02:00
} //
flake.nix: add support for remote builders
2021-05-26 18:50:48 +02:00
flake.nix: use more info from host-registry.nix
2021-09-08 00:33:57 +02:00
builtins.foldl' (result: host: result // {
"${host}-wake" = mkWake host;
}) {} (builtins.attrNames (nixpkgs.lib.filterAttrs (_: { wol ? false, ... }: wol) hostRegistry.hosts)) //
flake.nix: add support for remote builders
2021-05-26 18:50:48 +02:00
flake.nix: use more info from host-registry.nix
2021-09-08 00:33:57 +02:00
builtins.foldl' (result: name: result // {
"${name}-nixos-rebuild" = mkDeploy ({
inherit name;
host = getHostAddr name;
} // nixpkgs.lib.optionalAttrs (hostRegistry.hosts.${name} ? builders) {
inherit (hostRegistry.hosts.${name}) builders;
});
flake.nix: add -nixos-rebuild-local
2021-09-08 22:48:13 +02:00
"${name}-nixos-rebuild-local" =
let
host = getHostAddr name;
target = ''root@"${host}"'';
profile = self.nixosConfigurations.${name}.config.system.build.toplevel;
in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
#!${pkgs.runtimeShell} -e
nix-copy-closure --to ${target} ${profile}
exec ssh -t ${target} "${profile}/bin/switch-to-configuration $@"
'';
flake.nix: add ${host}-sdImage package
2021-09-23 19:34:09 +02:00
}) {} (builtins.attrNames flakifiedHosts) //
builtins.foldl' (result: host: result // {
"${host}-sdImage" = self.nixosConfigurations.${host}.config.system.build.sdImage;
}) {} (builtins.attrNames (nixpkgs.lib.filterAttrs (host: nixosConfiguration:
nixosConfiguration.config.system.build ? sdImage
) self.nixosConfigurations))
flake.nix: use more info from host-registry.nix
2021-09-08 00:33:57 +02:00
);
Use modulesPath where appropriate
2020-08-04 17:15:07 +02:00
Flakify glotzbert
2021-02-22 12:31:58 +01:00
nixosConfigurations = let
nixosSystem' =
# Our custom NixOS builder
mobilizon: init does not yet send mails
2021-09-20 22:11:17 +02:00
{ nixpkgs ? inputs.nixpkgs, extraArgs ? {}, ... }@args:
nixpkgs.lib.nixosSystem (nixpkgs.lib.filterAttrs (n: _: n != "nixpkgs") args // {
scrape: convert scrapers to flake input
2021-03-06 03:11:43 +01:00
extraArgs = extraArgs // {
flake.nix: add ${host}-sdImage package
2021-09-23 19:34:09 +02:00
inherit hostRegistry inputs;
scrape: convert scrapers to flake input
2021-03-06 03:11:43 +01:00
};
Flakify glotzbert
2021-02-22 12:31:58 +01:00
extraModules = [
self.nixosModules.c3d2
({ pkgs, ... }: {
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
};
Flakify freifunk container
2021-02-26 20:22:15 +01:00
nixpkgs.overlays = [ self.overlay ];
Flakify glotzbert
2021-02-22 12:31:58 +01:00
})
];
});
in {
Use modulesPath where appropriate
2020-08-04 17:15:07 +02:00
Flakify freifunk container
2021-02-26 20:22:15 +01:00
freifunk = nixosSystem' {
freifunk: obtain flaky secrets
2021-03-05 01:16:57 +01:00
modules = [
./hosts/containers/freifunk
({ ... }: {
nixpkgs.overlays = with secrets.overlays; [
freifunk ospf
];
})
];
Flakify freifunk container
2021-02-26 20:22:15 +01:00
system = "x86_64-linux";
};
Flakify pulsebert
2021-02-22 13:21:31 +01:00
glotzbert = nixosSystem' {
Add nixos-hardware modules to glotzbert
2021-02-22 14:16:25 +01:00
modules = [
./hosts/glotzbert
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
Add admins to glotzbert
2021-03-12 17:06:37 +01:00
secrets.nixosModules.admins
Add nixos-hardware modules to glotzbert
2021-02-22 14:16:25 +01:00
];
Flakify pulsebert
2021-02-22 13:21:31 +01:00
system = "x86_64-linux";
};
pulsebert = nixosSystem' {
flake.nix: add ${host}-sdImage package
2021-09-23 19:34:09 +02:00
modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./hosts/pulsebert
];
Flakify pulsebert
2021-02-22 13:21:31 +01:00
system = "aarch64-linux";
};
Use modulesPath where appropriate
2020-08-04 17:15:07 +02:00
radiobert: init
2021-09-23 03:32:17 +02:00
radiobert = nixosSystem' {
modules = [
flake.nix: add ${host}-sdImage package
2021-09-23 19:34:09 +02:00
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
radiobert: init
2021-09-23 03:32:17 +02:00
./hosts/radiobert
];
flake.nix: add nixosConfigurations.pipebert
2021-09-22 21:21:13 +02:00
system = "aarch64-linux";
};
dacbert: init
2021-09-27 22:19:24 +02:00
dacbert = nixosSystem' {
modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./hosts/dacbert
];
system = "aarch64-linux";
};
Add yggdrasil configurations
2021-03-03 16:20:17 +01:00
yggdrasil = nixosSystem' {
modules = [
./hosts/containers/yggdrasil
./lib/lxc-container.nix
./lib/users/emery.nix
yggdrasil: implement ospf, nat, name interfaces
2021-03-04 01:45:29 +01:00
({ ... }: {
nixpkgs.overlays = [ secrets.overlays.ospf ];
})
Add yggdrasil configurations
2021-03-03 16:20:17 +01:00
];
system = "x86_64-linux";
};
matemat: 🎆 init
2021-03-06 01:13:27 +01:00
matemat = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/matemat
flake.nix: use flakified yammat
2021-03-10 01:54:28 +01:00
yammat.nixosModule
matemat: add secrets.nixosModules.admins to imports
2021-03-06 16:57:47 +01:00
secrets.nixosModules.admins
matemat: add auth
2021-03-06 02:28:46 +01:00
({ ... }: {
nixpkgs.overlays = [ secrets.overlays.matemat ];
})
matemat: 🎆 init
2021-03-06 01:13:27 +01:00
];
system = "x86_64-linux";
};
scrape: migrate from krops to flakes
2021-03-06 02:57:35 +01:00
scrape = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/scrape
({ ... }: {
nixpkgs.overlays = [ secrets.overlays.scrape ];
})
];
scrape: convert scrapers to flake input
2021-03-06 03:11:43 +01:00
extraArgs = { inherit scrapers; };
scrape: migrate from krops to flakes
2021-03-06 02:57:35 +01:00
system = "x86_64-linux";
};
dn42: flakify
2021-03-11 15:59:00 +01:00
dn42 = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/dn42
({ ... }: {
nixpkgs.overlays = [ secrets.overlays.dn42 ];
})
];
system = "x86_64-linux";
};
grafana: flakify
2021-03-11 16:40:39 +01:00
grafana = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/grafana
];
system = "x86_64-linux";
};
hail hydra!
2021-03-12 21:45:12 +01:00
hydra = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/hydra
];
system = "x86_64-linux";
};
mucbot: flakify
2021-03-22 16:22:57 +01:00
mucbot = nixosSystem' {
modules = [
./lib/lxc-container.nix
"${tigger}/module.nix"
{ nixpkgs.overlays = [ secrets.overlays.mucbot ]; }
./hosts/containers/mucbot
];
extraArgs = { inherit tigger; };
system = "x86_64-linux";
};
kibana: flakify
2021-05-10 00:28:27 +02:00
kibana = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/kibana
];
system = "x86_64-linux";
};
public-access-proxy: flakify
2021-06-23 21:59:10 +02:00
public-access-proxy = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/public-access-proxy
];
system = "x86_64-linux";
};
ticker: flakify
2021-09-08 01:22:40 +02:00
ticker = nixosSystem' {
modules = [
./lib/lxc-container.nix
"${ticker}/nixos-module.nix"
./hosts/containers/ticker
];
system = "x86_64-linux";
};
spaceapi: flakify
2021-09-10 00:21:38 +02:00
spaceapi = nixosSystem' {
modules = [
./lib/lxc-container.nix
"${spacemsg}/spaceapi/module.nix"
./hosts/containers/spaceapi
];
system = "x86_64-linux";
};
stream: init
2021-09-10 22:59:40 +02:00
stream = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/stream
];
system = "x86_64-linux";
};
mobilizon: init does not yet send mails
2021-09-20 22:11:17 +02:00
mobilizon = nixosSystem' {
# TODO: pending https://github.com/NixOS/nixpkgs/pull/119132
nixpkgs = inputs.nixpkgs-mobilizon;
modules = [
./lib/lxc-container.nix
./hosts/containers/mobilizon
];
system = "x86_64-linux";
};
Use modulesPath where appropriate
2020-08-04 17:15:07 +02:00
};
nixosModule: do not disable documentation
2021-09-25 11:11:15 +02:00
nixosModule = import ./lib;
nixosModules.c3d2 = self.nixosModule;
Flakify glotzbert
2021-02-22 12:31:58 +01:00
};
server7: switch to flake, re-enable hydra
2020-03-25 19:52:13 +01:00
}