nix-config/flake.nix

{
  description = "C3D2 NixOS configurations";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/release-21.05";
    secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
    yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";
    yammat.inputs.nixpkgs.follows = "nixpkgs";
    scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git";
    scrapers.flake = false;
    tigger.url = "github:astro/tigger";
    tigger.flake = false;
  };

  outputs = { self, nixpkgs, secrets, nixos-hardware, yammat, scrapers, tigger }:
    let
      forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];

      hostRegistry = import ./host-registry.nix;
    in {

      overlay = import ./overlay;

      legacyPackages = forAllSystems
        (system: nixpkgs.legacyPackages.${system}.extend self.overlay);

      packages = forAllSystems (system:
        let
          pkgs = self.legacyPackages.${system};
          mkDeploy =
            # Generate a small script for copying this flake to the
            # remote machine and bulding and switching there.
            # Can be run with nix run c3d2#deploy-…
            { name
            , host ? "${name}.hq.c3d2.de"
            # remote builders to pass
            , builders ? null
            }:
            let target = "root@${host}";
                rebuildArg =
                  "--flake ${self}#${name}" +
                  (if builders != null
                   then " --builders \"" +
                        builtins.concatStringsSep " " builders +
                        "\""
                   else "");
            in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
              #!${pkgs.runtimeShell} -e
              nix-copy-closure --to ${target} ${secrets}
              nix-copy-closure --to ${target} ${self}
              if [ "$1" = "--flakify" ]; then
                shift
                exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command '_NIXOS_REBUILD_REEXEC=1 nixos-rebuild ${rebuildArg} '$@"
              else
                exec ssh -t ${target} nixos-rebuild ${rebuildArg} $@
              fi
            '';
          mkWake = name:
            pkgs.writeScriptBin "${name}-wake" ''
              #!${pkgs.runtimeShell}
              exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}
            '';
          # TODO: check if the ethernet address is reachable and if not,
          # execute wol on a machine in HQ.
        in {
          inherit (pkgs) bmxd;

          glotzbert-nixos-rebuild = mkDeploy { name = "glotzbert"; };
          glotzbert-wake = mkWake "glotzbert";

          pulsebert-nixos-rebuild = mkDeploy {
            name = "pulsebert";
            builders = [ "ssh://client@172.22.99.110" ];
          };
          pulsebert-wake = mkWake "pulsebert";

          yggdrasil-nixos-rebuild = mkDeploy {
            name = "yggdrasil";
            host = "172.20.72.62";
          };

          freifunk-nixos-rebuild = mkDeploy {
            name = "freifunk";
            host = "freifunk.core.zentralwerk.dn42";
          };

          matemat-nixos-rebuild = mkDeploy {
            name = "matemat";
          };

          scrape-nixos-rebuild = mkDeploy {
            name = "scrape";
            host = hostRegistry.hosts.scrape.ip4;
          };

          dn42-nixos-rebuild = mkDeploy {
            name = "dn42";
          };

          grafana-nixos-rebuild = mkDeploy {
            name = "grafana";
          };

          hydra-nixos-rebuild = mkDeploy {
            name = "hydra";
            host = hostRegistry.hosts.hydra.ip4;
          };

          mucbot-nixos-rebuild = mkDeploy {
            name = "mucbot";
            host = hostRegistry.hosts.mucbot.ip4;
          };

          kibana-nixos-rebuild = mkDeploy {
            name = "kibana";
            host = hostRegistry.hosts.kibana.ip4;
          };
        });

      nixosConfigurations = let
        nixosSystem' =
          # Our custom NixOS builder
          { extraArgs ? {}, ... }@args:
          nixpkgs.lib.nixosSystem (args // {
            extraArgs = extraArgs // {
              inherit hostRegistry;
            };
            extraModules = [
              self.nixosModules.c3d2
              ({ pkgs, ... }: {
                nix = {
                  package = pkgs.nixFlakes;
                  extraOptions = "experimental-features = nix-command flakes";
                };
                nixpkgs.overlays = [ self.overlay ];
              })
            ];
          });
      in {

        freifunk = nixosSystem' {
          modules = [
            ./hosts/containers/freifunk
            ({ ... }: {
              nixpkgs.overlays = with secrets.overlays; [
                freifunk ospf
              ];
            })
          ];
          system = "x86_64-linux";
        };

        glotzbert = nixosSystem' {
          modules = [
            ./hosts/glotzbert
            nixos-hardware.nixosModules.common-cpu-intel
            nixos-hardware.nixosModules.common-pc-ssd
            secrets.nixosModules.admins
          ];
          system = "x86_64-linux";
        };

        pulsebert = nixosSystem' {
          modules = [ ./hosts/pulsebert ];
          system = "aarch64-linux";
        };

        yggdrasil = nixosSystem' {
          modules = [
            ./hosts/containers/yggdrasil
            ./lib/lxc-container.nix
            ./lib/users/emery.nix
            ({ ... }: {
              nixpkgs.overlays = [ secrets.overlays.ospf ];
            })
          ];
          system = "x86_64-linux";
        };

        matemat = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/matemat
            yammat.nixosModule
            secrets.nixosModules.admins
            ({ ... }: {
              nixpkgs.overlays = [ secrets.overlays.matemat ];
            })
          ];
          system = "x86_64-linux";
        };

        scrape = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/scrape
            ({ ... }: {
              nixpkgs.overlays = [ secrets.overlays.scrape ];
            })
          ];
          extraArgs = { inherit scrapers; };
          system = "x86_64-linux";
        };

        dn42 = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/dn42
            ({ ... }: {
              nixpkgs.overlays = [ secrets.overlays.dn42 ];
            })
          ];
          system = "x86_64-linux";
        };

        grafana = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/grafana
          ];
          system = "x86_64-linux";
        };

        hydra = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/hydra
          ];
          system = "x86_64-linux";
        };

        mucbot = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            "${tigger}/module.nix"
            { nixpkgs.overlays = [ secrets.overlays.mucbot ]; }
            ./hosts/containers/mucbot
          ];
          extraArgs = { inherit tigger; };
          system = "x86_64-linux";
        };

        kibana = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/kibana
          ];
          system = "x86_64-linux";
        };

      };

      nixosModules.c3d2 = import ./lib;
    };
}
server7: switch to flake, re-enable hydra 2020-03-25 19:52:13 +01:00			`{`
			`description = "C3D2 NixOS configurations";`

Update flake inputs 2020-06-11 07:50:42 +02:00			`inputs = {`
flake.nix: update to nixos-21.05 2021-06-07 02:30:56 +02:00			`nixpkgs.url = "github:nixos/nixpkgs/release-21.05";`
Flakify dhcp 2021-02-24 11:52:19 +01:00			`secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";`
flake.nix: use flakified yammat 2021-03-10 01:54:28 +01:00			`yammat.inputs.nixpkgs.follows = "nixpkgs";`
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git";`
			`scrapers.flake = false;`
mucbot: flakify 2021-03-22 16:22:57 +01:00			`tigger.url = "github:astro/tigger";`
			`tigger.flake = false;`
Update flake inputs 2020-06-11 07:50:42 +02:00			`};`
server7: use sotest hydra flake 2020-04-15 19:00:56 +02:00
mucbot: flakify 2021-03-22 16:22:57 +01:00			`outputs = { self, nixpkgs, secrets, nixos-hardware, yammat, scrapers, tigger }:`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`let`
Add yggdrasil configurations 2021-03-03 16:20:17 +01:00			`forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];`
Flakify dhcp 2021-02-24 11:52:19 +01:00
			`hostRegistry = import ./host-registry.nix;`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`in {`
Add Nixos module to flake, make check pass 2020-04-14 08:42:13 +02:00
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`overlay = import ./overlay;`

Do not import nixpkgs again in the flake, use extend 2021-03-26 09:39:57 +01:00			`legacyPackages = forAllSystems`
			`(system: nixpkgs.legacyPackages.${system}.extend self.overlay);`
Consolidate yggdrasil to c3d2.hq.yggdrasil.enableGateway Move the server7 hydra proxy to a container. The yggdrasil addresses for containers has changed now. Add yggdrasil mappings to /etc/hosts. 2020-04-21 13:44:42 +02:00
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`packages = forAllSystems (system:`
			`let`
			`pkgs = self.legacyPackages.${system};`
			`mkDeploy =`
			`# Generate a small script for copying this flake to the`
			`# remote machine and bulding and switching there.`
			`# Can be run with nix run c3d2#deploy-…`
flake.nix: add support for remote builders 2021-05-26 18:50:48 +02:00			`{ name`
			`, host ? "${name}.hq.c3d2.de"`
			`# remote builders to pass`
			`, builders ? null`
			`}:`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`let target = "root@${host}";`
flake.nix: add support for remote builders 2021-05-26 18:50:48 +02:00			`rebuildArg =`
			`"--flake ${self}#${name}" +`
			`(if builders != null`
			`then " --builders \"" +`
			`builtins.concatStringsSep " " builders +`
			`"\""`
			`else "");`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`in pkgs.writeScriptBin "${name}-nixos-rebuild" ''`
flake.nix: reduce deployment verbosity 2021-06-07 02:30:16 +02:00			`#!${pkgs.runtimeShell} -e`
flake.nix: copy secrets for deployment 2021-03-04 00:47:05 +01:00			`nix-copy-closure --to ${target} ${secrets}`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nix-copy-closure --to ${target} ${self}`
flake.nix: implement --flakify switch for converting hosts to flakes 2021-03-05 01:26:19 +01:00			`if [ "$1" = "--flakify" ]; then`
			`shift`
flake.nix: add support for remote builders 2021-05-26 18:50:48 +02:00			`exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command '_NIXOS_REBUILD_REEXEC=1 nixos-rebuild ${rebuildArg} '$@"`
flake.nix: implement --flakify switch for converting hosts to flakes 2021-03-05 01:26:19 +01:00			`else`
flake.nix: add support for remote builders 2021-05-26 18:50:48 +02:00			`exec ssh -t ${target} nixos-rebuild ${rebuildArg} $@`
flake.nix: implement --flakify switch for converting hosts to flakes 2021-03-05 01:26:19 +01:00			`fi`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`'';`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`mkWake = name:`
			`pkgs.writeScriptBin "${name}-wake" ''`
			`#!${pkgs.runtimeShell}`
			`exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}`
			`'';`
Remote deploy using nixos-rebuild rather than "nix shell" 2021-02-22 13:42:42 +01:00			`# TODO: check if the ethernet address is reachable and if not,`
			`# execute wol on a machine in HQ.`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`in {`
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`inherit (pkgs) bmxd;`

flake.nix: add support for remote builders 2021-05-26 18:50:48 +02:00			`glotzbert-nixos-rebuild = mkDeploy { name = "glotzbert"; };`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`glotzbert-wake = mkWake "glotzbert";`

flake.nix: add support for remote builders 2021-05-26 18:50:48 +02:00			`pulsebert-nixos-rebuild = mkDeploy {`
			`name = "pulsebert";`
			`builders = [ "ssh://client@172.22.99.110" ];`
			`};`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`pulsebert-wake = mkWake "pulsebert";`
Add yggdrasil configurations 2021-03-03 16:20:17 +01:00
flake.nix: add support for remote builders 2021-05-26 18:50:48 +02:00			`yggdrasil-nixos-rebuild = mkDeploy {`
			`name = "yggdrasil";`
			`host = "172.20.72.62";`
			`};`

			`freifunk-nixos-rebuild = mkDeploy {`
			`name = "freifunk";`
freifunk, yggdrasil: enlarge core network from /26 to /25 2021-05-27 01:35:38 +02:00			`host = "freifunk.core.zentralwerk.dn42";`
flake.nix: add support for remote builders 2021-05-26 18:50:48 +02:00			`};`

			`matemat-nixos-rebuild = mkDeploy {`
			`name = "matemat";`
			`};`

			`scrape-nixos-rebuild = mkDeploy {`
			`name = "scrape";`
			`host = hostRegistry.hosts.scrape.ip4;`
			`};`

			`dn42-nixos-rebuild = mkDeploy {`
			`name = "dn42";`
			`};`

			`grafana-nixos-rebuild = mkDeploy {`
			`name = "grafana";`
			`};`

			`hydra-nixos-rebuild = mkDeploy {`
			`name = "hydra";`
			`host = hostRegistry.hosts.hydra.ip4;`
			`};`

			`mucbot-nixos-rebuild = mkDeploy {`
			`name = "mucbot";`
			`host = hostRegistry.hosts.mucbot.ip4;`
			`};`

			`kibana-nixos-rebuild = mkDeploy {`
			`name = "kibana";`
			`host = hostRegistry.hosts.kibana.ip4;`
			`};`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`});`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixosConfigurations = let`
			`nixosSystem' =`
			`# Our custom NixOS builder`
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`{ extraArgs ? {}, ... }@args:`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixpkgs.lib.nixosSystem (args // {`
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`extraArgs = extraArgs // {`
			`inherit hostRegistry;`
			`};`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`extraModules = [`
			`self.nixosModules.c3d2`
			`({ pkgs, ... }: {`
			`nix = {`
			`package = pkgs.nixFlakes;`
			`extraOptions = "experimental-features = nix-command flakes";`
			`};`
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`nixpkgs.overlays = [ self.overlay ];`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`})`
			`];`
			`});`
			`in {`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`freifunk = nixosSystem' {`
freifunk: obtain flaky secrets 2021-03-05 01:16:57 +01:00			`modules = [`
			`./hosts/containers/freifunk`
			`({ ... }: {`
			`nixpkgs.overlays = with secrets.overlays; [`
			`freifunk ospf`
			`];`
			`})`
			`];`
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`system = "x86_64-linux";`
			`};`

Flakify pulsebert 2021-02-22 13:21:31 +01:00			`glotzbert = nixosSystem' {`
Add nixos-hardware modules to glotzbert 2021-02-22 14:16:25 +01:00			`modules = [`
			`./hosts/glotzbert`
			`nixos-hardware.nixosModules.common-cpu-intel`
			`nixos-hardware.nixosModules.common-pc-ssd`
Add admins to glotzbert 2021-03-12 17:06:37 +01:00			`secrets.nixosModules.admins`
Add nixos-hardware modules to glotzbert 2021-02-22 14:16:25 +01:00			`];`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`system = "x86_64-linux";`
			`};`

			`pulsebert = nixosSystem' {`
dhcp: remove DHCP server is now on c3d2-gw3.c3d2.zentralwerk.dn42 2021-06-16 20:01:38 +02:00			`modules = [ ./hosts/pulsebert ];`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`system = "aarch64-linux";`
			`};`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
Add yggdrasil configurations 2021-03-03 16:20:17 +01:00			`yggdrasil = nixosSystem' {`
			`modules = [`
			`./hosts/containers/yggdrasil`
			`./lib/lxc-container.nix`
			`./lib/users/emery.nix`
yggdrasil: implement ospf, nat, name interfaces 2021-03-04 01:45:29 +01:00			`({ ... }: {`
			`nixpkgs.overlays = [ secrets.overlays.ospf ];`
			`})`
Add yggdrasil configurations 2021-03-03 16:20:17 +01:00			`];`
			`system = "x86_64-linux";`
			`};`

matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`matemat = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/matemat`
flake.nix: use flakified yammat 2021-03-10 01:54:28 +01:00			`yammat.nixosModule`
matemat: add secrets.nixosModules.admins to imports 2021-03-06 16:57:47 +01:00			`secrets.nixosModules.admins`
matemat: add auth 2021-03-06 02:28:46 +01:00			`({ ... }: {`
			`nixpkgs.overlays = [ secrets.overlays.matemat ];`
			`})`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`];`
			`system = "x86_64-linux";`
			`};`

scrape: migrate from krops to flakes 2021-03-06 02:57:35 +01:00			`scrape = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/scrape`
			`({ ... }: {`
			`nixpkgs.overlays = [ secrets.overlays.scrape ];`
			`})`
			`];`
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`extraArgs = { inherit scrapers; };`
scrape: migrate from krops to flakes 2021-03-06 02:57:35 +01:00			`system = "x86_64-linux";`
			`};`

dn42: flakify 2021-03-11 15:59:00 +01:00			`dn42 = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/dn42`
			`({ ... }: {`
			`nixpkgs.overlays = [ secrets.overlays.dn42 ];`
			`})`
			`];`
			`system = "x86_64-linux";`
			`};`

grafana: flakify 2021-03-11 16:40:39 +01:00			`grafana = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/grafana`
			`];`
			`system = "x86_64-linux";`
			`};`

hail hydra! 2021-03-12 21:45:12 +01:00			`hydra = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/hydra`
			`];`
			`system = "x86_64-linux";`
			`};`

mucbot: flakify 2021-03-22 16:22:57 +01:00			`mucbot = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`"${tigger}/module.nix"`
			`{ nixpkgs.overlays = [ secrets.overlays.mucbot ]; }`
			`./hosts/containers/mucbot`
			`];`
			`extraArgs = { inherit tigger; };`
			`system = "x86_64-linux";`
			`};`

kibana: flakify 2021-05-10 00:28:27 +02:00			`kibana = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/kibana`
			`];`
			`system = "x86_64-linux";`
			`};`

Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00			`};`

Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixosModules.c3d2 = import ./lib;`
			`};`
server7: switch to flake, re-enable hydra 2020-03-25 19:52:13 +01:00			`}`