nix-config/flake.nix

{
  description = "C3D2 NixOS configurations";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
    secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
  };

  outputs = { self, nixpkgs, secrets, nixos-hardware }:
    let
      forAllSystems = f:
        nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
        (system: f system);

      hostRegistry = import ./host-registry.nix;
    in {

      inherit (nixpkgs) legacyPackages;

      packages = forAllSystems (system:
        let
          pkgs = self.legacyPackages.${system};
          mkDeploy =
            # Generate a small script for copying this flake to the
            # remote machine and bulding and switching there.
            # Can be run with nix run c3d2#deploy-…
            name: host:
            let target = "root@${host}";
            in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
              #!${pkgs.runtimeShell}
              set -ev
              nix-copy-closure --to ${target} ${self}
              exec ssh -t ${target} nixos-rebuild --flake ${self}#${name} $@
            '';
          mkWake = name:
            pkgs.writeScriptBin "${name}-wake" ''
              #!${pkgs.runtimeShell}
              exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}
            '';
          # TODO: check if the ethernet address is reachable and if not,
          # execute wol on a machine in HQ.
        in {
          dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;

          glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
          glotzbert-wake = mkWake "glotzbert";

          pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";
          pulsebert-wake = mkWake "pulsebert";
        });

      nixosConfigurations = let
        nixosSystem' =
          # Our custom NixOS builder
          { ... }@args:
          nixpkgs.lib.nixosSystem (args // {
            extraArgs = { inherit hostRegistry; };
            extraModules = [
              self.nixosModules.c3d2
              ({ pkgs, ... }: {
                nix = {
                  package = pkgs.nixFlakes;
                  extraOptions = "experimental-features = nix-command flakes";
                };
              })
            ];
          });
      in {

        dhcp = nixosSystem' {
          modules = [
            ./hosts/containers/dhcp
            secrets.nixosModules.admins
            secrets.nixosModules.dhcp
          ];
          system = "x86_64-linux";
        };

        glotzbert = nixosSystem' {
          modules = [
            ./hosts/glotzbert
            nixos-hardware.nixosModules.common-cpu-intel
            nixos-hardware.nixosModules.common-pc-ssd
          ];
          system = "x86_64-linux";
        };

        pulsebert = nixosSystem' {
          modules = [ ./hosts/pulsebert secrets.nixosModules.dhcp ];
          system = "aarch64-linux";
        };

      };

      nixosModules.c3d2 = import ./lib;

    };
}
server7: switch to flake, re-enable hydra 2020-03-25 19:52:13 +01:00			`{`
			`description = "C3D2 NixOS configurations";`

Update flake inputs 2020-06-11 07:50:42 +02:00			`inputs = {`
Update flake nixpkgs input to 20.09 2020-10-26 16:06:42 +01:00			`nixpkgs.url = "github:nixos/nixpkgs/release-20.09";`
Flakify dhcp 2021-02-24 11:52:19 +01:00			`secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";`
Update flake inputs 2020-06-11 07:50:42 +02:00			`};`
server7: use sotest hydra flake 2020-04-15 19:00:56 +02:00
Add nixos-hardware modules to glotzbert 2021-02-22 14:16:25 +01:00			`outputs = { self, nixpkgs, secrets, nixos-hardware }:`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`let`
			`forAllSystems = f:`
			`nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]`
			`(system: f system);`
Flakify dhcp 2021-02-24 11:52:19 +01:00
			`hostRegistry = import ./host-registry.nix;`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`in {`
Add Nixos module to flake, make check pass 2020-04-14 08:42:13 +02:00
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`inherit (nixpkgs) legacyPackages;`
Consolidate yggdrasil to c3d2.hq.yggdrasil.enableGateway Move the server7 hydra proxy to a container. The yggdrasil addresses for containers has changed now. Add yggdrasil mappings to /etc/hosts. 2020-04-21 13:44:42 +02:00
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`packages = forAllSystems (system:`
			`let`
			`pkgs = self.legacyPackages.${system};`
			`mkDeploy =`
			`# Generate a small script for copying this flake to the`
			`# remote machine and bulding and switching there.`
			`# Can be run with nix run c3d2#deploy-…`
			`name: host:`
			`let target = "root@${host}";`
			`in pkgs.writeScriptBin "${name}-nixos-rebuild" ''`
			`#!${pkgs.runtimeShell}`
			`set -ev`
			`nix-copy-closure --to ${target} ${self}`
Remote deploy using nixos-rebuild rather than "nix shell" 2021-02-22 13:42:42 +01:00			`exec ssh -t ${target} nixos-rebuild --flake ${self}#${name} $@`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`'';`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`mkWake = name:`
			`pkgs.writeScriptBin "${name}-wake" ''`
			`#!${pkgs.runtimeShell}`
			`exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}`
			`'';`
Remote deploy using nixos-rebuild rather than "nix shell" 2021-02-22 13:42:42 +01:00			`# TODO: check if the ethernet address is reachable and if not,`
			`# execute wol on a machine in HQ.`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`in {`
Flakify dhcp 2021-02-24 11:52:19 +01:00			`dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;`

Flakify glotzbert 2021-02-22 12:31:58 +01:00			`glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`glotzbert-wake = mkWake "glotzbert";`

			`pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";`
			`pulsebert-wake = mkWake "pulsebert";`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`});`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixosConfigurations = let`
			`nixosSystem' =`
			`# Our custom NixOS builder`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`{ ... }@args:`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixpkgs.lib.nixosSystem (args // {`
Flakify dhcp 2021-02-24 11:52:19 +01:00			`extraArgs = { inherit hostRegistry; };`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`extraModules = [`
			`self.nixosModules.c3d2`
			`({ pkgs, ... }: {`
			`nix = {`
			`package = pkgs.nixFlakes;`
			`extraOptions = "experimental-features = nix-command flakes";`
			`};`
			`})`
			`];`
			`});`
			`in {`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
Flakify dhcp 2021-02-24 11:52:19 +01:00			`dhcp = nixosSystem' {`
			`modules = [`
			`./hosts/containers/dhcp`
			`secrets.nixosModules.admins`
			`secrets.nixosModules.dhcp`
			`];`
			`system = "x86_64-linux";`
			`};`

Flakify pulsebert 2021-02-22 13:21:31 +01:00			`glotzbert = nixosSystem' {`
Add nixos-hardware modules to glotzbert 2021-02-22 14:16:25 +01:00			`modules = [`
			`./hosts/glotzbert`
			`nixos-hardware.nixosModules.common-cpu-intel`
			`nixos-hardware.nixosModules.common-pc-ssd`
			`];`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`system = "x86_64-linux";`
			`};`

			`pulsebert = nixosSystem' {`
Put a non-authoritative DHCP server on Pulsebert DHCP is an essential service and Pulsebert is more reliable than anything in proxmox. 2021-02-24 14:16:42 +01:00			`modules = [ ./hosts/pulsebert secrets.nixosModules.dhcp ];`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`system = "aarch64-linux";`
			`};`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
			`};`

Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixosModules.c3d2 = import ./lib;`
Add Nixos module to flake, make check pass 2020-04-14 08:42:13 +02:00
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`};`
server7: switch to flake, re-enable hydra 2020-03-25 19:52:13 +01:00			`}`