nix-config/flake.nix

{
  description = "C3D2 NixOS configurations";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
    secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
    yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";
    yammat.inputs.nixpkgs.follows = "nixpkgs";
    scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git";
    scrapers.flake = false;
  };

  outputs = { self, nixpkgs, secrets, nixos-hardware, yammat, scrapers }:
    let
      forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];

      hostRegistry = import ./host-registry.nix;
    in {

      overlay = import ./overlay;

      legacyPackages = forAllSystems (system:
        import nixpkgs {
          inherit system;
          overlays = [ self.overlay ];
        });

      packages = forAllSystems (system:
        let
          pkgs = self.legacyPackages.${system};
          mkDeploy =
            # Generate a small script for copying this flake to the
            # remote machine and bulding and switching there.
            # Can be run with nix run c3d2#deploy-…
            name: host:
            let target = "root@${host}";
            in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
              #!${pkgs.runtimeShell}
              set -ev
              nix-copy-closure --to ${target} ${secrets}
              nix-copy-closure --to ${target} ${self}
              if [ "$1" = "--flakify" ]; then
                shift
                exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command \"_NIXOS_REBUILD_REEXEC=1 nixos-rebuild --flake ${self}#${name} \"$@"
              else
                exec ssh -t ${target} nixos-rebuild --flake ${self}#${name} $@
              fi
            '';
          mkWake = name:
            pkgs.writeScriptBin "${name}-wake" ''
              #!${pkgs.runtimeShell}
              exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}
            '';
          # TODO: check if the ethernet address is reachable and if not,
          # execute wol on a machine in HQ.
        in {
          inherit (pkgs) bmxd;

          dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;

          glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
          glotzbert-wake = mkWake "glotzbert";

          pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";
          pulsebert-wake = mkWake "pulsebert";

          yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62";

          freifunk-nixos-rebuild = mkDeploy "freifunk" "freifunk.core.zentralwerk.org";

          matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4;

          scrape-nixos-rebuild = mkDeploy "scrape" hostRegistry.hosts.scrape.ip4;

          dn42-nixos-rebuild = mkDeploy "dn42" hostRegistry.hosts.dn42.ip4;

          grafana-nixos-rebuild = mkDeploy "grafana" "grafana.hq.c3d2.de";
        });

      nixosConfigurations = let
        nixosSystem' =
          # Our custom NixOS builder
          { extraArgs ? {}, ... }@args:
          nixpkgs.lib.nixosSystem (args // {
            extraArgs = extraArgs // {
              inherit hostRegistry;
            };
            extraModules = [
              self.nixosModules.c3d2
              ({ pkgs, ... }: {
                nix = {
                  package = pkgs.nixFlakes;
                  extraOptions = "experimental-features = nix-command flakes";
                };
                nixpkgs.overlays = [ self.overlay ];
              })
            ];
          });
      in {

        dhcp = nixosSystem' {
          modules = [
            ./hosts/containers/dhcp
            secrets.nixosModules.admins
            secrets.nixosModules.dhcp
          ];
          system = "x86_64-linux";
        };

        freifunk = nixosSystem' {
          modules = [
            ./hosts/containers/freifunk
            ({ ... }: {
              nixpkgs.overlays = with secrets.overlays; [
                freifunk ospf
              ];
            })
          ];
          system = "x86_64-linux";
        };

        glotzbert = nixosSystem' {
          modules = [
            ./hosts/glotzbert
            nixos-hardware.nixosModules.common-cpu-intel
            nixos-hardware.nixosModules.common-pc-ssd
            secrets.nixosModules.admins
          ];
          system = "x86_64-linux";
        };

        pulsebert = nixosSystem' {
          modules = [ ./hosts/pulsebert secrets.nixosModules.dhcp ];
          system = "aarch64-linux";
        };

        yggdrasil = nixosSystem' {
          modules = [
            ./hosts/containers/yggdrasil
            ./lib/lxc-container.nix
            ./lib/users/emery.nix
            ({ ... }: {
              nixpkgs.overlays = [ secrets.overlays.ospf ];
            })
          ];
          system = "x86_64-linux";
        };

        matemat = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/matemat
            yammat.nixosModule
            secrets.nixosModules.admins
            ({ ... }: {
              nixpkgs.overlays = [ secrets.overlays.matemat ];
            })
          ];
          system = "x86_64-linux";
        };

        scrape = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/scrape
            ({ ... }: {
              nixpkgs.overlays = [ secrets.overlays.scrape ];
            })
          ];
          extraArgs = { inherit scrapers; };
          system = "x86_64-linux";
        };

        dn42 = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/dn42
            ({ ... }: {
              nixpkgs.overlays = [ secrets.overlays.dn42 ];
            })
          ];
          system = "x86_64-linux";
        };

        grafana = nixosSystem' {
          modules = [
            ./lib/lxc-container.nix
            ./hosts/containers/grafana
          ];
          system = "x86_64-linux";
        };

      };

      nixosModules.c3d2 = import ./lib;
    };
}
server7: switch to flake, re-enable hydra 2020-03-25 19:52:13 +01:00			`{`
			`description = "C3D2 NixOS configurations";`

Update flake inputs 2020-06-11 07:50:42 +02:00			`inputs = {`
Update flake nixpkgs input to 20.09 2020-10-26 16:06:42 +01:00			`nixpkgs.url = "github:nixos/nixpkgs/release-20.09";`
Flakify dhcp 2021-02-24 11:52:19 +01:00			`secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";`
flake.nix: use flakified yammat 2021-03-10 01:54:28 +01:00			`yammat.inputs.nixpkgs.follows = "nixpkgs";`
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git";`
			`scrapers.flake = false;`
Update flake inputs 2020-06-11 07:50:42 +02:00			`};`
server7: use sotest hydra flake 2020-04-15 19:00:56 +02:00
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`outputs = { self, nixpkgs, secrets, nixos-hardware, yammat, scrapers }:`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`let`
Add yggdrasil configurations 2021-03-03 16:20:17 +01:00			`forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];`
Flakify dhcp 2021-02-24 11:52:19 +01:00
			`hostRegistry = import ./host-registry.nix;`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`in {`
Add Nixos module to flake, make check pass 2020-04-14 08:42:13 +02:00
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`overlay = import ./overlay;`

			`legacyPackages = forAllSystems (system:`
			`import nixpkgs {`
			`inherit system;`
			`overlays = [ self.overlay ];`
			`});`
Consolidate yggdrasil to c3d2.hq.yggdrasil.enableGateway Move the server7 hydra proxy to a container. The yggdrasil addresses for containers has changed now. Add yggdrasil mappings to /etc/hosts. 2020-04-21 13:44:42 +02:00
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`packages = forAllSystems (system:`
			`let`
			`pkgs = self.legacyPackages.${system};`
			`mkDeploy =`
			`# Generate a small script for copying this flake to the`
			`# remote machine and bulding and switching there.`
			`# Can be run with nix run c3d2#deploy-…`
			`name: host:`
			`let target = "root@${host}";`
			`in pkgs.writeScriptBin "${name}-nixos-rebuild" ''`
			`#!${pkgs.runtimeShell}`
			`set -ev`
flake.nix: copy secrets for deployment 2021-03-04 00:47:05 +01:00			`nix-copy-closure --to ${target} ${secrets}`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nix-copy-closure --to ${target} ${self}`
flake.nix: implement --flakify switch for converting hosts to flakes 2021-03-05 01:26:19 +01:00			`if [ "$1" = "--flakify" ]; then`
			`shift`
flake.nix: flakify with git 2021-03-06 01:14:19 +01:00			`exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command \"_NIXOS_REBUILD_REEXEC=1 nixos-rebuild --flake ${self}#${name} \"$@"`
flake.nix: implement --flakify switch for converting hosts to flakes 2021-03-05 01:26:19 +01:00			`else`
			`exec ssh -t ${target} nixos-rebuild --flake ${self}#${name} $@`
			`fi`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`'';`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`mkWake = name:`
			`pkgs.writeScriptBin "${name}-wake" ''`
			`#!${pkgs.runtimeShell}`
			`exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}`
			`'';`
Remote deploy using nixos-rebuild rather than "nix shell" 2021-02-22 13:42:42 +01:00			`# TODO: check if the ethernet address is reachable and if not,`
			`# execute wol on a machine in HQ.`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`in {`
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`inherit (pkgs) bmxd;`

Flakify dhcp 2021-02-24 11:52:19 +01:00			`dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;`

Flakify glotzbert 2021-02-22 12:31:58 +01:00			`glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`glotzbert-wake = mkWake "glotzbert";`

			`pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de";`
			`pulsebert-wake = mkWake "pulsebert";`
Add yggdrasil configurations 2021-03-03 16:20:17 +01:00
			`yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62";`
flake.nix: deploy freifunk 2021-03-04 18:27:25 +01:00
host-registry: add freifunk 2021-03-05 01:16:16 +01:00			`freifunk-nixos-rebuild = mkDeploy "freifunk" "freifunk.core.zentralwerk.org";`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00
			`matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4;`
scrape: migrate from krops to flakes 2021-03-06 02:57:35 +01:00
			`scrape-nixos-rebuild = mkDeploy "scrape" hostRegistry.hosts.scrape.ip4;`
dn42: flakify 2021-03-11 15:59:00 +01:00
			`dn42-nixos-rebuild = mkDeploy "dn42" hostRegistry.hosts.dn42.ip4;`
grafana: flakify 2021-03-11 16:40:39 +01:00
			`grafana-nixos-rebuild = mkDeploy "grafana" "grafana.hq.c3d2.de";`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`});`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixosConfigurations = let`
			`nixosSystem' =`
			`# Our custom NixOS builder`
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`{ extraArgs ? {}, ... }@args:`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixpkgs.lib.nixosSystem (args // {`
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`extraArgs = extraArgs // {`
			`inherit hostRegistry;`
			`};`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`extraModules = [`
			`self.nixosModules.c3d2`
			`({ pkgs, ... }: {`
			`nix = {`
			`package = pkgs.nixFlakes;`
			`extraOptions = "experimental-features = nix-command flakes";`
			`};`
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`nixpkgs.overlays = [ self.overlay ];`
Flakify glotzbert 2021-02-22 12:31:58 +01:00			`})`
			`];`
			`});`
			`in {`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
Flakify dhcp 2021-02-24 11:52:19 +01:00			`dhcp = nixosSystem' {`
			`modules = [`
			`./hosts/containers/dhcp`
			`secrets.nixosModules.admins`
			`secrets.nixosModules.dhcp`
			`];`
			`system = "x86_64-linux";`
			`};`

Flakify freifunk container 2021-02-26 20:22:15 +01:00			`freifunk = nixosSystem' {`
freifunk: obtain flaky secrets 2021-03-05 01:16:57 +01:00			`modules = [`
			`./hosts/containers/freifunk`
			`({ ... }: {`
			`nixpkgs.overlays = with secrets.overlays; [`
			`freifunk ospf`
			`];`
			`})`
			`];`
Flakify freifunk container 2021-02-26 20:22:15 +01:00			`system = "x86_64-linux";`
			`};`

Flakify pulsebert 2021-02-22 13:21:31 +01:00			`glotzbert = nixosSystem' {`
Add nixos-hardware modules to glotzbert 2021-02-22 14:16:25 +01:00			`modules = [`
			`./hosts/glotzbert`
			`nixos-hardware.nixosModules.common-cpu-intel`
			`nixos-hardware.nixosModules.common-pc-ssd`
Add admins to glotzbert 2021-03-12 17:06:37 +01:00			`secrets.nixosModules.admins`
Add nixos-hardware modules to glotzbert 2021-02-22 14:16:25 +01:00			`];`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`system = "x86_64-linux";`
			`};`

			`pulsebert = nixosSystem' {`
Put a non-authoritative DHCP server on Pulsebert DHCP is an essential service and Pulsebert is more reliable than anything in proxmox. 2021-02-24 14:16:42 +01:00			`modules = [ ./hosts/pulsebert secrets.nixosModules.dhcp ];`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`system = "aarch64-linux";`
			`};`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00
Add yggdrasil configurations 2021-03-03 16:20:17 +01:00			`yggdrasil = nixosSystem' {`
			`modules = [`
			`./hosts/containers/yggdrasil`
			`./lib/lxc-container.nix`
			`./lib/users/emery.nix`
yggdrasil: implement ospf, nat, name interfaces 2021-03-04 01:45:29 +01:00			`({ ... }: {`
			`nixpkgs.overlays = [ secrets.overlays.ospf ];`
			`})`
Add yggdrasil configurations 2021-03-03 16:20:17 +01:00			`];`
			`system = "x86_64-linux";`
			`};`

matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`matemat = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/matemat`
flake.nix: use flakified yammat 2021-03-10 01:54:28 +01:00			`yammat.nixosModule`
matemat: add secrets.nixosModules.admins to imports 2021-03-06 16:57:47 +01:00			`secrets.nixosModules.admins`
matemat: add auth 2021-03-06 02:28:46 +01:00			`({ ... }: {`
			`nixpkgs.overlays = [ secrets.overlays.matemat ];`
			`})`
matemat: 🎆 init 2021-03-06 01:13:27 +01:00			`];`
			`system = "x86_64-linux";`
			`};`

scrape: migrate from krops to flakes 2021-03-06 02:57:35 +01:00			`scrape = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/scrape`
			`({ ... }: {`
			`nixpkgs.overlays = [ secrets.overlays.scrape ];`
			`})`
			`];`
scrape: convert scrapers to flake input 2021-03-06 03:11:43 +01:00			`extraArgs = { inherit scrapers; };`
scrape: migrate from krops to flakes 2021-03-06 02:57:35 +01:00			`system = "x86_64-linux";`
			`};`

dn42: flakify 2021-03-11 15:59:00 +01:00			`dn42 = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/dn42`
			`({ ... }: {`
			`nixpkgs.overlays = [ secrets.overlays.dn42 ];`
			`})`
			`];`
			`system = "x86_64-linux";`
			`};`

grafana: flakify 2021-03-11 16:40:39 +01:00			`grafana = nixosSystem' {`
			`modules = [`
			`./lib/lxc-container.nix`
			`./hosts/containers/grafana`
			`];`
			`system = "x86_64-linux";`
			`};`

Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00			`};`

Flakify glotzbert 2021-02-22 12:31:58 +01:00			`nixosModules.c3d2 = import ./lib;`
			`};`
server7: switch to flake, re-enable hydra 2020-03-25 19:52:13 +01:00			`}`