diff --git a/flake.lock b/flake.lock index 54094ed2..903525e7 100644 --- a/flake.lock +++ b/flake.lock @@ -23,10 +23,7 @@ }, "fenix_2": { "inputs": { - "nixpkgs": [ - "heliwatch", - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "rust-analyzer-src": "rust-analyzer-src_2" }, "locked": { @@ -68,10 +65,7 @@ }, "naersk": { "inputs": { - "nixpkgs": [ - "heliwatch", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1635444951, @@ -124,16 +118,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1641578038, - "narHash": "sha256-fE5tYnyxiAmgg4qJp7jcHxGcQIazhLY2AI89SInxOck=", + "lastModified": 1641528457, + "narHash": "sha256-FyU9E63n1W7Ql4pMnhW2/rO9OftWZ37pLppn/c1aisY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d89eab1e42717622cfdd5f43f3b99e8680bdb637", + "rev": "ff377a78794d412a35245e05428c8f95fef3951f", "type": "github" }, "original": { "owner": "nixos", - "ref": "release-21.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -186,6 +180,36 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1641550923, + "narHash": "sha256-vKd+7BWjZO6/p8kdP+szOfecJBw/zbWUWhNNoOx2PUU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9bc01c54624b128a9533f912849cd7f2d2bab9f2", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1641578038, + "narHash": "sha256-fE5tYnyxiAmgg4qJp7jcHxGcQIazhLY2AI89SInxOck=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d89eab1e42717622cfdd5f43f3b99e8680bdb637", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1637209424, "narHash": "sha256-oXw75hkCOVtoB+CEElWiTmkC1gNdL3jf0tG2GInytHA=", @@ -201,7 +225,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_5": { "locked": { "lastModified": 1638097282, "narHash": "sha256-EXCzj9b8X/lqDPJapxZThIOKL5ASbpsJZ+8L1LnY1ig=", @@ -217,7 +241,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_6": { "locked": { "lastModified": 1639061333, "narHash": "sha256-rG04piqc/mCGM+6IU0o1JRlH+iqwOXbuuqA1Wtszexw=", @@ -256,7 +280,7 @@ "heliwatch": "heliwatch", "naersk": "naersk_2", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_3", "nixpkgs-mobilizon": "nixpkgs-mobilizon", "nixpkgs-unstable": "nixpkgs-unstable", "scrapers": "scrapers", @@ -321,7 +345,7 @@ }, "secrets": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_4", "sops-nix": [ "sops-nix" ] @@ -342,7 +366,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1641374494, @@ -444,7 +468,7 @@ }, "zentralwerk": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_6", "nixpkgs-master": "nixpkgs-master", "openwrt": "openwrt" }, diff --git a/flake.nix b/flake.nix index 147b3301..3158cd7a 100644 --- a/flake.nix +++ b/flake.nix @@ -241,6 +241,13 @@ system = "x86_64-linux"; }; + nix-build = nixosSystem' { + modules = [ + ./hosts/containers/nix-build + ]; + system = "x86_64-linux"; + }; + pulsebert = nixosSystem' { modules = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" diff --git a/host-registry.nix b/host-registry.nix index c479fe89..0977a649 100644 --- a/host-registry.nix +++ b/host-registry.nix @@ -123,6 +123,8 @@ rec { gitea.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8MmjiiRmiyUqRYs5a07m7qKDwxh2NwvS2h7pm2b+zx"; dacbert.ip4 = "dacbert.hq.c3d2.de"; + + nix-build.ip4 = "172.22.99.156"; }; hqGlobal = builtins.attrNames hosts; diff --git a/hosts/containers/nix-build/configuration.nix b/hosts/containers/nix-build/default.nix similarity index 75% rename from hosts/containers/nix-build/configuration.nix rename to hosts/containers/nix-build/default.nix index fc5ac813..7c866211 100644 --- a/hosts/containers/nix-build/configuration.nix +++ b/hosts/containers/nix-build/default.nix @@ -1,6 +1,18 @@ -{ config, pkgs, ... }: +{ hostRegistry, zentralwerk, config, pkgs, lib, ... }: { + networking.hostName = "nix-build"; # Define your hostname. + networking.useDHCP = false; + networking.interfaces.enp6s18 = { + ipv4.addresses = [{ + address = hostRegistry.hosts.nix-build.ip4; + prefixLength = zentralwerk.lib.config.site.net.c3d2.subnet4Len; + }]; + useDHCP = false; + }; + networking.defaultGateway = "172.22.99.1"; + networking.firewall.allowedTCPPorts = [ 22 ]; + imports = [ ./hardware-configuration.nix ]; @@ -21,23 +33,15 @@ nix = { buildCores = 40; maxJobs = 4; - package = pkgs.nixUnstable; + package = lib.mkForce pkgs.nixUnstable; trustedUsers = [ "client" ]; extraOptions = '' builders-use-substitutes = true ''; }; - networking.hostName = "nix-build"; # Define your hostname. # time.timeZone = "Europe/Amsterdam"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.enp6s18.useDHCP = true; - environment.systemPackages = with pkgs; [ wget vim @@ -45,9 +49,7 @@ ]; services.openssh.enable = true; - services.openssh.permitRootLogin = "yes"; - - networking.firewall.allowedTCPPorts = [ 22 ]; + services.openssh.permitRootLogin = lib.mkForce "yes"; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions