c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Tidy up flake.nix

This commit is contained in:
Ehmry - 2022-01-13 18:38:36 +01:00
parent ddc5a3f9a5
commit 594c5e357d
4 changed files with 48 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
flake.nix
View File

@ -30,20 +30,20 @@
outputs = inputs@{ self, nixpkgs, secrets, nixos-hardware, zentralwerk, yammat, scrapers, spacemsg, tigger, ticker, heliwatch, sops-nix, naersk, fenix, ... }:
let
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
inherit (nixpkgs) lib;
forAllSystems = lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
inherit (nixpkgs.lib) recursiveUpdate;
extractZwHosts = { hosts4, hosts6, ... }:
recursiveUpdate (
lib.recursiveUpdate (
builtins.foldl' (result: name:
recursiveUpdate result {
lib.recursiveUpdate result {
"${name}".ip4 = hosts4."${name}";
}
) {} (builtins.attrNames hosts4)
) (
builtins.foldl' (result: ctx:
builtins.foldl' (result: name:
recursiveUpdate result {
lib.recursiveUpdate result {
"${name}".ip6 = hosts6."${ctx}"."${name}";
}
) result (builtins.attrNames hosts6."${ctx}")
@ -52,11 +52,11 @@
zwHostRegistry = {
hosts =
builtins.foldl' (result: net:
recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}")
lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}")
) {} [ "core" "c3d2" "serv" ];
};
extraHostRegistry = import ./host-registry.nix;
hostRegistry = nixpkgs.lib.recursiveUpdate zwHostRegistry extraHostRegistry;
hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry;
flakifiedHosts = nixpkgs.lib.filterAttrs (name: _: self.nixosConfigurations ? "${name}") hostRegistry.hosts;
@ -70,18 +70,17 @@
then hostConf.ip6
else throw "Host ${name} has no ip4 or ip6 address";
in {
overlay = import ./overlay {
inherit naersk fenix;
};
overlay = import ./overlay;
legacyPackages = forAllSystems (system: nixpkgs.legacyPackages."${system}".extend self.overlay);
legacyPackages = lib.attrsets.mapAttrs
(system: pkgs: pkgs.appendOverlays
[ fenix.overlay naersk.overlay self.overlay ])
nixpkgs.legacyPackages;
packages = forAllSystems (system:
let
pkgs = self.legacyPackages."${system}";
overlayPkgs = self.overlay overlayPkgs pkgs;
in {
inherit (pkgs) bmxd;
packages = lib.attrsets.mapAttrs (system: pkgs:
let overlayPkgs = builtins.intersectAttrs (self.overlay {} {}) pkgs;
in overlayPkgs //
{
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
#! ${pkgs.runtimeShell}
@ -142,8 +141,6 @@
} //
overlayPkgs //
builtins.foldl' (result: host: result // {
# TODO: check if the ethernet address is reachable and if not,
# execute wol on a machine in HQ.
@ -189,12 +186,12 @@
}) {} (builtins.attrNames (nixpkgs.lib.filterAttrs (host: nixosConfiguration:
nixosConfiguration.config.system.build ? sdImage
) self.nixosConfigurations))
);
) self.legacyPackages;
nixosConfigurations = let
nixosSystem' =
# Our custom NixOS builder
{ nixpkgs ? inputs.nixpkgs, modules, extraArgs ? {}, system }:
{ nixpkgs ? inputs.nixpkgs, modules, extraArgs ? {}, system ? "x86_64-linux" }:
nixpkgs.lib.nixosSystem {
inherit system;
@ -215,13 +212,12 @@
freifunk = nixosSystem' {
modules = [
./hosts/containers/freifunk
(_: {
{
nixpkgs.overlays = with secrets.overlays; [
freifunk ospf
];
})
}
];
system = "x86_64-linux";
};
gitea = nixosSystem' {
@ -230,7 +226,6 @@
./lib/lxc-container.nix
./hosts/containers/gitea
];
system = "x86_64-linux";
};
glotzbert = nixosSystem' {
@ -243,14 +238,12 @@
sops.defaultSopsFile = "${secrets}/hosts/glotzbert/secrets.yaml";
}
];
system = "x86_64-linux";
};
nix-build = nixosSystem' {
modules = [
./hosts/containers/nix-build
];
system = "x86_64-linux";
};
pulsebert = nixosSystem' {
@ -263,11 +256,12 @@
radiobert = nixosSystem' {
modules = [
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
({ modulesPath, ... }:
{
imports = [ "${modulesPath}/installer/sd-card/sd-image-aarch64.nix" ];
nixpkgs.overlays = [ heliwatch.overlay ];
sops.defaultSopsFile = "${secrets}/hosts/radiobert/secrets.yaml";
}
})
./hosts/radiobert
];
system = "aarch64-linux";
@ -324,7 +318,6 @@
nixpkgs.overlays = [ secrets.overlays.ospf ];
})
];
system = "x86_64-linux";
};
matemat = nixosSystem' {
@ -337,19 +330,15 @@
nixpkgs.overlays = [ secrets.overlays.matemat ];
})
];
system = "x86_64-linux";
};
scrape = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/scrape
(_: {
nixpkgs.overlays = [ secrets.overlays.scrape ];
})
{ nixpkgs.overlays = [ secrets.overlays.scrape ]; }
];
extraArgs = { inherit scrapers; };
system = "x86_64-linux";
};
dn42 = nixosSystem' {
@ -361,7 +350,6 @@
sops.defaultSopsFile = "${secrets}/hosts/dn42/secrets.yaml";
}
];
system = "x86_64-linux";
};
grafana = nixosSystem' {
@ -369,7 +357,6 @@
./lib/lxc-container.nix
./hosts/containers/grafana
];
system = "x86_64-linux";
};
hydra = nixosSystem' {
@ -380,7 +367,6 @@
sops.defaultSopsFile = "${secrets}/hosts/hydra/secrets.yaml";
}
];
system = "x86_64-linux";
};
mucbot = nixosSystem' {
@ -391,7 +377,6 @@
./hosts/containers/mucbot
];
extraArgs = { inherit tigger; };
system = "x86_64-linux";
};
kibana = nixosSystem' {
@ -399,7 +384,6 @@
./lib/lxc-container.nix
./hosts/containers/kibana
];
system = "x86_64-linux";
};
public-access-proxy = nixosSystem' {
@ -410,7 +394,6 @@
extraArgs = {
inherit (self) nixosConfigurations;
};
system = "x86_64-linux";
};
ticker = nixosSystem' {
@ -419,7 +402,6 @@
"${ticker}/nixos-module.nix"
./hosts/containers/ticker
];
system = "x86_64-linux";
};
spaceapi = nixosSystem' {
@ -428,7 +410,6 @@
"${spacemsg}/spaceapi/module.nix"
./hosts/containers/spaceapi
];
system = "x86_64-linux";
};
stream = nixosSystem' {
@ -436,7 +417,6 @@
./lib/lxc-container.nix
./hosts/containers/stream
];
system = "x86_64-linux";
};
mobilizon = nixosSystem' {
@ -446,7 +426,6 @@
./lib/lxc-container.nix
./hosts/containers/mobilizon
];
system = "x86_64-linux";
};
mail = nixosSystem' {
@ -454,7 +433,6 @@
./lib/lxc-container.nix
./hosts/containers/mail
];
system = "x86_64-linux";
};
logging = nixosSystem' {
@ -462,34 +440,25 @@
./lib/lxc-container.nix
./hosts/containers/logging
];
system = "x86_64-linux";
};
keycloak = nixosSystem' {
modules = [
./lib/lxc-container.nix
(_: {
nixpkgs.overlays = with secrets.overlays; [
keycloak
];
})
./hosts/containers/keycloak
{ nixpkgs.overlays = with secrets.overlays; [ keycloak ]; }
];
system = "x86_64-linux";
};
c3d2-web = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/c3d2-web
(_: {
nixpkgs.overlays = [ secrets.overlays.c3d2-web ];
})
{ nixpkgs.overlays = [ secrets.overlays.c3d2-web ]; }
];
extraArgs = {
inherit nixpkgs;
};
system = "x86_64-linux";
};
sdrweb = nixosSystem' {
@ -499,44 +468,30 @@
heliwatch.nixosModules.heliwatch
./hosts/containers/sdrweb
];
system = "x86_64-linux";
};
bind = nixosSystem' {
modules = [
(_: {
nixpkgs.overlays = with secrets.overlays; [
bind
];
})
{ nixpkgs.overlays = with secrets.overlays; [ bind ]; }
./lib/lxc-container.nix
./hosts/containers/bind
];
system = "x86_64-linux";
};
jabber = nixosSystem' {
modules = [
(_: {
nixpkgs.overlays = with secrets.overlays; [
jabber
];
})
{ nixpkgs.overlays = with secrets.overlays; [ jabber ]; }
./lib/lxc-container.nix
./hosts/containers/jabber
];
system = "x86_64-linux";
};
storage-ng = nixosSystem' {
modules = [
./hosts/storage-ng
secrets.nixosModules.admins
{
sops.defaultSopsFile = "${secrets}/hosts/storage-ng/secrets.yaml";
}
{ sops.defaultSopsFile = "${secrets}/hosts/storage-ng/secrets.yaml"; }
];
system = "x86_64-linux";
};
blogs = nixosSystem' {
@ -544,18 +499,20 @@
self.nixosModules.plume
./lib/lxc-container.nix
./hosts/containers/blogs
{
sops.defaultSopsFile = "${secrets}/hosts/blogs/secrets.yaml";
}
{ sops.defaultSopsFile = "${secrets}/hosts/blogs/secrets.yaml"; }
];
system = "x86_64-linux";
};
};
nixosModule = { imports = [ sops-nix.nixosModule ./lib ]; };
nixosModules.c3d2 = self.nixosModule;
nixosModules.plume = import ./lib/plume.nix { inherit self; };
nixosModule.imports = [ sops-nix.nixosModule ./lib ];
nixosModules = {
c3d2 = self.nixosModule;
plume = {
imports = [ ./lib/plume.nix ];
nixpkgs.overlays = [ fenix.overlay naersk.overlay ];
};
};
hydraJobs = forAllSystems (system:
builtins.mapAttrs (_: nixpkgs.lib.hydraJob) (

4
lib/plume.nix
View File

@ -1,8 +1,6 @@
{ self }:
{ config, lib, pkgs, ... }:
let
plume = self.packages.${pkgs.system}.plume;
inherit (pkgs) plume;
cfg = config.services.plume;
in
{

6
overlay/default.nix
View File

@ -1,5 +1,3 @@
{ naersk, fenix }:
final: prev:
{
@ -17,7 +15,5 @@ final: prev:
readsb = prev.callPackage ./readsb.nix { };
plume = prev.callPackage ./plume {
inherit naersk fenix;
};
plume = prev.callPackage ./plume { };
}

16
overlay/plume/default.nix
View File

@ -1,25 +1,25 @@
{ naersk, fenix
, system, stdenv, fetchFromGitHub, buildEnv
, stdenv, fetchFromGitHub, buildEnv
, pkg-config, gettext, wasm-pack, wasm-bindgen-cli
, openssl, postgresql
}:
let
rust = fenix.packages.${system}.complete.withComponents [
rust = fenix.complete.withComponents [
"cargo"
"rustc"
];
naersk-lib = naersk.lib."${system}".override {
naersk' = naersk.override {
cargo = rust;
rustc = rust;
};
rust-wasm = with fenix.packages.${system};
rust-wasm = with fenix;
combine [
minimal.rustc
minimal.cargo
targets.wasm32-unknown-unknown.latest.rust-std
];
naersk-lib-wasm = naersk.lib."${system}".override {
naersk-wasm = naersk.override {
cargo = rust-wasm;
rustc = rust-wasm;
};
@ -52,7 +52,7 @@ let
installPhase = "cp -ar . $out";
};
plume = naersk-lib.buildPackage {
plume = naersk'.buildPackage {
pname = "plume";
inherit src version;
@ -73,7 +73,7 @@ let
};
};
plm = naersk-lib.buildPackage {
plm = naersk'.buildPackage {
pname = "plm";
root = src;
@ -87,7 +87,7 @@ let
cargoBuildOptions = x: x ++ [ "--package=plume-cli" ];
};
plume-front = naersk-lib-wasm.buildPackage {
plume-front = naersk-wasm.buildPackage {
pname = "plume-front";
root = src;
nativeBuildInputs = [