Flakify glotzbert

README.md

@@ -1,7 +1,49 @@
+# Setup
+
+## Flakes
+
+Nix with flakes support is required. Run this in a shell…
+```
+# Enter a temporary shell with flakes support:
+nix-shell --packages nixFlakes
+
+# Set some configuration (do this only once):
+echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf
+
+# Add this repository to your local flake registry:
+nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config
+```
+
+…or set this to your NixOS configuration:
+```
+{ pkgs, ... }: {
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = "experimental-features = nix-command flakes";
+  };
+}
+```
+And add this repository to your local flake registry:
+```
+nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config
+```
+
 # Deployment
 
 Beide failen bei Activation des neuen Profils. (TODO)
 
+## Mit flakes
+
+### Remote deployment
+Use `nix run` with one of the deploy scripts exported by the flake,
+for example: `nix run c3d2#glotzbert-nixos-rebuild switch`. Use `nix flake show c3d2`
+to show what is available. Note that the deploy scripts only work if
+the target machines already has flakes enabled.
+
+### Local deployment
+
+Running `nixos-rebuild --flake c3d2 switch` on a machine should be sufficient
+to update that machine to the current configuration and Nixpkgs revision.
 
 ## Mit NixOps
 
@@ -55,10 +97,10 @@ This is necessary, so you can login to any machine with your gpg key.
 
 # Laptops / Desktops
 
-This repository contains a NixOS module that can be used with personal machines 
-as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of 
-registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6 
-addresses local to HQ. Simply import the `lib` directory to use the module. As 
+This repository contains a NixOS module that can be used with personal machines
+as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
+registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
+addresses local to HQ. Simply import the `lib` directory to use the module. As
 an example:
 
 ```nix

flake.nix

@@ -9,33 +9,65 @@
     };
   };
 
-  outputs = { self, nixpkgs, secrets }: {
+  outputs = { self, nixpkgs, secrets }:
+    let
+      forAllSystems = f:
+        nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
+        (system: f system);
+    in {
 
-    nixosConfigurations = {
+      inherit (nixpkgs) legacyPackages;
+
+      packages = forAllSystems (system:
+        let
+          hostRegistry = import ./host-registry.nix;
+          pkgs = self.legacyPackages.${system};
+          mkDeploy =
+            # Generate a small script for copying this flake to the
+            # remote machine and bulding and switching there.
+            # Can be run with nix run c3d2#deploy-…
+            name: host:
+            let target = "root@${host}";
+            in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
+              #!${pkgs.runtimeShell}
+              set -ev
+              nix-copy-closure --to ${target} ${self}
+              exec ssh -t ${target} \
+                nix shell \
+                  ${self}#nixosConfigurations.${name}.config.system.build.toplevel \
+                  --command switch-to-configuration $@
+            '';
+        in {
+          glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
+          glotzbert-wake = pkgs.writeScriptBin "glotzbert-wake" ''
+            #!${pkgs.runtimeShell}
+            exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.glotzbert.ether}
+          '';
+        });
+
+      nixosConfigurations = let
+        nixosSystem' =
+          # Our custom NixOS builder
+          { system ? "x86_64-linux", ... }@args:
+          nixpkgs.lib.nixosSystem (args // {
+            inherit system;
+            extraModules = [
+              self.nixosModules.c3d2
+              ({ pkgs, ... }: {
+                nix = {
+                  package = pkgs.nixFlakes;
+                  extraOptions = "experimental-features = nix-command flakes";
+                };
+              })
+            ];
+          });
+      in {
+
+        glotzbert = nixosSystem' { modules = [ ./hosts/glotzbert ]; };
 
-      glotzbert = nixpkgs.lib.nixosSystem {
-        modules = [ ./hosts/glotzbert/configuration.nix ];
-        system = "x86_64-linux";
       };
 
-      hydra = nixpkgs.lib.nixosSystem {
-        modules = [ ./hosts/hydra/configuration.nix ];
-        system = "x86_64-linux";
-      };
-
-      kibana = nixpkgs.lib.nixosSystem {
-        modules = [ ./hosts/containers/kibana/configuration.nix ];
-        system = "x86_64-linux";
-      };
-
-      pulsebert = nixpkgs.lib.nixosSystem {
-        modules = [ ./hosts/pulsebert/configuration.nix ];
-        system = "aarch64-linux";
-      };
+      nixosModules.c3d2 = import ./lib;
 
     };
-
-    nixosModules.c3d2 = import ./lib;
-
-  };
 }

host-registry.nix

@@ -8,8 +8,11 @@ rec {
     scrape = { };
     ledstripes = { };
 
-    glotzbert.publicKey =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
+    glotzbert = {
+      ether = "ec:a8:6b:fe:b4:cb";
+      publicKey =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
+    };
 
     hydra.publicKey =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";

hosts/glotzbert/default.nix

@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 {
-  imports = [ <this-host/hardware-configuration.nix> <lib> ];
+  imports = [ ./hardware-configuration.nix ];
 
   c3d2 = {
     users.k-ot = true;
@@ -23,13 +23,8 @@
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
   networking.hostName = "glotzbert"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
   networking.interfaces.eno1.useDHCP = true;
 
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
   # Select internationalisation properties.
   console = {
     font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
@@ -37,11 +32,6 @@
   };
   i18n.defaultLocale = "en_US.UTF-8";
 
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
   environment.systemPackages = with pkgs; [
     wget
     vim
@@ -67,25 +57,12 @@
     };
   };
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
-
-  # List services that you want to enable:
-
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   networking.firewall.enable = false;
 
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
   # Enable sound.
   sound.enable = true;
   hardware.pulseaudio = {
@@ -107,6 +84,11 @@
     '';
   };
 
+  services.wakeonlan.interfaces = [{
+    inherit (config.c3d2.hq) interface;
+    method = "magicpacket";
+  }];
+
   # Enable the X11 windowing system.
   services.xserver.enable = true;
   services.xserver.layout = "de";

lib/default.nix

@@ -265,6 +265,8 @@ in {
       }
     '';
 
+    time.timeZone = lib.mkDefault "Europe/Berlin";
+
   };
 
   meta.maintainers = with lib.maintainers; [ ehmry ];