Flakify glotzbert
This commit is contained in:
parent
07c437c9ff
commit
cc1d97ba4f
50
README.md
50
README.md
|
@ -1,7 +1,49 @@
|
||||||
|
# Setup
|
||||||
|
|
||||||
|
## Flakes
|
||||||
|
|
||||||
|
Nix with flakes support is required. Run this in a shell…
|
||||||
|
```
|
||||||
|
# Enter a temporary shell with flakes support:
|
||||||
|
nix-shell --packages nixFlakes
|
||||||
|
|
||||||
|
# Set some configuration (do this only once):
|
||||||
|
echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf
|
||||||
|
|
||||||
|
# Add this repository to your local flake registry:
|
||||||
|
nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config
|
||||||
|
```
|
||||||
|
|
||||||
|
…or set this to your NixOS configuration:
|
||||||
|
```
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
nix = {
|
||||||
|
package = pkgs.nixFlakes;
|
||||||
|
extraOptions = "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
And add this repository to your local flake registry:
|
||||||
|
```
|
||||||
|
nix registry add c3d2 git+https://gitea.c3d2.de/C3D2/nix-config
|
||||||
|
```
|
||||||
|
|
||||||
# Deployment
|
# Deployment
|
||||||
|
|
||||||
Beide failen bei Activation des neuen Profils. (TODO)
|
Beide failen bei Activation des neuen Profils. (TODO)
|
||||||
|
|
||||||
|
## Mit flakes
|
||||||
|
|
||||||
|
### Remote deployment
|
||||||
|
Use `nix run` with one of the deploy scripts exported by the flake,
|
||||||
|
for example: `nix run c3d2#glotzbert-nixos-rebuild switch`. Use `nix flake show c3d2`
|
||||||
|
to show what is available. Note that the deploy scripts only work if
|
||||||
|
the target machines already has flakes enabled.
|
||||||
|
|
||||||
|
### Local deployment
|
||||||
|
|
||||||
|
Running `nixos-rebuild --flake c3d2 switch` on a machine should be sufficient
|
||||||
|
to update that machine to the current configuration and Nixpkgs revision.
|
||||||
|
|
||||||
## Mit NixOps
|
## Mit NixOps
|
||||||
|
|
||||||
|
@ -55,10 +97,10 @@ This is necessary, so you can login to any machine with your gpg key.
|
||||||
|
|
||||||
# Laptops / Desktops
|
# Laptops / Desktops
|
||||||
|
|
||||||
This repository contains a NixOS module that can be used with personal machines
|
This repository contains a NixOS module that can be used with personal machines
|
||||||
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
|
as well. This module appends `/etc/ssh/ssh_known_hosts` with the host keys of
|
||||||
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
|
registered HQ hosts, and optionally appends `/etc/hosts` with static IPv6
|
||||||
addresses local to HQ. Simply import the `lib` directory to use the module. As
|
addresses local to HQ. Simply import the `lib` directory to use the module. As
|
||||||
an example:
|
an example:
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
|
|
78
flake.nix
78
flake.nix
|
@ -9,33 +9,65 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, secrets }: {
|
outputs = { self, nixpkgs, secrets }:
|
||||||
|
let
|
||||||
|
forAllSystems = f:
|
||||||
|
nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
|
||||||
|
(system: f system);
|
||||||
|
in {
|
||||||
|
|
||||||
nixosConfigurations = {
|
inherit (nixpkgs) legacyPackages;
|
||||||
|
|
||||||
|
packages = forAllSystems (system:
|
||||||
|
let
|
||||||
|
hostRegistry = import ./host-registry.nix;
|
||||||
|
pkgs = self.legacyPackages.${system};
|
||||||
|
mkDeploy =
|
||||||
|
# Generate a small script for copying this flake to the
|
||||||
|
# remote machine and bulding and switching there.
|
||||||
|
# Can be run with nix run c3d2#deploy-…
|
||||||
|
name: host:
|
||||||
|
let target = "root@${host}";
|
||||||
|
in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
set -ev
|
||||||
|
nix-copy-closure --to ${target} ${self}
|
||||||
|
exec ssh -t ${target} \
|
||||||
|
nix shell \
|
||||||
|
${self}#nixosConfigurations.${name}.config.system.build.toplevel \
|
||||||
|
--command switch-to-configuration $@
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
|
||||||
|
glotzbert-wake = pkgs.writeScriptBin "glotzbert-wake" ''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.glotzbert.ether}
|
||||||
|
'';
|
||||||
|
});
|
||||||
|
|
||||||
|
nixosConfigurations = let
|
||||||
|
nixosSystem' =
|
||||||
|
# Our custom NixOS builder
|
||||||
|
{ system ? "x86_64-linux", ... }@args:
|
||||||
|
nixpkgs.lib.nixosSystem (args // {
|
||||||
|
inherit system;
|
||||||
|
extraModules = [
|
||||||
|
self.nixosModules.c3d2
|
||||||
|
({ pkgs, ... }: {
|
||||||
|
nix = {
|
||||||
|
package = pkgs.nixFlakes;
|
||||||
|
extraOptions = "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
});
|
||||||
|
in {
|
||||||
|
|
||||||
|
glotzbert = nixosSystem' { modules = [ ./hosts/glotzbert ]; };
|
||||||
|
|
||||||
glotzbert = nixpkgs.lib.nixosSystem {
|
|
||||||
modules = [ ./hosts/glotzbert/configuration.nix ];
|
|
||||||
system = "x86_64-linux";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
hydra = nixpkgs.lib.nixosSystem {
|
nixosModules.c3d2 = import ./lib;
|
||||||
modules = [ ./hosts/hydra/configuration.nix ];
|
|
||||||
system = "x86_64-linux";
|
|
||||||
};
|
|
||||||
|
|
||||||
kibana = nixpkgs.lib.nixosSystem {
|
|
||||||
modules = [ ./hosts/containers/kibana/configuration.nix ];
|
|
||||||
system = "x86_64-linux";
|
|
||||||
};
|
|
||||||
|
|
||||||
pulsebert = nixpkgs.lib.nixosSystem {
|
|
||||||
modules = [ ./hosts/pulsebert/configuration.nix ];
|
|
||||||
system = "aarch64-linux";
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModules.c3d2 = import ./lib;
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,8 +8,11 @@ rec {
|
||||||
scrape = { };
|
scrape = { };
|
||||||
ledstripes = { };
|
ledstripes = { };
|
||||||
|
|
||||||
glotzbert.publicKey =
|
glotzbert = {
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
|
ether = "ec:a8:6b:fe:b4:cb";
|
||||||
|
publicKey =
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
|
||||||
|
};
|
||||||
|
|
||||||
hydra.publicKey =
|
hydra.publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ <this-host/hardware-configuration.nix> <lib> ];
|
imports = [ ./hardware-configuration.nix ];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
users.k-ot = true;
|
users.k-ot = true;
|
||||||
|
@ -23,13 +23,8 @@
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
networking.hostName = "glotzbert"; # Define your hostname.
|
networking.hostName = "glotzbert"; # Define your hostname.
|
||||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
|
||||||
networking.interfaces.eno1.useDHCP = true;
|
networking.interfaces.eno1.useDHCP = true;
|
||||||
|
|
||||||
# Configure network proxy if necessary
|
|
||||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
|
||||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|
||||||
|
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
console = {
|
console = {
|
||||||
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
||||||
|
@ -37,11 +32,6 @@
|
||||||
};
|
};
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Berlin";
|
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
|
||||||
# $ nix search wget
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget
|
wget
|
||||||
vim
|
vim
|
||||||
|
@ -67,25 +57,12 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
|
||||||
# started in user sessions.
|
|
||||||
# programs.mtr.enable = true;
|
|
||||||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
||||||
|
|
||||||
# List services that you want to enable:
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
# Open ports in the firewall.
|
|
||||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
||||||
# Or disable the firewall altogether.
|
# Or disable the firewall altogether.
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
# Enable CUPS to print documents.
|
|
||||||
# services.printing.enable = true;
|
|
||||||
|
|
||||||
# Enable sound.
|
# Enable sound.
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
hardware.pulseaudio = {
|
hardware.pulseaudio = {
|
||||||
|
@ -107,6 +84,11 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.wakeonlan.interfaces = [{
|
||||||
|
inherit (config.c3d2.hq) interface;
|
||||||
|
method = "magicpacket";
|
||||||
|
}];
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
services.xserver.layout = "de";
|
services.xserver.layout = "de";
|
|
@ -265,6 +265,8 @@ in {
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
time.timeZone = lib.mkDefault "Europe/Berlin";
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
meta.maintainers = with lib.maintainers; [ ehmry ];
|
meta.maintainers = with lib.maintainers; [ ehmry ];
|
||||||
|
|
Loading…
Reference in New Issue