{ description = "C3D2 NixOS configurations"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/release-20.09"; secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"; yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix"; yammat.inputs.nixpkgs.follows = "nixpkgs"; scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git"; scrapers.flake = false; tigger.url = "github:astro/tigger"; tigger.flake = false; }; outputs = { self, nixpkgs, secrets, nixos-hardware, yammat, scrapers, tigger }: let forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]; hostRegistry = import ./host-registry.nix; in { overlay = import ./overlay; legacyPackages = forAllSystems (system: nixpkgs.legacyPackages.${system}.extend self.overlay); packages = forAllSystems (system: let pkgs = self.legacyPackages.${system}; mkDeploy = # Generate a small script for copying this flake to the # remote machine and bulding and switching there. # Can be run with nix run c3d2#deploy-… name: host: let target = "root@${host}"; in pkgs.writeScriptBin "${name}-nixos-rebuild" '' #!${pkgs.runtimeShell} set -ev nix-copy-closure --to ${target} ${secrets} nix-copy-closure --to ${target} ${self} if [ "$1" = "--flakify" ]; then shift exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command \"_NIXOS_REBUILD_REEXEC=1 nixos-rebuild --flake ${self}#${name} \"$@" else exec ssh -t ${target} nixos-rebuild --flake ${self}#${name} $@ fi ''; mkWake = name: pkgs.writeScriptBin "${name}-wake" '' #!${pkgs.runtimeShell} exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether} ''; # TODO: check if the ethernet address is reachable and if not, # execute wol on a machine in HQ. in { inherit (pkgs) bmxd; dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4; glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de"; glotzbert-wake = mkWake "glotzbert"; pulsebert-nixos-rebuild = mkDeploy "pulsebert" "pulsebert.hq.c3d2.de"; pulsebert-wake = mkWake "pulsebert"; yggdrasil-nixos-rebuild = mkDeploy "yggdrasil" "172.20.72.62"; freifunk-nixos-rebuild = mkDeploy "freifunk" "freifunk.core.zentralwerk.org"; matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4; scrape-nixos-rebuild = mkDeploy "scrape" hostRegistry.hosts.scrape.ip4; dn42-nixos-rebuild = mkDeploy "dn42" hostRegistry.hosts.dn42.ip4; grafana-nixos-rebuild = mkDeploy "grafana" "grafana.hq.c3d2.de"; hydra-nixos-rebuild = mkDeploy "hydra" hostRegistry.hosts.hydra.ip4; mucbot-nixos-rebuild = mkDeploy "mucbot" hostRegistry.hosts.mucbot.ip4; kibana-nixos-rebuild = mkDeploy "kibana" hostRegistry.hosts.kibana.ip4; }); nixosConfigurations = let nixosSystem' = # Our custom NixOS builder { extraArgs ? {}, ... }@args: nixpkgs.lib.nixosSystem (args // { extraArgs = extraArgs // { inherit hostRegistry; }; extraModules = [ self.nixosModules.c3d2 ({ pkgs, ... }: { nix = { package = pkgs.nixFlakes; extraOptions = "experimental-features = nix-command flakes"; }; nixpkgs.overlays = [ self.overlay ]; }) ]; }); in { dhcp = nixosSystem' { modules = [ ./hosts/containers/dhcp secrets.nixosModules.admins secrets.nixosModules.dhcp ]; system = "x86_64-linux"; }; freifunk = nixosSystem' { modules = [ ./hosts/containers/freifunk ({ ... }: { nixpkgs.overlays = with secrets.overlays; [ freifunk ospf ]; }) ]; system = "x86_64-linux"; }; glotzbert = nixosSystem' { modules = [ ./hosts/glotzbert nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd secrets.nixosModules.admins ]; system = "x86_64-linux"; }; pulsebert = nixosSystem' { modules = [ ./hosts/pulsebert secrets.nixosModules.dhcp ]; system = "aarch64-linux"; }; yggdrasil = nixosSystem' { modules = [ ./hosts/containers/yggdrasil ./lib/lxc-container.nix ./lib/users/emery.nix ({ ... }: { nixpkgs.overlays = [ secrets.overlays.ospf ]; }) ]; system = "x86_64-linux"; }; matemat = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/matemat yammat.nixosModule secrets.nixosModules.admins ({ ... }: { nixpkgs.overlays = [ secrets.overlays.matemat ]; }) ]; system = "x86_64-linux"; }; scrape = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/scrape ({ ... }: { nixpkgs.overlays = [ secrets.overlays.scrape ]; }) ]; extraArgs = { inherit scrapers; }; system = "x86_64-linux"; }; dn42 = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/dn42 ({ ... }: { nixpkgs.overlays = [ secrets.overlays.dn42 ]; }) ]; system = "x86_64-linux"; }; grafana = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/grafana ]; system = "x86_64-linux"; }; hydra = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/hydra ]; system = "x86_64-linux"; }; mucbot = nixosSystem' { modules = [ ./lib/lxc-container.nix "${tigger}/module.nix" { nixpkgs.overlays = [ secrets.overlays.mucbot ]; } ./hosts/containers/mucbot ]; extraArgs = { inherit tigger; }; system = "x86_64-linux"; }; kibana = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/kibana ]; system = "x86_64-linux"; }; }; nixosModules.c3d2 = import ./lib; }; }