{ description = "C3D2 NixOS configurations"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/release-21.05"; nixpkgs-mobilizon.url = "github:minijackson/nixpkgs/init-mobilizon"; secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"; zentralwerk.url = "git+https://gitea.c3d2.de/zentralwerk/network.git"; yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix"; yammat.inputs.nixpkgs.follows = "nixpkgs"; scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git"; scrapers.flake = false; spacemsg.url = "github:astro/spacemsg"; spacemsg.flake = false; tigger.url = "github:astro/tigger"; tigger.flake = false; ticker.url = "git+https://gitea.c3d2.de/astro/ticker.git"; ticker.flake = false; }; outputs = inputs@{ self, nixpkgs, secrets, nixos-hardware, zentralwerk, yammat, scrapers, spacemsg, tigger, ticker, ... }: let forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]; inherit (nixpkgs.lib) recursiveUpdate; extractZwHosts = { hosts4, hosts6, ... }: recursiveUpdate ( builtins.foldl' (result: name: recursiveUpdate result { "${name}".ip4 = hosts4.${name}; } ) {} (builtins.attrNames hosts4) ) ( builtins.foldl' (result: ctx: builtins.foldl' (result: name: recursiveUpdate result { "${name}".ip6 = hosts6.${ctx}.${name}; } ) result (builtins.attrNames hosts6.${ctx}) ) {} (builtins.attrNames hosts6) ); zwHostRegistry = { hosts = builtins.foldl' (result: net: recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net.${net}) ) {} [ "core" "c3d2" "serv" ]; }; extraHostRegistry = import ./host-registry.nix; hostRegistry = nixpkgs.lib.recursiveUpdate zwHostRegistry extraHostRegistry; flakifiedHosts = nixpkgs.lib.filterAttrs (name: _: self.nixosConfigurations ? ${name}) hostRegistry.hosts; getHostAddr = name: let hostConf = hostRegistry.hosts.${name}; in if hostConf ? ip4 then hostConf.ip4 else if hostConf ? ip6 then hostConf.ip6 else null; in { overlay = import ./overlay; legacyPackages = forAllSystems (system: nixpkgs.legacyPackages.${system}.extend self.overlay); packages = forAllSystems (system: let pkgs = self.legacyPackages.${system}; mkDeploy = # Generate a small script for copying this flake to the # remote machine and bulding and switching there. # Can be run with nix run c3d2#deploy-… { name , host # remote builders to pass , builders ? null }: let target = "root@${host}"; rebuildArg = "--flake ${self}#${name}" + (if builders != null then " --builders \"" + builtins.concatStringsSep " " builders + "\"" else ""); in pkgs.writeScriptBin "${name}-nixos-rebuild" '' #!${pkgs.runtimeShell} -e nix-copy-closure --to ${target} ${secrets} nix-copy-closure --to ${target} ${self} if [ "$1" = "--flakify" ]; then shift exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command '_NIXOS_REBUILD_REEXEC=1 nixos-rebuild ${rebuildArg} '$@" else exec ssh -t ${target} nixos-rebuild ${rebuildArg} $@ fi ''; mkWake = name: pkgs.writeScriptBin "${name}-wake" '' #!${pkgs.runtimeShell} exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether} ''; # TODO: check if the ethernet address is reachable and if not, # execute wol on a machine in HQ. in { inherit (pkgs) bmxd openwebrx; list-upgradable = pkgs.writeScriptBin "list-upgradable" '' #! ${pkgs.runtimeShell} NORMAL="\033[0m" RED="\033[0;31m" YELLOW="\033[0;33m" GREEN="\033[0;32m" ${pkgs.lib.concatMapStringsSep "\n" (name: let addr = getHostAddr name; in nixpkgs.lib.optionalString (addr != null) '' echo -n -e "${name}: $RED" RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system") if [ $? = 0 ] && [ -n "$RUNNING" ]; then CURRENT=$(nix eval --raw ".#nixosConfigurations.${name}.config.system.build.toplevel" 2>/dev/null) RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev) CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev) if [ "$RUNNING" = "$CURRENT" ]; then echo -e "$GREEN"current"$NORMAL $RUNNING_VER" elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then echo -e "$GREEN"modified"$NORMAL $RUNNING_VER" else echo -e "$YELLOW"outdated"$NORMAL $RUNNING_VER < $CURRENT_VER" fi fi echo -n -e "$NORMAL" '') (builtins.attrNames flakifiedHosts)} ''; } // builtins.foldl' (result: host: result // { "${host}-wake" = mkWake host; }) {} (builtins.attrNames (nixpkgs.lib.filterAttrs (_: { wol ? false, ... }: wol) hostRegistry.hosts)) // builtins.foldl' (result: name: result // { "${name}-nixos-rebuild" = mkDeploy ({ inherit name; host = getHostAddr name; } // nixpkgs.lib.optionalAttrs (hostRegistry.hosts.${name} ? builders) { inherit (hostRegistry.hosts.${name}) builders; }); "${name}-nixos-rebuild-local" = let host = getHostAddr name; target = ''root@"${host}"''; profile = self.nixosConfigurations.${name}.config.system.build.toplevel; in pkgs.writeScriptBin "${name}-nixos-rebuild" '' #!${pkgs.runtimeShell} -e nix-copy-closure --to ${target} ${profile} exec ssh -t ${target} "${profile}/bin/switch-to-configuration $@" ''; }) {} (builtins.attrNames flakifiedHosts) // builtins.foldl' (result: host: result // { "${host}-sdImage" = self.nixosConfigurations.${host}.config.system.build.sdImage; }) {} (builtins.attrNames (nixpkgs.lib.filterAttrs (host: nixosConfiguration: nixosConfiguration.config.system.build ? sdImage ) self.nixosConfigurations)) ); nixosConfigurations = let nixosSystem' = # Our custom NixOS builder { nixpkgs ? inputs.nixpkgs, extraArgs ? {}, ... }@args: nixpkgs.lib.nixosSystem (nixpkgs.lib.filterAttrs (n: _: n != "nixpkgs") args // { extraArgs = extraArgs // { inherit hostRegistry inputs; }; extraModules = [ self.nixosModules.c3d2 ({ pkgs, ... }: { nix = { package = pkgs.nixFlakes; extraOptions = "experimental-features = nix-command flakes"; }; nixpkgs.overlays = [ self.overlay ]; }) ]; }); in { freifunk = nixosSystem' { modules = [ ./hosts/containers/freifunk ({ ... }: { nixpkgs.overlays = with secrets.overlays; [ freifunk ospf ]; }) ]; system = "x86_64-linux"; }; glotzbert = nixosSystem' { modules = [ ./hosts/glotzbert nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd secrets.nixosModules.admins ]; system = "x86_64-linux"; }; pulsebert = nixosSystem' { modules = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ./hosts/pulsebert ]; system = "aarch64-linux"; }; radiobert = nixosSystem' { modules = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ./hosts/radiobert ]; system = "aarch64-linux"; }; dacbert = nixosSystem' { modules = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ./hosts/dacbert ]; system = "aarch64-linux"; }; yggdrasil = nixosSystem' { modules = [ ./hosts/containers/yggdrasil ./lib/lxc-container.nix ./lib/users/emery.nix ({ ... }: { nixpkgs.overlays = [ secrets.overlays.ospf ]; }) ]; system = "x86_64-linux"; }; matemat = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/matemat yammat.nixosModule secrets.nixosModules.admins ({ ... }: { nixpkgs.overlays = [ secrets.overlays.matemat ]; }) ]; system = "x86_64-linux"; }; scrape = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/scrape ({ ... }: { nixpkgs.overlays = [ secrets.overlays.scrape ]; }) ]; extraArgs = { inherit scrapers; }; system = "x86_64-linux"; }; dn42 = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/dn42 ({ ... }: { nixpkgs.overlays = [ secrets.overlays.dn42 ]; }) ]; system = "x86_64-linux"; }; grafana = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/grafana ]; system = "x86_64-linux"; }; hydra = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/hydra ]; system = "x86_64-linux"; }; mucbot = nixosSystem' { modules = [ ./lib/lxc-container.nix "${tigger}/module.nix" { nixpkgs.overlays = [ secrets.overlays.mucbot ]; } ./hosts/containers/mucbot ]; extraArgs = { inherit tigger; }; system = "x86_64-linux"; }; kibana = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/kibana ]; system = "x86_64-linux"; }; public-access-proxy = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/public-access-proxy ]; system = "x86_64-linux"; }; ticker = nixosSystem' { modules = [ ./lib/lxc-container.nix "${ticker}/nixos-module.nix" ./hosts/containers/ticker ]; system = "x86_64-linux"; }; spaceapi = nixosSystem' { modules = [ ./lib/lxc-container.nix "${spacemsg}/spaceapi/module.nix" ./hosts/containers/spaceapi ]; system = "x86_64-linux"; }; stream = nixosSystem' { modules = [ ./lib/lxc-container.nix ./hosts/containers/stream ]; system = "x86_64-linux"; }; mobilizon = nixosSystem' { # TODO: pending https://github.com/NixOS/nixpkgs/pull/119132 nixpkgs = inputs.nixpkgs-mobilizon; modules = [ ./lib/lxc-container.nix ./hosts/containers/mobilizon ]; system = "x86_64-linux"; }; }; nixosModule = import ./lib; nixosModules.c3d2 = self.nixosModule; }; }