{ description = "C3D2 NixOS configurations"; inputs = { # use sandro's fork full with cherry-picked fixes nixos.url = "github:SuperSandro2000/nixpkgs/nixos-22.11"; nixos-mobilizon.url = "github:minijackson/nixpkgs/init-mobilizon"; nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-unstable-simd.url = "github:SuperSandro2000/nixpkgs/nixos-unstable-simd"; affection-src = { url = "git+https://gitea.nek0.eu/nek0/affection"; inputs = { nixpkgs.follows = "nixos"; flake-utils.follows = "flake-utils"; }; }; bevy-mandelbrot = { # url = "github:matelab/bevy_mandelbrot"; url = "git+https://gitea.c3d2.de/astro/bevy-mandelbrot.git?ref=main"; inputs = { naersk.follows = "naersk"; nixpkgs.follows = "nixos"; rust-overlay.follows = "rust-overlay"; }; }; bevy-julia = { # url = "github:matelab/bevy_julia"; url = "git+https://gitea.c3d2.de/astro/bevy-julia.git?ref=main"; inputs = { nixpkgs.follows = "nixos"; # breaks the build: # naersk.follows = "naersk"; # naersk.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.follows = "rust-overlay"; }; }; caveman = { url = "git+https://gitea.c3d2.de/astro/caveman.git?ref=main"; inputs = { nixpkgs.follows = "nixos"; utils.follows = "flake-utils"; fenix.follows = "fenix"; fenix.inputs.nixpkgs.follows = "nixpkgs"; naersk.follows = "naersk"; naersk.inputs.nixpkgs.follows = "nixpkgs"; }; }; fenix = { url = "github:nix-community/fenix"; inputs.nixpkgs.follows = "nixos"; }; flake-utils.url = "github:numtide/flake-utils"; harmonia = { url = "github:helsinki-systems/harmonia"; flake = false; }; heliwatch = { url = "git+https://gitea.c3d2.de/astro/heliwatch.git"; inputs = { fenix.follows = "fenix"; nixpkgs.follows = "nixos"; naersk.follows = "naersk"; utils.follows = "flake-utils"; }; }; hydra-ca.url = "github:mlabs-haskell/hydra/aciceri/ca-derivations"; microvm = { url = "github:astro/microvm.nix"; inputs = { nixpkgs.follows = "nixos"; flake-utils.follows = "flake-utils"; }; }; naersk = { url = "github:nix-community/naersk"; inputs = { nixpkgs.follows = "nixos"; }; }; oparl-scraper = { url = "github:offenesdresden/ratsinfo-scraper/oparl"; flake = false; }; openwrt = { url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02"; flake = false; }; openwrt-imagebuilder = { url = "github:astro/nix-openwrt-imagebuilder"; inputs = { nixpkgs.follows = "nixos"; }; }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs = { flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixos"; }; }; scrapers = { url = "git+https://gitea.c3d2.de/astro/scrapers.git"; flake = false; }; skyflake = { url = "github:astro/skyflake"; inputs = { microvm.follows = "microvm"; nixpkgs.follows = "nixos"; }; }; sshlogd = { url = "git+https://gitea.c3d2.de/astro/sshlogd.git?ref=main"; inputs = { utils.follows = "flake-utils"; naersk.follows = "naersk"; nixpkgs.follows = "nixos"; fenix.follows = "fenix"; }; }; secrets = { url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"; inputs = { nixpkgs.follows = "nixos"; }; }; sops-nix = { url = "github:Mic92/sops-nix"; inputs = { nixpkgs.follows = "nixos"; nixpkgs-22_05.follows = "nixos"; }; }; spacemsg = { url = "github:astro/spacemsg"; flake = false; }; ticker = { url = "git+https://gitea.c3d2.de/astro/ticker.git"; inputs = { fenix.follows = "fenix"; # TODO: build regression in https://github.com/nix-community/naersk/commit/6944160c19cb591eb85bbf9b2f2768a935623ed3 # naersk.follows = "naersk"; nixpkgs.follows = "nixos"; utils.follows = "flake-utils"; }; }; tigger = { url = "github:astro/tigger"; flake = false; }; tracer = { # url = "git+https://gitea.nek0.eu/nek0/tracer"; url = "git+https://gitea.c3d2.de/astro/tracer"; inputs = { affection-src.follows = "affection-src"; nixpkgs.follows = "nixos"; flake-utils.follows = "flake-utils"; }; }; yammat = { url = "git+https://gitea.c3d2.de/C3D2/yammat.git?ref=nix"; inputs.nixpkgs.follows = "nixos"; }; zentralwerk = { url = "git+https://gitea.c3d2.de/zentralwerk/network.git"; inputs = { nixpkgs.follows = "nixos"; openwrt.follows = "openwrt"; openwrt-imagebuilder.follows = "openwrt-imagebuilder"; }; }; }; outputs = inputs@{ self, fenix, harmonia, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, nixos-unstable-simd, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }: let inherit (nixos) lib; extractZwHosts = { hosts4, hosts6, ... }: lib.recursiveUpdate ( builtins.foldl' (result: name: lib.recursiveUpdate result { "${name}".ip4 = hosts4."${name}"; } ) {} (builtins.attrNames hosts4) ) ( builtins.foldl' (result: ctx: builtins.foldl' (result: name: lib.recursiveUpdate result { "${name}".ip6 = hosts6."${ctx}"."${name}"; } ) result (builtins.attrNames hosts6."${ctx}") ) {} (builtins.attrNames hosts6) ); zwHostRegistry = { hosts = builtins.foldl' (result: net: lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}") ) {} [ "core" "cluster" "c3d2" "serv" "flpk" "pub" ]; }; extraHostRegistry.hosts = import ./host-registry.nix; hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry; # Our custom NixOS builder nixosSystem' = { nixpkgs ? inputs.nixos , modules , extraArgs ? { } , specialArgs ? { } , system ? "x86_64-linux" }@args: { inherit args; } // nixpkgs.lib.nixosSystem { inherit specialArgs system; modules = [ ({ ... }: { _module.args = extraArgs // { inherit hostRegistry inputs zentralwerk; }; nixpkgs = { overlays = [ self.overlays ]; }; }) self.nixosModules.c3d2 ./modules/audio-server.nix ./modules/c3d2.nix ./modules/stats.nix ./modules/pi-sensors.nix ] ++ modules; }; in { overlays = import ./overlays { inherit nixos-unstable; inherit (inputs) tracer bevy-mandelbrot bevy-julia; }; legacyPackages = lib.attrsets.mapAttrs (_: pkgs: pkgs.appendOverlays [ fenix.overlays.default naersk.overlay self.overlays ]) nixos.legacyPackages; packages = import ./packages.nix { inherit hostRegistry inputs lib microvm secrets self; }; nixosConfigurations = { auth = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/auth ]; # nixpkgs = inputs.nixos-unstable; }; broker = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/broker ]; }; factorio = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/factorio ]; nixpkgs = inputs.nixos-unstable; }; freifunk = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/freifunk { nixpkgs.overlays = with secrets.overlays; [ freifunk ospf ]; } ]; }; ftp = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/ftp ]; }; gitea = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/gitea ]; # nixpkgs = inputs.nixos-unstable; }; glotzbert = nixosSystem' { modules = [ ./hosts/glotzbert nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-pc-ssd # TODO: migrate away from secrets repo secrets.nixosModules.admins ]; }; hedgedoc = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/hedgedoc ]; # nixpkgs = inputs.nixos-unstable; }; pulsebert = nixosSystem' { modules = [ ./hosts/pulsebert # build: outputs.nixosConfigurations.pulsebert.config.system.build.sdImage # run: unzstd -cd result/sd-image/nixos-sd-image-*-aarch64-linux.img.zst | pv -br | sudo dd bs=4M of=/dev/sdX "${inputs.nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel.nix" { nixpkgs = { hostPlatform = "aarch64-linux"; # buildPlatform = "x86_64-linux"; }; } ]; # nixpkgs = inputs.nixos-unstable; }; radiobert = nixosSystem' { modules = [ ({ ... }: { nixpkgs.overlays = [ heliwatch.overlay ]; }) ./hosts/radiobert ]; system = "aarch64-linux"; }; nncp = nixosSystem' { modules = [ self.nixosModules.microvm self.nixosModules.nncp ./hosts/nncp ]; }; dacbert = nixosSystem' { modules = [ nixos-hardware.nixosModules.raspberry-pi-4 self.nixosModules.rpi-netboot ./hosts/dacbert ]; system = "aarch64-linux"; }; rpi-netboot = nixosSystem' { modules = [ { _module.args = { inherit nixos; }; } nixos-hardware.nixosModules.raspberry-pi-4 self.nixosModules.rpi-netboot ./hosts/rpi-netboot ]; system = "aarch64-linux"; }; schalter = nixosSystem' { modules = [ "${nixos}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" ({ lib, ... }: { networking.hostName = "schalter"; hardware.enableRedistributableFirmware = true; #networking.wireless.enable = true; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; boot = { loader = { grub.enable = false; raspberryPi = { enable = true; version = 1; uboot.enable = false; }; generic-extlinux-compatible.enable = lib.mkForce false; }; # supportedFilesystems = lib.mkForce [ "vfat" "ext4" ]; tmpOnTmpfs = true; }; nixpkgs.config.packageOverrides = pkgs: { makeModulesClosure = x: # prevent kernel install fail due to missing modules pkgs.makeModulesClosure (x // { allowMissing = true; }); }; sdImage = { compressImage = false; imageBaseName = "schalter"; firmwareSize = 512; }; nixpkgs.crossSystem = nixos.lib.systems.examples.raspberryPi; }) ]; system = "x86_64-linux"; }; matemat = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/matemat yammat.nixosModule # TODO: migrate away from secrets repo secrets.nixosModules.admins { nixpkgs.overlays = [ secrets.overlays.matemat ]; } ]; }; scrape = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/scrape { nixpkgs.overlays = [ secrets.overlays.scrape ]; _module.args = { inherit scrapers; }; } ]; }; dn42 = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/dn42 { nixpkgs.overlays = [ secrets.overlays.dn42 ]; } ]; }; grafana = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/grafana ]; # nixpkgs = nixos-unstable; }; hydra = nixosSystem' { modules = [ self.nixosModules.cluster skyflake.nixosModules.default (harmonia + "/module.nix") ./hosts/hydra { _module.args = { inherit self; inherit (inputs) hydra-ca; }; } ]; # nixpkgs = nixos-unstable; }; mucbot = nixosSystem' { modules = [ { _module.args = { inherit tigger; }; } "${tigger}/module.nix" { nixpkgs.overlays = [ secrets.overlays.mucbot ]; } ./hosts/mucbot self.nixosModules.cluster-options ]; }; public-access-proxy = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/public-access-proxy ]; }; ticker = nixosSystem' { modules = [ self.nixosModules.microvm ticker.nixosModules.ticker ./hosts/ticker ]; }; spaceapi = nixosSystem' { modules = [ self.nixosModules.microvm "${spacemsg}/spaceapi/module.nix" ./hosts/spaceapi ]; }; stream = nixosSystem' { modules = [ self.nixosModules.cluster-options ./hosts/stream ]; }; mobilizon = nixosSystem' { # TODO: pending https://github.com/NixOS/nixpkgs/pull/119132 nixpkgs = inputs.nixos-mobilizon; modules = [ self.nixosModules.microvm ./hosts/mobilizon ]; }; c3d2-web = nixosSystem' { modules = [ { _module.args = { inherit nixos; }; } self.nixosModules.microvm ./hosts/c3d2-web { nixpkgs.overlays = [ secrets.overlays.c3d2-web ]; } ]; }; sdrweb = nixosSystem' { modules = [ self.nixosModules.cluster-options { nixpkgs.overlays = [ secrets.overlays.mucbot ]; } heliwatch.nixosModules.heliwatch ./hosts/sdrweb ]; # nixpkgs = nixos-unstable; }; bind = nixosSystem' { modules = [ { nixpkgs.overlays = with secrets.overlays; [ bind ]; } self.nixosModules.microvm ./hosts/bind ]; }; jabber = nixosSystem' { modules = [ { nixpkgs.overlays = with secrets.overlays; [ jabber ]; } self.nixosModules.microvm ./hosts/jabber ]; }; blogs = nixosSystem' { modules = [ self.nixosModules.plume self.nixosModules.microvm ./hosts/blogs ]; }; server8 = nixosSystem' { modules = [ ./hosts/server8 self.nixosModules.cluster-network self.nixosModules.cluster skyflake.nixosModules.default { _module.args = { inherit self; }; } ]; }; server9 = nixosSystem' { modules = [ ./hosts/server9 microvm.nixosModules.host self.nixosModules.microvm-host self.nixosModules.cluster-network self.nixosModules.cluster skyflake.nixosModules.default { _module.args = { inherit self; }; } ]; }; server10 = nixosSystem' { modules = [ ./hosts/server10 microvm.nixosModules.host self.nixosModules.microvm-host self.nixosModules.cluster-network self.nixosModules.cluster skyflake.nixosModules.default { _module.args = { inherit self; }; } ]; }; oparl = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/oparl { _module.args = { inherit oparl-scraper; }; } ]; }; leon = nixosSystem' { modules = [ self.nixosModules.cluster-options ./hosts/leon ]; }; leoncloud = nixosSystem' { modules = [ self.nixosModules.cluster-options ./hosts/leoncloud ]; }; nfsroot = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/nfsroot { _module.args.tftproots = nixos.lib.filterAttrs (name: _: builtins.match ".+-tftproot" name != null ) self.packages.x86_64-linux; } ]; }; riscbert = nixosSystem' { modules = [ nixos-hardware.nixosModules.starfive-visionfive-v1 ./hosts/riscbert { nixpkgs.crossSystem = { config = "riscv64-unknown-linux-gnu"; system = "riscv64-linux"; }; } ]; # nixpkgs = nixos-unstable; system = "x86_64-linux"; }; direkthilfe = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/direkthilfe ]; }; mediawiki = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/mediawiki ]; # nixpkgs = nixos-unstable; }; gnunet = nixosSystem' { modules = [ self.nixosModules.cluster-options ./hosts/gnunet ]; # nixpkgs = nixos-unstable; }; zengel = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/zengel ]; }; sshlog = nixosSystem' { modules = [ self.nixosModules.cluster-options sshlogd.nixosModule ./hosts/sshlog ]; }; network-homepage = nixosSystem' { modules = [ self.nixosModules.microvm ./hosts/network-homepage ]; }; caveman = nixosSystem' { modules = [ self.nixosModules.microvm caveman.nixosModule ./hosts/caveman ]; }; owncast = nixosSystem' { modules = [ self.nixosModules.cluster-options ./hosts/owncast ]; # nixpkgs = nixos-unstable; }; prometheus = nixosSystem' { modules = [ self.nixosModules.cluster-options ./hosts/prometheus ]; }; mastodon = nixosSystem' { modules = [ self.nixosModules.cluster-options ./hosts/mastodon ]; }; }; nixosModules = { c3d2 = { imports = [ sops-nix.nixosModule ./modules/audio-server.nix ./modules/autoupdate.nix ./modules/backup.nix ./modules/c3d2.nix ./modules/nncp.nix ./modules/logging.nix ./modules/stats.nix ]; c3d2.hosts = hostRegistry.hosts; c3d2.users = import ./users.nix; c3d2.nncp.neigh = import ./modules/nncp-relays.nix; }; cluster = ./modules/cluster; cluster-options = ./modules/cluster/deployment-options.nix; cluster-network = ./modules/cluster/network.nix; microvm.imports = [ microvm.nixosModules.microvm ./modules/microvm.nix ]; microvm-host = ./modules/microvm-host.nix; nncp = ./modules/nncp.nix; plume = { imports = [ ./modules/plume.nix ]; nixpkgs.overlays = [ fenix.overlays.default naersk.overlay ]; }; rpi-netboot = ./modules/rpi-netboot.nix; }; # `nix develop` devShell = lib.mapAttrs (system: sopsPkgs: with nixos.legacyPackages.${system}; mkShell { sopsPGPKeyDirs = [ "./keys" ]; nativeBuildInputs = [ sopsPkgs.sops-import-keys-hook ]; } ) sops-nix.packages; hydraJobs = lib.mapAttrs (_: nixos.lib.hydraJob) ( let getBuildEntryPoint = _: nixosSystem: nixosSystem.config.microvm.declaredRunner or nixosSystem.config.system.build.toplevel; in lib.mapAttrs getBuildEntryPoint self.nixosConfigurations // lib.mapAttrs' (hostname: nixosSystem: lib.nameValuePair (hostname + "-simd") (getBuildEntryPoint null (nixosSystem' (nixosSystem.args // (with nixosSystem.args; { modules = modules ++ [ { c3d2.simd.enable = lib.mkForce true; } ]; nixpkgs = nixos-unstable-simd; })))) ) self.nixosConfigurations // nixos.lib.filterAttrs (name: attr: (builtins.match ".+-tftproot" name != null && lib.isDerivation attr) ) self.packages.aarch64-linux ); }; }