nix-config/flake.nix

771 lines
22 KiB
Nix

{
description = "C3D2 NixOS configurations";
inputs = {
# use sandro's fork full with cherry-picked fixes
nixos.url = "github:SuperSandro2000/nixpkgs/nixos-22.11";
nixpkgs-mobilizon.url = "github:minijackson/nixpkgs/init-mobilizon";
nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware";
affection-src = {
url = "git+https://gitea.nek0.eu/nek0/affection";
inputs = {
nixpkgs.follows = "nixos";
flake-utils.follows = "flake-utils";
};
};
bevy-mandelbrot = {
# url = "github:matelab/bevy_mandelbrot";
url = "git+https://gitea.c3d2.de/astro/bevy-mandelbrot.git?ref=main";
inputs = {
naersk.follows = "naersk";
nixpkgs.follows = "nixos";
rust-overlay.follows = "rust-overlay";
};
};
bevy-julia = {
# url = "github:matelab/bevy_julia";
url = "git+https://gitea.c3d2.de/astro/bevy-julia.git?ref=main";
inputs = {
nixpkgs.follows = "nixos";
# breaks the build:
# naersk.follows = "naersk";
# naersk.inputs.nixpkgs.follows = "nixpkgs";
rust-overlay.follows = "rust-overlay";
};
};
caveman = {
url = "git+https://gitea.c3d2.de/astro/caveman.git?ref=main";
inputs = {
nixpkgs.follows = "nixos";
utils.follows = "flake-utils";
fenix.follows = "fenix";
fenix.inputs.nixpkgs.follows = "nixpkgs";
naersk.follows = "naersk";
naersk.inputs.nixpkgs.follows = "nixpkgs";
};
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixos";
};
flake-utils.url = "github:numtide/flake-utils";
harmonia = {
url = "github:helsinki-systems/harmonia";
flake = false;
};
heliwatch = {
url = "git+https://gitea.c3d2.de/astro/heliwatch.git";
inputs = {
fenix.follows = "fenix";
nixpkgs.follows = "nixos";
naersk.follows = "naersk";
utils.follows = "flake-utils";
};
};
hydra-ca.url = "github:mlabs-haskell/hydra/aciceri/ca-derivations";
microvm = {
url = "github:astro/microvm.nix";
inputs = {
nixpkgs.follows = "nixos";
flake-utils.follows = "flake-utils";
};
};
naersk = {
url = "github:nix-community/naersk";
inputs = {
nixpkgs.follows = "nixos";
};
};
oparl-scraper = {
url = "github:offenesdresden/ratsinfo-scraper/oparl";
flake = false;
};
openwrt = {
url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02";
flake = false;
};
openwrt-imagebuilder = {
url = "github:astro/nix-openwrt-imagebuilder";
inputs = {
nixpkgs.follows = "nixos";
};
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs = {
flake-utils.follows = "flake-utils";
nixpkgs.follows = "nixos";
};
};
scrapers = {
url = "git+https://gitea.c3d2.de/astro/scrapers.git";
flake = false;
};
skyflake = {
url = "github:astro/skyflake";
inputs = {
microvm.follows = "microvm";
nixpkgs.follows = "nixos";
};
};
sshlogd = {
url = "git+https://gitea.c3d2.de/astro/sshlogd.git?ref=main";
inputs = {
utils.follows = "flake-utils";
naersk.follows = "naersk";
nixpkgs.follows = "nixos";
fenix.follows = "fenix";
};
};
secrets = {
url = "git+ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git";
inputs = {
nixpkgs.follows = "nixos";
};
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs = {
nixpkgs.follows = "nixos";
nixpkgs-22_05.follows = "nixos";
};
};
spacemsg = {
url = "github:astro/spacemsg";
flake = false;
};
ticker = {
url = "git+https://gitea.c3d2.de/astro/ticker.git";
inputs = {
fenix.follows = "fenix";
# TODO: build regression in https://github.com/nix-community/naersk/commit/6944160c19cb591eb85bbf9b2f2768a935623ed3
# naersk.follows = "naersk";
nixpkgs.follows = "nixos";
utils.follows = "flake-utils";
};
};
tigger = {
url = "github:astro/tigger";
flake = false;
};
tracer = {
# url = "git+https://gitea.nek0.eu/nek0/tracer";
url = "git+https://gitea.c3d2.de/astro/tracer";
inputs = {
affection-src.follows = "affection-src";
nixpkgs.follows = "nixos";
flake-utils.follows = "flake-utils";
};
};
yammat = {
url = "git+https://gitea.c3d2.de/C3D2/yammat.git?ref=nix";
inputs.nixpkgs.follows = "nixos";
};
zentralwerk = {
url = "git+https://gitea.c3d2.de/zentralwerk/network.git";
inputs = {
nixpkgs.follows = "nixos";
openwrt.follows = "openwrt";
openwrt-imagebuilder.follows = "openwrt-imagebuilder";
};
};
};
outputs = inputs@{ self, fenix, harmonia, heliwatch, microvm, naersk, nixos, nixos-hardware, nixos-unstable, caveman, oparl-scraper, scrapers, secrets, skyflake, sshlogd, sops-nix, spacemsg, ticker, tigger, yammat, zentralwerk, ... }:
let
inherit (nixos) lib;
extractZwHosts = { hosts4, hosts6, ... }:
lib.recursiveUpdate (
builtins.foldl' (result: name:
lib.recursiveUpdate result {
"${name}".ip4 = hosts4."${name}";
}
) {} (builtins.attrNames hosts4)
) (
builtins.foldl' (result: ctx:
builtins.foldl' (result: name:
lib.recursiveUpdate result {
"${name}".ip6 = hosts6."${ctx}"."${name}";
}
) result (builtins.attrNames hosts6."${ctx}")
) {} (builtins.attrNames hosts6)
);
zwHostRegistry = {
hosts =
builtins.foldl' (result: net:
lib.recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net."${net}")
) {} [ "core" "cluster" "c3d2" "serv" "flpk" "pub" ];
};
extraHostRegistry.hosts = import ./host-registry.nix;
hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry;
in {
overlays = import ./overlays {
inherit nixos-unstable;
inherit (inputs) tracer bevy-mandelbrot bevy-julia;
};
legacyPackages = lib.attrsets.mapAttrs (system: pkgs:
pkgs.appendOverlays [
fenix.overlays.default
naersk.overlay
self.overlays
]) nixos.legacyPackages;
packages = import ./packages.nix { inherit hostRegistry inputs lib microvm secrets self; };
nixosConfigurations = let
nixosSystem' =
# Our custom NixOS builder
{ nixpkgs ? inputs.nixos, modules, extraArgs ? {}, specialArgs ? { }, system ? "x86_64-linux" }:
nixpkgs.lib.nixosSystem {
inherit specialArgs system;
modules = [
({ pkgs, ... }: {
_module.args = extraArgs // {
inherit hostRegistry inputs zentralwerk;
};
nixpkgs = {
overlays = [ self.overlay ];
};
})
self.nixosModules.c3d2
./modules/audio-server.nix
./modules/c3d2.nix
./modules/stats.nix
./modules/pi-sensors.nix
] ++ modules;
};
in {
auth = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/auth
];
# nixpkgs = inputs.nixos-unstable;
};
broker = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/broker
];
};
factorio = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/factorio
];
nixpkgs = inputs.nixos-unstable;
};
freifunk = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/freifunk
{
nixpkgs.overlays = with secrets.overlays; [
freifunk ospf
];
}
];
};
ftp = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/ftp
];
};
gitea = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/gitea
];
# nixpkgs = inputs.nixos-unstable;
};
glotzbert = nixosSystem' {
modules = [
./hosts/glotzbert
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
# TODO: migrate away from secrets repo
secrets.nixosModules.admins
];
};
hedgedoc = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/hedgedoc
];
# nixpkgs = inputs.nixos-unstable;
};
pulsebert = nixosSystem' {
modules = [
./hosts/pulsebert
# build: outputs.nixosConfigurations.pulsebert.config.system.build.sdImage
# run: unzstd -cd result/sd-image/nixos-sd-image-*-aarch64-linux.img.zst | pv -br | sudo dd bs=4M of=/dev/sdX
"${inputs.nixos-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel.nix"
{
nixpkgs = {
hostPlatform = "aarch64-linux";
# buildPlatform = "x86_64-linux";
};
}
];
# nixpkgs = inputs.nixos-unstable;
};
radiobert = nixosSystem' {
modules = [
({ modulesPath, ... }:
{
nixpkgs.overlays = [ heliwatch.overlay ];
})
./hosts/radiobert
];
system = "aarch64-linux";
};
nncp = nixosSystem' {
modules = [
self.nixosModules.microvm
self.nixosModules.nncp
./hosts/nncp
];
};
dacbert = nixosSystem' {
modules = [
nixos-hardware.nixosModules.raspberry-pi-4
self.nixosModules.rpi-netboot
./hosts/dacbert
];
system = "aarch64-linux";
};
rpi-netboot = nixosSystem' {
modules = [
{ _module.args = { inherit nixos; }; }
nixos-hardware.nixosModules.raspberry-pi-4
self.nixosModules.rpi-netboot
./hosts/rpi-netboot
];
system = "aarch64-linux";
};
schalter = nixosSystem' {
modules = [
"${nixos}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
({ lib, ... }: {
networking.hostName = "schalter";
hardware.enableRedistributableFirmware = true;
#networking.wireless.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
boot = {
loader = {
grub.enable = false;
raspberryPi = {
enable = true;
version = 1;
uboot.enable = false;
};
generic-extlinux-compatible.enable = lib.mkForce false;
};
# supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
tmpOnTmpfs = true;
};
nixpkgs.config.packageOverrides = pkgs: {
makeModulesClosure = x:
# prevent kernel install fail due to missing modules
pkgs.makeModulesClosure (x // { allowMissing = true; });
};
sdImage = {
compressImage = false;
imageBaseName = "schalter";
firmwareSize = 512;
};
nixpkgs.crossSystem = nixos.lib.systems.examples.raspberryPi;
})
];
system = "x86_64-linux";
};
matemat = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/matemat
yammat.nixosModule
# TODO: migrate away from secrets repo
secrets.nixosModules.admins
{ nixpkgs.overlays = [ secrets.overlays.matemat ]; }
];
};
scrape = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/scrape
{
nixpkgs.overlays = [ secrets.overlays.scrape ];
_module.args = { inherit scrapers; };
}
];
};
dn42 = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/dn42
{
nixpkgs.overlays = [ secrets.overlays.dn42 ];
}
];
};
grafana = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/grafana
];
# nixpkgs = nixos-unstable;
};
hydra = nixosSystem' {
modules = [
self.nixosModules.cluster
skyflake.nixosModules.default
(harmonia + "/module.nix")
./hosts/hydra
{
_module.args = {
inherit self;
inherit (inputs) hydra-ca;
};
}
];
# nixpkgs = nixos-unstable;
};
mucbot = nixosSystem' {
modules = [
{ _module.args = { inherit tigger; }; }
"${tigger}/module.nix"
{ nixpkgs.overlays = [ secrets.overlays.mucbot ]; }
./hosts/mucbot
self.nixosModules.cluster-options
];
};
public-access-proxy = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/public-access-proxy
];
};
ticker = nixosSystem' {
modules = [
self.nixosModules.microvm
ticker.nixosModules.ticker
./hosts/ticker
];
};
spaceapi = nixosSystem' {
modules = [
self.nixosModules.microvm
"${spacemsg}/spaceapi/module.nix"
./hosts/spaceapi
];
};
stream = nixosSystem' {
modules = [
self.nixosModules.cluster-options
./hosts/stream
];
};
mobilizon = nixosSystem' {
# TODO: pending https://github.com/NixOS/nixpkgs/pull/119132
nixpkgs = inputs.nixpkgs-mobilizon;
modules = [
self.nixosModules.microvm
./hosts/mobilizon
];
};
c3d2-web = nixosSystem' {
modules = [
{ _module.args = { inherit nixos; }; }
self.nixosModules.microvm
./hosts/c3d2-web
{ nixpkgs.overlays = [ secrets.overlays.c3d2-web ]; }
];
};
sdrweb = nixosSystem' {
modules = [
self.nixosModules.cluster-options
{ nixpkgs.overlays = [ secrets.overlays.mucbot ]; }
heliwatch.nixosModules.heliwatch
./hosts/sdrweb
];
# nixpkgs = nixos-unstable;
};
bind = nixosSystem' {
modules = [
{ nixpkgs.overlays = with secrets.overlays; [ bind ]; }
self.nixosModules.microvm
./hosts/bind
];
};
jabber = nixosSystem' {
modules = [
{ nixpkgs.overlays = with secrets.overlays; [ jabber ]; }
self.nixosModules.microvm
./hosts/jabber
];
};
blogs = nixosSystem' {
modules = [
self.nixosModules.plume
self.nixosModules.microvm
./hosts/blogs
];
};
server8 = nixosSystem' {
modules = [
./hosts/server8
self.nixosModules.cluster-network
self.nixosModules.cluster
skyflake.nixosModules.default
{ _module.args = { inherit self; }; }
];
};
server9 = nixosSystem' {
modules = [
./hosts/server9
microvm.nixosModules.host
self.nixosModules.microvm-host
self.nixosModules.cluster-network
self.nixosModules.cluster
skyflake.nixosModules.default
{ _module.args = { inherit self; }; }
];
};
server10 = nixosSystem' {
modules = [
./hosts/server10
microvm.nixosModules.host
self.nixosModules.microvm-host
self.nixosModules.cluster-network
self.nixosModules.cluster
skyflake.nixosModules.default
{ _module.args = { inherit self; }; }
];
};
oparl = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/oparl
{
_module.args = { inherit oparl-scraper; };
}
];
};
leon = nixosSystem' {
modules = [
self.nixosModules.cluster-options
./hosts/leon
];
};
leoncloud = nixosSystem' {
modules = [
self.nixosModules.cluster-options
./hosts/leoncloud
];
};
nfsroot = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/nfsroot
{
_module.args.tftproots = nixos.lib.filterAttrs (name: _:
builtins.match ".+-tftproot" name != null
) self.packages.x86_64-linux;
}
];
};
riscbert = nixosSystem' {
modules = [
nixos-hardware.nixosModules.starfive-visionfive-v1
./hosts/riscbert
{
nixpkgs.crossSystem = {
config = "riscv64-unknown-linux-gnu";
system = "riscv64-linux";
};
}
];
# nixpkgs = nixos-unstable;
system = "x86_64-linux";
};
direkthilfe = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/direkthilfe
];
};
mediawiki = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/mediawiki
];
# nixpkgs = nixos-unstable;
};
gnunet = nixosSystem' {
modules = [
self.nixosModules.cluster-options
./hosts/gnunet
];
# nixpkgs = nixos-unstable;
};
zengel = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/zengel
];
};
sshlog = nixosSystem' {
modules = [
self.nixosModules.cluster-options
sshlogd.nixosModule
./hosts/sshlog
];
};
network-homepage = nixosSystem' {
modules = [
self.nixosModules.microvm
./hosts/network-homepage
];
};
caveman = nixosSystem' {
modules = [
self.nixosModules.microvm
caveman.nixosModule
./hosts/caveman
];
};
owncast = nixosSystem' {
modules = [
self.nixosModules.cluster-options
./hosts/owncast
];
# nixpkgs = nixos-unstable;
};
prometheus = nixosSystem' {
modules = [
self.nixosModules.cluster-options
./hosts/prometheus
];
};
mastodon = nixosSystem' {
modules = [
self.nixosModules.cluster-options
./hosts/mastodon
];
};
};
nixosModules = {
c3d2 = {
imports = [
sops-nix.nixosModule
./modules/audio-server.nix
./modules/autoupdate.nix
./modules/backup.nix
./modules/c3d2.nix
./modules/nncp.nix
./modules/logging.nix
./modules/stats.nix
];
c3d2.hosts = hostRegistry.hosts;
c3d2.users = import ./users.nix;
c3d2.nncp.neigh = import ./modules/nncp-relays.nix;
};
cluster = ./modules/cluster;
cluster-options = ./modules/cluster/deployment-options.nix;
cluster-network = ./modules/cluster/network.nix;
microvm.imports = [
microvm.nixosModules.microvm
./modules/microvm.nix
];
microvm-host = ./modules/microvm-host.nix;
nncp = ./modules/nncp.nix;
plume = {
imports = [ ./modules/plume.nix ];
nixpkgs.overlays = [ fenix.overlays.default naersk.overlay ];
};
rpi-netboot = ./modules/rpi-netboot.nix;
};
# `nix develop`
devShell = lib.mapAttrs (system: sopsPkgs:
with nixos.legacyPackages.${system};
mkShell {
sopsPGPKeyDirs = [ "./keys" ];
nativeBuildInputs = [
sopsPkgs.sops-import-keys-hook
];
}
) sops-nix.packages;
hydraJobs =
builtins.mapAttrs (_: nixos.lib.hydraJob) (
builtins.mapAttrs (_: nixosSystem:
if nixosSystem.config ? microvm.declaredRunner
then nixosSystem.config.microvm.declaredRunner
else nixosSystem.config.system.build.toplevel
) self.nixosConfigurations
// nixos.lib.filterAttrs (name: attr:
(builtins.match ".+-tftproot" name != null && lib.isDerivation attr)
) self.packages.aarch64-linux
);
};
}