c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity
nix-config/flake.nix

269 lines
7.8 KiB
Nix
Raw Blame History

{
description = "C3D2 NixOS configurations";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/release-21.05";
secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";
yammat.inputs.nixpkgs.follows = "nixpkgs";
scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git";
scrapers.flake = false;
tigger.url = "github:astro/tigger";
tigger.flake = false;
};
outputs = { self, nixpkgs, secrets, nixos-hardware, yammat, scrapers, tigger }:
let
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
hostRegistry = import ./host-registry.nix;
in {
overlay = import ./overlay;
legacyPackages = forAllSystems
(system: nixpkgs.legacyPackages.${system}.extend self.overlay);
packages = forAllSystems (system:
let
pkgs = self.legacyPackages.${system};
mkDeploy =
# Generate a small script for copying this flake to the
# remote machine and bulding and switching there.
# Can be run with nix run c3d2#deploy-…
{ name
, host ? "${name}.hq.c3d2.de"
# remote builders to pass
, builders ? null
}:
let target = "root@${host}";
rebuildArg =
"--flake ${self}#${name}" +
(if builders != null
then " --builders \"" +
builtins.concatStringsSep " " builders +
"\""
else "");
in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
#!${pkgs.runtimeShell} -e
nix-copy-closure --to ${target} ${secrets}
nix-copy-closure --to ${target} ${self}
if [ "$1" = "--flakify" ]; then
shift
exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command '_NIXOS_REBUILD_REEXEC=1 nixos-rebuild ${rebuildArg} '$@"
else
exec ssh -t ${target} nixos-rebuild ${rebuildArg} $@
fi
'';
mkWake = name:
pkgs.writeScriptBin "${name}-wake" ''
#!${pkgs.runtimeShell}
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}
'';
# TODO: check if the ethernet address is reachable and if not,
# execute wol on a machine in HQ.
in {
inherit (pkgs) bmxd;
glotzbert-nixos-rebuild = mkDeploy { name = "glotzbert"; };
glotzbert-wake = mkWake "glotzbert";
pulsebert-nixos-rebuild = mkDeploy {
name = "pulsebert";
builders = [ "ssh://client@172.22.99.110" ];
};
pulsebert-wake = mkWake "pulsebert";
yggdrasil-nixos-rebuild = mkDeploy {
name = "yggdrasil";
host = "172.20.72.62";
};
freifunk-nixos-rebuild = mkDeploy {
name = "freifunk";
host = "freifunk.core.zentralwerk.dn42";
};
matemat-nixos-rebuild = mkDeploy {
name = "matemat";
};
scrape-nixos-rebuild = mkDeploy {
name = "scrape";
host = hostRegistry.hosts.scrape.ip4;
};
dn42-nixos-rebuild = mkDeploy {
name = "dn42";
};
grafana-nixos-rebuild = mkDeploy {
name = "grafana";
};
hydra-nixos-rebuild = mkDeploy {
name = "hydra";
host = hostRegistry.hosts.hydra.ip4;
};
mucbot-nixos-rebuild = mkDeploy {
name = "mucbot";
host = hostRegistry.hosts.mucbot.ip4;
};
kibana-nixos-rebuild = mkDeploy {
name = "kibana";
host = hostRegistry.hosts.kibana.ip4;
};
public-access-proxy-nixos-rebuild = mkDeploy {
name = "public-access-proxy";
host = hostRegistry.hosts.public-access-proxy.ip4;
};
});
nixosConfigurations = let
nixosSystem' =
# Our custom NixOS builder
{ extraArgs ? {}, ... }@args:
nixpkgs.lib.nixosSystem (args // {
extraArgs = extraArgs // {
inherit hostRegistry;
};
extraModules = [
self.nixosModules.c3d2
({ pkgs, ... }: {
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
};
nixpkgs.overlays = [ self.overlay ];
})
];
});
in {
freifunk = nixosSystem' {
modules = [
./hosts/containers/freifunk
({ ... }: {
nixpkgs.overlays = with secrets.overlays; [
freifunk ospf
];
})
];
system = "x86_64-linux";
};
glotzbert = nixosSystem' {
modules = [
./hosts/glotzbert
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
secrets.nixosModules.admins
];
system = "x86_64-linux";
};
pulsebert = nixosSystem' {
modules = [ ./hosts/pulsebert ];
system = "aarch64-linux";
};
yggdrasil = nixosSystem' {
modules = [
./hosts/containers/yggdrasil
./lib/lxc-container.nix
./lib/users/emery.nix
({ ... }: {
nixpkgs.overlays = [ secrets.overlays.ospf ];
})
];
system = "x86_64-linux";
};
matemat = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/matemat
yammat.nixosModule
secrets.nixosModules.admins
({ ... }: {
nixpkgs.overlays = [ secrets.overlays.matemat ];
})
];
system = "x86_64-linux";
};
scrape = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/scrape
({ ... }: {
nixpkgs.overlays = [ secrets.overlays.scrape ];
})
];
extraArgs = { inherit scrapers; };
system = "x86_64-linux";
};
dn42 = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/dn42
({ ... }: {
nixpkgs.overlays = [ secrets.overlays.dn42 ];
})
];
system = "x86_64-linux";
};
grafana = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/grafana
];
system = "x86_64-linux";
};
hydra = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/hydra
];
system = "x86_64-linux";
};
mucbot = nixosSystem' {
modules = [
./lib/lxc-container.nix
"${tigger}/module.nix"
{ nixpkgs.overlays = [ secrets.overlays.mucbot ]; }
./hosts/containers/mucbot
];
extraArgs = { inherit tigger; };
system = "x86_64-linux";
};
kibana = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/kibana
];
system = "x86_64-linux";
};
public-access-proxy = nixosSystem' {
modules = [
./lib/lxc-container.nix
./hosts/containers/public-access-proxy
];
system = "x86_64-linux";
};
};
nixosModules.c3d2 = import ./lib;
};
}
Reference in New Issue View Git Blame Copy Permalink