forked from c3d2/nix-config
305 lines
9.8 KiB
Nix
305 lines
9.8 KiB
Nix
{
|
|
description = "C3D2 NixOS configurations";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs/release-21.05";
|
|
secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
|
|
zentralwerk.url = "git+https://gitea.c3d2.de/zentralwerk/network.git";
|
|
yammat.url = "git+https://gitea.c3d2.de/astro/yammat.git?ref=nix";
|
|
yammat.inputs.nixpkgs.follows = "nixpkgs";
|
|
scrapers.url = "git+https://gitea.c3d2.de/astro/scrapers.git";
|
|
scrapers.flake = false;
|
|
tigger.url = "github:astro/tigger";
|
|
tigger.flake = false;
|
|
ticker.url = "git+https://gitea.c3d2.de/astro/ticker.git";
|
|
ticker.flake = false;
|
|
};
|
|
|
|
outputs = { self, nixpkgs, secrets, nixos-hardware, zentralwerk, yammat, scrapers, tigger, ticker }:
|
|
let
|
|
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ];
|
|
|
|
inherit (nixpkgs.lib) recursiveUpdate;
|
|
extractZwHosts = { hosts4, hosts6, ... }:
|
|
recursiveUpdate (
|
|
builtins.foldl' (result: name:
|
|
recursiveUpdate result {
|
|
"${name}".ip4 = hosts4.${name};
|
|
}
|
|
) {} (builtins.attrNames hosts4)
|
|
) (
|
|
builtins.foldl' (result: ctx:
|
|
builtins.foldl' (result: name:
|
|
recursiveUpdate result {
|
|
"${name}".ip6 = hosts6.${ctx}.${name};
|
|
}
|
|
) result (builtins.attrNames hosts6.${ctx})
|
|
) {} (builtins.attrNames hosts6)
|
|
);
|
|
zwHostRegistry = {
|
|
hosts =
|
|
builtins.foldl' (result: net:
|
|
recursiveUpdate result (extractZwHosts zentralwerk.lib.config.site.net.${net})
|
|
) {} [ "core" "c3d2" "serv" ];
|
|
};
|
|
extraHostRegistry = import ./host-registry.nix;
|
|
hostRegistry = nixpkgs.lib.recursiveUpdate zwHostRegistry extraHostRegistry;
|
|
|
|
flakifiedHosts = nixpkgs.lib.filterAttrs (name: _: self.nixosConfigurations ? ${name}) hostRegistry.hosts;
|
|
|
|
getHostAddr = name:
|
|
let
|
|
hostConf = hostRegistry.hosts.${name};
|
|
in
|
|
if hostConf ? ip4
|
|
then hostConf.ip4
|
|
else if hostConf ? ip6
|
|
then hostConf.ip6
|
|
else null;
|
|
in {
|
|
overlay = import ./overlay;
|
|
|
|
legacyPackages = forAllSystems
|
|
(system: nixpkgs.legacyPackages.${system}.extend self.overlay);
|
|
|
|
packages = forAllSystems (system:
|
|
let
|
|
pkgs = self.legacyPackages.${system};
|
|
mkDeploy =
|
|
# Generate a small script for copying this flake to the
|
|
# remote machine and bulding and switching there.
|
|
# Can be run with nix run c3d2#deploy-…
|
|
{ name
|
|
, host ? "${name}.hq.c3d2.de"
|
|
# remote builders to pass
|
|
, builders ? null
|
|
}:
|
|
let target = "root@${host}";
|
|
rebuildArg =
|
|
"--flake ${self}#${name}" +
|
|
(if builders != null
|
|
then " --builders \"" +
|
|
builtins.concatStringsSep " " builders +
|
|
"\""
|
|
else "");
|
|
in pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
|
#!${pkgs.runtimeShell} -e
|
|
nix-copy-closure --to ${target} ${secrets}
|
|
nix-copy-closure --to ${target} ${self}
|
|
if [ "$1" = "--flakify" ]; then
|
|
shift
|
|
exec ssh -t ${target} "nix-shell -p nixFlakes -p git --command '_NIXOS_REBUILD_REEXEC=1 nixos-rebuild ${rebuildArg} '$@"
|
|
else
|
|
exec ssh -t ${target} nixos-rebuild ${rebuildArg} $@
|
|
fi
|
|
'';
|
|
mkWake = name:
|
|
pkgs.writeScriptBin "${name}-wake" ''
|
|
#!${pkgs.runtimeShell}
|
|
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts.${name}.ether}
|
|
'';
|
|
# TODO: check if the ethernet address is reachable and if not,
|
|
# execute wol on a machine in HQ.
|
|
in {
|
|
inherit (pkgs) bmxd;
|
|
|
|
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
|
|
#! ${pkgs.runtimeShell}
|
|
|
|
NORMAL="\033[0m"
|
|
RED="\033[0;31m"
|
|
YELLOW="\033[0;33m"
|
|
GREEN="\033[0;32m"
|
|
|
|
${pkgs.lib.concatMapStringsSep "\n" (name:
|
|
let
|
|
addr = getHostAddr name;
|
|
in nixpkgs.lib.optionalString (addr != null) ''
|
|
echo -n -e "${name}: $RED"
|
|
RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system")
|
|
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
|
|
CURRENT=$(nix eval --raw ".#nixosConfigurations.${name}.config.system.build.toplevel" 2>/dev/null)
|
|
RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev)
|
|
CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev)
|
|
|
|
if [ "$RUNNING" = "$CURRENT" ]; then
|
|
echo -e "$GREEN"current"$NORMAL $RUNNING_VER"
|
|
elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then
|
|
echo -e "$GREEN"modified"$NORMAL $RUNNING_VER"
|
|
else
|
|
echo -e "$YELLOW"outdated"$NORMAL $RUNNING_VER < $CURRENT_VER"
|
|
fi
|
|
fi
|
|
echo -n -e "$NORMAL"
|
|
'') (builtins.attrNames flakifiedHosts)}
|
|
'';
|
|
} //
|
|
|
|
builtins.foldl' (result: host: result // {
|
|
"${host}-wake" = mkWake host;
|
|
}) {} (builtins.attrNames (nixpkgs.lib.filterAttrs (_: { wol ? false, ... }: wol) hostRegistry.hosts)) //
|
|
|
|
builtins.foldl' (result: name: result // {
|
|
"${name}-nixos-rebuild" = mkDeploy ({
|
|
inherit name;
|
|
host = getHostAddr name;
|
|
} // nixpkgs.lib.optionalAttrs (hostRegistry.hosts.${name} ? builders) {
|
|
inherit (hostRegistry.hosts.${name}) builders;
|
|
});
|
|
}) {} (builtins.attrNames flakifiedHosts)
|
|
);
|
|
|
|
nixosConfigurations = let
|
|
nixosSystem' =
|
|
# Our custom NixOS builder
|
|
{ extraArgs ? {}, ... }@args:
|
|
nixpkgs.lib.nixosSystem (args // {
|
|
extraArgs = extraArgs // {
|
|
inherit hostRegistry;
|
|
};
|
|
extraModules = [
|
|
self.nixosModules.c3d2
|
|
({ pkgs, ... }: {
|
|
nix = {
|
|
package = pkgs.nixFlakes;
|
|
extraOptions = "experimental-features = nix-command flakes";
|
|
};
|
|
nixpkgs.overlays = [ self.overlay ];
|
|
})
|
|
];
|
|
});
|
|
in {
|
|
|
|
freifunk = nixosSystem' {
|
|
modules = [
|
|
./hosts/containers/freifunk
|
|
({ ... }: {
|
|
nixpkgs.overlays = with secrets.overlays; [
|
|
freifunk ospf
|
|
];
|
|
})
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
glotzbert = nixosSystem' {
|
|
modules = [
|
|
./hosts/glotzbert
|
|
nixos-hardware.nixosModules.common-cpu-intel
|
|
nixos-hardware.nixosModules.common-pc-ssd
|
|
secrets.nixosModules.admins
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
pulsebert = nixosSystem' {
|
|
modules = [ ./hosts/pulsebert ];
|
|
system = "aarch64-linux";
|
|
};
|
|
|
|
yggdrasil = nixosSystem' {
|
|
modules = [
|
|
./hosts/containers/yggdrasil
|
|
./lib/lxc-container.nix
|
|
./lib/users/emery.nix
|
|
({ ... }: {
|
|
nixpkgs.overlays = [ secrets.overlays.ospf ];
|
|
})
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
matemat = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/matemat
|
|
yammat.nixosModule
|
|
secrets.nixosModules.admins
|
|
({ ... }: {
|
|
nixpkgs.overlays = [ secrets.overlays.matemat ];
|
|
})
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
scrape = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/scrape
|
|
({ ... }: {
|
|
nixpkgs.overlays = [ secrets.overlays.scrape ];
|
|
})
|
|
];
|
|
extraArgs = { inherit scrapers; };
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
dn42 = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/dn42
|
|
({ ... }: {
|
|
nixpkgs.overlays = [ secrets.overlays.dn42 ];
|
|
})
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
grafana = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/grafana
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
hydra = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/hydra
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
mucbot = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
"${tigger}/module.nix"
|
|
{ nixpkgs.overlays = [ secrets.overlays.mucbot ]; }
|
|
./hosts/containers/mucbot
|
|
];
|
|
extraArgs = { inherit tigger; };
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
kibana = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/kibana
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
public-access-proxy = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
./hosts/containers/public-access-proxy
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
ticker = nixosSystem' {
|
|
modules = [
|
|
./lib/lxc-container.nix
|
|
"${ticker}/nixos-module.nix"
|
|
./hosts/containers/ticker
|
|
];
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
};
|
|
|
|
nixosModules.c3d2 = import ./lib;
|
|
};
|
|
}
|