Move all flakes into modules/ and sep't, create deploy script for a1d2
Change-Id: Ie4d50fb8f16da193195beb139922a366b72b0b0a
diff --git a/flake.nix b/flake.nix
index a9ca630..51c638a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,7 @@
{
description = "A flake to deploy and configure Clicks' NixOS server";
+ # input URLs
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
inputs.nixpkgs-clicksforms.url = "github:nixos/nixpkgs/nixos-22.05";
inputs.flake-utils.url = "github:numtide/flake-utils";
@@ -9,6 +10,12 @@
inputs.sops-nix.url = "github:Mic92/sops-nix";
inputs.scalpel.url = "github:polygon/scalpel";
+ inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin";
+ inputs.nixpkgs-mongodb.url = "github:nixos/nixpkgs?rev=8dfad603247387df1df4826b8bea58efc5d012d8";
+
+ inputs.helpers.url = "git+https://git.clicks.codes/Clicks/NixHelpers?ref=refs/changes/88/188/3";
+
+ # follow settings
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
@@ -16,12 +23,8 @@
inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
- inputs.nixpkgs-privatebin.url = "github:e1mo/nixpkgs/privatebin";
-
- inputs.helpers.url = "git+https://git.clicks.codes/Clicks/NixHelpers";
-
outputs = { self, nixpkgs, deploy-rs, home-manager, sops-nix, scalpel
- , nixpkgs-privatebin, helpers, ... }@inputs:
+ , nixpkgs-privatebin, ... }@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
@@ -34,55 +37,36 @@
})
];
};
+ helpers = inputs.helpers.helpers { inherit pkgs nixpkgs; };
+ drive_paths = import ./variables/drive_paths.nix;
+
+ a1d1 = import ./modules/a1d1 { inherit self pkgs system inputs drive_paths; };
+ a1d2 = import ./modules/a1d2 { inherit self pkgs system inputs; drive_paths = null; };
in rec {
nixosConfigurations.clicks = let
base = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
- ./default/configuration.nix
- ./default/hardware-configuration.nix
- ./modules/cache.nix
- ./modules/clamav.nix
- ./modules/cloudflare-ddns.nix
- ./modules/dmarc.nix
- ./modules/dnsmasq.nix
- ./modules/doas.nix
- ./modules/docker.nix
- ./modules/drivePaths.nix
- ./modules/ecryptfs.nix
- ./modules/fail2ban.nix
- ./modules/gerrit.nix
- ./modules/git.nix
- ./modules/grafana.nix
- ./modules/home-manager-users.nix
- ./modules/keycloak.nix
- ./modules/kitty.nix
- ./modules/loginctl-linger.nix
- ./modules/matrix.nix
- ./modules/mongodb.nix
- ./modules/networking.nix
- ./modules/nextcloud.nix
- ./modules/nginx-routes.nix
- ./modules/nginx.nix
- ./modules/node.nix
- ./modules/postgres.nix
- ./modules/privatebin.nix
- ./modules/samba.nix
- ./modules/scalpel.nix
- ./modules/ssh.nix
- ./modules/static-ip.nix
- ./modules/syncthing.nix
- ./modules/tesseract.nix
- ./modules/vaultwarden.nix
+ {
+ system.stateVersion = "22.11";
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.settings.trusted-users = [ "minion" ];
+ time.timeZone = "Etc/UTC";
+ users.mutableUsers = false;
+
+ fileSystems."/" = {};
+ }
+ ]
+ ++ (helpers.nixFilesIn ./modules/common)
+ ++ [
sops-nix.nixosModules.sops
"${nixpkgs-privatebin}/nixos/modules/services/web-apps/privatebin.nix"
- { users.mutableUsers = false; }
];
- specialArgs = {
+ specialArgs = inputs // {
base = null;
- drive_paths = import ./variables/drive_paths.nix;
inherit system;
- helpers = helpers.helpers { inherit pkgs; };
+ inherit helpers;
+ drive_paths = null;
};
};
in base.extendModules {
@@ -95,82 +79,11 @@
modules = [{ services.mongodb.enable = nixpkgs.lib.mkForce false; }];
};
- deploy.nodes.clicks = {
- sudo = "doas -u";
- profiles = {
- system = {
- remoteBuild = true;
- user = "root";
- path = deploy-rs.lib.x86_64-linux.activate.nixos
- self.nixosConfigurations.clicks-without-mongodb;
- };
- } // (let
- mkServiceConfig = service: {
- remoteBuild = true;
- user = service;
+ nixosConfigurations.a1d1 = a1d1.config;
+ nixosConfigurations.a1d2 = a1d2.config;
- profilePath =
- "/nix/var/nix/profiles/per-user/${service}/home-manager";
- path = deploy-rs.lib.x86_64-linux.activate.home-manager
- (home-manager.lib.homeManagerConfiguration {
- inherit pkgs;
- modules = [
- {
- home.homeDirectory = "/services/${service}";
- home.username = service;
- home.stateVersion = "22.11";
- programs.home-manager.enable = true;
- }
- "${./services}/${service}"
- ];
- extraSpecialArgs = {
- inherit (inputs) nixpkgs-clicksforms;
- inherit system;
- };
- });
- };
- in nixpkgs.lib.pipe ./services [
- builtins.readDir
- (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
- builtins.attrNames
- (map (name: {
- inherit name;
- value = mkServiceConfig name;
- }))
- builtins.listToAttrs
- ]) // (let
- mkBlankConfig = username: {
- remoteBuild = true;
- user = username;
-
- profilePath =
- "/nix/var/nix/profiles/per-user/${username}/home-manager";
- path = deploy-rs.lib.x86_64-linux.activate.home-manager
- (home-manager.lib.homeManagerConfiguration {
- inherit pkgs;
- modules = [
- {
- home.username = username;
- home.stateVersion = "22.11";
- programs.home-manager.enable = true;
- }
- "${./homes}/${username}"
- ];
- });
- };
- in nixpkgs.lib.pipe ./homes [
- builtins.readDir
- (nixpkgs.lib.filterAttrs (_name: value: value == "directory"))
- builtins.attrNames
- (map (name: {
- inherit name;
- value = mkBlankConfig name;
- }))
- builtins.listToAttrs
- ]);
- hostname = "clicks";
- profilesOrder = [ "system" ];
- };
+ deploy.nodes.a1d1 = a1d1.deploy;
+ deploy.nodes.a1d2 = a1d2.deploy;
devShells.x86_64-linux.default =
pkgs.mkShell { packages = [ pkgs.deploy-rs ]; };