depot/flake.nix

179 lines
5.1 KiB
Nix
Raw Normal View History

2021-06-05 23:59:06 +03:00
{
description = "Private Void system configurations";
2022-07-31 21:08:19 +03:00
nixConfig = {
allow-import-from-derivation = true;
extra-substituters = "https://cache.privatevoid.net";
extra-trusted-public-keys = "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=";
};
2021-06-05 23:59:06 +03:00
2022-07-31 15:26:18 +03:00
outputs = { self, nixpkgs, flake-parts, ... }@inputs:
2021-06-05 23:59:06 +03:00
let
2022-02-03 21:20:59 +02:00
systems = [ "x86_64-linux" "aarch64-linux" ];
forSystems = nixpkgs.lib.genAttrs systems;
2022-07-31 22:26:12 +03:00
nixpkgsFor = nixpkgs.legacyPackages;
2021-06-05 23:59:06 +03:00
2022-02-03 21:20:59 +02:00
inherit (nixpkgs) lib;
2021-06-05 23:59:06 +03:00
aspect = import ./modules inputs;
hosts = import ./hosts;
2022-02-03 21:20:59 +02:00
nixosHosts' = lib.filterAttrs (_: host: host ? nixos) hosts;
nixosHosts = lib.attrNames nixosHosts';
deployableNixosHosts' = lib.filterAttrs (_: host: host ? container -> !host.container) nixosHosts';
deployableNixosHosts = lib.attrNames deployableNixosHosts';
2022-02-03 21:20:59 +02:00
meta = import ./tools/meta.nix;
2021-10-16 18:00:47 +03:00
specialArgs = {
inherit inputs hosts aspect;
toolsets = import ./tools;
};
2022-02-03 21:20:59 +02:00
mkNixOS' = lib: name: let host = hosts.${name}; in lib.nixosSystem {
2021-06-05 23:59:06 +03:00
inherit specialArgs;
2022-02-03 21:20:59 +02:00
system = "${host.arch}-linux";
modules = [ host.nixos ./tools/inject.nix ];
2021-06-05 23:59:06 +03:00
};
mkNixOS = mkNixOS' lib;
2022-02-03 21:20:59 +02:00
2022-05-25 10:42:45 +03:00
mkDeployEffect = branch: name: host: let
2022-05-25 10:50:13 +03:00
subdomain = host.enterprise.subdomain or "services";
2022-05-25 10:42:45 +03:00
hostname = "${lib.toLower name}.${subdomain}.${meta.domain}";
2022-05-25 12:11:41 +03:00
in effects.runIf (branch == "master" || branch == "staging") (effects.runNixOS {
2022-05-25 10:42:45 +03:00
requiredSystemFeatures = [ "hci-deploy-agent-nixos" ];
inherit (self.nixosConfigurations.${name}) config;
2022-05-25 10:42:45 +03:00
secretsMap.ssh = "deploy-ssh";
userSetupScript = ''
writeSSHKey ssh
cat >>~/.ssh/known_hosts <<EOF
${hostname} ${host.ssh.id.publicKey}
EOF
'';
ssh.destination = "root@${hostname}";
});
mkDeployEffects = branch: hostnames: lib.genAttrs hostnames
(name: mkDeployEffect branch name hosts.${name});
2022-02-03 21:20:59 +02:00
mkDeploy = name: let
host = hosts.${name};
subdomain = host.enterprise.subdomain or "services";
deploy-rs = inputs.deploy-rs.lib."${host.arch}-linux";
in {
hostname = "${lib.toLower name}.${subdomain}.${meta.domain}";
profiles.system = {
user = "root";
sshUser = "deploy";
path = deploy-rs.activate.nixos self.nixosConfigurations.${name};
};
2021-06-05 23:59:06 +03:00
};
2022-02-03 21:20:59 +02:00
mkDeployments = hosts: overrides: lib.genAttrs hosts
(host: mkDeploy host // (overrides.${host} or {}) );
2021-06-05 23:59:06 +03:00
2022-07-31 22:26:12 +03:00
effects = inputs.hercules-ci-effects.lib.withPkgs (nixpkgsFor.x86_64-linux);
2022-07-31 16:09:40 +03:00
in flake-parts.lib.mkFlake { inherit self; } {
inherit systems;
flake = {
nixosModules = aspect.modules;
2022-02-03 21:20:59 +02:00
2022-07-31 16:09:40 +03:00
nixosConfigurations = lib.genAttrs nixosHosts mkNixOS;
2022-03-14 00:13:53 +02:00
2022-07-31 16:09:40 +03:00
deploy.nodes = mkDeployments deployableNixosHosts {};
2022-05-31 12:38:38 +03:00
2022-07-31 16:09:40 +03:00
effects = { branch, ... }: mkDeployEffects branch deployableNixosHosts;
};
imports = [
./packages/part.nix
];
2021-06-05 23:59:06 +03:00
};
2022-07-31 22:24:46 +03:00
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05-small";
nix-super = {
url = "gitlab:max/nix-super-fork?host=git.privatevoid.net";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs = {
url = "gitlab:max/deploy-rs?host=git.privatevoid.net";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "repin-flake-compat";
utils.follows = "repin-flake-utils";
};
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
nar-serve = {
url = "github:numtide/nar-serve/v0.5.0";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "repin-flake-utils";
};
};
dream2nix = {
url = "github:nix-community/dream2nix";
inputs = {
nixpkgs.follows = "nixpkgs";
#alejandra.inputs.flakeCompat.follows = "repin-flake-compat";
flake-utils-pre-commit.follows = "repin-flake-utils";
};
};
devshell = {
url = "github:numtide/devshell";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "repin-flake-utils";
};
};
mms = {
url = "github:mkaito/nixos-modded-minecraft-servers";
inputs = {
nixpkgs.follows = "nixpkgs";
nix.follows = "nix-super";
flake-compat.follows = "repin-flake-compat";
flake-utils.follows = "repin-flake-utils";
};
};
hercules-ci-agent = {
url = "github:hercules-ci/hercules-ci-agent";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
};
hercules-ci-effects = {
url = "github:hercules-ci/hercules-ci-effects";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs.follows = "nixpkgs";
};
repin-flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
repin-flake-utils.url = "github:numtide/flake-utils";
};
2021-06-05 23:59:06 +03:00
}