privatevoid.net/depot
1
1
Fork 0
Code Issues 18 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

meta: multi-arch support

Browse source
This commit is contained in:
Max Headroom 2022-02-03 20:20:59 +01:00
parent cc157090a8
commit 8088e4db39
5 changed files with 48 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
flake.nix
View file

@ -26,59 +26,70 @@
};
outputs = { self, nixpkgs, home-manager, ... }@inputs:
let
inherit (nixpkgs) lib;
system = "x86_64-linux";
pkgs = import nixpkgs {
systems = [ "x86_64-linux" "aarch64-linux" ];
forSystems = nixpkgs.lib.genAttrs systems;
nixpkgsFor = system: import nixpkgs {
inherit system;
};
deploy-rs-lib = inputs.deploy-rs.lib.${system};
agenixModule = inputs.agenix.nixosModules.age;
inherit (nixpkgs) lib;
aspect = import ./modules inputs;
hosts = import ./hosts;
nixosHosts' = lib.filterAttrs (_: host: host ? nixos) hosts;
nixosHosts = lib.attrNames nixosHosts';
meta = import ./tools/meta.nix;
specialArgs = {
inherit inputs hosts aspect;
toolsets = import ./tools;
};
mkNixOS' = lib: name: lib.nixosSystem {
inherit system;
mkNixOS' = lib: name: let host = hosts.${name}; in lib.nixosSystem {
inherit specialArgs;
modules = [ hosts."${name}".nixos ./tools/inject.nix ];
system = "${host.arch}-linux";
modules = [ host.nixos ./tools/inject.nix ];
};
mkNixOS = mkNixOS' lib;
in {
nixosModules = aspect.modules;
nixosConfigurations = lib.genAttrs [
"VEGAS"
] mkNixOS;
deploy.nodes = with deploy-rs-lib; {
VEGAS = {
hostname = "vegas.backbone.privatevoid.net";
profiles.system = {
user = "root";
sshUser = "deploy";
path = activate.nixos self.nixosConfigurations.VEGAS;
};
mkDeploy = name: let
host = hosts.${name};
subdomain = host.enterprise.subdomain or "services";
deploy-rs = inputs.deploy-rs.lib."${host.arch}-linux";
in {
hostname = "${lib.toLower name}.${subdomain}.${meta.domain}";
profiles.system = {
user = "root";
sshUser = "deploy";
path = deploy-rs.activate.nixos self.nixosConfigurations.${name};
};
};
packages.${system} = import ./packages {
inherit pkgs inputs;
};
mkDeployments = hosts: overrides: lib.genAttrs hosts
(host: mkDeploy host // (overrides.${host} or {}) );
apps.${system} = {
in {
nixosModules = aspect.modules;
nixosConfigurations = lib.genAttrs nixosHosts mkNixOS;
deploy.nodes = mkDeployments nixosHosts {};
packages = forSystems (system: import ./packages {
inherit inputs;
pkgs = nixpkgsFor system;
});
apps = forSystems (system: {
dream2nix = inputs.dream2nix.defaultApp.${system};
};
defaultApp.${system} = {
type = "app";
program = self.packages.${system}.flake-installer.outPath;
};
});
hydraJobs = {
systems.${system} = lib.mapAttrs (_: x: x.config.system.build.toplevel) self.nixosConfigurations;
systems = lib.mapAttrs (_: x: x.config.system.build.toplevel) self.nixosConfigurations;
packages = self.packages;
};
};

1
hosts/VEGAS/default.nix
View file

@ -25,5 +25,6 @@ tools: {
subdomain = "backbone";
};
arch = "x86_64";
nixos = import ./system.nix;
}

2
modules/enterprise/default.nix
View file

@ -16,7 +16,7 @@ in {
rdns = false;
forwardable = true;
default_ccache_name = "KEYRING:persistent:%{uid}";
pkinit_anchors = "FILE:${inputs.self.packages.x86_64-linux.privatevoid-smart-card-ca-bundle}";
pkinit_anchors = "FILE:${inputs.self.packages.${pkgs.system}.privatevoid-smart-card-ca-bundle}";
};
realms = {
"${orgRealm}" = rec {

71
modules/nix-config/default.nix
View file

@ -1,71 +0,0 @@
{ pkgs, config, inputs, ... }:
let
builder = {
systems = [ "x86_64-linux" "i686-linux" ];
speedFactor = 500;
supportedFeatures = [ "benchmark" "nixos-test" ];
sshKey = config.age.secrets.nixBuilderKey.path;
};
bigBuilder = builder // {
speedFactor = 1000;
supportedFeatures = builder.supportedFeatures ++ [ "kvm" "big-parallel" ];
};
in {
age.secrets.nixBuilderKey = {
file = ../../secrets/builder_key.age;
mode = "0400";
};
nixpkgs.overlays = [
(self: super: {
nixSuperUnstable = inputs.self.packages.x86_64-linux.nix-super-unstable;
})
];
nix = {
package = pkgs.nixSuperUnstable;
trustedUsers = [ "root" "@wheel" ];
extraOptions = ''
experimental-features = nix-command flakes ca-references
warn-dirty = false
builders-use-substitutes = true
flake-registry = ${
pkgs.writeText "null-registry.json" ''{"flakes":[],"version":2}''
}
'';
binaryCaches = [ "https://cache.privatevoid.net" ];
binaryCachePublicKeys = [ "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=" ];
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
distributedBuilds = true;
buildMachines = [
(bigBuilder // {
sshUser = "root";
hostName = "styx.services.private.void";
speedFactor = 2000;
maxJobs = 2;
})
(bigBuilder // {
sshUser = "nix";
hostName = "wired.titan.find.private.void";
maxJobs = 12;
})
(bigBuilder // {
sshUser = "nixbuilder";
hostName = "animus.com";
speedFactor = 3000;
maxJobs = 4;
})
];
};
}

6
packages/patched-inputs.nix
View file

@ -1,9 +1,9 @@
let tools = import ./lib/tools.nix;
in with tools;
{ inputs, pkgs, ... }: rec {
deploy-rs = inputs.deploy-rs.packages.x86_64-linux.deploy-rs;
deploy-rs = inputs.deploy-rs.packages.${pkgs.system}.deploy-rs;
nix-super = inputs.nix-super.defaultPackage.x86_64-linux;
nix-super = inputs.nix-super.defaultPackage.${pkgs.system};
agenix = inputs.agenix.packages.x86_64-linux.agenix.override { nix = nix-super; };
agenix = inputs.agenix.packages.${pkgs.system}.agenix.override { nix = nix-super; };
}