privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

meta: multi-arch support

Browse source
This commit is contained in:
Max Headroom 2022-02-03 20:20:59 +01:00
parent cc157090a8
commit 8088e4db39
5 changed files with 48 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
flake.nix
View file

@ -26,59 +26,70 @@
}; };
outputs = { self, nixpkgs, home-manager, ... }@inputs: outputs = { self, nixpkgs, home-manager, ... }@inputs:
let let
inherit (nixpkgs) lib; systems = [ "x86_64-linux" "aarch64-linux" ];
system = "x86_64-linux";
pkgs = import nixpkgs { forSystems = nixpkgs.lib.genAttrs systems;
nixpkgsFor = system: import nixpkgs {
inherit system; inherit system;
}; };
deploy-rs-lib = inputs.deploy-rs.lib.${system}; inherit (nixpkgs) lib;
agenixModule = inputs.agenix.nixosModules.age;
aspect = import ./modules inputs; aspect = import ./modules inputs;
hosts = import ./hosts; hosts = import ./hosts;
nixosHosts' = lib.filterAttrs (_: host: host ? nixos) hosts;
nixosHosts = lib.attrNames nixosHosts';
meta = import ./tools/meta.nix;
specialArgs = { specialArgs = {
inherit inputs hosts aspect; inherit inputs hosts aspect;
toolsets = import ./tools; toolsets = import ./tools;
}; };
mkNixOS' = lib: name: lib.nixosSystem { mkNixOS' = lib: name: let host = hosts.${name}; in lib.nixosSystem {
inherit system;
inherit specialArgs; inherit specialArgs;
modules = [ hosts."${name}".nixos ./tools/inject.nix ]; system = "${host.arch}-linux";
modules = [ host.nixos ./tools/inject.nix ];
}; };
mkNixOS = mkNixOS' lib; mkNixOS = mkNixOS' lib;
in {
nixosModules = aspect.modules;
nixosConfigurations = lib.genAttrs [
"VEGAS"
] mkNixOS;
deploy.nodes = with deploy-rs-lib; { mkDeploy = name: let
VEGAS = { host = hosts.${name};
hostname = "vegas.backbone.privatevoid.net"; subdomain = host.enterprise.subdomain or "services";
profiles.system = { deploy-rs = inputs.deploy-rs.lib."${host.arch}-linux";
user = "root"; in {
sshUser = "deploy"; hostname = "${lib.toLower name}.${subdomain}.${meta.domain}";
path = activate.nixos self.nixosConfigurations.VEGAS; profiles.system = {
}; user = "root";
sshUser = "deploy";
path = deploy-rs.activate.nixos self.nixosConfigurations.${name};
}; };
}; };
packages.${system} = import ./packages { mkDeployments = hosts: overrides: lib.genAttrs hosts
inherit pkgs inputs; (host: mkDeploy host // (overrides.${host} or {}) );
};
apps.${system} = { in {
nixosModules = aspect.modules;
nixosConfigurations = lib.genAttrs nixosHosts mkNixOS;
deploy.nodes = mkDeployments nixosHosts {};
packages = forSystems (system: import ./packages {
inherit inputs;
pkgs = nixpkgsFor system;
});
apps = forSystems (system: {
dream2nix = inputs.dream2nix.defaultApp.${system}; dream2nix = inputs.dream2nix.defaultApp.${system};
}; });
defaultApp.${system} = {
type = "app";
program = self.packages.${system}.flake-installer.outPath;
};
hydraJobs = { hydraJobs = {
systems.${system} = lib.mapAttrs (_: x: x.config.system.build.toplevel) self.nixosConfigurations; systems = lib.mapAttrs (_: x: x.config.system.build.toplevel) self.nixosConfigurations;
packages = self.packages; packages = self.packages;
}; };
}; };

1
hosts/VEGAS/default.nix
View file

@ -25,5 +25,6 @@ tools: {
subdomain = "backbone"; subdomain = "backbone";
}; };
arch = "x86_64";
nixos = import ./system.nix; nixos = import ./system.nix;
} }

2
modules/enterprise/default.nix
View file

@ -16,7 +16,7 @@ in {
rdns = false; rdns = false;
forwardable = true; forwardable = true;
default_ccache_name = "KEYRING:persistent:%{uid}"; default_ccache_name = "KEYRING:persistent:%{uid}";
pkinit_anchors = "FILE:${inputs.self.packages.x86_64-linux.privatevoid-smart-card-ca-bundle}"; pkinit_anchors = "FILE:${inputs.self.packages.${pkgs.system}.privatevoid-smart-card-ca-bundle}";
}; };
realms = { realms = {
"${orgRealm}" = rec { "${orgRealm}" = rec {

71
modules/nix-config/default.nix
View file

@ -1,71 +0,0 @@
{ pkgs, config, inputs, ... }:
let
builder = {
systems = [ "x86_64-linux" "i686-linux" ];
speedFactor = 500;
supportedFeatures = [ "benchmark" "nixos-test" ];
sshKey = config.age.secrets.nixBuilderKey.path;
};
bigBuilder = builder // {
speedFactor = 1000;
supportedFeatures = builder.supportedFeatures ++ [ "kvm" "big-parallel" ];
};
in {
age.secrets.nixBuilderKey = {
file = ../../secrets/builder_key.age;
mode = "0400";
};
nixpkgs.overlays = [
(self: super: {
nixSuperUnstable = inputs.self.packages.x86_64-linux.nix-super-unstable;
})
];
nix = {
package = pkgs.nixSuperUnstable;
trustedUsers = [ "root" "@wheel" ];
extraOptions = ''
experimental-features = nix-command flakes ca-references
warn-dirty = false
builders-use-substitutes = true
flake-registry = ${
pkgs.writeText "null-registry.json" ''{"flakes":[],"version":2}''
}
'';
binaryCaches = [ "https://cache.privatevoid.net" ];
binaryCachePublicKeys = [ "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=" ];
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
distributedBuilds = true;
buildMachines = [
(bigBuilder // {
sshUser = "root";
hostName = "styx.services.private.void";
speedFactor = 2000;
maxJobs = 2;
})
(bigBuilder // {
sshUser = "nix";
hostName = "wired.titan.find.private.void";
maxJobs = 12;
})
(bigBuilder // {
sshUser = "nixbuilder";
hostName = "animus.com";
speedFactor = 3000;
maxJobs = 4;
})
];
};
}

6
packages/patched-inputs.nix
View file

@ -1,9 +1,9 @@
let tools = import ./lib/tools.nix; let tools = import ./lib/tools.nix;
in with tools; in with tools;
{ inputs, pkgs, ... }: rec { { inputs, pkgs, ... }: rec {
deploy-rs = inputs.deploy-rs.packages.x86_64-linux.deploy-rs; deploy-rs = inputs.deploy-rs.packages.${pkgs.system}.deploy-rs;
nix-super = inputs.nix-super.defaultPackage.x86_64-linux; nix-super = inputs.nix-super.defaultPackage.${pkgs.system};
agenix = inputs.agenix.packages.x86_64-linux.agenix.override { nix = nix-super; }; agenix = inputs.agenix.packages.${pkgs.system}.agenix.override { nix = nix-super; };
} }