diff --git a/README.md b/README.md index 3599610..9e8b4f3 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ # Nix Infra Config -Using [morph](https://github.com/DBCDK/morph) +Using [colmena](https://github.com/zhaofengli/colmena) ## Hosts - `bloodletting`: Main server ## Manual setup on blank system/migrations -- `./ops/home/push` - deploy config +- `colmena apply` - deploy config - `passwd` - set user passwords - rsync state: - `/var/lib`: @@ -15,6 +15,7 @@ Using [morph](https://github.com/DBCDK/morph) - `grafana` - `homepage` - `matterbridge` + - `mc-e2e` - `mstdn-ebooks` - `nyandroid` - `prometheus2` diff --git a/common/home_manager/common.nix b/common/home_manager/common.nix index 9022d55..d36a951 100644 --- a/common/home_manager/common.nix +++ b/common/home_manager/common.nix @@ -1,10 +1,5 @@ -{ pkgs, config, lib, ... }: -let - home-manager = builtins.fetchTarball - "https://github.com/nix-community/home-manager/archive/release-22.11.tar.gz"; -in { - imports = - [ (import "${home-manager}/nixos") ../../common/home_manager/helix.nix ]; +{ pkgs, config, lib, ... }: { + imports = [ ../../common/home_manager/helix.nix ]; home-manager.useGlobalPkgs = true; home-manager.users.agatha = { diff --git a/common/home_manager/helix.nix b/common/home_manager/helix.nix index 8c737e3..a707fe3 100644 --- a/common/home_manager/helix.nix +++ b/common/home_manager/helix.nix @@ -1,10 +1,4 @@ -{ pkgs, config, ... }: -let - unstable = import - (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { - inherit (config.nixpkgs) config; - }; -in { +{ pkgs, config, ... }: { home-manager.users.agatha = { # Formatters/Language Servers that Helix uses home.packages = with pkgs; [ nixfmt ]; @@ -12,7 +6,7 @@ in { programs = { helix = { enable = true; - package = unstable.helix; + package = pkgs.helix; languages = [{ name = "nix"; auto-format = true; diff --git a/common/users/default.nix b/common/users/default.nix index c323da4..5b0ce3d 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -14,6 +14,7 @@ julia = { isNormalUser = true; + extraGroups = [ "wheel" ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [ diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..fab0107 --- /dev/null +++ b/flake.lock @@ -0,0 +1,451 @@ +{ + "nodes": { + "crane": { + "flake": false, + "locked": { + "lastModified": 1670900067, + "narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=", + "owner": "ipetkov", + "repo": "crane", + "rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "dream2nix": { + "inputs": { + "alejandra": [ + "helix", + "nci" + ], + "all-cabal-json": [ + "helix", + "nci" + ], + "crane": "crane", + "devshell": [ + "helix", + "nci" + ], + "flake-parts": [ + "helix", + "nci", + "parts" + ], + "flake-utils-pre-commit": [ + "helix", + "nci" + ], + "ghc-utils": [ + "helix", + "nci" + ], + "gomod2nix": [ + "helix", + "nci" + ], + "mach-nix": [ + "helix", + "nci" + ], + "nix-pypi-fetcher": [ + "helix", + "nci" + ], + "nixpkgs": [ + "helix", + "nci", + "nixpkgs" + ], + "poetry2nix": [ + "helix", + "nci" + ], + "pre-commit-hooks": [ + "helix", + "nci" + ], + "pruned-racket-catalog": [ + "helix", + "nci" + ] + }, + "locked": { + "lastModified": 1677289985, + "narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "helix": { + "inputs": { + "nci": "nci", + "nixpkgs": "nixpkgs", + "parts": "parts_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1678157206, + "narHash": "sha256-LUOJ2KUK9oCV4aKxsAaJP9mskONxm9UIwpocI1/dpDA=", + "owner": "helix-editor", + "repo": "helix", + "rev": "136d1164e06c8ae6f23d611e8fcc2c3e53b9bd80", + "type": "github" + }, + "original": { + "owner": "helix-editor", + "repo": "helix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1678109311, + "narHash": "sha256-Q64FoCH5rp3XHoC8u1+KyjLEFGTY7kX9YaIaYfugvfY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "04d6cad67557512452decbfe888c68fa11338a96", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "lowdown-src": { + "flake": false, + "locked": { + "lastModified": 1633514407, + "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", + "owner": "kristapsdz", + "repo": "lowdown", + "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", + "type": "github" + }, + "original": { + "owner": "kristapsdz", + "repo": "lowdown", + "type": "github" + } + }, + "mk-naked-shell": { + "flake": false, + "locked": { + "lastModified": 1676572903, + "narHash": "sha256-oQoDHHUTxNVSURfkFcYLuAK+btjs30T4rbEUtCUyKy8=", + "owner": "yusdacra", + "repo": "mk-naked-shell", + "rev": "aeca9f8aa592f5e8f71f407d081cb26fd30c5a57", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "mk-naked-shell", + "type": "github" + } + }, + "mms": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_2", + "nix": "nix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1669478601, + "narHash": "sha256-IQcS8IPeXvSoIrQRPgtnLxAs0Pkh8wmglDAtqE4ivNo=", + "owner": "mkaito", + "repo": "nixos-modded-minecraft-servers", + "rev": "68f2066499c035fd81c9dacfea2f512d6b0b62e5", + "type": "github" + }, + "original": { + "owner": "mkaito", + "repo": "nixos-modded-minecraft-servers", + "type": "github" + } + }, + "nci": { + "inputs": { + "dream2nix": "dream2nix", + "mk-naked-shell": "mk-naked-shell", + "nixpkgs": [ + "helix", + "nixpkgs" + ], + "parts": "parts", + "rust-overlay": [ + "helix", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1677297103, + "narHash": "sha256-ArlJIbp9NGV9yvhZdV0SOUFfRlI/kHeKoCk30NbSiLc=", + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "rev": "a79272a2cb0942392bb3a5bf9a3ec6bc568795b2", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "type": "github" + } + }, + "nix": { + "inputs": { + "lowdown-src": "lowdown-src", + "nixpkgs": "nixpkgs_2", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1669449054, + "narHash": "sha256-aCpXrNpyFH6b1NFYGj2i/HecUvz2vZ88aEyDs1Xj8yM=", + "owner": "NixOS", + "repo": "nix", + "rev": "534332c8a03b64161ec795d1deb2ba3d48f27be1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1677932085, + "narHash": "sha256-+AB4dYllWig8iO6vAiGGYl0NEgmMgGHpy9gzWJ3322g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3c5319ad3aa51551182ac82ea17ab1c6b0f0df89", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1675183161, + "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1657693803, + "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "365e1b3a859281cf11b94f87231adeabbdd878a2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1678072060, + "narHash": "sha256-6a9Tbjhir5HxDx4uw0u6Z+LHUfYf7tsT9QxF9FN/32w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "47c003416297e4d59a5e3e7a8b15cdbdf5110560", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "parts": { + "inputs": { + "nixpkgs-lib": [ + "helix", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675933616, + "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1675933616, + "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "root": { + "inputs": { + "helix": "helix", + "home-manager": "home-manager", + "mms": "mms", + "nixpkgs": "nixpkgs_3" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "helix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677292251, + "narHash": "sha256-D+6q5Z2MQn3UFJtqsM5/AvVHi3NXKZTIMZt1JGq/spA=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "34cdbf6ad480ce13a6a526f57d8b9e609f3d65dc", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..346d6b1 --- /dev/null +++ b/flake.nix @@ -0,0 +1,58 @@ +{ + inputs = { + nixpkgs.url = "nixpkgs/nixos-22.11"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + mms = { + url = "github:mkaito/nixos-modded-minecraft-servers"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + helix.url = "github:helix-editor/helix"; + }; + outputs = { nixpkgs, home-manager, mms, helix, ... }: { + colmena = { + network = { + description = "Agatha's Nix Infra"; + + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ + (self: super: { helix = helix.packages.${self.system}.default; }) + ]; + }; + }; + + bloodletting = { + imports = [ + ./common + ./hosts/bloodletting/configuration.nix + (import "${home-manager}/nixos") + mms.module + ]; + + deployment = { + targetUser = "root"; + targetHost = "bloodletting"; + + tags = [ "prod" ]; + + keys = { + "nyandroid-token" = { + keyCommand = [ "cat" "./secrets/nyandroid-token" ]; + destDir = "/var/lib/secrets/"; + }; + "rfc2136-technogothic-net" = { + keyCommand = [ "cat" "./secrets/rfc2136-technogothic-net" ]; + destDir = "/var/lib/secrets/"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/bloodletting/configuration.nix b/hosts/bloodletting/configuration.nix index 9dbfd0c..275b184 100644 --- a/hosts/bloodletting/configuration.nix +++ b/hosts/bloodletting/configuration.nix @@ -7,6 +7,7 @@ ../../common/fragments/homepage.nix ../../common/fragments/mastodon-ebooks.nix ../../common/fragments/matterbridge.nix + ../../common/fragments/minecraft.nix ../../common/fragments/nyandroid.nix ../../common/fragments/prometheus_exporters.nix ../../common/fragments/vsftpd.nix diff --git a/ops/home/network.nix b/ops/home/network.nix deleted file mode 100644 index 4630282..0000000 --- a/ops/home/network.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - network = { description = "Agatha's Nix Infra"; }; - - "bloodletting" = { config, pkgs, lib, ... }: { - imports = [ ../../common ../../hosts/bloodletting/configuration.nix ]; - - deployment = { - targetUser = "root"; - targetHost = "bloodletting"; - - secrets = { - "nyandroid-token" = { - source = "../../secrets/nyandroid-token"; - destination = "/var/lib/secrets/nyandroid-token"; - }; - "rfc2136-technogothic-net" = { - source = "../../secrets/rfc2136-technogothic-net"; - destination = "/var/lib/secrets/rfc2136-technogothic-net"; - }; - }; - - healthChecks.cmd = let - testService = name: { - cmd = [ "systemctl" "is-active" "--quiet" name ]; - description = "Checking if ${name} is running"; - }; - in [ - (testService "bin") - (testService "fail2ban") - (testService "grafana") - (testService "matterbridge") - (testService "nginx") - (testService "prometheus") - ]; - }; - }; -} diff --git a/ops/home/push b/ops/home/push index 66a91e1..b9ce6a3 100755 --- a/ops/home/push +++ b/ops/home/push @@ -1,15 +1,5 @@ #!/usr/bin/env nix-shell -#! nix-shell -p morph -i bash +#! nix-shell -p colmena -i bash set -e - -pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null - -echo ――――――――――――――――――――――――― Building Config ――――――――――――――――――――――――― -morph build --keep-result $@ ./network.nix -echo ――――――――――――――――――――――――― Pushing Config ――――――――――――――――――――――――― -morph push $@ ./network.nix -echo ――――――――――――――――――――――――― Switching Systems ――――――――――――――――――――――――― -morph deploy --upload-secrets $@ ./network.nix switch - -popd > /dev/null \ No newline at end of file +colmena apply $@