sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

flakes :3

This commit is contained in:
Agatha Lovelace 2023-03-07 20:24:57 +01:00
parent 5d2b8a7800
commit a02356a307
Signed by: sorceress
GPG Key ID: 01D0B3AB10CED4F8
9 changed files with 520 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -1,11 +1,11 @@
# Nix Infra Config
Using [morph](https://github.com/DBCDK/morph)
Using [colmena](https://github.com/zhaofengli/colmena)
## Hosts
- `bloodletting`: Main server
## Manual setup on blank system/migrations
- `./ops/home/push` - deploy config
- `colmena apply` - deploy config
- `passwd` - set user passwords
- rsync state:
- `/var/lib`:
@ -15,6 +15,7 @@ Using [morph](https://github.com/DBCDK/morph)
- `grafana`
- `homepage`
- `matterbridge`
- `mc-e2e`
- `mstdn-ebooks`
- `nyandroid`
- `prometheus2`

9
common/home_manager/common.nix
View File

@ -1,10 +1,5 @@
{ pkgs, config, lib, ... }:
let
home-manager = builtins.fetchTarball
"https://github.com/nix-community/home-manager/archive/release-22.11.tar.gz";
in {
imports =
[ (import "${home-manager}/nixos") ../../common/home_manager/helix.nix ];
{ pkgs, config, lib, ... }: {
imports = [ ../../common/home_manager/helix.nix ];
home-manager.useGlobalPkgs = true;
home-manager.users.agatha = {

10
common/home_manager/helix.nix
View File

@ -1,10 +1,4 @@
{ pkgs, config, ... }:
let
unstable = import
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
inherit (config.nixpkgs) config;
};
in {
{ pkgs, config, ... }: {
home-manager.users.agatha = {
# Formatters/Language Servers that Helix uses
home.packages = with pkgs; [ nixfmt ];
@ -12,7 +6,7 @@ in {
programs = {
helix = {
enable = true;
package = unstable.helix;
package = pkgs.helix;
languages = [{
name = "nix";
auto-format = true;

1
common/users/default.nix
View File

@ -14,6 +14,7 @@
julia = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [

451
flake.lock Normal file
View File

@ -0,0 +1,451 @@
{
"nodes": {
"crane": {
"flake": false,
"locked": {
"lastModified": 1670900067,
"narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"dream2nix": {
"inputs": {
"alejandra": [
"helix",
"nci"
],
"all-cabal-json": [
"helix",
"nci"
],
"crane": "crane",
"devshell": [
"helix",
"nci"
],
"flake-parts": [
"helix",
"nci",
"parts"
],
"flake-utils-pre-commit": [
"helix",
"nci"
],
"ghc-utils": [
"helix",
"nci"
],
"gomod2nix": [
"helix",
"nci"
],
"mach-nix": [
"helix",
"nci"
],
"nix-pypi-fetcher": [
"helix",
"nci"
],
"nixpkgs": [
"helix",
"nci",
"nixpkgs"
],
"poetry2nix": [
"helix",
"nci"
],
"pre-commit-hooks": [
"helix",
"nci"
],
"pruned-racket-catalog": [
"helix",
"nci"
]
},
"locked": {
"lastModified": 1677289985,
"narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"helix": {
"inputs": {
"nci": "nci",
"nixpkgs": "nixpkgs",
"parts": "parts_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1678157206,
"narHash": "sha256-LUOJ2KUK9oCV4aKxsAaJP9mskONxm9UIwpocI1/dpDA=",
"owner": "helix-editor",
"repo": "helix",
"rev": "136d1164e06c8ae6f23d611e8fcc2c3e53b9bd80",
"type": "github"
},
"original": {
"owner": "helix-editor",
"repo": "helix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1678109311,
"narHash": "sha256-Q64FoCH5rp3XHoC8u1+KyjLEFGTY7kX9YaIaYfugvfY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "04d6cad67557512452decbfe888c68fa11338a96",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"mk-naked-shell": {
"flake": false,
"locked": {
"lastModified": 1676572903,
"narHash": "sha256-oQoDHHUTxNVSURfkFcYLuAK+btjs30T4rbEUtCUyKy8=",
"owner": "yusdacra",
"repo": "mk-naked-shell",
"rev": "aeca9f8aa592f5e8f71f407d081cb26fd30c5a57",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "mk-naked-shell",
"type": "github"
}
},
"mms": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nix": "nix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1669478601,
"narHash": "sha256-IQcS8IPeXvSoIrQRPgtnLxAs0Pkh8wmglDAtqE4ivNo=",
"owner": "mkaito",
"repo": "nixos-modded-minecraft-servers",
"rev": "68f2066499c035fd81c9dacfea2f512d6b0b62e5",
"type": "github"
},
"original": {
"owner": "mkaito",
"repo": "nixos-modded-minecraft-servers",
"type": "github"
}
},
"nci": {
"inputs": {
"dream2nix": "dream2nix",
"mk-naked-shell": "mk-naked-shell",
"nixpkgs": [
"helix",
"nixpkgs"
],
"parts": "parts",
"rust-overlay": [
"helix",
"rust-overlay"
]
},
"locked": {
"lastModified": 1677297103,
"narHash": "sha256-ArlJIbp9NGV9yvhZdV0SOUFfRlI/kHeKoCk30NbSiLc=",
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"rev": "a79272a2cb0942392bb3a5bf9a3ec6bc568795b2",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_2",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1669449054,
"narHash": "sha256-aCpXrNpyFH6b1NFYGj2i/HecUvz2vZ88aEyDs1Xj8yM=",
"owner": "NixOS",
"repo": "nix",
"rev": "534332c8a03b64161ec795d1deb2ba3d48f27be1",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1677932085,
"narHash": "sha256-+AB4dYllWig8iO6vAiGGYl0NEgmMgGHpy9gzWJ3322g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3c5319ad3aa51551182ac82ea17ab1c6b0f0df89",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1675183161,
"narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1657693803,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "365e1b3a859281cf11b94f87231adeabbdd878a2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1678072060,
"narHash": "sha256-6a9Tbjhir5HxDx4uw0u6Z+LHUfYf7tsT9QxF9FN/32w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "47c003416297e4d59a5e3e7a8b15cdbdf5110560",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"parts": {
"inputs": {
"nixpkgs-lib": [
"helix",
"nci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"root": {
"inputs": {
"helix": "helix",
"home-manager": "home-manager",
"mms": "mms",
"nixpkgs": "nixpkgs_3"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1677292251,
"narHash": "sha256-D+6q5Z2MQn3UFJtqsM5/AvVHi3NXKZTIMZt1JGq/spA=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "34cdbf6ad480ce13a6a526f57d8b9e609f3d65dc",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

58
flake.nix Normal file
View File

@ -0,0 +1,58 @@
{
inputs = {
nixpkgs.url = "nixpkgs/nixos-22.11";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
mms = {
url = "github:mkaito/nixos-modded-minecraft-servers";
inputs.nixpkgs.follows = "nixpkgs";
};
helix.url = "github:helix-editor/helix";
};
outputs = { nixpkgs, home-manager, mms, helix, ... }: {
colmena = {
network = {
description = "Agatha's Nix Infra";
nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
(self: super: { helix = helix.packages.${self.system}.default; })
];
};
};
bloodletting = {
imports = [
./common
./hosts/bloodletting/configuration.nix
(import "${home-manager}/nixos")
mms.module
];
deployment = {
targetUser = "root";
targetHost = "bloodletting";
tags = [ "prod" ];
keys = {
"nyandroid-token" = {
keyCommand = [ "cat" "./secrets/nyandroid-token" ];
destDir = "/var/lib/secrets/";
};
"rfc2136-technogothic-net" = {
keyCommand = [ "cat" "./secrets/rfc2136-technogothic-net" ];
destDir = "/var/lib/secrets/";
};
};
};
};
};
};
}

1
hosts/bloodletting/configuration.nix
View File

@ -7,6 +7,7 @@
../../common/fragments/homepage.nix
../../common/fragments/mastodon-ebooks.nix
../../common/fragments/matterbridge.nix
../../common/fragments/minecraft.nix
../../common/fragments/nyandroid.nix
../../common/fragments/prometheus_exporters.nix
../../common/fragments/vsftpd.nix

37
ops/home/network.nix
View File

@ -1,37 +0,0 @@
{
network = { description = "Agatha's Nix Infra"; };
"bloodletting" = { config, pkgs, lib, ... }: {
imports = [ ../../common ../../hosts/bloodletting/configuration.nix ];
deployment = {
targetUser = "root";
targetHost = "bloodletting";
secrets = {
"nyandroid-token" = {
source = "../../secrets/nyandroid-token";
destination = "/var/lib/secrets/nyandroid-token";
};
"rfc2136-technogothic-net" = {
source = "../../secrets/rfc2136-technogothic-net";
destination = "/var/lib/secrets/rfc2136-technogothic-net";
};
};
healthChecks.cmd = let
testService = name: {
cmd = [ "systemctl" "is-active" "--quiet" name ];
description = "Checking if ${name} is running";
};
in [
(testService "bin")
(testService "fail2ban")
(testService "grafana")
(testService "matterbridge")
(testService "nginx")
(testService "prometheus")
];
};
};
}

14
ops/home/push
View File

@ -1,15 +1,5 @@
#!/usr/bin/env nix-shell
#! nix-shell -p morph -i bash
#! nix-shell -p colmena -i bash
set -e
pushd $(dirname ${BASH_SOURCE[0]}) > /dev/null
echo ――――――――――――――――――――――――― Building Config ―――――――――――――――――――――――――
morph build --keep-result $@ ./network.nix
echo ――――――――――――――――――――――――― Pushing Config ―――――――――――――――――――――――――
morph push $@ ./network.nix
echo ――――――――――――――――――――――――― Switching Systems ―――――――――――――――――――――――――
morph deploy --upload-secrets $@ ./network.nix switch
popd > /dev/null
colmena apply $@