refac: restructure nixos
This commit is contained in:
parent
984902dbf2
commit
36d066f355
39 changed files with 56 additions and 46 deletions
15
flake.nix
15
flake.nix
|
@ -84,6 +84,14 @@
|
|||
'')
|
||||
vpsMachines);
|
||||
|
||||
rollback = lib.recurseIntoAttrs (lib.mapAttrs
|
||||
(hostname: machine: pkgs.writeShellScript "rollback-${hostname}" ''
|
||||
${nixos-rebuild}/bin/nixos-rebuild test \
|
||||
--rollback \
|
||||
--flake .#${hostname}
|
||||
'')
|
||||
self.nixosConfigurations);
|
||||
|
||||
switch = lib.recurseIntoAttrs (lib.mapAttrs
|
||||
(hostname: machine: pkgs.writeShellScript "switch-${hostname}" ''
|
||||
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
|
||||
|
@ -95,6 +103,7 @@
|
|||
${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} $@
|
||||
'')
|
||||
localMachines);
|
||||
|
||||
});
|
||||
|
||||
devShells = {
|
||||
|
@ -137,7 +146,6 @@
|
|||
agenix.nixosModules.default
|
||||
home-manager.nixosModule
|
||||
])
|
||||
++ [ ./machines/${hostname} ]
|
||||
++ extraModules
|
||||
++ [
|
||||
# deployment settings
|
||||
|
@ -156,8 +164,9 @@
|
|||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
})
|
||||
];
|
||||
]
|
||||
++ [ ./nixos/hosts/${hostname} ];
|
||||
})
|
||||
(import ./machines inputs);
|
||||
(import ./nixos/hosts inputs);
|
||||
};
|
||||
}
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -4,15 +4,13 @@
|
|||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../modules/common.nix
|
||||
../modules/sound.nix
|
||||
../modules/window-manager.nix
|
||||
../modules/fonts.nix
|
||||
../modules/gnupg.nix
|
||||
../modules/nix.nix
|
||||
../modules/garbage-collector.nix
|
||||
../modules/networking.secret.nix
|
||||
../modules/wireguard-client.nix
|
||||
../../shared/common.nix
|
||||
../../shared/sound.nix
|
||||
../../shared/window-manager.nix
|
||||
../../shared/fonts.nix
|
||||
../../shared/gnupg.nix
|
||||
../../shared/garbage-collector.nix
|
||||
../../shared/networking.secret.nix
|
||||
];
|
||||
|
||||
# Use latest kernel
|
||||
|
@ -72,7 +70,7 @@
|
|||
|
||||
# Wireguard client
|
||||
age.secrets.wireguard-asus-gl553vd-private = {
|
||||
file = ../../secrets/wireguard-asus-gl553vd-private.age;
|
||||
file = ../../../../secrets/wireguard-asus-gl553vd-private.age;
|
||||
mode = "0400";
|
||||
};
|
||||
local.wireguard = {
|
|
@ -1,16 +1,17 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
data = import ../../data.nix;
|
||||
data = import ../../../data.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./networking.secret.nix # generated at runtime by nixos-infect
|
||||
|
||||
../modules/common.nix
|
||||
../modules/fail2ban.nix
|
||||
../modules/docker-swarm.nix
|
||||
../../shared/common.nix
|
||||
../../shared/fail2ban.nix
|
||||
../../shared/garbage-collector.nix
|
||||
../../shared/docker-swarm.nix
|
||||
|
||||
./services/wireguard.nix
|
||||
];
|
|
@ -58,7 +58,7 @@ in
|
|||
};
|
||||
|
||||
age.secrets.wireguard-canigou-private = {
|
||||
file = ../../../secrets/wireguard-canigou-private.age;
|
||||
file = ../../../../secrets/wireguard-canigou-private.age;
|
||||
mode = "0400";
|
||||
};
|
||||
}
|
|
@ -9,8 +9,10 @@ in
|
|||
|
||||
extraModules = [
|
||||
hardware.common-gpu-amd
|
||||
../users/jan
|
||||
../users/nas
|
||||
../modules/nix.nix
|
||||
../modules/wireguard-client.nix
|
||||
../../users/jan
|
||||
../../users/nas
|
||||
];
|
||||
|
||||
extraHomeModule = { ... }: {
|
||||
|
@ -24,8 +26,10 @@ in
|
|||
|
||||
extraModules = [
|
||||
hardware.common-cpu-intel
|
||||
../users/jan
|
||||
../users/nas
|
||||
../modules/nix.nix
|
||||
../modules/wireguard-client.nix
|
||||
../../users/jan
|
||||
../../users/nas
|
||||
];
|
||||
|
||||
extraHomeModule = { ... }: {
|
||||
|
@ -41,7 +45,7 @@ in
|
|||
|
||||
extraModules = [
|
||||
inputs.mailserver.nixosModule
|
||||
./modules/docker-stack.nix
|
||||
../modules/docker-stack.nix
|
||||
];
|
||||
};
|
||||
|
|
@ -4,15 +4,13 @@
|
|||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../modules/common.nix
|
||||
../modules/sound.nix
|
||||
../modules/window-manager.nix
|
||||
../modules/fonts.nix
|
||||
../modules/gnupg.nix
|
||||
../modules/nix.nix
|
||||
../modules/garbage-collector.nix
|
||||
../modules/networking.secret.nix
|
||||
../modules/wireguard-client.nix
|
||||
../../shared/common.nix
|
||||
../../shared/sound.nix
|
||||
../../shared/window-manager.nix
|
||||
../../shared/fonts.nix
|
||||
../../shared/gnupg.nix
|
||||
../../shared/garbage-collector.nix
|
||||
../../shared/networking.secret.nix
|
||||
];
|
||||
|
||||
# Configure kernel
|
||||
|
@ -96,7 +94,7 @@
|
|||
|
||||
# Wireguard client
|
||||
age.secrets.wireguard-home-private = {
|
||||
file = ../../secrets/wireguard-home-private.age;
|
||||
file = ../../../secrets/wireguard-home-private.age;
|
||||
mode = "0400";
|
||||
};
|
||||
local.wireguard = {
|
|
@ -1,17 +1,17 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
data = import ../../data.nix;
|
||||
data = import ../../../data.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./networking.secret.nix # generated at runtime by nixos-infect
|
||||
|
||||
../modules/common.nix
|
||||
../modules/fail2ban.nix
|
||||
../modules/garbage-collector.nix
|
||||
../modules/docker-swarm.nix
|
||||
../../shared/common.nix
|
||||
../../shared/fail2ban.nix
|
||||
../../shared/garbage-collector.nix
|
||||
../../shared/docker-swarm.nix
|
||||
|
||||
./services/mailserver.nix
|
||||
./services/gitea.nix
|
|
@ -122,7 +122,7 @@ in
|
|||
};
|
||||
|
||||
age.secrets.gitea-smtp-passfile = {
|
||||
file = ../../../secrets/gitea-smtp-passfile.age;
|
||||
file = ../../../../secrets/gitea-smtp-passfile.age;
|
||||
owner = giteaCfg.user;
|
||||
group = "gitea";
|
||||
};
|
BIN
nixos/hosts/magenta/services/mailserver-accounts.secret.nix
Normal file
BIN
nixos/hosts/magenta/services/mailserver-accounts.secret.nix
Normal file
Binary file not shown.
|
@ -54,7 +54,7 @@ in
|
|||
systemd.tmpfiles.rules = [ "d '${dataDir}' 0700 ${user} ${group} - -" ];
|
||||
|
||||
age.secrets.traefik-dashboard-basicauth-users = {
|
||||
file = ../../../secrets/traefik-dashboard-basicauth-users.age;
|
||||
file = ../../../../secrets/traefik-dashboard-basicauth-users.age;
|
||||
owner = user;
|
||||
inherit group;
|
||||
};
|
|
@ -1,7 +1,7 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
let
|
||||
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
|
||||
nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
|
||||
|
||||
canigouData = import ../../data.secret.nix;
|
||||
|
|
@ -18,10 +18,10 @@ in
|
|||
};
|
||||
users.groups.docker.members = [ userAgent userServer ];
|
||||
|
||||
age.secrets.woodpecker-common-env.file = ../../../../secrets/woodpecker-common-env.age;
|
||||
age.secrets.woodpecker-server-env.file = ../../../../secrets/woodpecker-server-env.age;
|
||||
age.secrets.woodpecker-common-env.file = ../../../../../secrets/woodpecker-common-env.age;
|
||||
age.secrets.woodpecker-server-env.file = ../../../../../secrets/woodpecker-server-env.age;
|
||||
age.secrets.woodpecker-docker-config = {
|
||||
file = ../../../../secrets/docker-config.json.age;
|
||||
file = ../../../../../secrets/docker-config.json.age;
|
||||
mode = "440";
|
||||
inherit group;
|
||||
};
|
|
@ -2,7 +2,7 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
let
|
||||
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
|
||||
nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
|
||||
|
||||
data = import ./data.secret.nix;
|
||||
inherit (data) hostname port grpcPort userServer group database;
|
|
@ -5,7 +5,7 @@ let
|
|||
|
||||
port = 51820;
|
||||
|
||||
serverAddr = (import ../canigou/data.secret.nix).addr;
|
||||
serverAddr = (import ../hosts/canigou/data.secret.nix).addr;
|
||||
|
||||
# Run `ip route` to show gateway
|
||||
defaultGateway = "192.168.0.1";
|
BIN
nixos/shared/networking.secret.nix
Normal file
BIN
nixos/shared/networking.secret.nix
Normal file
Binary file not shown.
Loading…
Reference in a new issue