mynix
/
system
1
1
Fork 0
Code Issues Pull Requests Releases Activity

refac: restructure nixos

This commit is contained in:
Dmitriy Pleshevskiy 2023-03-18 16:47:02 +03:00
parent 984902dbf2
commit 36d066f355
Signed by: pleshevskiy
GPG Key ID: 79C4487B44403985
39 changed files with 56 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
flake.nix
View File

@ -84,6 +84,14 @@
'')
vpsMachines);
rollback = lib.recurseIntoAttrs (lib.mapAttrs
(hostname: machine: pkgs.writeShellScript "rollback-${hostname}" ''
${nixos-rebuild}/bin/nixos-rebuild test \
--rollback \
--flake .#${hostname}
'')
self.nixosConfigurations);
switch = lib.recurseIntoAttrs (lib.mapAttrs
(hostname: machine: pkgs.writeShellScript "switch-${hostname}" ''
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
@ -95,6 +103,7 @@
${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} $@
'')
localMachines);
});
devShells = {
@ -137,7 +146,6 @@
agenix.nixosModules.default
home-manager.nixosModule
])
++ [ ./machines/${hostname} ]
++ extraModules
++ [
# deployment settings
@ -156,8 +164,9 @@
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
})
];
]
++ [ ./nixos/hosts/${hostname} ];
})
(import ./machines inputs);
(import ./nixos/hosts inputs);
};
}

BIN
machines/magenta/services/mailserver-accounts.secret.nix
View File

Binary file not shown.

BIN
machines/modules/networking.secret.nix
View File

Binary file not shown.

18
machines/asus-gl553vd/default.nix → nixos/hosts/asus-gl553vd/default.nix
View File

@ -4,15 +4,13 @@
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../modules/common.nix
../modules/sound.nix
../modules/window-manager.nix
../modules/fonts.nix
../modules/gnupg.nix
../modules/nix.nix
../modules/garbage-collector.nix
../modules/networking.secret.nix
../modules/wireguard-client.nix
../../shared/common.nix
../../shared/sound.nix
../../shared/window-manager.nix
../../shared/fonts.nix
../../shared/gnupg.nix
../../shared/garbage-collector.nix
../../shared/networking.secret.nix
];
# Use latest kernel
@ -72,7 +70,7 @@
# Wireguard client
age.secrets.wireguard-asus-gl553vd-private = {
file = ../../secrets/wireguard-asus-gl553vd-private.age;
file = ../../../../secrets/wireguard-asus-gl553vd-private.age;
mode = "0400";
};
local.wireguard = {

0
machines/asus-gl553vd/hardware-configuration.nix → nixos/hosts/asus-gl553vd/hardware-configuration.nix
View File

0
machines/canigou/data.secret.nix → nixos/hosts/canigou/data.secret.nix
View File

9
machines/canigou/default.nix → nixos/hosts/canigou/default.nix
View File

@ -1,16 +1,17 @@
{ pkgs, ... }:
let
data = import ../../data.nix;
data = import ../../../data.nix;
in
{
imports = [
./hardware-configuration.nix
./networking.secret.nix # generated at runtime by nixos-infect
../modules/common.nix
../modules/fail2ban.nix
../modules/docker-swarm.nix
../../shared/common.nix
../../shared/fail2ban.nix
../../shared/garbage-collector.nix
../../shared/docker-swarm.nix
./services/wireguard.nix
];

0
machines/canigou/hardware-configuration.nix → nixos/hosts/canigou/hardware-configuration.nix
View File

0
machines/canigou/networking.secret.nix → nixos/hosts/canigou/networking.secret.nix
View File

2
machines/canigou/services/wireguard.nix → nixos/hosts/canigou/services/wireguard.nix
View File

@ -58,7 +58,7 @@ in
};
age.secrets.wireguard-canigou-private = {
file = ../../../secrets/wireguard-canigou-private.age;
file = ../../../../secrets/wireguard-canigou-private.age;
mode = "0400";
};
}

14
machines/default.nix → nixos/hosts/default.nix
View File

@ -9,8 +9,10 @@ in
extraModules = [
hardware.common-gpu-amd
../users/jan
../users/nas
../modules/nix.nix
../modules/wireguard-client.nix
../../users/jan
../../users/nas
];
extraHomeModule = { ... }: {
@ -24,8 +26,10 @@ in
extraModules = [
hardware.common-cpu-intel
../users/jan
../users/nas
../modules/nix.nix
../modules/wireguard-client.nix
../../users/jan
../../users/nas
];
extraHomeModule = { ... }: {
@ -41,7 +45,7 @@ in
extraModules = [
inputs.mailserver.nixosModule
./modules/docker-stack.nix
../modules/docker-stack.nix
];
};

18
machines/home/default.nix → nixos/hosts/home/default.nix
View File

@ -4,15 +4,13 @@
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../modules/common.nix
../modules/sound.nix
../modules/window-manager.nix
../modules/fonts.nix
../modules/gnupg.nix
../modules/nix.nix
../modules/garbage-collector.nix
../modules/networking.secret.nix
../modules/wireguard-client.nix
../../shared/common.nix
../../shared/sound.nix
../../shared/window-manager.nix
../../shared/fonts.nix
../../shared/gnupg.nix
../../shared/garbage-collector.nix
../../shared/networking.secret.nix
];
# Configure kernel
@ -96,7 +94,7 @@
# Wireguard client
age.secrets.wireguard-home-private = {
file = ../../secrets/wireguard-home-private.age;
file = ../../../secrets/wireguard-home-private.age;
mode = "0400";
};
local.wireguard = {

0
machines/home/hardware-configuration.nix → nixos/hosts/home/hardware-configuration.nix
View File

0
machines/magenta/data.secret.nix → nixos/hosts/magenta/data.secret.nix
View File

10
machines/magenta/default.nix → nixos/hosts/magenta/default.nix
View File

@ -1,17 +1,17 @@
{ config, pkgs, lib, ... }:
let
data = import ../../data.nix;
data = import ../../../data.nix;
in
{
imports = [
./hardware-configuration.nix
./networking.secret.nix # generated at runtime by nixos-infect
../modules/common.nix
../modules/fail2ban.nix
../modules/garbage-collector.nix
../modules/docker-swarm.nix
../../shared/common.nix
../../shared/fail2ban.nix
../../shared/garbage-collector.nix
../../shared/docker-swarm.nix
./services/mailserver.nix
./services/gitea.nix

0
machines/magenta/hardware-configuration.nix → nixos/hosts/magenta/hardware-configuration.nix
View File

0
machines/magenta/networking.secret.nix → nixos/hosts/magenta/networking.secret.nix
View File

2
machines/magenta/services/gitea.nix → nixos/hosts/magenta/services/gitea.nix
View File

@ -122,7 +122,7 @@ in
};
age.secrets.gitea-smtp-passfile = {
file = ../../../secrets/gitea-smtp-passfile.age;
file = ../../../../secrets/gitea-smtp-passfile.age;
owner = giteaCfg.user;
group = "gitea";
};

BIN
nixos/hosts/magenta/services/mailserver-accounts.secret.nix Normal file
View File

Binary file not shown.

0
machines/magenta/services/mailserver.nix → nixos/hosts/magenta/services/mailserver.nix
View File

2
machines/magenta/services/traefik.nix → nixos/hosts/magenta/services/traefik.nix
View File

@ -54,7 +54,7 @@ in
systemd.tmpfiles.rules = [ "d '${dataDir}' 0700 ${user} ${group} - -" ];
age.secrets.traefik-dashboard-basicauth-users = {
file = ../../../secrets/traefik-dashboard-basicauth-users.age;
file = ../../../../secrets/traefik-dashboard-basicauth-users.age;
owner = user;
inherit group;
};

2
machines/magenta/services/woodpecker/agent-docker.nix → nixos/hosts/magenta/services/woodpecker/agent-docker.nix
View File

@ -1,7 +1,7 @@
{ pkgs, config, ... }:
let
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
canigouData = import ../../data.secret.nix;

6
machines/magenta/services/woodpecker/common.nix → nixos/hosts/magenta/services/woodpecker/common.nix
View File

@ -18,10 +18,10 @@ in
};
users.groups.docker.members = [ userAgent userServer ];
age.secrets.woodpecker-common-env.file = ../../../../secrets/woodpecker-common-env.age;
age.secrets.woodpecker-server-env.file = ../../../../secrets/woodpecker-server-env.age;
age.secrets.woodpecker-common-env.file = ../../../../../secrets/woodpecker-common-env.age;
age.secrets.woodpecker-server-env.file = ../../../../../secrets/woodpecker-server-env.age;
age.secrets.woodpecker-docker-config = {
file = ../../../../secrets/docker-config.json.age;
file = ../../../../../secrets/docker-config.json.age;
mode = "440";
inherit group;
};

0
machines/magenta/services/woodpecker/data.secret.nix → nixos/hosts/magenta/services/woodpecker/data.secret.nix
View File

0
machines/magenta/services/woodpecker/default.nix → nixos/hosts/magenta/services/woodpecker/default.nix
View File

2
machines/magenta/services/woodpecker/server.nix → nixos/hosts/magenta/services/woodpecker/server.nix
View File

@ -2,7 +2,7 @@
{ pkgs, config, ... }:
let
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
data = import ./data.secret.nix;
inherit (data) hostname port grpcPort userServer group database;

0
machines/modules/docker-stack.nix → nixos/modules/docker-stack.nix
View File

0
machines/modules/nix.nix → nixos/modules/nix.nix
View File

0
machines/modules/traefik.nix → nixos/modules/traefik.nix
View File

2
machines/modules/wireguard-client.nix → nixos/modules/wireguard-client.nix
View File

@ -5,7 +5,7 @@ let
port = 51820;
serverAddr = (import ../canigou/data.secret.nix).addr;
serverAddr = (import ../hosts/canigou/data.secret.nix).addr;
# Run `ip route` to show gateway
defaultGateway = "192.168.0.1";

0
machines/modules/common.nix → nixos/shared/common.nix
View File

0
machines/modules/docker-swarm.nix → nixos/shared/docker-swarm.nix
View File

0
machines/modules/fail2ban.nix → nixos/shared/fail2ban.nix
View File

0
machines/modules/fonts.nix → nixos/shared/fonts.nix
View File

0
machines/modules/garbage-collector.nix → nixos/shared/garbage-collector.nix
View File

0
machines/modules/gnupg.nix → nixos/shared/gnupg.nix
View File

BIN
nixos/shared/networking.secret.nix Normal file
View File

Binary file not shown.

0
machines/modules/sound.nix → nixos/shared/sound.nix
View File

0
machines/modules/window-manager.nix → nixos/shared/window-manager.nix
View File