diff --git a/flake.nix b/flake.nix index ec9e682..27e7218 100644 --- a/flake.nix +++ b/flake.nix @@ -84,6 +84,14 @@ '') vpsMachines); + rollback = lib.recurseIntoAttrs (lib.mapAttrs + (hostname: machine: pkgs.writeShellScript "rollback-${hostname}" '' + ${nixos-rebuild}/bin/nixos-rebuild test \ + --rollback \ + --flake .#${hostname} + '') + self.nixosConfigurations); + switch = lib.recurseIntoAttrs (lib.mapAttrs (hostname: machine: pkgs.writeShellScript "switch-${hostname}" '' ${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@ @@ -95,6 +103,7 @@ ${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} $@ '') localMachines); + }); devShells = { @@ -137,7 +146,6 @@ agenix.nixosModules.default home-manager.nixosModule ]) - ++ [ ./machines/${hostname} ] ++ extraModules ++ [ # deployment settings @@ -156,8 +164,9 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; }) - ]; + ] + ++ [ ./nixos/hosts/${hostname} ]; }) - (import ./machines inputs); + (import ./nixos/hosts inputs); }; } diff --git a/machines/magenta/services/mailserver-accounts.secret.nix b/machines/magenta/services/mailserver-accounts.secret.nix deleted file mode 100644 index d265686..0000000 Binary files a/machines/magenta/services/mailserver-accounts.secret.nix and /dev/null differ diff --git a/machines/modules/networking.secret.nix b/machines/modules/networking.secret.nix deleted file mode 100644 index f500ba7..0000000 Binary files a/machines/modules/networking.secret.nix and /dev/null differ diff --git a/machines/asus-gl553vd/default.nix b/nixos/hosts/asus-gl553vd/default.nix similarity index 81% rename from machines/asus-gl553vd/default.nix rename to nixos/hosts/asus-gl553vd/default.nix index aac31b3..e6da7cf 100644 --- a/machines/asus-gl553vd/default.nix +++ b/nixos/hosts/asus-gl553vd/default.nix @@ -4,15 +4,13 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../modules/common.nix - ../modules/sound.nix - ../modules/window-manager.nix - ../modules/fonts.nix - ../modules/gnupg.nix - ../modules/nix.nix - ../modules/garbage-collector.nix - ../modules/networking.secret.nix - ../modules/wireguard-client.nix + ../../shared/common.nix + ../../shared/sound.nix + ../../shared/window-manager.nix + ../../shared/fonts.nix + ../../shared/gnupg.nix + ../../shared/garbage-collector.nix + ../../shared/networking.secret.nix ]; # Use latest kernel @@ -72,7 +70,7 @@ # Wireguard client age.secrets.wireguard-asus-gl553vd-private = { - file = ../../secrets/wireguard-asus-gl553vd-private.age; + file = ../../../../secrets/wireguard-asus-gl553vd-private.age; mode = "0400"; }; local.wireguard = { diff --git a/machines/asus-gl553vd/hardware-configuration.nix b/nixos/hosts/asus-gl553vd/hardware-configuration.nix similarity index 100% rename from machines/asus-gl553vd/hardware-configuration.nix rename to nixos/hosts/asus-gl553vd/hardware-configuration.nix diff --git a/machines/canigou/data.secret.nix b/nixos/hosts/canigou/data.secret.nix similarity index 100% rename from machines/canigou/data.secret.nix rename to nixos/hosts/canigou/data.secret.nix diff --git a/machines/canigou/default.nix b/nixos/hosts/canigou/default.nix similarity index 72% rename from machines/canigou/default.nix rename to nixos/hosts/canigou/default.nix index 123159d..e5706f6 100644 --- a/machines/canigou/default.nix +++ b/nixos/hosts/canigou/default.nix @@ -1,16 +1,17 @@ { pkgs, ... }: let - data = import ../../data.nix; + data = import ../../../data.nix; in { imports = [ ./hardware-configuration.nix ./networking.secret.nix # generated at runtime by nixos-infect - ../modules/common.nix - ../modules/fail2ban.nix - ../modules/docker-swarm.nix + ../../shared/common.nix + ../../shared/fail2ban.nix + ../../shared/garbage-collector.nix + ../../shared/docker-swarm.nix ./services/wireguard.nix ]; diff --git a/machines/canigou/hardware-configuration.nix b/nixos/hosts/canigou/hardware-configuration.nix similarity index 100% rename from machines/canigou/hardware-configuration.nix rename to nixos/hosts/canigou/hardware-configuration.nix diff --git a/machines/canigou/networking.secret.nix b/nixos/hosts/canigou/networking.secret.nix similarity index 100% rename from machines/canigou/networking.secret.nix rename to nixos/hosts/canigou/networking.secret.nix diff --git a/machines/canigou/services/wireguard.nix b/nixos/hosts/canigou/services/wireguard.nix similarity index 96% rename from machines/canigou/services/wireguard.nix rename to nixos/hosts/canigou/services/wireguard.nix index d791ccd..0b6dfcf 100644 --- a/machines/canigou/services/wireguard.nix +++ b/nixos/hosts/canigou/services/wireguard.nix @@ -58,7 +58,7 @@ in }; age.secrets.wireguard-canigou-private = { - file = ../../../secrets/wireguard-canigou-private.age; + file = ../../../../secrets/wireguard-canigou-private.age; mode = "0400"; }; } diff --git a/machines/default.nix b/nixos/hosts/default.nix similarity index 76% rename from machines/default.nix rename to nixos/hosts/default.nix index ddd1a02..1cc4f72 100644 --- a/machines/default.nix +++ b/nixos/hosts/default.nix @@ -9,8 +9,10 @@ in extraModules = [ hardware.common-gpu-amd - ../users/jan - ../users/nas + ../modules/nix.nix + ../modules/wireguard-client.nix + ../../users/jan + ../../users/nas ]; extraHomeModule = { ... }: { @@ -24,8 +26,10 @@ in extraModules = [ hardware.common-cpu-intel - ../users/jan - ../users/nas + ../modules/nix.nix + ../modules/wireguard-client.nix + ../../users/jan + ../../users/nas ]; extraHomeModule = { ... }: { @@ -41,7 +45,7 @@ in extraModules = [ inputs.mailserver.nixosModule - ./modules/docker-stack.nix + ../modules/docker-stack.nix ]; }; diff --git a/machines/home/default.nix b/nixos/hosts/home/default.nix similarity index 87% rename from machines/home/default.nix rename to nixos/hosts/home/default.nix index 99eab9f..29b044f 100644 --- a/machines/home/default.nix +++ b/nixos/hosts/home/default.nix @@ -4,15 +4,13 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../modules/common.nix - ../modules/sound.nix - ../modules/window-manager.nix - ../modules/fonts.nix - ../modules/gnupg.nix - ../modules/nix.nix - ../modules/garbage-collector.nix - ../modules/networking.secret.nix - ../modules/wireguard-client.nix + ../../shared/common.nix + ../../shared/sound.nix + ../../shared/window-manager.nix + ../../shared/fonts.nix + ../../shared/gnupg.nix + ../../shared/garbage-collector.nix + ../../shared/networking.secret.nix ]; # Configure kernel @@ -96,7 +94,7 @@ # Wireguard client age.secrets.wireguard-home-private = { - file = ../../secrets/wireguard-home-private.age; + file = ../../../secrets/wireguard-home-private.age; mode = "0400"; }; local.wireguard = { diff --git a/machines/home/hardware-configuration.nix b/nixos/hosts/home/hardware-configuration.nix similarity index 100% rename from machines/home/hardware-configuration.nix rename to nixos/hosts/home/hardware-configuration.nix diff --git a/machines/magenta/data.secret.nix b/nixos/hosts/magenta/data.secret.nix similarity index 100% rename from machines/magenta/data.secret.nix rename to nixos/hosts/magenta/data.secret.nix diff --git a/machines/magenta/default.nix b/nixos/hosts/magenta/default.nix similarity index 78% rename from machines/magenta/default.nix rename to nixos/hosts/magenta/default.nix index 971143a..65d2cce 100644 --- a/machines/magenta/default.nix +++ b/nixos/hosts/magenta/default.nix @@ -1,17 +1,17 @@ { config, pkgs, lib, ... }: let - data = import ../../data.nix; + data = import ../../../data.nix; in { imports = [ ./hardware-configuration.nix ./networking.secret.nix # generated at runtime by nixos-infect - ../modules/common.nix - ../modules/fail2ban.nix - ../modules/garbage-collector.nix - ../modules/docker-swarm.nix + ../../shared/common.nix + ../../shared/fail2ban.nix + ../../shared/garbage-collector.nix + ../../shared/docker-swarm.nix ./services/mailserver.nix ./services/gitea.nix diff --git a/machines/magenta/hardware-configuration.nix b/nixos/hosts/magenta/hardware-configuration.nix similarity index 100% rename from machines/magenta/hardware-configuration.nix rename to nixos/hosts/magenta/hardware-configuration.nix diff --git a/machines/magenta/networking.secret.nix b/nixos/hosts/magenta/networking.secret.nix similarity index 100% rename from machines/magenta/networking.secret.nix rename to nixos/hosts/magenta/networking.secret.nix diff --git a/machines/magenta/services/gitea.nix b/nixos/hosts/magenta/services/gitea.nix similarity index 98% rename from machines/magenta/services/gitea.nix rename to nixos/hosts/magenta/services/gitea.nix index 767eaf8..9d86c3f 100644 --- a/machines/magenta/services/gitea.nix +++ b/nixos/hosts/magenta/services/gitea.nix @@ -122,7 +122,7 @@ in }; age.secrets.gitea-smtp-passfile = { - file = ../../../secrets/gitea-smtp-passfile.age; + file = ../../../../secrets/gitea-smtp-passfile.age; owner = giteaCfg.user; group = "gitea"; }; diff --git a/nixos/hosts/magenta/services/mailserver-accounts.secret.nix b/nixos/hosts/magenta/services/mailserver-accounts.secret.nix new file mode 100644 index 0000000..4dd5b95 Binary files /dev/null and b/nixos/hosts/magenta/services/mailserver-accounts.secret.nix differ diff --git a/machines/magenta/services/mailserver.nix b/nixos/hosts/magenta/services/mailserver.nix similarity index 100% rename from machines/magenta/services/mailserver.nix rename to nixos/hosts/magenta/services/mailserver.nix diff --git a/machines/magenta/services/traefik.nix b/nixos/hosts/magenta/services/traefik.nix similarity index 98% rename from machines/magenta/services/traefik.nix rename to nixos/hosts/magenta/services/traefik.nix index ff48fd4..44e03c8 100644 --- a/machines/magenta/services/traefik.nix +++ b/nixos/hosts/magenta/services/traefik.nix @@ -54,7 +54,7 @@ in systemd.tmpfiles.rules = [ "d '${dataDir}' 0700 ${user} ${group} - -" ]; age.secrets.traefik-dashboard-basicauth-users = { - file = ../../../secrets/traefik-dashboard-basicauth-users.age; + file = ../../../../secrets/traefik-dashboard-basicauth-users.age; owner = user; inherit group; }; diff --git a/machines/magenta/services/woodpecker/agent-docker.nix b/nixos/hosts/magenta/services/woodpecker/agent-docker.nix similarity index 93% rename from machines/magenta/services/woodpecker/agent-docker.nix rename to nixos/hosts/magenta/services/woodpecker/agent-docker.nix index 633a425..b68c50e 100644 --- a/machines/magenta/services/woodpecker/agent-docker.nix +++ b/nixos/hosts/magenta/services/woodpecker/agent-docker.nix @@ -1,7 +1,7 @@ { pkgs, config, ... }: let - nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { }; + nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { }; canigouData = import ../../data.secret.nix; diff --git a/machines/magenta/services/woodpecker/common.nix b/nixos/hosts/magenta/services/woodpecker/common.nix similarity index 66% rename from machines/magenta/services/woodpecker/common.nix rename to nixos/hosts/magenta/services/woodpecker/common.nix index 9c7026d..e98720a 100644 --- a/machines/magenta/services/woodpecker/common.nix +++ b/nixos/hosts/magenta/services/woodpecker/common.nix @@ -18,10 +18,10 @@ in }; users.groups.docker.members = [ userAgent userServer ]; - age.secrets.woodpecker-common-env.file = ../../../../secrets/woodpecker-common-env.age; - age.secrets.woodpecker-server-env.file = ../../../../secrets/woodpecker-server-env.age; + age.secrets.woodpecker-common-env.file = ../../../../../secrets/woodpecker-common-env.age; + age.secrets.woodpecker-server-env.file = ../../../../../secrets/woodpecker-server-env.age; age.secrets.woodpecker-docker-config = { - file = ../../../../secrets/docker-config.json.age; + file = ../../../../../secrets/docker-config.json.age; mode = "440"; inherit group; }; diff --git a/machines/magenta/services/woodpecker/data.secret.nix b/nixos/hosts/magenta/services/woodpecker/data.secret.nix similarity index 100% rename from machines/magenta/services/woodpecker/data.secret.nix rename to nixos/hosts/magenta/services/woodpecker/data.secret.nix diff --git a/machines/magenta/services/woodpecker/default.nix b/nixos/hosts/magenta/services/woodpecker/default.nix similarity index 100% rename from machines/magenta/services/woodpecker/default.nix rename to nixos/hosts/magenta/services/woodpecker/default.nix diff --git a/machines/magenta/services/woodpecker/server.nix b/nixos/hosts/magenta/services/woodpecker/server.nix similarity index 96% rename from machines/magenta/services/woodpecker/server.nix rename to nixos/hosts/magenta/services/woodpecker/server.nix index 3d57b50..dfde4fa 100644 --- a/machines/magenta/services/woodpecker/server.nix +++ b/nixos/hosts/magenta/services/woodpecker/server.nix @@ -2,7 +2,7 @@ { pkgs, config, ... }: let - nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { }; + nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { }; data = import ./data.secret.nix; inherit (data) hostname port grpcPort userServer group database; diff --git a/machines/modules/docker-stack.nix b/nixos/modules/docker-stack.nix similarity index 100% rename from machines/modules/docker-stack.nix rename to nixos/modules/docker-stack.nix diff --git a/machines/modules/nix.nix b/nixos/modules/nix.nix similarity index 100% rename from machines/modules/nix.nix rename to nixos/modules/nix.nix diff --git a/machines/modules/traefik.nix b/nixos/modules/traefik.nix similarity index 100% rename from machines/modules/traefik.nix rename to nixos/modules/traefik.nix diff --git a/machines/modules/wireguard-client.nix b/nixos/modules/wireguard-client.nix similarity index 97% rename from machines/modules/wireguard-client.nix rename to nixos/modules/wireguard-client.nix index d5757fc..afdb0af 100644 --- a/machines/modules/wireguard-client.nix +++ b/nixos/modules/wireguard-client.nix @@ -5,7 +5,7 @@ let port = 51820; - serverAddr = (import ../canigou/data.secret.nix).addr; + serverAddr = (import ../hosts/canigou/data.secret.nix).addr; # Run `ip route` to show gateway defaultGateway = "192.168.0.1"; diff --git a/machines/modules/common.nix b/nixos/shared/common.nix similarity index 100% rename from machines/modules/common.nix rename to nixos/shared/common.nix diff --git a/machines/modules/docker-swarm.nix b/nixos/shared/docker-swarm.nix similarity index 100% rename from machines/modules/docker-swarm.nix rename to nixos/shared/docker-swarm.nix diff --git a/machines/modules/fail2ban.nix b/nixos/shared/fail2ban.nix similarity index 100% rename from machines/modules/fail2ban.nix rename to nixos/shared/fail2ban.nix diff --git a/machines/modules/fonts.nix b/nixos/shared/fonts.nix similarity index 100% rename from machines/modules/fonts.nix rename to nixos/shared/fonts.nix diff --git a/machines/modules/garbage-collector.nix b/nixos/shared/garbage-collector.nix similarity index 100% rename from machines/modules/garbage-collector.nix rename to nixos/shared/garbage-collector.nix diff --git a/machines/modules/gnupg.nix b/nixos/shared/gnupg.nix similarity index 100% rename from machines/modules/gnupg.nix rename to nixos/shared/gnupg.nix diff --git a/nixos/shared/networking.secret.nix b/nixos/shared/networking.secret.nix new file mode 100644 index 0000000..b878e8f Binary files /dev/null and b/nixos/shared/networking.secret.nix differ diff --git a/machines/modules/sound.nix b/nixos/shared/sound.nix similarity index 100% rename from machines/modules/sound.nix rename to nixos/shared/sound.nix diff --git a/machines/modules/window-manager.nix b/nixos/shared/window-manager.nix similarity index 100% rename from machines/modules/window-manager.nix rename to nixos/shared/window-manager.nix