refac: restructure nixos
This commit is contained in:
parent
984902dbf2
commit
36d066f355
GPG key ID:
79C4487B44403985
39 changed files with 56 additions and 46 deletions
15
flake.nix
15
flake.nix
|
|
@ -84,6 +84,14 @@
|
||||||
'')
|
'')
|
||||||
vpsMachines);
|
vpsMachines);
|
||||||
|
|
||||||
|
rollback = lib.recurseIntoAttrs (lib.mapAttrs
|
||||||
|
(hostname: machine: pkgs.writeShellScript "rollback-${hostname}" ''
|
||||||
|
${nixos-rebuild}/bin/nixos-rebuild test \
|
||||||
|
--rollback \
|
||||||
|
--flake .#${hostname}
|
||||||
|
'')
|
||||||
|
self.nixosConfigurations);
|
||||||
|
|
||||||
switch = lib.recurseIntoAttrs (lib.mapAttrs
|
switch = lib.recurseIntoAttrs (lib.mapAttrs
|
||||||
(hostname: machine: pkgs.writeShellScript "switch-${hostname}" ''
|
(hostname: machine: pkgs.writeShellScript "switch-${hostname}" ''
|
||||||
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
|
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
|
||||||
|
|
@ -95,6 +103,7 @@
|
||||||
${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} $@
|
${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} $@
|
||||||
'')
|
'')
|
||||||
localMachines);
|
localMachines);
|
||||||
|
|
||||||
});
|
});
|
||||||
|
|
||||||
devShells = {
|
devShells = {
|
||||||
|
|
@ -137,7 +146,6 @@
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
home-manager.nixosModule
|
home-manager.nixosModule
|
||||||
])
|
])
|
||||||
++ [ ./machines/${hostname} ]
|
|
||||||
++ extraModules
|
++ extraModules
|
||||||
++ [
|
++ [
|
||||||
# deployment settings
|
# deployment settings
|
||||||
|
|
@ -156,8 +164,9 @@
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
home-manager.useUserPackages = true;
|
home-manager.useUserPackages = true;
|
||||||
})
|
})
|
||||||
];
|
]
|
||||||
|
++ [ ./nixos/hosts/${hostname} ];
|
||||||
})
|
})
|
||||||
(import ./machines inputs);
|
(import ./nixos/hosts inputs);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Binary file not shown.
Binary file not shown.
|
|
@ -4,15 +4,13 @@
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../modules/common.nix
|
../../shared/common.nix
|
||||||
../modules/sound.nix
|
../../shared/sound.nix
|
||||||
../modules/window-manager.nix
|
../../shared/window-manager.nix
|
||||||
../modules/fonts.nix
|
../../shared/fonts.nix
|
||||||
../modules/gnupg.nix
|
../../shared/gnupg.nix
|
||||||
../modules/nix.nix
|
../../shared/garbage-collector.nix
|
||||||
../modules/garbage-collector.nix
|
../../shared/networking.secret.nix
|
||||||
../modules/networking.secret.nix
|
|
||||||
../modules/wireguard-client.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use latest kernel
|
# Use latest kernel
|
||||||
|
|
@ -72,7 +70,7 @@
|
||||||
|
|
||||||
# Wireguard client
|
# Wireguard client
|
||||||
age.secrets.wireguard-asus-gl553vd-private = {
|
age.secrets.wireguard-asus-gl553vd-private = {
|
||||||
file = ../../secrets/wireguard-asus-gl553vd-private.age;
|
file = ../../../../secrets/wireguard-asus-gl553vd-private.age;
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
};
|
};
|
||||||
local.wireguard = {
|
local.wireguard = {
|
||||||
|
|
@ -1,16 +1,17 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
data = import ../../data.nix;
|
data = import ../../../data.nix;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./networking.secret.nix # generated at runtime by nixos-infect
|
./networking.secret.nix # generated at runtime by nixos-infect
|
||||||
|
|
||||||
../modules/common.nix
|
../../shared/common.nix
|
||||||
../modules/fail2ban.nix
|
../../shared/fail2ban.nix
|
||||||
../modules/docker-swarm.nix
|
../../shared/garbage-collector.nix
|
||||||
|
../../shared/docker-swarm.nix
|
||||||
|
|
||||||
./services/wireguard.nix
|
./services/wireguard.nix
|
||||||
];
|
];
|
||||||
|
|
@ -58,7 +58,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets.wireguard-canigou-private = {
|
age.secrets.wireguard-canigou-private = {
|
||||||
file = ../../../secrets/wireguard-canigou-private.age;
|
file = ../../../../secrets/wireguard-canigou-private.age;
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
@ -9,8 +9,10 @@ in
|
||||||
|
|
||||||
extraModules = [
|
extraModules = [
|
||||||
hardware.common-gpu-amd
|
hardware.common-gpu-amd
|
||||||
../users/jan
|
../modules/nix.nix
|
||||||
../users/nas
|
../modules/wireguard-client.nix
|
||||||
|
../../users/jan
|
||||||
|
../../users/nas
|
||||||
];
|
];
|
||||||
|
|
||||||
extraHomeModule = { ... }: {
|
extraHomeModule = { ... }: {
|
||||||
|
|
@ -24,8 +26,10 @@ in
|
||||||
|
|
||||||
extraModules = [
|
extraModules = [
|
||||||
hardware.common-cpu-intel
|
hardware.common-cpu-intel
|
||||||
../users/jan
|
../modules/nix.nix
|
||||||
../users/nas
|
../modules/wireguard-client.nix
|
||||||
|
../../users/jan
|
||||||
|
../../users/nas
|
||||||
];
|
];
|
||||||
|
|
||||||
extraHomeModule = { ... }: {
|
extraHomeModule = { ... }: {
|
||||||
|
|
@ -41,7 +45,7 @@ in
|
||||||
|
|
||||||
extraModules = [
|
extraModules = [
|
||||||
inputs.mailserver.nixosModule
|
inputs.mailserver.nixosModule
|
||||||
./modules/docker-stack.nix
|
../modules/docker-stack.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -4,15 +4,13 @@
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../modules/common.nix
|
../../shared/common.nix
|
||||||
../modules/sound.nix
|
../../shared/sound.nix
|
||||||
../modules/window-manager.nix
|
../../shared/window-manager.nix
|
||||||
../modules/fonts.nix
|
../../shared/fonts.nix
|
||||||
../modules/gnupg.nix
|
../../shared/gnupg.nix
|
||||||
../modules/nix.nix
|
../../shared/garbage-collector.nix
|
||||||
../modules/garbage-collector.nix
|
../../shared/networking.secret.nix
|
||||||
../modules/networking.secret.nix
|
|
||||||
../modules/wireguard-client.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Configure kernel
|
# Configure kernel
|
||||||
|
|
@ -96,7 +94,7 @@
|
||||||
|
|
||||||
# Wireguard client
|
# Wireguard client
|
||||||
age.secrets.wireguard-home-private = {
|
age.secrets.wireguard-home-private = {
|
||||||
file = ../../secrets/wireguard-home-private.age;
|
file = ../../../secrets/wireguard-home-private.age;
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
};
|
};
|
||||||
local.wireguard = {
|
local.wireguard = {
|
||||||
|
|
@ -1,17 +1,17 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
data = import ../../data.nix;
|
data = import ../../../data.nix;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./networking.secret.nix # generated at runtime by nixos-infect
|
./networking.secret.nix # generated at runtime by nixos-infect
|
||||||
|
|
||||||
../modules/common.nix
|
../../shared/common.nix
|
||||||
../modules/fail2ban.nix
|
../../shared/fail2ban.nix
|
||||||
../modules/garbage-collector.nix
|
../../shared/garbage-collector.nix
|
||||||
../modules/docker-swarm.nix
|
../../shared/docker-swarm.nix
|
||||||
|
|
||||||
./services/mailserver.nix
|
./services/mailserver.nix
|
||||||
./services/gitea.nix
|
./services/gitea.nix
|
||||||
|
|
@ -122,7 +122,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets.gitea-smtp-passfile = {
|
age.secrets.gitea-smtp-passfile = {
|
||||||
file = ../../../secrets/gitea-smtp-passfile.age;
|
file = ../../../../secrets/gitea-smtp-passfile.age;
|
||||||
owner = giteaCfg.user;
|
owner = giteaCfg.user;
|
||||||
group = "gitea";
|
group = "gitea";
|
||||||
};
|
};
|
||||||
BIN
nixos/hosts/magenta/services/mailserver-accounts.secret.nix
Normal file
BIN
nixos/hosts/magenta/services/mailserver-accounts.secret.nix
Normal file
Binary file not shown.
|
|
@ -54,7 +54,7 @@ in
|
||||||
systemd.tmpfiles.rules = [ "d '${dataDir}' 0700 ${user} ${group} - -" ];
|
systemd.tmpfiles.rules = [ "d '${dataDir}' 0700 ${user} ${group} - -" ];
|
||||||
|
|
||||||
age.secrets.traefik-dashboard-basicauth-users = {
|
age.secrets.traefik-dashboard-basicauth-users = {
|
||||||
file = ../../../secrets/traefik-dashboard-basicauth-users.age;
|
file = ../../../../secrets/traefik-dashboard-basicauth-users.age;
|
||||||
owner = user;
|
owner = user;
|
||||||
inherit group;
|
inherit group;
|
||||||
};
|
};
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
|
nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
|
||||||
|
|
||||||
canigouData = import ../../data.secret.nix;
|
canigouData = import ../../data.secret.nix;
|
||||||
|
|
||||||
|
|
@ -18,10 +18,10 @@ in
|
||||||
};
|
};
|
||||||
users.groups.docker.members = [ userAgent userServer ];
|
users.groups.docker.members = [ userAgent userServer ];
|
||||||
|
|
||||||
age.secrets.woodpecker-common-env.file = ../../../../secrets/woodpecker-common-env.age;
|
age.secrets.woodpecker-common-env.file = ../../../../../secrets/woodpecker-common-env.age;
|
||||||
age.secrets.woodpecker-server-env.file = ../../../../secrets/woodpecker-server-env.age;
|
age.secrets.woodpecker-server-env.file = ../../../../../secrets/woodpecker-server-env.age;
|
||||||
age.secrets.woodpecker-docker-config = {
|
age.secrets.woodpecker-docker-config = {
|
||||||
file = ../../../../secrets/docker-config.json.age;
|
file = ../../../../../secrets/docker-config.json.age;
|
||||||
mode = "440";
|
mode = "440";
|
||||||
inherit group;
|
inherit group;
|
||||||
};
|
};
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { };
|
nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
|
||||||
|
|
||||||
data = import ./data.secret.nix;
|
data = import ./data.secret.nix;
|
||||||
inherit (data) hostname port grpcPort userServer group database;
|
inherit (data) hostname port grpcPort userServer group database;
|
||||||
|
|
@ -5,7 +5,7 @@ let
|
||||||
|
|
||||||
port = 51820;
|
port = 51820;
|
||||||
|
|
||||||
serverAddr = (import ../canigou/data.secret.nix).addr;
|
serverAddr = (import ../hosts/canigou/data.secret.nix).addr;
|
||||||
|
|
||||||
# Run `ip route` to show gateway
|
# Run `ip route` to show gateway
|
||||||
defaultGateway = "192.168.0.1";
|
defaultGateway = "192.168.0.1";
|
||||||
BIN
nixos/shared/networking.secret.nix
Normal file
BIN
nixos/shared/networking.secret.nix
Normal file
Binary file not shown.
Loading…
Reference in a new issue