refac: restructure nixos

This commit is contained in:
Dmitriy Pleshevskiy 2023-03-18 16:47:02 +03:00
parent 984902dbf2
commit 36d066f355
Signed by: pleshevskiy
GPG key ID: 79C4487B44403985
39 changed files with 56 additions and 46 deletions

View file

@ -84,6 +84,14 @@
'') '')
vpsMachines); vpsMachines);
rollback = lib.recurseIntoAttrs (lib.mapAttrs
(hostname: machine: pkgs.writeShellScript "rollback-${hostname}" ''
${nixos-rebuild}/bin/nixos-rebuild test \
--rollback \
--flake .#${hostname}
'')
self.nixosConfigurations);
switch = lib.recurseIntoAttrs (lib.mapAttrs switch = lib.recurseIntoAttrs (lib.mapAttrs
(hostname: machine: pkgs.writeShellScript "switch-${hostname}" '' (hostname: machine: pkgs.writeShellScript "switch-${hostname}" ''
${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@ ${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} $@
@ -95,6 +103,7 @@
${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} $@ ${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} $@
'') '')
localMachines); localMachines);
}); });
devShells = { devShells = {
@ -137,7 +146,6 @@
agenix.nixosModules.default agenix.nixosModules.default
home-manager.nixosModule home-manager.nixosModule
]) ])
++ [ ./machines/${hostname} ]
++ extraModules ++ extraModules
++ [ ++ [
# deployment settings # deployment settings
@ -156,8 +164,9 @@
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
}) })
]; ]
++ [ ./nixos/hosts/${hostname} ];
}) })
(import ./machines inputs); (import ./nixos/hosts inputs);
}; };
} }

View file

@ -4,15 +4,13 @@
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../modules/common.nix ../../shared/common.nix
../modules/sound.nix ../../shared/sound.nix
../modules/window-manager.nix ../../shared/window-manager.nix
../modules/fonts.nix ../../shared/fonts.nix
../modules/gnupg.nix ../../shared/gnupg.nix
../modules/nix.nix ../../shared/garbage-collector.nix
../modules/garbage-collector.nix ../../shared/networking.secret.nix
../modules/networking.secret.nix
../modules/wireguard-client.nix
]; ];
# Use latest kernel # Use latest kernel
@ -72,7 +70,7 @@
# Wireguard client # Wireguard client
age.secrets.wireguard-asus-gl553vd-private = { age.secrets.wireguard-asus-gl553vd-private = {
file = ../../secrets/wireguard-asus-gl553vd-private.age; file = ../../../../secrets/wireguard-asus-gl553vd-private.age;
mode = "0400"; mode = "0400";
}; };
local.wireguard = { local.wireguard = {

View file

@ -1,16 +1,17 @@
{ pkgs, ... }: { pkgs, ... }:
let let
data = import ../../data.nix; data = import ../../../data.nix;
in in
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.secret.nix # generated at runtime by nixos-infect ./networking.secret.nix # generated at runtime by nixos-infect
../modules/common.nix ../../shared/common.nix
../modules/fail2ban.nix ../../shared/fail2ban.nix
../modules/docker-swarm.nix ../../shared/garbage-collector.nix
../../shared/docker-swarm.nix
./services/wireguard.nix ./services/wireguard.nix
]; ];

View file

@ -58,7 +58,7 @@ in
}; };
age.secrets.wireguard-canigou-private = { age.secrets.wireguard-canigou-private = {
file = ../../../secrets/wireguard-canigou-private.age; file = ../../../../secrets/wireguard-canigou-private.age;
mode = "0400"; mode = "0400";
}; };
} }

View file

@ -9,8 +9,10 @@ in
extraModules = [ extraModules = [
hardware.common-gpu-amd hardware.common-gpu-amd
../users/jan ../modules/nix.nix
../users/nas ../modules/wireguard-client.nix
../../users/jan
../../users/nas
]; ];
extraHomeModule = { ... }: { extraHomeModule = { ... }: {
@ -24,8 +26,10 @@ in
extraModules = [ extraModules = [
hardware.common-cpu-intel hardware.common-cpu-intel
../users/jan ../modules/nix.nix
../users/nas ../modules/wireguard-client.nix
../../users/jan
../../users/nas
]; ];
extraHomeModule = { ... }: { extraHomeModule = { ... }: {
@ -41,7 +45,7 @@ in
extraModules = [ extraModules = [
inputs.mailserver.nixosModule inputs.mailserver.nixosModule
./modules/docker-stack.nix ../modules/docker-stack.nix
]; ];
}; };

View file

@ -4,15 +4,13 @@
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../modules/common.nix ../../shared/common.nix
../modules/sound.nix ../../shared/sound.nix
../modules/window-manager.nix ../../shared/window-manager.nix
../modules/fonts.nix ../../shared/fonts.nix
../modules/gnupg.nix ../../shared/gnupg.nix
../modules/nix.nix ../../shared/garbage-collector.nix
../modules/garbage-collector.nix ../../shared/networking.secret.nix
../modules/networking.secret.nix
../modules/wireguard-client.nix
]; ];
# Configure kernel # Configure kernel
@ -96,7 +94,7 @@
# Wireguard client # Wireguard client
age.secrets.wireguard-home-private = { age.secrets.wireguard-home-private = {
file = ../../secrets/wireguard-home-private.age; file = ../../../secrets/wireguard-home-private.age;
mode = "0400"; mode = "0400";
}; };
local.wireguard = { local.wireguard = {

View file

@ -1,17 +1,17 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
data = import ../../data.nix; data = import ../../../data.nix;
in in
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.secret.nix # generated at runtime by nixos-infect ./networking.secret.nix # generated at runtime by nixos-infect
../modules/common.nix ../../shared/common.nix
../modules/fail2ban.nix ../../shared/fail2ban.nix
../modules/garbage-collector.nix ../../shared/garbage-collector.nix
../modules/docker-swarm.nix ../../shared/docker-swarm.nix
./services/mailserver.nix ./services/mailserver.nix
./services/gitea.nix ./services/gitea.nix

View file

@ -122,7 +122,7 @@ in
}; };
age.secrets.gitea-smtp-passfile = { age.secrets.gitea-smtp-passfile = {
file = ../../../secrets/gitea-smtp-passfile.age; file = ../../../../secrets/gitea-smtp-passfile.age;
owner = giteaCfg.user; owner = giteaCfg.user;
group = "gitea"; group = "gitea";
}; };

View file

@ -54,7 +54,7 @@ in
systemd.tmpfiles.rules = [ "d '${dataDir}' 0700 ${user} ${group} - -" ]; systemd.tmpfiles.rules = [ "d '${dataDir}' 0700 ${user} ${group} - -" ];
age.secrets.traefik-dashboard-basicauth-users = { age.secrets.traefik-dashboard-basicauth-users = {
file = ../../../secrets/traefik-dashboard-basicauth-users.age; file = ../../../../secrets/traefik-dashboard-basicauth-users.age;
owner = user; owner = user;
inherit group; inherit group;
}; };

View file

@ -1,7 +1,7 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
let let
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { }; nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
canigouData = import ../../data.secret.nix; canigouData = import ../../data.secret.nix;

View file

@ -18,10 +18,10 @@ in
}; };
users.groups.docker.members = [ userAgent userServer ]; users.groups.docker.members = [ userAgent userServer ];
age.secrets.woodpecker-common-env.file = ../../../../secrets/woodpecker-common-env.age; age.secrets.woodpecker-common-env.file = ../../../../../secrets/woodpecker-common-env.age;
age.secrets.woodpecker-server-env.file = ../../../../secrets/woodpecker-server-env.age; age.secrets.woodpecker-server-env.file = ../../../../../secrets/woodpecker-server-env.age;
age.secrets.woodpecker-docker-config = { age.secrets.woodpecker-docker-config = {
file = ../../../../secrets/docker-config.json.age; file = ../../../../../secrets/docker-config.json.age;
mode = "440"; mode = "440";
inherit group; inherit group;
}; };

View file

@ -2,7 +2,7 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
let let
nextPkgs = pkgs.callPackage ../../../../packages/woodpecker { }; nextPkgs = pkgs.callPackage ../../../../../packages/woodpecker { };
data = import ./data.secret.nix; data = import ./data.secret.nix;
inherit (data) hostname port grpcPort userServer group database; inherit (data) hostname port grpcPort userServer group database;

View file

@ -5,7 +5,7 @@ let
port = 51820; port = 51820;
serverAddr = (import ../canigou/data.secret.nix).addr; serverAddr = (import ../hosts/canigou/data.secret.nix).addr;
# Run `ip route` to show gateway # Run `ip route` to show gateway
defaultGateway = "192.168.0.1"; defaultGateway = "192.168.0.1";

Binary file not shown.