diff --git a/data.nix b/data.nix new file mode 100644 index 0000000..14daf74 --- /dev/null +++ b/data.nix @@ -0,0 +1,10 @@ +{ + publicKeys = { + users = { + jan = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJKo68e8EuKlgYG/mxEsMsfWLHXkRulpscGZUD9lXbaEyTvaGalc82T4d7wXHgUi8/xpRbsfxxTV1bl1I7X+Vq7xmzfMP5a0NBIv5Lnh5C9WHEq1aw4fUFCxD5cwy9kt1jV3pSEN/+H5cg4T0OCVRikUZvfB9wng15fdw6JYoZWhWBwZHfISHhXqTXGDnMO7MvzFCl7Ek5WBvH6LoThJFVvKkab6Zg15FtuqNpCat0yEb5QMoFUbyp2Wm0eFU5eUVnlqC6IgG765Pbz+v4sJJo0q3+sZlIgzPeav3d7FEgZeqq+UZA3Hp+4T5ww+XEHDalxsB60VDeq85snVTO8XGt" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXNG/QeViH/SboWxbONAub/eim3NRm5MDtJA7gyTz7r" + ]; + }; + }; +} diff --git a/flake.nix b/flake.nix index 96ff644..44769ac 100644 --- a/flake.nix +++ b/flake.nix @@ -49,21 +49,33 @@ inherit (pkgs) lib; nixos-rebuild = pkgs.nixos-rebuild.override { nix = pkgs.nixFlakes; }; + + localMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost == null) self.nixosConfigurations; + vpsMachines = lib.filterAttrs (h: m: m.config.deployment.targetHost != null) self.nixosConfigurations; in { apps = lib.mapAttrs (name: program: { type = "app"; program = toString program; }) (flake-utils.lib.flattenTree { + deploy = lib.recurseIntoAttrs (lib.mapAttrs + (hostname: machine: pkgs.writeShellScript "deploy-${hostname}" '' + ${nixos-rebuild}/bin/nixos-rebuild switch \ + --flake .#${hostname} \ + --target-host ${machine.config.deployment.targetHost} + '') + vpsMachines); + switch = lib.recurseIntoAttrs (lib.mapAttrs (hostname: machine: pkgs.writeShellScript "switch-${hostname}" '' ${nixos-rebuild}/bin/nixos-rebuild switch --flake .#${hostname} '') - self.nixosConfigurations); + localMachines); + test = lib.recurseIntoAttrs (lib.mapAttrs (hostname: machine: pkgs.writeShellScript "test-${hostname}" '' ${nixos-rebuild}/bin/nixos-rebuild test --flake .#${hostname} '') - self.nixosConfigurations); + localMachines); }); devShells = { @@ -83,6 +95,7 @@ , specialArgs ? { } , extraModules ? [ ] , extraHomeModule ? null + , targetHost ? null , nixpkgs ? inputs.nixpkgs }: nixpkgs.lib.nixosSystem { @@ -96,7 +109,20 @@ home-manager.nixosModule ]) ++ [ ./machines/${hostname} ] - ++ extraModules; + ++ extraModules + ++ [ + # deployment settings + ({ lib, ... }: { + options.deployment = with lib; { + targetHost = mkOption { + type = types.nullOr types.str; + readOnly = true; + internal = true; + }; + }; + config.deployment = { inherit targetHost; }; + }) + ]; }) (import ./machines inputs); }; diff --git a/machines/asus-gl553vd/default.nix b/machines/asus-gl553vd/default.nix index 7d72ee7..1a729c9 100644 --- a/machines/asus-gl553vd/default.nix +++ b/machines/asus-gl553vd/default.nix @@ -52,4 +52,6 @@ in # Enable the Docker virtualisation.docker.enable = true; + + local.nix.enableMyRegistry = true; } diff --git a/machines/default.nix b/machines/default.nix index 6930425..2f2e97d 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -29,4 +29,10 @@ in local.alacritty.fontSize = 6.0; }; }; + + magenta = { + system = "x86_64-linux"; + + targetHost = "45.131.41.215"; + }; } diff --git a/machines/home/default.nix b/machines/home/default.nix index 109eedd..981e5d2 100644 --- a/machines/home/default.nix +++ b/machines/home/default.nix @@ -79,4 +79,6 @@ in # Enable the Docker virtualisation.docker.enable = true; + + local.nix.enableMyRegistry = true; } diff --git a/machines/magenta/default.nix b/machines/magenta/default.nix new file mode 100644 index 0000000..252d3e8 --- /dev/null +++ b/machines/magenta/default.nix @@ -0,0 +1,19 @@ +{ ... }: + +let + data = import ../../data.nix; +in +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix # generated at runtime by nixos-infect + ../modules/common.nix + ]; + + boot.cleanTmpDir = true; + zramSwap.enable = true; + networking.hostName = "magenta"; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan; +} diff --git a/machines/magenta/hardware-configuration.nix b/machines/magenta/hardware-configuration.nix new file mode 100644 index 0000000..40c8d65 --- /dev/null +++ b/machines/magenta/hardware-configuration.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; +} diff --git a/machines/magenta/networking.nix b/machines/magenta/networking.nix new file mode 100644 index 0000000..e294e6e --- /dev/null +++ b/machines/magenta/networking.nix @@ -0,0 +1,33 @@ +{ lib, ... }: + +{ + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ + "188.93.16.19" + "188.93.17.19" + "8.8.8.8" + ]; + defaultGateway = "45.131.41.1"; + defaultGateway6 = ""; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { address = "45.131.41.215"; prefixLength = 24; } + ]; + ipv6.addresses = [ + { address = "fe80::f816:3eff:fe58:d30a"; prefixLength = 64; } + ]; + ipv4.routes = [{ address = "45.131.41.1"; prefixLength = 32; }]; + ipv6.routes = [{ address = ""; prefixLength = 128; }]; + }; + + }; + }; + services.udev.extraRules = '' + ATTR{address}=="fa:16:3e:58:d3:0a", NAME="eth0" + ''; +} diff --git a/secrets.config.nix b/secrets.config.nix index cb038a5..16c5ea6 100644 Binary files a/secrets.config.nix and b/secrets.config.nix differ