v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions 2

switch to fup
Some checks failed
Lint / lint (push) Failing after 2m18s
Details

Browse source
This commit is contained in:
Vivian 2024-01-03 12:06:11 +01:00
parent fbce62aee6
commit 8ce5a9699d
3 changed files with 193 additions and 132 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
common/default.nix
View file

@ -1,6 +1,5 @@
{ lib, inputs, pkgs, ... }: {
imports = [
inputs.home-manager.nixosModules.home-manager
./users
./modules
];

211
flake.lock
View file

@ -50,11 +50,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1702969472,
"narHash": "sha256-IJP9sC+/gLUdWhm6TsnWpw6A1zQWUfn53ym63KeLXvU=",
"lastModified": 1704159259,
"narHash": "sha256-OOEFibN9JQBepVeqxSNSBr6JUmdoZiH263ogms2jk0k=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "bdafd64910bb2b861cf90fa15f1fc93318b6fbf6",
"rev": "e6bedf1869f382cfc51b69848d6e09d51585ead6",
"type": "github"
},
"original": {
@ -254,11 +254,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1704204809,
"narHash": "sha256-O76nB41RyfedpCfcO4GU5i2Ng7ZUMbZnF+Ceq0e8LIs=",
"lastModified": 1704207610,
"narHash": "sha256-goAc0arC/A0Pthz+bNsXzJcaqsNY7s5LcTp2WAtduCo=",
"owner": "jdonszelmann",
"repo": "essentials",
"rev": "8209683dc3c5edd747efccd187f512771d8f3a0c",
"rev": "229d7c8793968a319b6968c6fa06b20c393d1d12",
"type": "github"
},
"original": {
@ -495,6 +495,25 @@
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_4"
},
"locked": {
"lastModified": 1696281284,
"narHash": "sha256-xcmtTmoiiAOSk4abifbtqVZk0iwBcqJfg47iUbkwhcE=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "6cf1e312fb259693c4930d07ca3cbe1d07ef4a48",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"ref": "v1.4.0",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils-pre-commit": {
"locked": {
"lastModified": 1644229661,
@ -511,8 +530,22 @@
}
},
"flake-utils_10": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"flake-utils_11": {
"inputs": {
"systems": "systems_10"
"systems": "systems_11"
},
"locked": {
"lastModified": 1681202837,
@ -565,24 +598,6 @@
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
@ -597,9 +612,9 @@
"type": "github"
}
},
"flake-utils_6": {
"flake-utils_5": {
"inputs": {
"systems": "systems_6"
"systems": "systems_5"
},
"locked": {
"lastModified": 1701680307,
@ -615,6 +630,24 @@
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_7"
@ -637,6 +670,24 @@
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_9": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
@ -651,20 +702,6 @@
"type": "github"
}
},
"flake-utils_9": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"flakeCompat": {
"flake": false,
"locked": {
@ -743,7 +780,7 @@
},
"gnome-autounlock-keyring": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_6"
},
"locked": {
@ -783,11 +820,11 @@
]
},
"locked": {
"lastModified": 1703838268,
"narHash": "sha256-SRg5nXcdPnrsQR2MTAp7en0NyJnQ2wB1ivmsgEbvN+o=",
"lastModified": 1704276313,
"narHash": "sha256-4eD4RaAKHLj0ztw5pQcNFs3hGpxrsYb0e9Qir+Ute+w=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2aff324cf65f5f98f89d878c056b779466b17db8",
"rev": "4d8f90205c6c90be2e81d94d0e5eedf71c1ba34e",
"type": "github"
},
"original": {
@ -801,7 +838,7 @@
"crane": "crane_2",
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nixpkgs"
],
@ -809,11 +846,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1703712542,
"narHash": "sha256-317EoHaQ5OwRLEjwjQUY57FpLDl75kEBbrohH7zbfRQ=",
"lastModified": 1704230057,
"narHash": "sha256-YTkPHIM/RF1WtWqRAxlaE2lqvzEBa58SZzQZB2sx4PY=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "7229dd85f98341520b02fd46662f38d0af511d6d",
"rev": "81f7a56f0ee6bb454284feeeb192df56e39d98d1",
"type": "github"
},
"original": {
@ -880,16 +917,16 @@
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_6",
"flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_7",
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1703769051,
"narHash": "sha256-izOj8XRoHUXkWHpxznOaYHpj30J8/f3ynr7H6oYcNho=",
"lastModified": 1704120350,
"narHash": "sha256-s5BOPAnVc4e/4WvGDeeF3VSLAWzBUB+YW6fJb3pFbRw=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "c39a472523d3c99ddfa88df62223a21b19793490",
"rev": "d5553b1388f2947915c4cec6249b89474046573a",
"type": "github"
},
"original": {
@ -1014,11 +1051,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1703879120,
"narHash": "sha256-oMJ5xtDswlBWxs0DT/aYKEUIhjEpGZJ9GbIxOclYP8I=",
"lastModified": 1704266875,
"narHash": "sha256-luA5SGmeIRZlgLfSLUuR3eacS63q2bJ0Yywqak5lj3E=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "22ae59fec26591ef72ce4ccb5538c42c5f090fe3",
"rev": "8e34f33464d77bea2d5cf7dc1066647b1ad2b324",
"type": "github"
},
"original": {
@ -1332,11 +1369,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1703637592,
"narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
@ -1347,11 +1384,11 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"lastModified": 1703637592,
"narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8",
"type": "github"
},
"original": {
@ -1363,11 +1400,11 @@
},
"nixpkgs_stable": {
"locked": {
"lastModified": 1703351344,
"narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=",
"lastModified": 1704018918,
"narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7790e078f8979a9fcd543f9a47427eeaba38f268",
"rev": "2c9c58e98243930f8cb70387934daa4bc8b00373",
"type": "github"
},
"original": {
@ -1378,16 +1415,16 @@
},
"nixvim": {
"inputs": {
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_8",
"nixpkgs": "nixpkgs_9",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1703859882,
"narHash": "sha256-wRXgap0eEuswF9xXUKDiWBh0tKuJ9vtmlJZ4iAX3K/E=",
"lastModified": 1704263922,
"narHash": "sha256-/H3ZUsqTP+mh7G4fL8fYIP/WZfXH6ohVid8OfZ15RuQ=",
"owner": "pta2002",
"repo": "nixvim",
"rev": "1d8e7906c9606c956c6b40d8d088c8d2110dc0c0",
"rev": "78276e91bb4861564f2241c842cf1fce1a06e563",
"type": "github"
},
"original": {
@ -1398,11 +1435,11 @@
},
"nur": {
"locked": {
"lastModified": 1703938048,
"narHash": "sha256-df8Lwe4k6QiyucOyZV0s6eoy6y7m2g4+/dOpEyYrZGU=",
"lastModified": 1704279261,
"narHash": "sha256-0A0MZ6mC/uQmX0qY0Rtwh4UsepkKktv+hwo/U53MBSw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "ae6fb319f88d5a995cb8dc4502c2d81c5fc1e578",
"rev": "bf390c044dfeeb7471fc931f5953c723028ce0fe",
"type": "github"
},
"original": {
@ -1431,7 +1468,7 @@
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_8",
"flake-utils": "flake-utils_9",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
@ -1440,11 +1477,11 @@
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1702456155,
"narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=",
"lastModified": 1703426812,
"narHash": "sha256-aODSOH8Og8ne4JylPJn+hZ6lyv6K7vE5jFo4KAGIebM=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc",
"rev": "7f35ec30d16b38fe0eed8005933f418d1a4693ee",
"type": "github"
},
"original": {
@ -1538,6 +1575,7 @@
"comma": "comma",
"deploy": "deploy",
"essentials": "essentials",
"flake-utils-plus": "flake-utils-plus",
"gnome-autounlock-keyring": "gnome-autounlock-keyring",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
@ -1676,6 +1714,21 @@
"type": "github"
}
},
"systems_11": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
@ -1849,7 +1902,7 @@
},
"utils_4": {
"inputs": {
"systems": "systems_9"
"systems": "systems_10"
},
"locked": {
"lastModified": 1694529238,
@ -1868,7 +1921,7 @@
"vault-secrets": {
"inputs": {
"flake-compat": "flake-compat_8",
"flake-utils": "flake-utils_9",
"flake-utils": "flake-utils_10",
"nix": "nix",
"nixpkgs": "nixpkgs_12",
"utils": "utils_4"
@ -1889,7 +1942,7 @@
},
"vault-unseal": {
"inputs": {
"flake-utils": "flake-utils_10",
"flake-utils": "flake-utils_11",
"nixpkgs": "nixpkgs_13"
},
"locked": {

113
flake.nix
View file

@ -7,6 +7,9 @@
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
nixpkgs_stable.url = "nixpkgs/nixos-23.05";
flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0";
nur.url = "github:nix-community/NUR";
colmena.url = "github:zhaofengli/colmena";
deploy.url = "github:serokell/deploy-rs";
@ -50,45 +53,45 @@
essentials.url = "github:jdonszelmann/essentials";
};
outputs = { self, nixpkgs, nixpkgs_stable, vault-secrets, colmena, nur, attic
, deploy, ... }@inputs:
outputs = { self, nixpkgs, nixpkgs_stable, flake-utils-plus, nur, attic
, deploy, home-manager, ... }@inputs:
let
inherit (nixpkgs) lib;
# fast-repl = pkgs.writeShellScriptBin "fast-repl" ''
# source /etc/set-environment
# nix repl --file "${./.}/repl.nix" $@
# '';
system = "x86_64-linux";
pkgs = self.pkgs.x86_64-linux.nixpkgs;
in flake-utils-plus.lib.mkFlake {
# `self` and `inputs` arguments are required
inherit self inputs;
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [ (import ./nixos/pkgs) vault-secrets.overlay nur.overlay ];
# Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`.
supportedSystems = [ "x86_64-linux" ];
# Channels config
channelsConfig = { allowUnfree = true; };
sharedOverlays = [ (import ./nixos/pkgs) nur.overlay ];
# host defaults
hostDefaults = {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
./common
];
extraArgs = { inherit inputs; };
};
pkgs_stable = import nixpkgs_stable {
inherit system;
config.allowUnfree = true;
};
# Script to apply local colmena deployments
apply-local = pkgs.writeShellScriptBin "apply-local" ''
"${
colmena.packages.${system}.colmena
}"/bin/colmena apply-local --sudo $@
'';
fast-repl = pkgs.writeShellScriptBin "fast-repl" ''
source /etc/set-environment
nix repl --file "${./.}/repl.nix" $@
'';
in {
nixosConfigurations."bastion.olympus" = lib.nixosSystem {
inherit system pkgs;
specialArgs = { inherit inputs; };
modules = [ ./common ./common/generic-vm.nix ./hosts/olympus/bastion ];
# hosts
hosts."bastion.olympus" = {
modules = [ ./common/generic-vm.nix ./hosts/olympus/bastion ];
};
# deploy-rs
deploy = {
user = "root";
nodes."bastion.olympus" = {
hostname = "olympus.0x76.dev";
fastConnection = true;
@ -102,29 +105,35 @@
};
};
# Outputs
outputsBuilder = channels: {
devShell = channels.nixpkgs.mkShell {
name = "devShell";
VAULT_ADDR = "http://vault.olympus:8200/";
packages = with pkgs; [
attic.packages.${pkgs.system}.attic
# apply-local
deploy.packages.${system}.deploy-rs
deadnix
statix
# nixfmt
# nixpkgs-fmt
nixUnstable
# nil
vault
yamllint
jq
# (vault-push-approle-envs self { })
# (vault-push-approles self { })
# fast-repl
fup-repl
];
};
};
# Checks
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy) deploy.lib;
# Use by running `nix develop`
devShells.${system}.default = pkgs.mkShell {
VAULT_ADDR = "http://vault.olympus:8200/";
packages = with pkgs; [
attic.packages.${pkgs.system}.attic
apply-local
deploy.packages.${system}.deploy-rs
deadnix
statix
# nixfmt
# nixpkgs-fmt
nixUnstable
# nil
vault
yamllint
jq
# (vault-push-approle-envs self { })
# (vault-push-approles self { })
fast-repl
];
};
};
}