2022-07-31 10:51:26 +02:00
4 changed files with 26 additions and 29 deletions
--- a/flake.nix
+++ b/flake.nix
@ -22,7 +22,7 @@
  };

  outputs =
-    { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, ... }@inputs:
+    { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, colmena, ... }@inputs:
    let
      inherit (nixpkgs) lib;
      inherit (builtins) filter mapAttrs;
@ -32,8 +32,8 @@
      # Filter all nixos host definitions that are actual nix machines
      nixHosts = filter ({ nix ? true, ... }: nix) hosts;

+      # Resolve imports based on a foldername (nixname) and if the host is an LXC container or a VM.
      resolveImports = { hostname, profile ? hostname, lxc ? true, ... }: [
-        vault-secrets.nixosModules.vault-secrets
        ./nixos/common
        "${./.}/nixos/hosts/${profile}/configuration.nix"
      ] ++ (if lxc then [
@ -42,16 +42,14 @@
      ]
      else [ ./nixos/common/generic-vm.nix ]);

-      # Create a nixosConfiguration based on a foldername (nixname) and if the host is an LXC container or a VM.
-      mkConfig = { hostname, profile ? hostname, lxc ? true, ... }@host: {
-        "${profile}" = lib.nixosSystem {
-          inherit system;
-          inherit specialArgs;
-          modules = resolveImports host; 
+      mkConfig = { hostname, ... }@host: {
+        "${hostname}" = lib.nixosSystem {
+          inherit system specialArgs;
+          modules = resolveImports host;
        };
      };

-      mkColmenaHost = { ip, hostname, profile ? hostname, lxc ? true, ... }@host: {
+      mkColmenaHost = { ip, hostname, ... }@host: {
        "${hostname}" = {
          imports = resolveImports host;
          deployment = {
@ -61,7 +59,7 @@
        };
      };

-      legacyPackages = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
+      pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
    in
    {
      # Make the config and deploy sets
@ -74,7 +72,6 @@
              inherit system;
              overlays = [
                (import ./nixos/pkgs)
-                vault-secrets.overlay
                minecraft-servers.overlays.default
              ];
            };
@ -83,25 +80,12 @@
        }
        nixHosts;

-      apps.${system} = rec {
-        vault-push-approles = {
-          type = "app";
-          program = "${legacyPackages.vault-push-approles self}/bin/vault-push-approles";
-        };
-        vault-push-approle-envs = {
-          type = "app";
-          program =
-            "${legacyPackages.vault-push-approle-envs self}/bin/vault-push-approle-envs";
-        };
-      };
-
      # Use by running `nix develop`
-      devShells.${system}.default = legacyPackages.mkShell {
+      devShells.${system}.default = pkgs.mkShell {
        VAULT_ADDR = "http://vault.olympus:8200/";
        # This only support bash so just execute zsh in bash as a workaround :/
        shellHook = "zsh; exit $?";
-        buildInputs = with legacyPackages; [
-          colmena
+        buildInputs = with pkgs; [
          fluxcd
          k9s
          kubectl
@ -110,6 +94,8 @@
          nixfmt
          nixUnstable
          vault
+          (vault-push-approle-envs self)
+          (vault-push-approle-approles self)
        ];
      };
    };
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@ -1,7 +1,8 @@
-{ config, pkgs, ... }:
+{ config, pkgs, inputs, ... }:

 {
  imports = [
+    inputs.vault-secrets.nixosModules.vault-secrets
    # User account definitions
    ./users
    ./services
@ -23,13 +24,24 @@
        "https://cachix.cachix.org"
        "https://nix-community.cachix.org"
        "https://nixpkgs-review-bot.cachix.org"
+        "https://colmena.cachix.org"
      ];
      trusted-public-keys = [
        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
+        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
      ];
    };
+    gc = {
+      dates = "weekly";
+      automatic = true;
+      randomizedDelaySec = "45min";
+    };
+    optimise = {
+      automatic = true;
+      dates = "weekly";
+    };
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
--- a/nixos/common/users/default.nix
+++ b/nixos/common/users/default.nix
@ -48,7 +48,7 @@
    ];

    # Make me admin
-    extraGroups = [ "wheel" ];
+    extraGroups = [ "systemd-journal" "wheel" ];
  };

  # Configure the root account
--- a/nixos/hosts/bastion/configuration.nix
+++ b/nixos/hosts/bastion/configuration.nix
@ -45,7 +45,6 @@ in {
  # Additional packages
  environment.systemPackages = with pkgs; [
    binutils
-    colmena
    fix-vscode
    fluxcd
    k9s