colmena + multi location #64
4 changed files with 26 additions and 29 deletions
36
flake.nix
36
flake.nix
|
@ -22,7 +22,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
{ self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, ... }@inputs:
|
{ self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, colmena, ... }@inputs:
|
||||||
let
|
let
|
||||||
inherit (nixpkgs) lib;
|
inherit (nixpkgs) lib;
|
||||||
inherit (builtins) filter mapAttrs;
|
inherit (builtins) filter mapAttrs;
|
||||||
|
@ -32,8 +32,8 @@
|
||||||
# Filter all nixos host definitions that are actual nix machines
|
# Filter all nixos host definitions that are actual nix machines
|
||||||
nixHosts = filter ({ nix ? true, ... }: nix) hosts;
|
nixHosts = filter ({ nix ? true, ... }: nix) hosts;
|
||||||
|
|
||||||
|
# Resolve imports based on a foldername (nixname) and if the host is an LXC container or a VM.
|
||||||
resolveImports = { hostname, profile ? hostname, lxc ? true, ... }: [
|
resolveImports = { hostname, profile ? hostname, lxc ? true, ... }: [
|
||||||
vault-secrets.nixosModules.vault-secrets
|
|
||||||
./nixos/common
|
./nixos/common
|
||||||
"${./.}/nixos/hosts/${profile}/configuration.nix"
|
"${./.}/nixos/hosts/${profile}/configuration.nix"
|
||||||
] ++ (if lxc then [
|
] ++ (if lxc then [
|
||||||
|
@ -42,16 +42,14 @@
|
||||||
]
|
]
|
||||||
else [ ./nixos/common/generic-vm.nix ]);
|
else [ ./nixos/common/generic-vm.nix ]);
|
||||||
|
|
||||||
# Create a nixosConfiguration based on a foldername (nixname) and if the host is an LXC container or a VM.
|
mkConfig = { hostname, ... }@host: {
|
||||||
mkConfig = { hostname, profile ? hostname, lxc ? true, ... }@host: {
|
"${hostname}" = lib.nixosSystem {
|
||||||
"${profile}" = lib.nixosSystem {
|
inherit system specialArgs;
|
||||||
inherit system;
|
|
||||||
inherit specialArgs;
|
|
||||||
modules = resolveImports host;
|
modules = resolveImports host;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mkColmenaHost = { ip, hostname, profile ? hostname, lxc ? true, ... }@host: {
|
mkColmenaHost = { ip, hostname, ... }@host: {
|
||||||
"${hostname}" = {
|
"${hostname}" = {
|
||||||
imports = resolveImports host;
|
imports = resolveImports host;
|
||||||
deployment = {
|
deployment = {
|
||||||
|
@ -61,7 +59,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
legacyPackages = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
|
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# Make the config and deploy sets
|
# Make the config and deploy sets
|
||||||
|
@ -74,7 +72,6 @@
|
||||||
inherit system;
|
inherit system;
|
||||||
overlays = [
|
overlays = [
|
||||||
(import ./nixos/pkgs)
|
(import ./nixos/pkgs)
|
||||||
vault-secrets.overlay
|
|
||||||
minecraft-servers.overlays.default
|
minecraft-servers.overlays.default
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -83,25 +80,12 @@
|
||||||
}
|
}
|
||||||
nixHosts;
|
nixHosts;
|
||||||
|
|
||||||
apps.${system} = rec {
|
|
||||||
vault-push-approles = {
|
|
||||||
type = "app";
|
|
||||||
program = "${legacyPackages.vault-push-approles self}/bin/vault-push-approles";
|
|
||||||
};
|
|
||||||
vault-push-approle-envs = {
|
|
||||||
type = "app";
|
|
||||||
program =
|
|
||||||
"${legacyPackages.vault-push-approle-envs self}/bin/vault-push-approle-envs";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Use by running `nix develop`
|
# Use by running `nix develop`
|
||||||
devShells.${system}.default = legacyPackages.mkShell {
|
devShells.${system}.default = pkgs.mkShell {
|
||||||
VAULT_ADDR = "http://vault.olympus:8200/";
|
VAULT_ADDR = "http://vault.olympus:8200/";
|
||||||
# This only support bash so just execute zsh in bash as a workaround :/
|
# This only support bash so just execute zsh in bash as a workaround :/
|
||||||
shellHook = "zsh; exit $?";
|
shellHook = "zsh; exit $?";
|
||||||
buildInputs = with legacyPackages; [
|
buildInputs = with pkgs; [
|
||||||
colmena
|
|
||||||
fluxcd
|
fluxcd
|
||||||
k9s
|
k9s
|
||||||
kubectl
|
kubectl
|
||||||
|
@ -110,6 +94,8 @@
|
||||||
nixfmt
|
nixfmt
|
||||||
nixUnstable
|
nixUnstable
|
||||||
vault
|
vault
|
||||||
|
(vault-push-approle-envs self)
|
||||||
|
(vault-push-approle-approles self)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, inputs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
inputs.vault-secrets.nixosModules.vault-secrets
|
||||||
# User account definitions
|
# User account definitions
|
||||||
./users
|
./users
|
||||||
./services
|
./services
|
||||||
|
@ -23,13 +24,24 @@
|
||||||
"https://cachix.cachix.org"
|
"https://cachix.cachix.org"
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
"https://nixpkgs-review-bot.cachix.org"
|
"https://nixpkgs-review-bot.cachix.org"
|
||||||
|
"https://colmena.cachix.org"
|
||||||
];
|
];
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
|
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
|
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
|
||||||
|
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
gc = {
|
||||||
|
dates = "weekly";
|
||||||
|
automatic = true;
|
||||||
|
randomizedDelaySec = "45min";
|
||||||
|
};
|
||||||
|
optimise = {
|
||||||
|
automatic = true;
|
||||||
|
dates = "weekly";
|
||||||
|
};
|
||||||
extraOptions = ''
|
extraOptions = ''
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -48,7 +48,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# Make me admin
|
# Make me admin
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "systemd-journal" "wheel" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Configure the root account
|
# Configure the root account
|
||||||
|
|
|
@ -45,7 +45,6 @@ in {
|
||||||
# Additional packages
|
# Additional packages
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
binutils
|
binutils
|
||||||
colmena
|
|
||||||
fix-vscode
|
fix-vscode
|
||||||
fluxcd
|
fluxcd
|
||||||
k9s
|
k9s
|
||||||
|
|
Loading…
Reference in a new issue