From 851052014a331687ccfafa6f2f74789fd5865965 Mon Sep 17 00:00:00 2001 From: hexchen Date: Sun, 10 Jan 2021 23:53:41 +0000 Subject: [PATCH] complete restructure of haccfiles here be winkekatzen --- .gitlab-ci.yml | 22 +-- {configuration/common => common}/default.nix | 20 +-- {configuration/common => common}/hexchen.nix | 0 {configuration/common => common}/users.nix | 0 configuration/common/external.nix | 32 ---- .../hosts/cdn/loadbalancer/configuration.nix | 26 --- .../cdn/loadbalancer/hardware-config.nix | 26 --- .../hosts/cdn/master/configuration.nix | 26 --- .../hosts/cdn/master/hardware-config.nix | 25 --- .../hosts/cdn/node-1/configuration.nix | 26 --- .../hosts/cdn/node-1/hardware-config.nix | 25 --- .../hosts/cdn/node-2/configuration.nix | 26 --- .../hosts/cdn/node-2/hardware-config.nix | 25 --- configuration/hosts/default.nix | 37 ----- configuration/server/cdn/cdn-lb.nix | 26 --- configuration/server/cdn/cdn-master.nix | 42 ----- configuration/server/cdn/cdn-node.nix | 43 ----- configuration/server/cdn/common.nix | 61 -------- default.nix | 11 +- .../desktop => desktop}/default.nix | 0 {configuration/desktop => desktop}/gnome.nix | 0 .../desktop => desktop}/streaming.nix | 0 {configuration/desktop => desktop}/sway.nix | 0 {configuration/hosts => hosts}/README.md | 0 .../hosts => hosts}/hainich/configuration.nix | 0 .../hosts => hosts}/hainich/encboot.nix | 0 .../hosts => hosts}/hainich/hardware.nix | 0 .../hosts => hosts}/hainich/k8s.nix | 0 .../hainich/services/codimd.nix | 0 .../hainich/services/docker.nix | 2 - .../hainich/services/engelsystem.nix | 0 .../hainich/services/gitlab-runner.nix | 0 .../hosts => hosts}/hainich/services/mail.nix | 11 +- .../hainich/services/murmur.nix | 0 .../hainich/services/nginx.nix | 0 .../hosts => hosts}/hainich/wireguard.nix | 0 .../hosts => hosts}/nixda/configuration.nix | 0 .../hosts => hosts}/nixda/hardware-config.nix | 0 nix/sources.json | 59 +++++++ nix/sources.nix | 148 ++++++++++++++++++ pkgs/default.nix | 25 ++- 41 files changed, 238 insertions(+), 506 deletions(-) rename {configuration/common => common}/default.nix (85%) rename {configuration/common => common}/hexchen.nix (100%) rename {configuration/common => common}/users.nix (100%) delete mode 100644 configuration/common/external.nix delete mode 100644 configuration/hosts/cdn/loadbalancer/configuration.nix delete mode 100644 configuration/hosts/cdn/loadbalancer/hardware-config.nix delete mode 100644 configuration/hosts/cdn/master/configuration.nix delete mode 100644 configuration/hosts/cdn/master/hardware-config.nix delete mode 100644 configuration/hosts/cdn/node-1/configuration.nix delete mode 100644 configuration/hosts/cdn/node-1/hardware-config.nix delete mode 100644 configuration/hosts/cdn/node-2/configuration.nix delete mode 100644 configuration/hosts/cdn/node-2/hardware-config.nix delete mode 100644 configuration/hosts/default.nix delete mode 100644 configuration/server/cdn/cdn-lb.nix delete mode 100644 configuration/server/cdn/cdn-master.nix delete mode 100644 configuration/server/cdn/cdn-node.nix delete mode 100644 configuration/server/cdn/common.nix rename {configuration/desktop => desktop}/default.nix (100%) rename {configuration/desktop => desktop}/gnome.nix (100%) rename {configuration/desktop => desktop}/streaming.nix (100%) rename {configuration/desktop => desktop}/sway.nix (100%) rename {configuration/hosts => hosts}/README.md (100%) rename {configuration/hosts => hosts}/hainich/configuration.nix (100%) rename {configuration/hosts => hosts}/hainich/encboot.nix (100%) rename {configuration/hosts => hosts}/hainich/hardware.nix (100%) rename {configuration/hosts => hosts}/hainich/k8s.nix (100%) rename {configuration/hosts => hosts}/hainich/services/codimd.nix (100%) rename {configuration/hosts => hosts}/hainich/services/docker.nix (91%) rename {configuration/hosts => hosts}/hainich/services/engelsystem.nix (100%) rename {configuration/hosts => hosts}/hainich/services/gitlab-runner.nix (100%) rename {configuration/hosts => hosts}/hainich/services/mail.nix (94%) rename {configuration/hosts => hosts}/hainich/services/murmur.nix (100%) rename {configuration/hosts => hosts}/hainich/services/nginx.nix (100%) rename {configuration/hosts => hosts}/hainich/wireguard.nix (100%) rename {configuration/hosts => hosts}/nixda/configuration.nix (100%) rename {configuration/hosts => hosts}/nixda/hardware-config.nix (100%) create mode 100644 nix/sources.json create mode 100644 nix/sources.nix diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 38df71f..148a882 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,30 +2,16 @@ stages: - instantiate - build -instantiate 20.09: +instantiate: tags: - nix stage: instantiate script: - - nix-instantiate -I nixpkgs=https://github.com/hexchen/nixpkgs/archive/hexchen-20.09.tar.gz -A deploy.all + - nix-instantiate -A deploy.all -instantiate main: - tags: - - nix - stage: instantiate - script: - - nix-instantiate -I nixpkgs=https://github.com/hexchen/nixpkgs/archive/hexchen-main.tar.gz -A deploy.all - -build 20.09: +build: tags: - nix stage: build script: - - nix-build -A deploy.all -I nixpkgs=https://github.com/hexchen/nixpkgs/archive/hexchen-20.09.tar.gz - -build main: - tags: - - nix - stage: build - script: - - nix-build -A deploy.all -I nixpkgs=https://github.com/hexchen/nixpkgs/archive/hexchen-main.tar.gz + - nix-build -A deploy.all diff --git a/configuration/common/default.nix b/common/default.nix similarity index 85% rename from configuration/common/default.nix rename to common/default.nix index 404598c..419605d 100644 --- a/configuration/common/default.nix +++ b/common/default.nix @@ -1,23 +1,18 @@ { config, lib, pkgs, ... }: -{ +let + sources = import ../nix/sources.nix; +in { imports = [ - ../../modules - ./external.nix + ../modules ./users.nix - ]; - - nixpkgs.overlays = [ - (self: super: import ../../pkgs { nixpkgs = super.path; }) + (sources.home-manager + "/nixos") ]; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; boot.kernelParams = [ "quiet" ]; networking.domain = lib.mkDefault "hacc.space"; - petabyte.nftables = { - enable = lib.mkDefault true; - }; services.journald.extraConfig = '' SystemMaxUse=512M @@ -76,11 +71,6 @@ ffmpeg-full ]; - petabyte.vnstat = { - enable = true; - nginx.enable = true; - }; - security.acme.email = "info+acme@hacc.space"; security.acme.acceptTerms = true; } diff --git a/configuration/common/hexchen.nix b/common/hexchen.nix similarity index 100% rename from configuration/common/hexchen.nix rename to common/hexchen.nix diff --git a/configuration/common/users.nix b/common/users.nix similarity index 100% rename from configuration/common/users.nix rename to common/users.nix diff --git a/configuration/common/external.nix b/configuration/common/external.nix deleted file mode 100644 index b072ca2..0000000 --- a/configuration/common/external.nix +++ /dev/null @@ -1,32 +0,0 @@ -let - pbb-nixfiles = fetchGit { - url = "https://git.petabyte.dev/petabyteboy/nixfiles"; - rev = "b15d29e0440716fc37414547d55839717c9ed2f9"; - }; - - qyliss-nixlib = fetchTarball { - url = "https://git.qyliss.net/nixlib/snapshot/nixlib-e14330c5be9b005d4310cd4dc0d384cff882aedc.tar.zst"; - sha256 = "0nan14ixhdzxxddnckqqhaxhr96yw08rgcmxssddhji6aq5a445j"; - }; - - home-manager = fetchGit { - url = "https://github.com/nix-community/home-manager"; - rev = "a98ec6ec158686387d66654ea96153ec06be33d7"; - }; -in { - imports = [ - (pbb-nixfiles + "/modules") - (home-manager + "/nixos") - ]; - - nixpkgs.overlays = [ - (self: super: { - pleroma = self.callPackage (pbb-nixfiles + "/pkgs/pleroma") { - elixir_1_10 = super.elixir; - }; - dino = self.callPackage (qyliss-nixlib + "/overlays/patches/dino") { - inherit (super) dino; - }; - }) - ]; -} diff --git a/configuration/hosts/cdn/loadbalancer/configuration.nix b/configuration/hosts/cdn/loadbalancer/configuration.nix deleted file mode 100644 index 04d47b4..0000000 --- a/configuration/hosts/cdn/loadbalancer/configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-config.nix - ../../../common - ../../../server/cdn/cdn-lb.nix - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ "/dev/sda" ]; - - networking.interfaces.ens3.useDHCP = true; - networking.hostName = "cdn-loadbalancer"; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.03"; # Did you read the comment? -} diff --git a/configuration/hosts/cdn/loadbalancer/hardware-config.nix b/configuration/hosts/cdn/loadbalancer/hardware-config.nix deleted file mode 100644 index 38e8bb3..0000000 --- a/configuration/hosts/cdn/loadbalancer/hardware-config.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/e371ee1d-a03f-4964-b03d-4a5c59ff5911"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} - - diff --git a/configuration/hosts/cdn/master/configuration.nix b/configuration/hosts/cdn/master/configuration.nix deleted file mode 100644 index fe0b839..0000000 --- a/configuration/hosts/cdn/master/configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-config.nix - ../../../common - ../../../server/cdn/cdn-master.nix - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ "/dev/sda" ]; - - networking.interfaces.ens3.useDHCP = true; - networking.hostName = "cdn-master"; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.03"; # Did you read the comment? -} diff --git a/configuration/hosts/cdn/master/hardware-config.nix b/configuration/hosts/cdn/master/hardware-config.nix deleted file mode 100644 index 4623238..0000000 --- a/configuration/hosts/cdn/master/hardware-config.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/14cc7936-f928-41e3-8f72-ee6bf18d6c19"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} - diff --git a/configuration/hosts/cdn/node-1/configuration.nix b/configuration/hosts/cdn/node-1/configuration.nix deleted file mode 100644 index e6600e8..0000000 --- a/configuration/hosts/cdn/node-1/configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-config.nix - ../../../common - ../../../server/cdn/cdn-node.nix - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ "/dev/sda" ]; - - networking.interfaces.ens3.useDHCP = true; - networking.hostName = "cdn-node-1"; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.03"; # Did you read the comment? -} diff --git a/configuration/hosts/cdn/node-1/hardware-config.nix b/configuration/hosts/cdn/node-1/hardware-config.nix deleted file mode 100644 index f5af44c..0000000 --- a/configuration/hosts/cdn/node-1/hardware-config.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/52dddb3d-9294-4105-9157-bf003dc7bdf9"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} - diff --git a/configuration/hosts/cdn/node-2/configuration.nix b/configuration/hosts/cdn/node-2/configuration.nix deleted file mode 100644 index c575f06..0000000 --- a/configuration/hosts/cdn/node-2/configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-config.nix - ../../../common - ../../../server/cdn/cdn-node.nix - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ "/dev/sda" ]; - - networking.interfaces.ens3.useDHCP = true; - networking.hostName = "cdn-node-2"; - - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.03"; # Did you read the comment? -} diff --git a/configuration/hosts/cdn/node-2/hardware-config.nix b/configuration/hosts/cdn/node-2/hardware-config.nix deleted file mode 100644 index 25858d2..0000000 --- a/configuration/hosts/cdn/node-2/hardware-config.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/a92ff89e-e1c2-4fda-8711-1be7257f6470"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 1; -} - diff --git a/configuration/hosts/default.nix b/configuration/hosts/default.nix deleted file mode 100644 index b0d562f..0000000 --- a/configuration/hosts/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -let - hosts = { - hainich = { - ssh.host = "hainich.hacc.space"; - groups = [ "server" "hacc" ]; - }; - nixda = { - ssh.host = "nixda.hacc.space"; - groups = [ "server" "desktop" "hacc" "live" ]; - }; - "cdn/node-2" = { - ssh.host = "cdn-node-2.live.hacc.media"; - groups = [ "server" "hacc" "live" "livecdn" "livecdn-node" ]; - }; - "cdn/node-1" = { - ssh.host = "cdn-node-1.live.hacc.media"; - groups = [ "server" "hacc" "live" "livecdn" "livecdn-node" ]; - }; - "cdn/master" = { - ssh.host = "cdn-master.live.hacc.media"; - groups = [ "server" "hacc" "live" "livecdn" "livecdn-master" ]; - }; - "cdn/loadbalancer" = { - ssh.host = "cdn-loadbalancer.live.hacc.media"; - groups = [ "server" "hacc" "live" "livecdn" "livecdn-lb" ]; - }; - }; - pkgs = import {}; - evalConfig = import ; - lib = pkgs.lib; -in lib.mapAttrs (name: host: host // { - config = if (host ? config) then host.config else (evalConfig { - modules = [ - (import "${toString ./.}/${name}/configuration.nix") - ]; - }).config; -}) hosts diff --git a/configuration/server/cdn/cdn-lb.nix b/configuration/server/cdn/cdn-lb.nix deleted file mode 100644 index 3789d37..0000000 --- a/configuration/server/cdn/cdn-lb.nix +++ /dev/null @@ -1,26 +0,0 @@ -{config, lib, pkgs, ...}: - -{ - imports = [ - ./common.nix - ]; - services.nginx = { - virtualHosts."${config.networking.hostName}.live.hacc.media" = { - locations = { - "/" = { - return = "301 \"https://$cdnhosts$request_uri\""; - extraConfig = '' - auth_basic off; - add_header 'Access-Control-Allow-Origin' '*'; - ''; - }; - }; - }; - appendHttpConfig = '' - split_clients "$remote_addr" $cdnhosts { - 50% "cdn-node-1.live.hacc.media"; - 50% "cdn-node-2.live.hacc.media"; - } - ''; - }; -} diff --git a/configuration/server/cdn/cdn-master.nix b/configuration/server/cdn/cdn-master.nix deleted file mode 100644 index 1bb2d88..0000000 --- a/configuration/server/cdn/cdn-master.nix +++ /dev/null @@ -1,42 +0,0 @@ -{config, lib, pkgs, ...}: - -let - host-server = "https://rosenbaum.lukas.studio"; -in { - imports = [ - ./common.nix - ]; - services.nginx = { - virtualHosts."${config.networking.hostName}.live.hacc.media" = { - locations = { - "~* \\.(m3u8)$" = { - - proxyPass = "${host-server}$request_uri"; - extraConfig = '' - #proxy_cache = off; - expires 2s; - auth_basic off; - ''; - }; - "/hls" = { - - proxyPass = "${host-server}$request_uri"; - extraConfig = '' - types { - application/vnd.apple.mpegurl m3u8; - video/mp2t ts; - } - proxy_cache hls; - proxy_ignore_headers Cache-Control; - proxy_cache_valid any 30m; - auth_basic off; - ''; - }; - }; - }; - appendHttpConfig = '' - proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; - resolver 1.1.1.1; - ''; - }; -} diff --git a/configuration/server/cdn/cdn-node.nix b/configuration/server/cdn/cdn-node.nix deleted file mode 100644 index 5d86769..0000000 --- a/configuration/server/cdn/cdn-node.nix +++ /dev/null @@ -1,43 +0,0 @@ -{config, lib, pkgs, ...}: - -{ - imports = [ - ./common.nix - ]; - # Enable nginx service - services.nginx = { - virtualHosts."${config.networking.hostName}.live.hacc.media" = { - forceSSL = true; - enableACME = true; -# basicAuth = basicAuthLogin; - locations = { - "~* \\.(m3u8)$" = { - proxyPass = "https://cdn-master.live.hacc.media$request_uri"; - extraConfig = '' - #proxy_cache = off; - expires 3s; - auth_basic off; - ''; - }; - "/hls" = { - proxyPass = "https://cdn-master.live.hacc.media$request_uri"; - extraConfig = '' - types { - application/vnd.apple.mpegurl m3u8; - video/mp2t ts; - } - proxy_cache hls; - proxy_ignore_headers Cache-Control; - proxy_cache_valid any 30m; - auth_basic off; - ''; - - }; - }; - }; - appendHttpConfig = '' - proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; - resolver 1.1.1.1; - ''; - }; -} diff --git a/configuration/server/cdn/common.nix b/configuration/server/cdn/common.nix deleted file mode 100644 index 4fbff56..0000000 --- a/configuration/server/cdn/common.nix +++ /dev/null @@ -1,61 +0,0 @@ -{config, lib, pkgs, ...}: - -{ - networking.firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # HTTPs - ]; - - services.netdata = { - enable = true; - configText = '' - [global] - dbengine multihost disk space = 2307 - ''; - }; - - # Enable nginx service - services.nginx = { - enable = true; - # Use recommended settings - # Don't use recommended Proxy settings because it does funky things with the setup - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."${config.networking.hostName}.live.hacc.media" = { - forceSSL = true; - enableACME = true; -# basicAuth = basicAuthLogin; - locations = { - "/stats" = { - return = "301 /stats/"; - }; - "~ /stats/(?.*)" = { - proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; - extraConfig = '' - proxy_redirect off; - proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - - gzip on; - gzip_proxied any; - gzip_types *; - ''; - }; - "/nginx_status" = { - extraConfig = '' - stub_status; - auth_basic off; - ''; - }; - }; - }; - }; -} diff --git a/default.nix b/default.nix index e85a023..b729bae 100644 --- a/default.nix +++ b/default.nix @@ -1,4 +1,9 @@ -{ - inherit (import ./lib/deploy.nix) deploy; - pkgs = import ./pkgs; +let + sources = import ./nix/sources.nix; + pkgs = import ./pkgs {}; + hosts = import (sources.nix-hexchen + "/lib/hosts.nix") {inherit pkgs; hostsDir = ./hosts; commonImports = [./common]; pkgsPath = ./pkgs; }; +in { + inherit sources pkgs; + inherit (hosts) hosts groups; + deploy = import (sources.nix-hexchen + "/lib/deploy.nix") { inherit pkgs; inherit (hosts) hosts groups; }; } diff --git a/configuration/desktop/default.nix b/desktop/default.nix similarity index 100% rename from configuration/desktop/default.nix rename to desktop/default.nix diff --git a/configuration/desktop/gnome.nix b/desktop/gnome.nix similarity index 100% rename from configuration/desktop/gnome.nix rename to desktop/gnome.nix diff --git a/configuration/desktop/streaming.nix b/desktop/streaming.nix similarity index 100% rename from configuration/desktop/streaming.nix rename to desktop/streaming.nix diff --git a/configuration/desktop/sway.nix b/desktop/sway.nix similarity index 100% rename from configuration/desktop/sway.nix rename to desktop/sway.nix diff --git a/configuration/hosts/README.md b/hosts/README.md similarity index 100% rename from configuration/hosts/README.md rename to hosts/README.md diff --git a/configuration/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix similarity index 100% rename from configuration/hosts/hainich/configuration.nix rename to hosts/hainich/configuration.nix diff --git a/configuration/hosts/hainich/encboot.nix b/hosts/hainich/encboot.nix similarity index 100% rename from configuration/hosts/hainich/encboot.nix rename to hosts/hainich/encboot.nix diff --git a/configuration/hosts/hainich/hardware.nix b/hosts/hainich/hardware.nix similarity index 100% rename from configuration/hosts/hainich/hardware.nix rename to hosts/hainich/hardware.nix diff --git a/configuration/hosts/hainich/k8s.nix b/hosts/hainich/k8s.nix similarity index 100% rename from configuration/hosts/hainich/k8s.nix rename to hosts/hainich/k8s.nix diff --git a/configuration/hosts/hainich/services/codimd.nix b/hosts/hainich/services/codimd.nix similarity index 100% rename from configuration/hosts/hainich/services/codimd.nix rename to hosts/hainich/services/codimd.nix diff --git a/configuration/hosts/hainich/services/docker.nix b/hosts/hainich/services/docker.nix similarity index 91% rename from configuration/hosts/hainich/services/docker.nix rename to hosts/hainich/services/docker.nix index 5bc2aa0..bd58791 100644 --- a/configuration/hosts/hainich/services/docker.nix +++ b/hosts/hainich/services/docker.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: { - # disable nftables since it breaks shit - petabyte.nftables.enable = false; virtualisation.oci-containers.containers."ghost-waszumfff" = { autoStart = true; environment = { diff --git a/configuration/hosts/hainich/services/engelsystem.nix b/hosts/hainich/services/engelsystem.nix similarity index 100% rename from configuration/hosts/hainich/services/engelsystem.nix rename to hosts/hainich/services/engelsystem.nix diff --git a/configuration/hosts/hainich/services/gitlab-runner.nix b/hosts/hainich/services/gitlab-runner.nix similarity index 100% rename from configuration/hosts/hainich/services/gitlab-runner.nix rename to hosts/hainich/services/gitlab-runner.nix diff --git a/configuration/hosts/hainich/services/mail.nix b/hosts/hainich/services/mail.nix similarity index 94% rename from configuration/hosts/hainich/services/mail.nix rename to hosts/hainich/services/mail.nix index 160e659..c19d698 100644 --- a/configuration/hosts/hainich/services/mail.nix +++ b/hosts/hainich/services/mail.nix @@ -1,11 +1,10 @@ { config, pkgs, lib, ... }: -{ - imports = let commit = "02a45d9965133434c7b816cab2f47c8a7505e764"; in [ - (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${commit}/nixos-mailserver-${commit}.tar.gz"; - sha256 = "04v66z0ijjm8bqpiqmq1aqrqj6r6jjz591lgijmk4frz7lksnz8k"; - }) +let + sources = import ../../../nix/sources.nix; +in { + imports = [ + sources.nixos-mailserver.outPath ]; mailserver = { diff --git a/configuration/hosts/hainich/services/murmur.nix b/hosts/hainich/services/murmur.nix similarity index 100% rename from configuration/hosts/hainich/services/murmur.nix rename to hosts/hainich/services/murmur.nix diff --git a/configuration/hosts/hainich/services/nginx.nix b/hosts/hainich/services/nginx.nix similarity index 100% rename from configuration/hosts/hainich/services/nginx.nix rename to hosts/hainich/services/nginx.nix diff --git a/configuration/hosts/hainich/wireguard.nix b/hosts/hainich/wireguard.nix similarity index 100% rename from configuration/hosts/hainich/wireguard.nix rename to hosts/hainich/wireguard.nix diff --git a/configuration/hosts/nixda/configuration.nix b/hosts/nixda/configuration.nix similarity index 100% rename from configuration/hosts/nixda/configuration.nix rename to hosts/nixda/configuration.nix diff --git a/configuration/hosts/nixda/hardware-config.nix b/hosts/nixda/hardware-config.nix similarity index 100% rename from configuration/hosts/nixda/hardware-config.nix rename to hosts/nixda/hardware-config.nix diff --git a/nix/sources.json b/nix/sources.json new file mode 100644 index 0000000..b7bd853 --- /dev/null +++ b/nix/sources.json @@ -0,0 +1,59 @@ +{ + "home-manager": { + "branch": "release-20.09", + "description": "Manage a user environment using Nix [maintainer=@rycee] ", + "homepage": "https://nix-community.github.io/home-manager/", + "owner": "nix-community", + "repo": "home-manager", + "rev": "22f6736e628958f05222ddaadd7df7818fe8f59d", + "sha256": "1j4hyjd3kgvwym5jjazzyn554ngrm05ca9wl1a7z1bid22asr99p", + "type": "tarball", + "url": "https://github.com/nix-community/home-manager/archive/22f6736e628958f05222ddaadd7df7818fe8f59d.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, + "immae-nix": { + "ref": "master", + "repo": "https://git.immae.eu/perso/Immae/Config/Nix.git", + "rev": "238587099b92027ad780053f0f6217ad88b61ad2", + "type": "git" + }, + "niv": { + "branch": "master", + "description": "Easy dependency management for Nix projects", + "homepage": "https://github.com/nmattia/niv", + "owner": "nmattia", + "repo": "niv", + "rev": "94dadba1a3a6a2f0b8ca2963e49daeec5d4e3098", + "sha256": "1y2h9wl7w60maa2m4xw9231xdr325xynzpph8xr4j5vsznygv986", + "type": "tarball", + "url": "https://github.com/nmattia/niv/archive/94dadba1a3a6a2f0b8ca2963e49daeec5d4e3098.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, + "nix-hexchen": { + "ref": "main", + "repo": "https://gitlab.com/hexchen/nixfiles.git", + "rev": "ea33a93da0bac59b757e7a059028526f47c2b852", + "type": "git" + }, + "nixos-mailserver": { + "ref": "nixos-20.09", + "repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver", + "rev": "fb1cc04c0a517d4200237b02c3472bcaf9104afb", + "sha256": "0vsvgxxg5cgmzwj98171j7h5l028f1yq784alb3lxgbk8znfk51y", + "type": "tarball", + "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/fb1cc04c0a517d4200237b02c3472bcaf9104afb/nixos-mailserver-fb1cc04c0a517d4200237b02c3472bcaf9104afb.tar.gz", + "url_template": "/-/archive/.tar.gz" + }, + "nixpkgs": { + "branch": "hexchen-20.09", + "description": "Nix Packages collection", + "homepage": "", + "owner": "hexchen", + "repo": "nixpkgs", + "rev": "83b0935c70f4490e180a3ac457020ef7073e01c9", + "sha256": "0hxbblh9z7vwjy3hdxnbw4sdv3nwzr05cgxxbpznmkhsyphvkq8x", + "type": "tarball", + "url": "https://github.com/hexchen/nixpkgs/archive/83b0935c70f4490e180a3ac457020ef7073e01c9.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + } +} diff --git a/nix/sources.nix b/nix/sources.nix new file mode 100644 index 0000000..b64b8f8 --- /dev/null +++ b/nix/sources.nix @@ -0,0 +1,148 @@ +# This file has been generated by Niv. + +let + + # + # The fetchers. fetch_ fetches specs of type . + # + + fetch_file = pkgs: spec: + if spec.builtin or true then + builtins_fetchurl { inherit (spec) url sha256; } + else + pkgs.fetchurl { inherit (spec) url sha256; }; + + fetch_tarball = pkgs: name: spec: + let + ok = str: ! builtins.isNull (builtins.match "[a-zA-Z0-9+-._?=]" str); + # sanitize the name, though nix will still fail if name starts with period + name' = stringAsChars (x: if ! ok x then "-" else x) "${name}-src"; + in + if spec.builtin or true then + builtins_fetchTarball { name = name'; inherit (spec) url sha256; } + else + pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; + + fetch_git = spec: + builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; }; + + fetch_local = spec: spec.path; + + fetch_builtin-tarball = name: throw + ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=tarball -a builtin=true''; + + fetch_builtin-url = name: throw + ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=file -a builtin=true''; + + # + # Various helpers + # + + # The set of packages used when specs are fetched using non-builtins. + mkPkgs = sources: + let + sourcesNixpkgs = + import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {}; + hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; + hasThisAsNixpkgsPath = == ./.; + in + if builtins.hasAttr "nixpkgs" sources + then sourcesNixpkgs + else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then + import {} + else + abort + '' + Please specify either (through -I or NIX_PATH=nixpkgs=...) or + add a package called "nixpkgs" to your sources.json. + ''; + + # The actual fetching function. + fetch = pkgs: name: spec: + + if ! builtins.hasAttr "type" spec then + abort "ERROR: niv spec ${name} does not have a 'type' attribute" + else if spec.type == "file" then fetch_file pkgs spec + else if spec.type == "tarball" then fetch_tarball pkgs name spec + else if spec.type == "git" then fetch_git spec + else if spec.type == "local" then fetch_local spec + else if spec.type == "builtin-tarball" then fetch_builtin-tarball name + else if spec.type == "builtin-url" then fetch_builtin-url name + else + abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; + + # If the environment variable NIV_OVERRIDE_${name} is set, then use + # the path directly as opposed to the fetched source. + replace = name: drv: + let + saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; + ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; + in + if ersatz == "" then drv else ersatz; + + # Ports of functions for older nix versions + + # a Nix version of mapAttrs if the built-in doesn't exist + mapAttrs = builtins.mapAttrs or ( + f: set: with builtins; + listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) + ); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 + range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 + stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 + stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); + concatStrings = builtins.concatStringsSep ""; + + # fetchTarball version that is compatible between all the versions of Nix + builtins_fetchTarball = { url, name, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchTarball; + in + if lessThan nixVersion "1.12" then + fetchTarball { inherit name url; } + else + fetchTarball attrs; + + # fetchurl version that is compatible between all the versions of Nix + builtins_fetchurl = { url, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchurl; + in + if lessThan nixVersion "1.12" then + fetchurl { inherit url; } + else + fetchurl attrs; + + # Create the final "sources" from the config + mkSources = config: + mapAttrs ( + name: spec: + if builtins.hasAttr "outPath" spec + then abort + "The values in sources.json should not have an 'outPath' attribute" + else + spec // { outPath = replace name (fetch config.pkgs name spec); } + ) config.sources; + + # The "config" used by the fetchers + mkConfig = + { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null + , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) + , pkgs ? mkPkgs sources + }: rec { + # The sources, i.e. the attribute set of spec name to spec + inherit sources; + + # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers + inherit pkgs; + }; + +in +mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } diff --git a/pkgs/default.nix b/pkgs/default.nix index 78f307f..4cd7bfc 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,24 +1,17 @@ -{ nixpkgs ? , ... }: +{ ... }: let - pkgs = import nixpkgs {}; + sources = import ../nix/sources.nix; + pkgs = import sources.nixpkgs {}; + callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs); - wasiSrc = fetchGit { - url = "https://gitlab.infra4future.de/wasi/wasi-rust"; - rev = "356dbc23a3683d134f13156af71baeaa06fb80d1"; - }; - - immaeNix = fetchGit { - url = "https://git.immae.eu/perso/Immae/Config/Nix.git"; - rev = "7ad4966f41db0669a77c7a6ee7f87f0d4e586b0c"; - }; - newpkgs = { - # package = callPackage ./package {}; - wasi = import wasiSrc { inherit wasiSrc; pkgs = pkgs // newpkgs; }; - peertube = callPackage ./peertube { mylibs = import "${immaeNix}/lib" { inherit pkgs; }; }; + peertube = callPackage ./peertube { mylibs = import "${sources.immae-nix}/lib" { inherit pkgs; }; }; alps = callPackage ./alps {}; + + inherit callPackage; + appendOverlays = overlays: (pkgs.appendOverlays overlays) // newpkgs; }; -in newpkgs +in pkgs // newpkgs