hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity
haccfiles/flake.nix

106 lines
3.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
description = "hacc infra stuff";
inputs = {
mattermost-webapp.url = "https://releases.mattermost.com/8.1.4/mattermost-8.1.4-linux-amd64.tar.gz";
mattermost-webapp.flake = false;
mattermost-server.url = "github:mattermost/mattermost-server?ref=v8.1.4";
mattermost-server.flake = false;
nixpkgs.url = "nixpkgs/nixos-23.05";
nixpkgs-oldstable.url = "github:/NixOS/nixpkgs?rev=c4aec3c021620d98861639946123214207e98344";
# TODO: unpin once the "No device specified for mount point /persist" has been solved (upstream?)
nix-hexchen.url = "gitlab:hexchen/nixfiles?rev=4bd4c81796b5e42e9498b894b539a711af5fd0a8";
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main";
tracktrain.flake = false;
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.inputs.flake-compat.follows = "nix-hexchen/apple-silicon/flake-compat";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
# these exist mostly to make the flake.lock somewhat more human-friendly
# note that in theory doing this might break things, but it seems fairly unlikely
nix-hexchen.inputs = {
nixos-mailserver.follows = "nixos-mailserver";
deploy-rs.follows = "deploy-rs";
doom-emacs.follows = "nix-hexchen/nix-doom-emacs/doom-emacs";
emacs-overlay.follows = "nix-hexchen/nix-doom-emacs/emacs-overlay";
flake-utils.follows = "/deploy-rs/utils";
flake-compat.follows = "nix-hexchen/apple-silicon/flake-compat";
sops-nix.follows = "sops-nix";
};
nixos-mailserver.inputs = {
"nixpkgs-23_05".follows = "nixpkgs";
utils.follows = "/deploy-rs/utils";
flake-compat.follows = "/deploy-rs/flake-compat";
};
};
outputs = { self, nixpkgs, nix-hexchen, deploy-rs, sops-nix, ... }@inputs:
let modules = nix-hexchen.nixosModules;
profiles = nix-hexchen.nixosModules.profiles // {
container = import ./modules/container-profile.nix;
};
pkgs = import ./pkgs {
sources = inputs;
system = "x86_64-linux";
};
evalConfig = config: (nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
config
nix-hexchen.nixosModules.network.nftables
{
nixpkgs.pkgs = pkgs.lib.mkForce pkgs;
nixpkgs.config.allowUnfree = true;
imports = [ profiles.container profiles.nopersist ];
}
];
specialArgs = {
# modules still needed because a profile in nix-hexchen uses it
inherit modules evalConfig;
sources = inputs;
};
}).config.system.build.toplevel;
in {
# do this by hand instead of via nix-hexchen/lib/hosts.nix, since that one
# apparently can't support pkgs depending on flake inputs
nixosConfigurations.parsons = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/parsons/configuration.nix
sops-nix.nixosModules.sops
{ nixpkgs.pkgs = pkgs; }
{ environment.etc."haccfiles".source = self.outPath; }
];
specialArgs = {
sources = inputs;
inherit modules evalConfig;
};
};
deploy.nodes.parsons = {
hostname = "parsons";
profiles.system = {
user = "root";
autoRollback = false;
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.parsons;
};
};
# This is highly advised, and will prevent many possible mistakes
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy)
deploy-rs.lib;
packages.x86_64-linux =
pkgs; # self.nixosConfigurations.parsons.config.hacc.websites.builders;
};
}
Reference in a new issue View git blame Copy permalink