stuebinm
f654b33a56
this started with emily pointing out to me that it's possible to generate IP addresses for containers in Nix (hence no need to worry about ever having collisions, as we had before), but then I thought, hey, while I'm at it, I can also write a little container module so we have a little less repetition in our configs in general (and a more reasonable place for our custom evalConfig than just keeping it around in flake.nix). See the option descriptions in modules/containers.nix for further details. Apart from giving all containers a new IP address (and also shiny new IPv6 addresses), this should be a no-op for the actual built system.
80 lines
2.6 KiB
Nix
80 lines
2.6 KiB
Nix
{
|
|
description = "hacc infra stuff";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "nixpkgs/nixos-23.11-small";
|
|
nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";
|
|
nixpkgs-oldstable.url = "github:/NixOS/nixpkgs?rev=c4aec3c021620d98861639946123214207e98344";
|
|
|
|
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
|
tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main";
|
|
tracktrain.flake = false;
|
|
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
|
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
|
|
sops-nix.url = "github:Mic92/sops-nix";
|
|
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
|
|
|
|
# these exist mostly to make the flake.lock somewhat more human-friendly
|
|
# note that in theory doing this might break things, but it seems fairly unlikely
|
|
nixos-mailserver.inputs = {
|
|
"nixpkgs-23_05".follows = "nixpkgs";
|
|
utils.follows = "/deploy-rs/utils";
|
|
flake-compat.follows = "/deploy-rs/flake-compat";
|
|
};
|
|
};
|
|
|
|
outputs = { self, nixpkgs, deploy-rs, sops-nix, ... }@inputs:
|
|
let modules = {
|
|
bindMounts = import ./modules/bindmounts.nix;
|
|
nopersist = import ./modules/nopersist.nix;
|
|
encboot = import ./modules/encboot.nix;
|
|
};
|
|
profiles = {
|
|
container = import ./modules/container-profile.nix;
|
|
};
|
|
pkgs = import ./pkgs {
|
|
sources = inputs;
|
|
system = "x86_64-linux";
|
|
config.allowUnfree = true;
|
|
};
|
|
in {
|
|
nixosConfigurations.parsons = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
./parsons/configuration.nix
|
|
./modules/buildinfo.nix
|
|
./modules/containers.nix
|
|
sops-nix.nixosModules.sops
|
|
{ nixpkgs.pkgs = pkgs; }
|
|
];
|
|
specialArgs = {
|
|
sources = inputs;
|
|
inherit modules profiles;
|
|
inherit (nixpkgs.lib) nixosSystem;
|
|
};
|
|
};
|
|
|
|
deploy.nodes.parsons = {
|
|
hostname = "parsons";
|
|
profiles.system = {
|
|
user = "root";
|
|
autoRollback = false;
|
|
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
self.nixosConfigurations.parsons;
|
|
};
|
|
};
|
|
|
|
# This is highly advised, and will prevent many possible mistakes
|
|
checks = builtins.mapAttrs
|
|
(system: deployLib: deployLib.deployChecks self.deploy)
|
|
deploy-rs.lib;
|
|
|
|
packages.x86_64-linux =
|
|
let
|
|
websites = self.nixosConfigurations.parsons.config.hacc.websites.builders;
|
|
in
|
|
{ docs = websites."docs.hacc.space"; } // websites;
|
|
};
|
|
|
|
}
|