stuebinm
8d9df0e20e
apparently the 7.1.x series is now old enough that even though it does still get security fixes, the mattermost team no longer mentions this on their blog, so we missed out on a couple. fun!
94 lines
3.3 KiB
Nix
94 lines
3.3 KiB
Nix
{
|
|
description = "hacc infra stuff";
|
|
|
|
inputs = {
|
|
mattermost-webapp.url = "https://releases.mattermost.com/7.1.7/mattermost-7.1.7-linux-amd64.tar.gz";
|
|
mattermost-webapp.flake = false;
|
|
mattermost-server.url = "github:mattermost/mattermost-server?ref=v7.1.7";
|
|
mattermost-server.flake = false;
|
|
|
|
nixpkgs.url = "nixpkgs/nixos-22.11";
|
|
nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
|
|
nix-hexchen.url = "gitlab:hexchen/nixfiles";
|
|
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05";
|
|
tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main";
|
|
tracktrain.flake = false;
|
|
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
|
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
# these exist mostly to make the flake.lock somewhat more human-friendly
|
|
# note that in theory doing this might break things, but it seems fairly unlikely
|
|
nix-hexchen.inputs = {
|
|
nixos-mailserver.follows = "nixos-mailserver";
|
|
nixpkgs.follows = "nixpkgs-unstable";
|
|
deploy-rs.follows = "deploy-rs";
|
|
doom-emacs.follows = "nix-hexchen/nix-doom-emacs/doom-emacs";
|
|
emacs-overlay.follows = "nix-hexchen/nix-doom-emacs/emacs-overlay";
|
|
flake-utils.follows = "/deploy-rs/utils";
|
|
};
|
|
nixos-mailserver.inputs = {
|
|
"nixpkgs-22_05".follows = "nixpkgs";
|
|
nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
};
|
|
|
|
outputs = { self, nixpkgs, nix-hexchen, deploy-rs, ... }@inputs:
|
|
let modules = nix-hexchen.nixosModules;
|
|
profiles = nix-hexchen.nixosModules.profiles // {
|
|
container = import ./modules/container-profile.nix;
|
|
};
|
|
pkgs = import ./pkgs {
|
|
sources = inputs;
|
|
system = "x86_64-linux";
|
|
};
|
|
evalConfig = config: (nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
config
|
|
nix-hexchen.nixosModules.network.nftables
|
|
{ nixpkgs.pkgs = pkgs; }
|
|
];
|
|
specialArgs = {
|
|
inherit modules profiles evalConfig;
|
|
sources = inputs;
|
|
};
|
|
}).config.system.build.toplevel;
|
|
in {
|
|
# do this by hand instead of via nix-hexchen/lib/hosts.nix, since that one
|
|
# apparently can't support pkgs depending on flake inputs
|
|
nixosConfigurations.parsons = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
./hosts/parsons/configuration.nix
|
|
{ nixpkgs.pkgs = pkgs; }
|
|
{ environment.etc."haccfiles".source = self.outPath; }
|
|
];
|
|
specialArgs = {
|
|
# with a few exceptions, the flake inputs can be used the same
|
|
# as the niv-style (import nix/sources.nix {})
|
|
sources = inputs;
|
|
inherit modules profiles evalConfig;
|
|
};
|
|
};
|
|
|
|
deploy.nodes.parsons = {
|
|
hostname = "parsons";
|
|
profiles.system = {
|
|
user = "root";
|
|
autoRollback = false;
|
|
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
self.nixosConfigurations.parsons;
|
|
};
|
|
};
|
|
|
|
# This is highly advised, and will prevent many possible mistakes
|
|
checks = builtins.mapAttrs
|
|
(system: deployLib: deployLib.deployChecks self.deploy)
|
|
deploy-rs.lib;
|
|
|
|
packages.x86_64-linux =
|
|
self.nixosConfigurations.parsons.config.hacc.websites.builders;
|
|
};
|
|
|
|
}
|