forked from hacc/haccfiles
This reverts commit 90f4971e88d22da6b2a213bbeb1790f456024b36, and resets the uffd version to the one we are already using, in hopes of making the update slightly less painfull (haha).
104 lines
3.8 KiB
Nix
104 lines
3.8 KiB
Nix
{
|
|
description = "hacc infra stuff";
|
|
|
|
inputs = {
|
|
mattermost-webapp.url = "https://releases.mattermost.com/7.8.11/mattermost-7.8.11-linux-amd64.tar.gz";
|
|
mattermost-webapp.flake = false;
|
|
mattermost-server.url = "github:mattermost/mattermost-server?ref=v7.8.11";
|
|
mattermost-server.flake = false;
|
|
|
|
nixpkgs.url = "nixpkgs/nixos-23.05";
|
|
nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
|
|
nix-hexchen.url = "gitlab:hexchen/nixfiles";
|
|
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
|
|
tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main";
|
|
tracktrain.flake = false;
|
|
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
|
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
|
|
deploy-rs.inputs.flake-compat.follows = "nix-hexchen/apple-silicon/flake-compat";
|
|
sops-nix.url = "github:Mic92/sops-nix";
|
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
|
|
|
|
# these exist mostly to make the flake.lock somewhat more human-friendly
|
|
# note that in theory doing this might break things, but it seems fairly unlikely
|
|
nix-hexchen.inputs = {
|
|
nixos-mailserver.follows = "nixos-mailserver";
|
|
nixpkgs.follows = "nixpkgs-unstable";
|
|
deploy-rs.follows = "deploy-rs";
|
|
doom-emacs.follows = "nix-hexchen/nix-doom-emacs/doom-emacs";
|
|
emacs-overlay.follows = "nix-hexchen/nix-doom-emacs/emacs-overlay";
|
|
flake-utils.follows = "/deploy-rs/utils";
|
|
flake-compat.follows = "nix-hexchen/apple-silicon/flake-compat";
|
|
sops-nix.follows = "sops-nix";
|
|
};
|
|
nixos-mailserver.inputs = {
|
|
"nixpkgs-23_05".follows = "nixpkgs";
|
|
nixpkgs.follows = "nixpkgs-unstable";
|
|
utils.follows = "/deploy-rs/utils";
|
|
flake-compat.follows = "/deploy-rs/flake-compat";
|
|
};
|
|
};
|
|
|
|
outputs = { self, nixpkgs, nix-hexchen, deploy-rs, sops-nix, ... }@inputs:
|
|
let modules = nix-hexchen.nixosModules;
|
|
profiles = nix-hexchen.nixosModules.profiles // {
|
|
container = import ./modules/container-profile.nix;
|
|
};
|
|
pkgs = import ./pkgs {
|
|
sources = inputs;
|
|
system = "x86_64-linux";
|
|
};
|
|
evalConfig = config: (nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
config
|
|
nix-hexchen.nixosModules.network.nftables
|
|
{ nixpkgs.pkgs = pkgs; }
|
|
];
|
|
specialArgs = {
|
|
inherit modules profiles evalConfig;
|
|
sources = inputs;
|
|
};
|
|
}).config.system.build.toplevel;
|
|
in {
|
|
# do this by hand instead of via nix-hexchen/lib/hosts.nix, since that one
|
|
# apparently can't support pkgs depending on flake inputs
|
|
nixosConfigurations.parsons = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
./hosts/parsons/configuration.nix
|
|
sops-nix.nixosModules.sops
|
|
{ nixpkgs.pkgs = pkgs; }
|
|
{ environment.etc."haccfiles".source = self.outPath; }
|
|
];
|
|
specialArgs = {
|
|
# with a few exceptions, the flake inputs can be used the same
|
|
# as the niv-style (import nix/sources.nix {})
|
|
sources = inputs;
|
|
inherit modules profiles evalConfig;
|
|
};
|
|
};
|
|
|
|
deploy.nodes.parsons = {
|
|
hostname = "parsons";
|
|
profiles.system = {
|
|
user = "root";
|
|
autoRollback = false;
|
|
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
self.nixosConfigurations.parsons;
|
|
};
|
|
};
|
|
|
|
# This is highly advised, and will prevent many possible mistakes
|
|
checks = builtins.mapAttrs
|
|
(system: deployLib: deployLib.deployChecks self.deploy)
|
|
deploy-rs.lib;
|
|
|
|
packages.x86_64-linux =
|
|
pkgs; # self.nixosConfigurations.parsons.config.hacc.websites.builders;
|
|
};
|
|
|
|
}
|