2023-09-03 11:35:16 +00:00
|
|
|
{
|
|
|
|
|
description = "Nibylandia configurations";
|
|
|
|
|
|
|
|
|
|
inputs = {
|
2023-10-09 12:37:47 +00:00
|
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
2023-09-03 11:35:16 +00:00
|
|
|
home-manager.url = "github:nix-community/home-manager";
|
|
|
|
|
nix-colors.url = "github:misterio77/nix-colors";
|
|
|
|
|
nix-formatter-pack.url = "github:Gerschtli/nix-formatter-pack";
|
|
|
|
|
nix-index-database.url = "github:Mic92/nix-index-database";
|
|
|
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
2023-10-09 12:37:47 +00:00
|
|
|
microvm.url = "github:astro/microvm.nix";
|
2023-09-03 11:35:16 +00:00
|
|
|
agenix = {
|
|
|
|
|
url = "github:ryantm/agenix";
|
|
|
|
|
inputs.darwin.follows = "";
|
|
|
|
|
};
|
2023-10-08 16:11:54 +00:00
|
|
|
lanzaboote = {
|
|
|
|
|
url = "github:nix-community/lanzaboote";
|
|
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
2023-10-14 21:24:33 +00:00
|
|
|
simple-nixos-mailserver = {
|
|
|
|
|
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
|
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
2023-09-03 11:35:16 +00:00
|
|
|
};
|
|
|
|
|
|
2023-10-08 16:11:54 +00:00
|
|
|
outputs = { self, nixpkgs, nix-formatter-pack, nix-index-database, deploy-rs
|
2023-10-14 21:24:33 +00:00
|
|
|
, agenix, lanzaboote, microvm, simple-nixos-mailserver, ... }:
|
2023-10-08 23:21:05 +00:00
|
|
|
let
|
2023-10-14 23:29:23 +00:00
|
|
|
systems = [ "x86_64-linux" "aarch64-linux" ];
|
|
|
|
|
forAllSystems = nixpkgs.lib.genAttrs systems;
|
2023-10-08 23:21:05 +00:00
|
|
|
pkgsForDeploy =
|
|
|
|
|
forAllSystems (system: import nixpkgs { inherit system; });
|
|
|
|
|
deployPkgs = forAllSystems (system:
|
|
|
|
|
let pkgs = pkgsForDeploy.${system};
|
|
|
|
|
in import nixpkgs {
|
|
|
|
|
inherit system;
|
|
|
|
|
overlays = [
|
|
|
|
|
deploy-rs.overlay
|
|
|
|
|
(self: super: {
|
|
|
|
|
deploy-rs = {
|
|
|
|
|
inherit (pkgs) deploy-rs;
|
|
|
|
|
inherit (super.deploy-rs) lib;
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
];
|
|
|
|
|
});
|
2023-09-03 11:35:16 +00:00
|
|
|
in {
|
|
|
|
|
formatter = forAllSystems (system:
|
|
|
|
|
nix-formatter-pack.lib.mkFormatter {
|
|
|
|
|
inherit nixpkgs system;
|
|
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
tools = {
|
|
|
|
|
deadnix = {
|
|
|
|
|
enable = true;
|
|
|
|
|
noLambdaPatternNames = true;
|
|
|
|
|
noLambdaArg = true;
|
|
|
|
|
};
|
|
|
|
|
statix.enable = true;
|
|
|
|
|
nixfmt.enable = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2023-10-14 21:24:33 +00:00
|
|
|
overlays = import ./overlays;
|
|
|
|
|
|
2023-09-18 20:42:25 +00:00
|
|
|
nixosModules = with self.nixosModules; {
|
|
|
|
|
nibylandia-boot.imports = [ ./modules/boot.nix ];
|
|
|
|
|
|
|
|
|
|
nibylandia-secureboot.imports = [
|
2023-10-08 16:11:54 +00:00
|
|
|
lanzaboote.nixosModules.lanzaboote
|
2023-09-18 20:42:25 +00:00
|
|
|
|
|
|
|
|
({ config, lib, ... }: {
|
|
|
|
|
age.secrets = {
|
|
|
|
|
secureboot-cert.file = ./secrets/secureboot-cert.age;
|
|
|
|
|
secureboot-key.file = ./secrets/secureboot-key.age;
|
|
|
|
|
};
|
|
|
|
|
|
2023-10-08 16:11:54 +00:00
|
|
|
boot.lanzaboote = {
|
2023-09-18 20:42:25 +00:00
|
|
|
enable = true;
|
2023-10-08 16:11:54 +00:00
|
|
|
publicKeyFile = config.age.secrets.secureboot-cert.path;
|
|
|
|
|
privateKeyFile = config.age.secrets.secureboot-key.path;
|
2023-09-18 20:42:25 +00:00
|
|
|
};
|
2023-10-08 16:11:54 +00:00
|
|
|
|
2023-09-18 20:42:25 +00:00
|
|
|
nibylandia-boot.uefi.enable = lib.mkForce false;
|
|
|
|
|
})
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
nibylandia-common.imports = [
|
|
|
|
|
nix-index-database.nixosModules.nix-index
|
|
|
|
|
agenix.nixosModules.default
|
|
|
|
|
|
2023-10-09 12:37:47 +00:00
|
|
|
microvm.nixosModules.host
|
|
|
|
|
|
2023-09-18 20:42:25 +00:00
|
|
|
nibylandia-boot
|
|
|
|
|
|
2023-10-08 23:21:05 +00:00
|
|
|
({ pkgs, ... }: {
|
2023-10-14 21:24:33 +00:00
|
|
|
nixpkgs.overlays = [ self.overlays.nibylandia ];
|
2023-10-08 23:21:05 +00:00
|
|
|
environment.systemPackages =
|
|
|
|
|
[ agenix.packages.${pkgs.system}.default ];
|
|
|
|
|
})
|
|
|
|
|
|
2023-09-18 20:42:25 +00:00
|
|
|
./modules/common.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
nibylandia-graphical.imports = [
|
|
|
|
|
nibylandia-common
|
|
|
|
|
|
|
|
|
|
./modules/graphical.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
nibylandia-laptop.imports = [ ./modules/laptop.nix ];
|
2023-10-08 21:44:41 +00:00
|
|
|
|
|
|
|
|
nibylandia-gaming.imports = [ ./modules/gaming.nix ];
|
2023-10-14 21:24:33 +00:00
|
|
|
|
|
|
|
|
nibylandia-monitoring.imports = [ ./modules/monitoring.nix ];
|
2023-09-18 20:42:25 +00:00
|
|
|
|
2023-10-14 23:29:23 +00:00
|
|
|
nibylandia-ci-runners.imports = [
|
|
|
|
|
({ config, pkgs, lib, ... }:
|
|
|
|
|
let gitea-runner-directory = "/var/lib/gitea-runner";
|
|
|
|
|
in {
|
|
|
|
|
age.secrets.gitea-runner-token = {
|
|
|
|
|
file = ./secrets/gitea-runner-token-${config.networking.hostName}.age;
|
|
|
|
|
};
|
2023-10-11 21:36:59 +00:00
|
|
|
|
2023-10-14 23:29:23 +00:00
|
|
|
services.gitea-actions-runner.instances.nix = {
|
|
|
|
|
enable = true;
|
|
|
|
|
name = config.networking.hostName;
|
|
|
|
|
tokenFile = config.age.secrets.gitea-runner-token.path;
|
|
|
|
|
labels = [ "nixos-${pkgs.system}:host" "nixos:host" "self-hosted-${pkgs.system}" "self-hosted" ];
|
|
|
|
|
url = "https://code.hackerspace.pl";
|
|
|
|
|
settings = {
|
|
|
|
|
cache.enabled = true;
|
|
|
|
|
host.workdir_parent =
|
|
|
|
|
"${gitea-runner-directory}/action-cache-dir";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hostPackages = with pkgs; [
|
|
|
|
|
bash
|
|
|
|
|
coreutils
|
|
|
|
|
curl
|
|
|
|
|
gawk
|
|
|
|
|
git-lfs
|
|
|
|
|
nixFlakes
|
|
|
|
|
gitFull
|
|
|
|
|
gnused
|
|
|
|
|
nodejs
|
|
|
|
|
wget
|
|
|
|
|
jq
|
|
|
|
|
nixos-rebuild
|
|
|
|
|
];
|
2023-10-11 21:36:59 +00:00
|
|
|
};
|
|
|
|
|
|
2023-10-14 23:29:23 +00:00
|
|
|
systemd.services.gitea-runner-nix.environment = {
|
|
|
|
|
XDG_CONFIG_HOME = gitea-runner-directory;
|
|
|
|
|
XDG_CACHE_HOME = "${gitea-runner-directory}/.cache";
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nixosConfigurations = with self.nixosModules; {
|
2023-09-03 11:35:16 +00:00
|
|
|
scylla = nixpkgs.lib.nixosSystem {
|
|
|
|
|
system = "aarch64-linux";
|
|
|
|
|
modules = [
|
2023-09-18 20:42:25 +00:00
|
|
|
nibylandia-common
|
2023-10-14 23:29:23 +00:00
|
|
|
nibylandia-ci-runners
|
2023-09-18 20:42:25 +00:00
|
|
|
|
|
|
|
|
./nixos/scylla
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
khas = nixpkgs.lib.nixosSystem {
|
|
|
|
|
system = "x86_64-linux";
|
|
|
|
|
modules = [
|
|
|
|
|
nibylandia-graphical
|
|
|
|
|
nibylandia-laptop
|
|
|
|
|
nibylandia-secureboot
|
2023-10-08 21:44:41 +00:00
|
|
|
nibylandia-gaming
|
2023-09-18 20:42:25 +00:00
|
|
|
|
2023-10-14 21:24:33 +00:00
|
|
|
({ config, pkgs, lib, ... }: {
|
|
|
|
|
boot.kernelPatches = with lib.kernel; [{
|
|
|
|
|
name = "disable transparent hugepages for virtio-gpu";
|
|
|
|
|
patch = null;
|
|
|
|
|
extraStructuredConfig = {
|
|
|
|
|
TRANSPARENT_HUGEPAGE = lib.mkForce no;
|
|
|
|
|
};
|
|
|
|
|
}];
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
# appears to be broken for me for some reason
|
|
|
|
|
{
|
|
|
|
|
nixpkgs.overlays = [ microvm.overlay ];
|
|
|
|
|
microvm.vms = {
|
|
|
|
|
elementVm = {
|
|
|
|
|
# pkgs = import nixpkgs { system = "x86_64-linux"; };
|
|
|
|
|
config = import ./microvms/elementVm.nix;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-18 20:42:25 +00:00
|
|
|
./nixos/khas
|
2023-09-03 11:35:16 +00:00
|
|
|
];
|
|
|
|
|
};
|
2023-10-08 22:07:57 +00:00
|
|
|
|
|
|
|
|
microlith = nixpkgs.lib.nixosSystem {
|
|
|
|
|
system = "x86_64-linux";
|
|
|
|
|
modules = [
|
|
|
|
|
nibylandia-graphical
|
|
|
|
|
nibylandia-gaming
|
2023-10-09 01:21:12 +00:00
|
|
|
nibylandia-secureboot
|
2023-10-08 22:07:57 +00:00
|
|
|
|
|
|
|
|
./nixos/microlith
|
|
|
|
|
];
|
|
|
|
|
};
|
2023-10-14 21:24:33 +00:00
|
|
|
|
|
|
|
|
zorigami = nixpkgs.lib.nixosSystem {
|
|
|
|
|
system = "x86_64-linux";
|
|
|
|
|
modules = [
|
|
|
|
|
nibylandia-common
|
|
|
|
|
nibylandia-secureboot
|
|
|
|
|
nibylandia-monitoring
|
2023-10-14 23:29:23 +00:00
|
|
|
nibylandia-ci-runners
|
|
|
|
|
|
2023-10-14 21:24:33 +00:00
|
|
|
simple-nixos-mailserver.nixosModule
|
|
|
|
|
|
|
|
|
|
./nixos/zorigami
|
|
|
|
|
];
|
|
|
|
|
};
|
2023-09-03 11:35:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
deploy.nodes.scylla = {
|
|
|
|
|
fastConnection = false;
|
|
|
|
|
remoteBuild = true;
|
|
|
|
|
hostname = "i.am-a.cat";
|
|
|
|
|
profiles.system = {
|
|
|
|
|
user = "root";
|
|
|
|
|
sshUser = "root";
|
2023-10-08 23:21:05 +00:00
|
|
|
path = deployPkgs.aarch64-linux.deploy-rs.lib.activate.nixos
|
2023-09-03 11:35:16 +00:00
|
|
|
self.nixosConfigurations.scylla;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-10-08 16:11:54 +00:00
|
|
|
deploy.nodes.khas = {
|
|
|
|
|
fastConnection = false;
|
|
|
|
|
remoteBuild = true;
|
|
|
|
|
hostname = "khas";
|
|
|
|
|
profiles.system = {
|
|
|
|
|
user = "root";
|
|
|
|
|
sshUser = "root";
|
2023-10-08 23:21:05 +00:00
|
|
|
path = deployPkgs.x86_64-linux.deploy-rs.lib.activate.nixos
|
2023-10-08 16:11:54 +00:00
|
|
|
self.nixosConfigurations.khas;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-10-08 22:07:57 +00:00
|
|
|
deploy.nodes.microlith = {
|
|
|
|
|
fastConnection = false;
|
|
|
|
|
remoteBuild = true;
|
2023-10-09 00:56:55 +00:00
|
|
|
hostname = "microlith.nibylandia.lan";
|
2023-10-08 22:07:57 +00:00
|
|
|
profiles.system = {
|
|
|
|
|
user = "root";
|
|
|
|
|
sshUser = "root";
|
2023-10-08 23:21:05 +00:00
|
|
|
path = deployPkgs.x86_64-linux.deploy-rs.lib.activate.nixos
|
2023-10-08 22:07:57 +00:00
|
|
|
self.nixosConfigurations.microlith;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-10-14 21:24:33 +00:00
|
|
|
deploy.nodes.zorigami = {
|
|
|
|
|
fastConnection = false;
|
|
|
|
|
remoteBuild = true;
|
|
|
|
|
hostname = "zorigami";
|
|
|
|
|
profiles.system = {
|
|
|
|
|
user = "root";
|
|
|
|
|
sshUser = "root";
|
|
|
|
|
path = deployPkgs.x86_64-linux.deploy-rs.lib.activate.nixos
|
|
|
|
|
self.nixosConfigurations.zorigami;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-09-03 11:35:16 +00:00
|
|
|
checks = builtins.mapAttrs
|
|
|
|
|
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
|
|
|
|
};
|
|
|
|
|
}
|
