summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/atlas/default.nix46
-rw-r--r--hosts/common.nix87
-rw-r--r--hosts/default.nix248
-rw-r--r--hosts/p-body/default.nix42
4 files changed, 179 insertions, 244 deletions
diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix
index 69390a5..d8e4077 100644
--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@@ -1,15 +1,19 @@
{
config,
- hercules-ci-agent,
pkgs,
...
}: {
imports = [
./hardware-configuration.nix
- hercules-ci-agent.nixosModules.agent-service
];
- getchoo.server.enable = true;
+ _module.args.nixinate = {
+ host = "164.152.17.183";
+ sshUser = "root";
+ buildOn = "remote";
+ substituteOnTarget = true;
+ hermetic = false;
+ };
boot = {
cleanTmpDir = true;
@@ -17,41 +21,7 @@
loader.efi.canTouchEfiVariables = true;
};
- environment.systemPackages = [
- hercules-ci-agent.packages.aarch64-linux.hercules-ci-cli
- ];
-
networking.hostName = "atlas";
- nix = {
- settings = {
- trusted-users = ["atlas" "nix-ssh"];
- trusted-substituters = [
- "https://getchoo.cachix.org"
- "https://nix-community.cachix.org"
- "https://hercules-ci.cachix.org"
- "https://wurzelpfropf.cachix.org"
- ];
-
- trusted-public-keys = [
- "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="
- "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
- "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
- "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0="
- ];
- };
- };
-
- services = {
- hercules-ci-agent = {
- enable = true;
- settings = {
- binaryCachesPath = config.age.secrets.binaryCache.path;
- clusterJoinTokenPath = config.age.secrets.clusterToken.path;
- secretsJsonPath = config.age.secrets.secretsJson.path;
- };
- };
- };
-
system.stateVersion = "22.11";
users.users = let
@@ -64,7 +34,7 @@
extraGroups = ["wheel"];
isNormalUser = true;
shell = pkgs.bash;
- passwordFile = config.age.secrets.atlasPassword.path;
+ passwordFile = config.age.secrets.userPassword.path;
inherit openssh;
};
};
diff --git a/hosts/common.nix b/hosts/common.nix
new file mode 100644
index 0000000..df9e6f0
--- /dev/null
+++ b/hosts/common.nix
@@ -0,0 +1,87 @@
+{
+ inputs,
+ self,
+}: let
+ inherit (inputs) getchoo home-manager nixpkgs nixpkgsUnstable nur ragenix;
+in {
+ personal = {
+ system = "x86_64-linux";
+ builder = nixpkgsUnstable.lib.nixosSystem;
+
+ dir = ./.;
+
+ modules = [
+ ragenix.nixosModules.default
+ home-manager.nixosModules.home-manager
+ nur.nixosModules.nur
+
+ self.nixosModules.getchoo
+ ../users/seth
+
+ {
+ age = {
+ identityPaths = ["/etc/age/key"];
+ secrets = let
+ baseDir = "${self}/secrets/shared";
+ in {
+ rootPassword.file = "${baseDir}/rootPassword.age";
+ sethPassword.file = "${baseDir}/sethPassword.age";
+ };
+ };
+
+ nixpkgs = {
+ overlays = [nur.overlay getchoo.overlays.default];
+ config.allowUnfree = true;
+ };
+
+ nix = {
+ registry = {
+ getchoo.flake = getchoo;
+ nixpkgs.flake = nixpkgsUnstable;
+ };
+
+ settings = {
+ trusted-substituters = [
+ "https://getchoo.cachix.org"
+ "https://nix-community.cachix.org"
+ "https://hercules-ci.cachix.org"
+ "https://wurzelpfropf.cachix.org"
+ ];
+
+ trusted-public-keys = [
+ "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="
+ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+ "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
+ "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0="
+ ];
+ };
+ };
+
+ getchoo.nixos.enable = true;
+ system.stateVersion = "23.05";
+ }
+ ];
+
+ specialArgs = inputs;
+ };
+
+ server = {
+ builder = nixpkgs.lib.nixosSystem;
+
+ dir = ./.;
+
+ modules = [
+ ragenix.nixosModules.default
+ ../modules/base
+ ../modules/nixos
+ ../modules/server
+
+ {
+ getchoo.server.enable = true;
+ nix.registry.nixpkgs.flake = nixpkgs;
+ }
+ ];
+
+ specialArgs = inputs;
+ };
+}
diff --git a/hosts/default.nix b/hosts/default.nix
index 60e84e9..78dfb4f 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -1,191 +1,95 @@
-inputs:
-with inputs; let
- common = {
- system = "x86_64-linux";
- builder = nixpkgsUnstable.lib.nixosSystem;
-
- modules = [
- ragenix.nixosModules.default
- home-manager.nixosModules.home-manager
- nur.nixosModules.nur
-
- self.nixosModules.getchoo
- "${self}/users/seth"
-
- {
- age = {
- identityPaths = ["/etc/age/key"];
- secrets = {
- rootPassword.file = "${self}/secrets/shared/rootPassword.age";
- sethPassword.file = "${self}/secrets/shared/sethPassword.age";
- };
- };
-
- nixpkgs = {
- overlays = [nur.overlay getchoo.overlays.default];
- config.allowUnfree = true;
- };
-
- nix = {
- registry = {
- getchoo.flake = getchoo;
- nixpkgs.flake = nixpkgsUnstable;
- };
-
- settings = {
- trusted-substituters = [
- "https://getchoo.cachix.org"
- "https://nix-community.cachix.org"
- "https://hercules-ci.cachix.org"
- "https://wurzelpfropf.cachix.org"
+{
+ inputs,
+ self,
+ ...
+}: let
+ inherit (import ./common.nix {inherit inputs self;}) personal server;
+in {
+ flake = {
+ nixosConfigurations = {
+ glados = with personal;
+ builder {
+ inherit specialArgs system;
+ modules = with inputs;
+ modules
+ ++ [
+ ./glados
+ nixos-hardware.nixosModules.common-cpu-amd-pstate
+ nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
+ nixos-hardware.nixosModules.common-pc-ssd
+ lanzaboote.nixosModules.lanzaboote
];
+ };
- trusted-public-keys = [
- "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="
- "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
- "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
- "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0="
+ glados-wsl = with personal;
+ builder {
+ inherit specialArgs system;
+ modules = with inputs;
+ modules
+ ++ [
+ ./glados-wsl
+ nixos-wsl.nixosModules.wsl
];
- };
};
- getchoo.nixos.enable = true;
- system.stateVersion = "23.05";
- }
- ];
+ atlas = with server;
+ builder {
+ inherit specialArgs;
+ system = "aarch64-linux";
+ modules = with inputs;
+ modules
+ ++ [
+ ./atlas
+ hercules-ci-agent.nixosModules.agent-service
- specialArgs = {};
- };
-in {
- glados = {
- inherit (common) builder specialArgs system;
- modules =
- common.modules
- ++ [
- nixos-hardware.nixosModules.common-cpu-amd-pstate
- nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
- nixos-hardware.nixosModules.common-pc-ssd
- lanzaboote.nixosModules.lanzaboote
- ];
- };
- glados-wsl = {
- inherit (common) builder specialArgs system;
- modules =
- common.modules
- ++ [
- nixos-wsl.nixosModules.wsl
- ];
- };
- atlas = {
- builder = nixpkgs.lib.nixosSystem;
- inherit (common) specialArgs;
- system = "aarch64-linux";
-
- modules = [
- ragenix.nixosModules.default
- "${self}/modules/base"
- "${self}/modules/nixos"
- "${self}/modules/server"
-
- {
- age = let
- hercArgs = {
- mode = "400";
- owner = "hercules-ci-agent";
- group = "hercules-ci-agent";
- };
- in {
- identityPaths = ["/etc/age/key"];
- secrets = {
- rootPassword.file = "${self}/secrets/hosts/atlas/rootPassword.age";
- atlasPassword.file = "${self}/secrets/hosts/atlas/atlasPassword.age";
-
- binaryCache =
{
- file = "${self}/secrets/hosts/atlas/binaryCache.age";
+ getchoo.server = {
+ secrets.enable = true;
+ services.hercules-ci = {
+ enable = true;
+ secrets.enable = true;
+ };
+ };
}
- // hercArgs;
+ ];
+ };
- clusterToken =
- {
- file = "${self}/secrets/hosts/atlas/clusterToken.age";
- }
- // hercArgs;
+ p-body = with server;
+ builder {
+ inherit specialArgs;
+ modules = with inputs;
+ modules
+ ++ [
+ ./p-body
+ hercules-ci-agent.nixosModules.agent-service
+ guzzle_api.nixosModules.guzzle_api
- secretsJson =
{
- file = "${self}/secrets/hosts/atlas/secretsJson.age";
+ getchoo.server = {
+ secrets.enable = true;
+ services.hercules-ci = {
+ enable = true;
+ secrets.enable = true;
+ };
+ };
}
- // hercArgs;
- };
+ ];
+ system = "x86_64-linux";
};
+ };
- nix.registry.nixpkgs.flake = nixpkgs;
-
- _module.args.nixinate = {
- host = "164.152.17.183";
- sshUser = "root";
- buildOn = "remote";
- substituteOnTarget = true;
- hermetic = false;
- };
- }
- ];
+ nixosModules.getchoo = import ../modules;
};
- p-body = {
- builder = nixpkgs.lib.nixosSystem;
- inherit (common) specialArgs system;
-
- modules = [
- ragenix.nixosModules.default
- guzzle_api.nixosModules.guzzle_api
- "${self}/modules/base"
- "${self}/modules/nixos"
- "${self}/modules/server"
-
- {
- age = let
- hercArgs = {
- mode = "400";
- owner = "hercules-ci-agent";
- group = "hercules-ci-agent";
- };
- in {
- identityPaths = ["/etc/age/key"];
- secrets = {
- rootPassword.file = "${self}/secrets/hosts/p-body/rootPassword.age";
- pbodyPassword.file = "${self}/secrets/hosts/p-body/pbodyPassword.age";
-
- binaryCache =
- {
- file = "${self}/secrets/hosts/p-body/binaryCache.age";
- }
- // hercArgs;
- clusterToken =
- {
- file = "${self}/secrets/hosts/p-body/clusterToken.age";
- }
- // hercArgs;
+ perSystem = {
+ pkgs,
+ system,
+ ...
+ }: {
+ apps = (inputs.nixinate.nixinate.${system} self).nixinate;
- secretsJson =
- {
- file = "${self}/secrets/hosts/p-body/secretsJson.age";
- }
- // hercArgs;
- };
- };
-
- nix.registry.nixpkgs.flake = nixpkgs;
-
- _module.args.nixinate = {
- host = "167.99.145.73";
- sshUser = "root";
- buildOn = "remote";
- substituteOnTarget = true;
- hermetic = false;
- };
- }
- ];
+ packages = {
+ turret = pkgs.callPackage ./_turret {inherit (inputs) openwrt-imagebuilder;};
+ };
};
}
diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix
index 1cb6acb..56ba2a6 100644
--- a/hosts/p-body/default.nix
+++ b/hosts/p-body/default.nix
@@ -1,40 +1,23 @@
{
config,
guzzle_api,
- hercules-ci-agent,
modulesPath,
pkgs,
...
}: {
imports = [
(modulesPath + "/virtualisation/digital-ocean-image.nix")
- hercules-ci-agent.nixosModules.agent-service
];
- getchoo.server.enable = true;
-
- environment.systemPackages = [
- hercules-ci-agent.packages.x86_64-linux.hercules-ci-cli
- ];
+ _module.args.nixinate = {
+ host = "167.99.145.73";
+ sshUser = "root";
+ buildOn = "remote";
+ substituteOnTarget = true;
+ hermetic = false;
+ };
networking.hostName = "p-body";
- nix.settings = {
- trusted-substituters = [
- "https://getchoo.cachix.org"
- "https://nix-community.cachix.org"
- "https://hercules-ci.cachix.org"
- "https://wurzelpfropf.cachix.org"
- ];
-
- trusted-public-keys = [
- "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="
- "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
- "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
- "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0="
- ];
-
- trusted-users = ["p-body"];
- };
services = {
#caddy = {
@@ -108,15 +91,6 @@
# };
#};
- hercules-ci-agent = {
- enable = true;
- settings = {
- binaryCachesPath = config.age.secrets.binaryCache.path;
- clusterJoinTokenPath = config.age.secrets.clusterToken.path;
- secretsJsonPath = config.age.secrets.secretsJson.path;
- };
- };
-
guzzle-api = {
enable = true;
url = "http://167.99.145.73";
@@ -143,7 +117,7 @@
extraGroups = ["wheel"];
isNormalUser = true;
shell = pkgs.bash;
- passwordFile = config.age.secrets.pbodyPassword.path;
+ passwordFile = config.age.secrets.userPassword.path;
inherit openssh;
};
};
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 14:02:02 +0000