summaryrefslogtreecommitdiff
path: root/modules/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos')
-rw-r--r--modules/nixos/custom/default.nix (renamed from modules/nixos/services/default.nix)2
-rw-r--r--modules/nixos/custom/determinate.nix (renamed from modules/nixos/services/determinate.nix)2
-rw-r--r--modules/nixos/custom/github-mirror/default.nix (renamed from modules/nixos/services/github-mirror/default.nix)8
-rwxr-xr-xmodules/nixos/custom/github-mirror/update-mirror.sh (renamed from modules/nixos/services/github-mirror/update-mirror.sh)0
-rw-r--r--modules/nixos/custom/nvd-diff.nix (renamed from modules/nixos/traits/nvd-diff.nix)11
-rw-r--r--modules/nixos/custom/remote-builders.nix96
-rw-r--r--modules/nixos/default.nix3
-rw-r--r--modules/nixos/defaults/default.nix4
-rw-r--r--modules/nixos/traits/arm-builder.nix42
-rw-r--r--modules/nixos/traits/default.nix7
-rw-r--r--modules/nixos/traits/mac-builder.nix65
11 files changed, 115 insertions, 125 deletions
diff --git a/modules/nixos/services/default.nix b/modules/nixos/custom/default.nix
index a6a10ea..db24a63 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/custom/default.nix
@@ -2,5 +2,7 @@
imports = [
./determinate.nix
./github-mirror
+ ./nvd-diff.nix
+ ./remote-builders.nix
];
}
diff --git a/modules/nixos/services/determinate.nix b/modules/nixos/custom/determinate.nix
index 6aa599e..3c1a97e 100644
--- a/modules/nixos/services/determinate.nix
+++ b/modules/nixos/custom/determinate.nix
@@ -6,7 +6,7 @@
}:
let
- cfg = config.services.determinate;
+ cfg = config.borealis.determinate;
package = inputs'.determinate.packages.default;
in
diff --git a/modules/nixos/services/github-mirror/default.nix b/modules/nixos/custom/github-mirror/default.nix
index 9d0d870..76d8853 100644
--- a/modules/nixos/services/github-mirror/default.nix
+++ b/modules/nixos/custom/github-mirror/default.nix
@@ -4,8 +4,9 @@
pkgs,
...
}:
+
let
- cfg = config.services.github-mirror;
+ cfg = config.borealis.github-mirror;
cgitInstance = config.services.cgit.${cfg.hostname};
update-mirror =
@@ -25,8 +26,9 @@ let
patchShebangs $out
'';
in
+
{
- options.services.github-mirror = {
+ options.borealis.github-mirror = {
enable = lib.mkEnableOption "the github-mirror service";
hostname = lib.mkOption {
@@ -46,7 +48,7 @@ in
assertions = [
{
assertion = cfg.mirroredUsers != [ ];
- message = "`services.git-mirror.mirroredUsers` must have at least one user";
+ message = "`borealis.github-mirror.mirroredUsers` must have at least one user";
}
];
diff --git a/modules/nixos/services/github-mirror/update-mirror.sh b/modules/nixos/custom/github-mirror/update-mirror.sh
index 88ff6eb..88ff6eb 100755
--- a/modules/nixos/services/github-mirror/update-mirror.sh
+++ b/modules/nixos/custom/github-mirror/update-mirror.sh
diff --git a/modules/nixos/traits/nvd-diff.nix b/modules/nixos/custom/nvd-diff.nix
index 4c59287..0e88d10 100644
--- a/modules/nixos/traits/nvd-diff.nix
+++ b/modules/nixos/custom/nvd-diff.nix
@@ -4,19 +4,20 @@
pkgs,
...
}:
+
let
- cfg = config.traits.nvd-diff;
+ cfg = config.borealis.nvd-diff;
in
+
{
- options.traits.nvd-diff = {
- enable = lib.mkEnableOption "showing configuration diffs with NVD on upgrade" // {
- default = true;
- };
+ options.borealis.nvd-diff = {
+ enable = lib.mkEnableOption "`nvd` to show configuration diffs on upgrade";
};
config = lib.mkIf cfg.enable {
system.activationScripts."upgrade-diff" = {
supportsDryActivation = true;
+
text = ''
${lib.getExe pkgs.nvd} \
--nix-bin-dir=${config.nix.package}/bin \
diff --git a/modules/nixos/custom/remote-builders.nix b/modules/nixos/custom/remote-builders.nix
new file mode 100644
index 0000000..74d0538
--- /dev/null
+++ b/modules/nixos/custom/remote-builders.nix
@@ -0,0 +1,96 @@
+{
+ config,
+ lib,
+ secretsDir,
+ ...
+}:
+
+let
+ cfg = config.borealis.remote-builders;
+in
+
+{
+ options.borealis.remote-builders = {
+ enable = lib.mkEnableOption "the use of remote builders";
+
+ manageSecrets = lib.mkEnableOption "automatic management of SSH keys for builders" // {
+ default = true;
+ };
+
+ builders = {
+ atlas = lib.mkEnableOption "`atlas` as a remote builder";
+ macstadium = lib.mkEnableOption "`macstadium` as a remote builder";
+ };
+ };
+
+ config = lib.mkIf cfg.enable (
+ lib.mkMerge [
+ {
+ nix = {
+ distributedBuilds = true;
+
+ settings = {
+ builders-use-substitutes = true;
+ };
+ };
+ }
+
+ (lib.mkIf cfg.builders.atlas {
+ nix.buildMachines = [
+ {
+ hostName = "atlas";
+ maxJobs = 4;
+ publicHostKey = "IyBhdGxhczoyMiBTU0gtMi4wLVRhaWxzY2FsZQphdGxhcyBzc2gtZWQyNTUxOSBBQUFBQzNOemFDMWxaREkxTlRFNUFBQUFJQzdZaVNZWXgvK3ptVk9QU0NFUkh6U3NNZVVRdEErVnQxVzBzTFV3NFloSwo=";
+ sshUser = "atlas";
+ supportedFeatures = [
+ "benchmark"
+ "big-parallel"
+ "gccarch-armv8-a"
+ "kvm"
+ "nixos-test"
+ ];
+ systems = [
+ "aarch64-linux"
+ ];
+ }
+ ];
+ })
+
+ (lib.mkIf cfg.builders.macstadium {
+ nix.buildMachines = [
+ (lib.mkMerge [
+ {
+ hostName = "mini.scrumplex.net";
+ maxJobs = 8;
+ publicHostKey = "IyBtaW5pLnNjcnVtcGxleC5uZXQ6MjIgU1NILTIuMC1PcGVuU1NIXzkuOAptaW5pLnNjcnVtcGxleC5uZXQgc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9DV1lXL29TbW5GYU1sOGQ0eHNjaGhxNkNKZkdjQ1M4djhLYkErb0dmQ3IK";
+ sshUser = "bob-the-builder";
+ supportedFeatures = [
+ "nixos-test"
+ "benchmark"
+ "big-parallel"
+ "apple-virt"
+ ];
+ systems = [
+ "aarch64-darwin"
+ "x86_64-darwin"
+ ];
+ }
+
+ (lib.mkIf cfg.manageSecrets {
+ sshKey = config.age.secrets.macstadium.path;
+ })
+ ])
+ ];
+ })
+
+ (lib.mkIf (cfg.manageSecrets && cfg.builders.macstadium) {
+ age.secrets = {
+ macstadium = {
+ file = secretsDir + "/macstadium.age";
+ mode = "600";
+ };
+ };
+ })
+ ]
+ );
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index b184337..1a4ea00 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -3,11 +3,10 @@
default = {
imports = [
../shared
+ ./custom
./defaults
./mixins
./profiles
- ./services
- ./traits
./users
];
};
diff --git a/modules/nixos/defaults/default.nix b/modules/nixos/defaults/default.nix
index 5b542a9..1b11d0e 100644
--- a/modules/nixos/defaults/default.nix
+++ b/modules/nixos/defaults/default.nix
@@ -10,6 +10,10 @@
./users.nix
];
+ borealis = {
+ nvd-diff.enable = true;
+ };
+
documentation.nixos.enable = lib.mkDefault false;
i18n = {
diff --git a/modules/nixos/traits/arm-builder.nix b/modules/nixos/traits/arm-builder.nix
deleted file mode 100644
index 3f655b8..0000000
--- a/modules/nixos/traits/arm-builder.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{
- config,
- lib,
- ...
-}:
-let
- cfg = config.traits.arm-builder;
-in
-{
- options.traits.arm-builder = {
- enable = lib.mkEnableOption "ARM remote builders";
- };
-
- config = lib.mkIf cfg.enable {
- nix = {
- buildMachines = [
- {
- hostName = "atlas";
- maxJobs = 4;
- publicHostKey = "IyBhdGxhczoyMiBTU0gtMi4wLVRhaWxzY2FsZQphdGxhcyBzc2gtZWQyNTUxOSBBQUFBQzNOemFDMWxaREkxTlRFNUFBQUFJQzdZaVNZWXgvK3ptVk9QU0NFUkh6U3NNZVVRdEErVnQxVzBzTFV3NFloSwo=";
- sshUser = "atlas";
- supportedFeatures = [
- "benchmark"
- "big-parallel"
- "gccarch-armv8-a"
- "kvm"
- "nixos-test"
- ];
- systems = [
- "aarch64-linux"
- ];
- }
- ];
-
- distributedBuilds = true;
-
- settings = {
- builders-use-substitutes = true;
- };
- };
- };
-}
diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix
deleted file mode 100644
index d4b00dc..0000000
--- a/modules/nixos/traits/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- imports = [
- ./arm-builder.nix
- ./mac-builder.nix
- ./nvd-diff.nix
- ];
-}
diff --git a/modules/nixos/traits/mac-builder.nix b/modules/nixos/traits/mac-builder.nix
deleted file mode 100644
index cfafaf3..0000000
--- a/modules/nixos/traits/mac-builder.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{
- config,
- lib,
- secretsDir,
- ...
-}:
-let
- cfg = config.traits.mac-builder;
-in
-{
- options.traits.mac-builder = {
- enable = lib.mkEnableOption "macOS remote builders";
- manageSecrets = lib.mkEnableOption "managing SSH keys for builders" // {
- default = true;
- };
- };
-
- config = lib.mkIf cfg.enable (
- lib.mkMerge [
- {
- nix = {
- buildMachines = [
- (lib.mkMerge [
- {
- hostName = "mini.scrumplex.net";
- maxJobs = 8;
- publicHostKey = "IyBtaW5pLnNjcnVtcGxleC5uZXQ6MjIgU1NILTIuMC1PcGVuU1NIXzkuOAptaW5pLnNjcnVtcGxleC5uZXQgc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9DV1lXL29TbW5GYU1sOGQ0eHNjaGhxNkNKZkdjQ1M4djhLYkErb0dmQ3IK";
- sshUser = "bob-the-builder";
- supportedFeatures = [
- "nixos-test"
- "benchmark"
- "big-parallel"
- "apple-virt"
- ];
- systems = [
- "aarch64-darwin"
- "x86_64-darwin"
- ];
- }
-
- (lib.mkIf cfg.manageSecrets {
- sshKey = config.age.secrets.macstadium.path;
- })
- ])
- ];
-
- distributedBuilds = true;
-
- settings = {
- builders-use-substitutes = true;
- };
- };
- }
-
- (lib.mkIf cfg.manageSecrets {
- age.secrets = {
- macstadium = {
- file = secretsDir + "/macstadium.age";
- mode = "600";
- };
- };
- })
- ]
- );
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 12:09:39 +0000