From 66d3333ad7583df1e03296b88e21a964c10309de Mon Sep 17 00:00:00 2001 From: seth Date: Sun, 7 May 2023 23:18:34 -0400 Subject: hosts: add mkNixOS --- hosts/common.nix | 87 ----------------------------------- hosts/default.nix | 130 ++++++++++++++++++++++++++--------------------------- hosts/profiles.nix | 83 ++++++++++++++++++++++++++++++++++ 3 files changed, 147 insertions(+), 153 deletions(-) delete mode 100644 hosts/common.nix create mode 100644 hosts/profiles.nix diff --git a/hosts/common.nix b/hosts/common.nix deleted file mode 100644 index 3e2a7ca..0000000 --- a/hosts/common.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - inputs, - self, -}: let - inherit (inputs) getchoo home-manager nil nixpkgs nixpkgsUnstable nur ragenix; -in { - personal = { - system = "x86_64-linux"; - builder = nixpkgsUnstable.lib.nixosSystem; - - dir = ./.; - - modules = [ - ragenix.nixosModules.default - home-manager.nixosModules.home-manager - nur.nixosModules.nur - - self.nixosModules.getchoo - ../users/seth - - { - age = { - identityPaths = ["/etc/age/key"]; - secrets = let - baseDir = "${self}/secrets/shared"; - in { - rootPassword.file = "${baseDir}/rootPassword.age"; - sethPassword.file = "${baseDir}/sethPassword.age"; - }; - }; - - nixpkgs = { - overlays = [nil.overlays.nil nur.overlay getchoo.overlays.default]; - config.allowUnfree = true; - }; - - nix = { - registry = { - getchoo.flake = getchoo; - nixpkgs.flake = nixpkgsUnstable; - }; - - settings = { - trusted-substituters = [ - "https://getchoo.cachix.org" - "https://nix-community.cachix.org" - "https://hercules-ci.cachix.org" - "https://wurzelpfropf.cachix.org" - ]; - - trusted-public-keys = [ - "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" - "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0=" - ]; - }; - }; - - getchoo.nixos.enable = true; - system.stateVersion = "23.05"; - } - ]; - - specialArgs = inputs; - }; - - server = { - builder = nixpkgs.lib.nixosSystem; - - dir = ./.; - - modules = [ - ragenix.nixosModules.default - ../modules/base - ../modules/nixos - ../modules/server - - { - getchoo.server.enable = true; - nix.registry.nixpkgs.flake = nixpkgs; - } - ]; - - specialArgs = inputs; - }; -} diff --git a/hosts/default.nix b/hosts/default.nix index 78dfb4f..d059b40 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -3,79 +3,77 @@ self, ... }: let - inherit (import ./common.nix {inherit inputs self;}) personal server; + inherit (import ./profiles.nix {inherit inputs self;}) personal server; + + mkNixOS = { + name, + modules ? profile.modules, + profile ? personal, + system ? profile.system, + specialArgs ? profile.specialArgs, + }: + profile.builder { + inherit specialArgs system; + modules = [./${name}] ++ modules ++ profile.modules; + }; in { flake = { nixosConfigurations = { - glados = with personal; - builder { - inherit specialArgs system; - modules = with inputs; - modules - ++ [ - ./glados - nixos-hardware.nixosModules.common-cpu-amd-pstate - nixos-hardware.nixosModules.common-gpu-nvidia-nonprime - nixos-hardware.nixosModules.common-pc-ssd - lanzaboote.nixosModules.lanzaboote - ]; - }; + glados = mkNixOS { + name = "glados"; + modules = with inputs; [ + nixos-hardware.nixosModules.common-cpu-amd-pstate + nixos-hardware.nixosModules.common-gpu-nvidia-nonprime + nixos-hardware.nixosModules.common-pc-ssd + lanzaboote.nixosModules.lanzaboote + ]; + }; + + glados-wsl = mkNixOS { + name = "glados-wsl"; + modules = [inputs.nixos-wsl.nixosModules.wsl]; + }; + + atlas = mkNixOS { + name = "atlas"; + modules = [ + inputs.hercules-ci-agent.nixosModules.agent-service - glados-wsl = with personal; - builder { - inherit specialArgs system; - modules = with inputs; - modules - ++ [ - ./glados-wsl - nixos-wsl.nixosModules.wsl - ]; - }; + { + getchoo.server = { + secrets.enable = true; + services.hercules-ci = { + enable = true; + secrets.enable = true; + }; + }; + } + ]; - atlas = with server; - builder { - inherit specialArgs; - system = "aarch64-linux"; - modules = with inputs; - modules - ++ [ - ./atlas - hercules-ci-agent.nixosModules.agent-service + system = "aarch64-linux"; + profile = server; + }; - { - getchoo.server = { - secrets.enable = true; - services.hercules-ci = { - enable = true; - secrets.enable = true; - }; - }; - } - ]; - }; + p-body = mkNixOS { + name = "p-body"; + modules = with inputs; [ + hercules-ci-agent.nixosModules.agent-service + guzzle_api.nixosModules.guzzle_api - p-body = with server; - builder { - inherit specialArgs; - modules = with inputs; - modules - ++ [ - ./p-body - hercules-ci-agent.nixosModules.agent-service - guzzle_api.nixosModules.guzzle_api + { + getchoo.server = { + secrets.enable = true; + services.hercules-ci = { + enable = true; + secrets.enable = true; + }; + }; + } + ]; - { - getchoo.server = { - secrets.enable = true; - services.hercules-ci = { - enable = true; - secrets.enable = true; - }; - }; - } - ]; - system = "x86_64-linux"; - }; + system = "x86_64-linux"; + profile = server; + }; }; nixosModules.getchoo = import ../modules; @@ -89,7 +87,7 @@ in { apps = (inputs.nixinate.nixinate.${system} self).nixinate; packages = { - turret = pkgs.callPackage ./_turret {inherit (inputs) openwrt-imagebuilder;}; + turret = pkgs.callPackage ./turret {inherit (inputs) openwrt-imagebuilder;}; }; }; } diff --git a/hosts/profiles.nix b/hosts/profiles.nix new file mode 100644 index 0000000..ba49050 --- /dev/null +++ b/hosts/profiles.nix @@ -0,0 +1,83 @@ +{ + inputs, + self, +}: let + inherit (inputs) getchoo home-manager nil nixpkgs nixpkgsUnstable nur ragenix; +in { + personal = { + system = "x86_64-linux"; + builder = nixpkgsUnstable.lib.nixosSystem; + + modules = [ + ragenix.nixosModules.default + home-manager.nixosModules.home-manager + nur.nixosModules.nur + + self.nixosModules.getchoo + ../users/seth + + { + age = { + identityPaths = ["/etc/age/key"]; + secrets = let + baseDir = "${self}/secrets/shared"; + in { + rootPassword.file = "${baseDir}/rootPassword.age"; + sethPassword.file = "${baseDir}/sethPassword.age"; + }; + }; + + nixpkgs = { + overlays = [nil.overlays.nil nur.overlay getchoo.overlays.default]; + config.allowUnfree = true; + }; + + nix = { + registry = { + getchoo.flake = getchoo; + nixpkgs.flake = nixpkgsUnstable; + }; + + settings = { + trusted-substituters = [ + "https://getchoo.cachix.org" + "https://nix-community.cachix.org" + "https://hercules-ci.cachix.org" + "https://wurzelpfropf.cachix.org" + ]; + + trusted-public-keys = [ + "getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0=" + "wurzelpfropf.cachix.org-1:ilZwK5a6wJqVr7Fyrzp4blIEkGK+LJT0QrpWr1qBNq0=" + ]; + }; + }; + + getchoo.nixos.enable = true; + system.stateVersion = "23.05"; + } + ]; + + specialArgs = inputs; + }; + + server = { + builder = nixpkgs.lib.nixosSystem; + + modules = [ + ragenix.nixosModules.default + ../modules/base + ../modules/nixos + ../modules/server + + { + getchoo.server.enable = true; + nix.registry.nixpkgs.flake = nixpkgs; + } + ]; + + specialArgs = inputs; + }; +} -- cgit v1.2.3