forked from raito/shared-public-infra
106 lines
2.2 KiB
Nix
106 lines
2.2 KiB
Nix
|
{ self, ... }:
|
||
|
let
|
||
|
inherit
|
||
|
(self.inputs)
|
||
|
nixpkgs
|
||
|
home-manager
|
||
|
agenix
|
||
|
nur
|
||
|
colmena
|
||
|
flake-registry
|
||
|
nixos-hardware
|
||
|
nixpkgs-unstable
|
||
|
srvos
|
||
|
disko
|
||
|
;
|
||
|
nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
|
||
|
|
||
|
colmenaModules = [
|
||
|
colmena.nixosModules.deploymentOptions
|
||
|
];
|
||
|
|
||
|
commonModules = [
|
||
|
{
|
||
|
_module.args.self = self;
|
||
|
_module.args.inputs = self.inputs;
|
||
|
srvos.flake = self;
|
||
|
}
|
||
|
# only include admins here for monitoring/backup infrastructure
|
||
|
./modules/users/admins.nix
|
||
|
./modules/packages.nix
|
||
|
./modules/nix-daemon.nix
|
||
|
./modules/auto-upgrade.nix
|
||
|
./modules/tor-ssh.nix
|
||
|
./modules/hosts.nix
|
||
|
./modules/network.nix
|
||
|
./modules/zsh.nix
|
||
|
|
||
|
|
||
|
disko.nixosModules.disko
|
||
|
srvos.nixosModules.server
|
||
|
|
||
|
# srvos.nixosModules.mixins-telegraf
|
||
|
# srvos.nixosModules.mixins-terminfo
|
||
|
|
||
|
agenix.nixosModules.default
|
||
|
({ pkgs
|
||
|
, config
|
||
|
, lib
|
||
|
, ...
|
||
|
}: let
|
||
|
sopsFile = ./. + "/hosts/${config.networking.hostName}.yml";
|
||
|
in {
|
||
|
nix.nixPath = [
|
||
|
"home-manager=${home-manager}"
|
||
|
"nixpkgs=${pkgs.path}"
|
||
|
"nur=${nur}"
|
||
|
];
|
||
|
# TODO: share nixpkgs for each machine to speed up local evaluation.
|
||
|
#nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system};
|
||
|
|
||
|
#users.withSops = builtins.pathExists sopsFile;
|
||
|
#sops.secrets = lib.mkIf (config.users.withSops) {
|
||
|
# root-password-hash.neededForUsers = true;
|
||
|
#};
|
||
|
# sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
|
||
|
|
||
|
nix.extraOptions = ''
|
||
|
flake-registry = ${flake-registry}/flake-registry.json
|
||
|
'';
|
||
|
|
||
|
nix.registry = {
|
||
|
home-manager.flake = home-manager;
|
||
|
nixpkgs.flake = nixpkgs;
|
||
|
nur.flake = nur;
|
||
|
};
|
||
|
time.timeZone = "UTC";
|
||
|
})
|
||
|
];
|
||
|
in
|
||
|
{
|
||
|
flake.nixosConfigurations = {
|
||
|
epyc = nixosSystem {
|
||
|
system = "x86_64-linux";
|
||
|
modules =
|
||
|
commonModules
|
||
|
++ colmenaModules
|
||
|
++ [
|
||
|
./hosts/epyc.nix
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
flake.colmena = {
|
||
|
meta.nixpkgs = import nixpkgs {
|
||
|
system = "x86_64-linux";
|
||
|
};
|
||
|
epyc = {
|
||
|
imports =
|
||
|
commonModules
|
||
|
++ [
|
||
|
./hosts/epyc.nix
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
}
|