forked from raito/shared-public-infra
124 lines
2.7 KiB
Nix
124 lines
2.7 KiB
Nix
{ self, ... }:
|
|
let
|
|
inherit
|
|
(self.inputs)
|
|
nixpkgs
|
|
home-manager
|
|
agenix
|
|
nur
|
|
colmena
|
|
flake-registry
|
|
nixos-hypervisor
|
|
nixos-hardware
|
|
nixpkgs-unstable
|
|
srvos
|
|
disko
|
|
;
|
|
nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
|
|
|
|
colmenaModules = [
|
|
colmena.nixosModules.deploymentOptions
|
|
];
|
|
|
|
commonModules = [
|
|
{
|
|
_module.args.self = self;
|
|
_module.args.inputs = self.inputs;
|
|
srvos.flake = self;
|
|
}
|
|
# only include admins here for monitoring/backup infrastructure
|
|
./modules/users/admins.nix
|
|
./modules/packages.nix
|
|
./modules/nix-daemon.nix
|
|
./modules/auto-upgrade.nix
|
|
./modules/tor-ssh.nix
|
|
./modules/hosts.nix
|
|
./modules/network.nix
|
|
./modules/zsh.nix
|
|
./modules/ssh-cursed.nix
|
|
./modules/buildbot
|
|
|
|
|
|
disko.nixosModules.disko
|
|
srvos.nixosModules.server
|
|
|
|
srvos.nixosModules.mixins-trusted-nix-caches
|
|
srvos.nixosModules.mixins-terminfo
|
|
|
|
nixos-hypervisor.nixosModules.host
|
|
|
|
# srvos.nixosModules.mixins-telegraf
|
|
# srvos.nixosModules.mixins-terminfo
|
|
|
|
agenix.nixosModules.default
|
|
({ pkgs
|
|
, config
|
|
, lib
|
|
, ...
|
|
}:
|
|
let
|
|
sopsFile = ./. + "/hosts/${config.networking.hostName}.yml";
|
|
in
|
|
{
|
|
nix.nixPath = [
|
|
"home-manager=${home-manager}"
|
|
"nixpkgs=${pkgs.path}"
|
|
"nur=${nur}"
|
|
];
|
|
# TODO: share nixpkgs for each machine to speed up local evaluation.
|
|
#nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system};
|
|
|
|
#users.withSops = builtins.pathExists sopsFile;
|
|
#sops.secrets = lib.mkIf (config.users.withSops) {
|
|
# root-password-hash.neededForUsers = true;
|
|
#};
|
|
# sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
|
|
|
|
nix.extraOptions = ''
|
|
flake-registry = ${flake-registry}/flake-registry.json
|
|
builders-use-substitutes = true
|
|
'';
|
|
|
|
nix.registry = {
|
|
home-manager.flake = home-manager;
|
|
nixpkgs.flake = nixpkgs;
|
|
nur.flake = nur;
|
|
};
|
|
time.timeZone = "UTC";
|
|
|
|
environment.systemPackages = [
|
|
pkgs.kitty.terminfo
|
|
];
|
|
})
|
|
];
|
|
in
|
|
{
|
|
flake.nixosConfigurations = {
|
|
epyc = nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules =
|
|
commonModules
|
|
++ colmenaModules
|
|
++ [
|
|
./hosts/epyc.nix
|
|
];
|
|
};
|
|
};
|
|
|
|
flake.colmena = {
|
|
meta.nixpkgs = import nixpkgs {
|
|
system = "x86_64-linux";
|
|
overlays = [
|
|
nixos-hypervisor.overlays.default
|
|
];
|
|
};
|
|
epyc = {
|
|
imports =
|
|
commonModules
|
|
++ [
|
|
./hosts/epyc.nix
|
|
];
|
|
};
|
|
};
|
|
}
|