forked from raito/shared-public-infra
116 lines
2.5 KiB
Nix
116 lines
2.5 KiB
Nix
{ self, ... }:
|
||
let
|
||
inherit
|
||
(self.inputs)
|
||
nixpkgs
|
||
home-manager
|
||
agenix
|
||
nur
|
||
colmena
|
||
flake-registry
|
||
nixos-hardware
|
||
srvos
|
||
disko
|
||
;
|
||
nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
|
||
|
||
colmenaModules = [
|
||
colmena.nixosModules.deploymentOptions
|
||
];
|
||
|
||
commonModules = [
|
||
{
|
||
_module.args.self = self;
|
||
_module.args.inputs = self.inputs;
|
||
srvos.flake = self;
|
||
}
|
||
# only include admins here for monitoring/backup infrastructure
|
||
./modules/users/admins.nix
|
||
./modules/packages.nix
|
||
./modules/nix-daemon.nix
|
||
./modules/tor-ssh.nix
|
||
./modules/hosts.nix
|
||
./modules/network.nix
|
||
./modules/zsh.nix
|
||
./modules/ssh-cursed.nix
|
||
# FIXME: ./modules/buildbot — whenever you are ready.
|
||
|
||
|
||
disko.nixosModules.disko
|
||
srvos.nixosModules.server
|
||
|
||
srvos.nixosModules.mixins-trusted-nix-caches
|
||
srvos.nixosModules.mixins-terminfo
|
||
|
||
# srvos.nixosModules.mixins-telegraf
|
||
# srvos.nixosModules.mixins-terminfo
|
||
|
||
agenix.nixosModules.default
|
||
({ pkgs
|
||
, config
|
||
, lib
|
||
, ...
|
||
}:
|
||
let
|
||
sopsFile = ./. + "/hosts/${config.networking.hostName}.yml";
|
||
in
|
||
{
|
||
nix.nixPath = [
|
||
"home-manager=${home-manager}"
|
||
"nixpkgs=${pkgs.path}"
|
||
"nur=${nur}"
|
||
];
|
||
# TODO: share nixpkgs for each machine to speed up local evaluation.
|
||
#nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system};
|
||
|
||
#users.withSops = builtins.pathExists sopsFile;
|
||
#sops.secrets = lib.mkIf (config.users.withSops) {
|
||
# root-password-hash.neededForUsers = true;
|
||
#};
|
||
# sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
|
||
|
||
nix.extraOptions = ''
|
||
flake-registry = ${flake-registry}/flake-registry.json
|
||
builders-use-substitutes = true
|
||
'';
|
||
|
||
nix.registry = {
|
||
home-manager.flake = home-manager;
|
||
nixpkgs.flake = nixpkgs;
|
||
nur.flake = nur;
|
||
};
|
||
time.timeZone = "UTC";
|
||
|
||
environment.systemPackages = [
|
||
pkgs.kitty.terminfo
|
||
];
|
||
})
|
||
];
|
||
in
|
||
{
|
||
flake.nixosConfigurations = {
|
||
epyc = nixosSystem {
|
||
system = "x86_64-linux";
|
||
modules =
|
||
commonModules
|
||
++ colmenaModules
|
||
++ [
|
||
./hosts/epyc.nix
|
||
];
|
||
};
|
||
};
|
||
|
||
flake.colmena = {
|
||
meta.nixpkgs = import nixpkgs {
|
||
system = "x86_64-linux";
|
||
};
|
||
epyc = {
|
||
imports =
|
||
commonModules
|
||
++ [
|
||
./hosts/epyc.nix
|
||
];
|
||
};
|
||
};
|
||
}
|