shared-public-infra/configurations.nix

124 lines
2.7 KiB
Nix

{ self, ... }:
let
inherit
(self.inputs)
nixpkgs
home-manager
agenix
nur
colmena
flake-registry
nixos-hypervisor
nixos-hardware
nixpkgs-unstable
srvos
disko
;
nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
colmenaModules = [
colmena.nixosModules.deploymentOptions
];
commonModules = [
{
_module.args.self = self;
_module.args.inputs = self.inputs;
srvos.flake = self;
}
# only include admins here for monitoring/backup infrastructure
./modules/users/admins.nix
./modules/packages.nix
./modules/nix-daemon.nix
./modules/auto-upgrade.nix
./modules/tor-ssh.nix
./modules/hosts.nix
./modules/network.nix
./modules/zsh.nix
./modules/ssh-cursed.nix
./modules/buildbot
disko.nixosModules.disko
srvos.nixosModules.server
srvos.nixosModules.mixins-trusted-nix-caches
srvos.nixosModules.mixins-terminfo
nixos-hypervisor.nixosModules.host
# srvos.nixosModules.mixins-telegraf
# srvos.nixosModules.mixins-terminfo
agenix.nixosModules.default
({ pkgs
, config
, lib
, ...
}:
let
sopsFile = ./. + "/hosts/${config.networking.hostName}.yml";
in
{
nix.nixPath = [
"home-manager=${home-manager}"
"nixpkgs=${pkgs.path}"
"nur=${nur}"
];
# TODO: share nixpkgs for each machine to speed up local evaluation.
#nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system};
#users.withSops = builtins.pathExists sopsFile;
#sops.secrets = lib.mkIf (config.users.withSops) {
# root-password-hash.neededForUsers = true;
#};
# sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
nix.extraOptions = ''
flake-registry = ${flake-registry}/flake-registry.json
builders-use-substitutes = true
'';
nix.registry = {
home-manager.flake = home-manager;
nixpkgs.flake = nixpkgs;
nur.flake = nur;
};
time.timeZone = "UTC";
environment.systemPackages = [
pkgs.kitty.terminfo
];
})
];
in
{
flake.nixosConfigurations = {
epyc = nixosSystem {
system = "x86_64-linux";
modules =
commonModules
++ colmenaModules
++ [
./hosts/epyc.nix
];
};
};
flake.colmena = {
meta.nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
nixos-hypervisor.overlays.default
];
};
epyc = {
imports =
commonModules
++ [
./hosts/epyc.nix
];
};
};
}