From 289ab1599c2a14a74fb3832ded2c74dedbd4153c Mon Sep 17 00:00:00 2001 From: niten Date: Fri, 8 Oct 2021 15:23:56 -0700 Subject: [PATCH] Working flake-based nixops config --- .gitmodules | 12 + fudo-home | 1 + fudo-nixos | 1 + fudo-pkgs | 1 + seattle/flake.lock | 549 +++++++++++++++++++++++++++++++++++++++++++++ seattle/flake.nix | 54 +++-- 6 files changed, 589 insertions(+), 29 deletions(-) create mode 100644 .gitmodules create mode 160000 fudo-home create mode 160000 fudo-nixos create mode 160000 fudo-pkgs create mode 100644 seattle/flake.lock diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..5735838 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,12 @@ +[submodule "fudo-home"] + path = fudo-home + url = ssh://fudo_git@git.fudo.org:2222/niten/nix-home.git + branch = flake +[submodule "fudo-nixos"] + path = fudo-nixos + url = ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git + branch = nixops-flake +[submodule "fudo-pkgs"] + path = fudo-pkgs + url = ssh://fudo_git@git.fudo.org:2222/fudo-public/fudo-pkgs.git + branch = master diff --git a/fudo-home b/fudo-home new file mode 160000 index 0000000..1530695 --- /dev/null +++ b/fudo-home @@ -0,0 +1 @@ +Subproject commit 15306957073a2f049b4f4d930def25678bedb75f diff --git a/fudo-nixos b/fudo-nixos new file mode 160000 index 0000000..5a48c78 --- /dev/null +++ b/fudo-nixos @@ -0,0 +1 @@ +Subproject commit 5a48c78b48a85761638e7653da549aa70989d3f1 diff --git a/fudo-pkgs b/fudo-pkgs new file mode 160000 index 0000000..3304caa --- /dev/null +++ b/fudo-pkgs @@ -0,0 +1 @@ +Subproject commit 3304caa8ee5891d05320375b5dc825871e53172d diff --git a/seattle/flake.lock b/seattle/flake.lock new file mode 100644 index 0000000..b144095 --- /dev/null +++ b/seattle/flake.lock @@ -0,0 +1,549 @@ +{ + "nodes": { + "backplane-passwords": { + "flake": false, + "locked": { + "narHash": "sha256-Bf5sVg4oSg6uCKMJl21btfBH4NQI/Wz4SU9j130Shyg=", + "path": "./backplane-passwords", + "type": "path" + }, + "original": { + "path": "./backplane-passwords", + "type": "path" + } + }, + "build-keypairs": { + "flake": false, + "locked": { + "narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=", + "path": "./build-keypairs", + "type": "path" + }, + "original": { + "path": "./build-keypairs", + "type": "path" + } + }, + "doom-emacs": { + "inputs": { + "doom-emacs": "doom-emacs_2", + "doom-snippets": "doom-snippets", + "emacs-overlay": "emacs-overlay", + "emacs-so-long": "emacs-so-long", + "evil-markdown": "evil-markdown", + "evil-org-mode": "evil-org-mode", + "evil-quick-diff": "evil-quick-diff", + "explain-pause-mode": "explain-pause-mode", + "flake-utils": "flake-utils", + "nix-straight": "nix-straight", + "nixpkgs": "nixpkgs", + "nose": "nose", + "ob-racket": "ob-racket", + "org": "org", + "org-contrib": "org-contrib", + "org-yt": "org-yt", + "php-extras": "php-extras", + "revealjs": "revealjs", + "rotate-text": "rotate-text" + }, + "locked": { + "lastModified": 1627398156, + "narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=", + "owner": "vlaci", + "repo": "nix-doom-emacs", + "rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff", + "type": "github" + }, + "original": { + "owner": "vlaci", + "repo": "nix-doom-emacs", + "type": "github" + } + }, + "doom-emacs_2": { + "flake": false, + "locked": { + "lastModified": 1626604817, + "narHash": "sha256-z+dvjB02cHU+VQ5EMkzqSdX817PZar9AkmmfK27q0vo=", + "owner": "hlissner", + "repo": "doom-emacs", + "rev": "46732c0adaef147144418f9f284ca6b1183ab96f", + "type": "github" + }, + "original": { + "owner": "hlissner", + "ref": "develop", + "repo": "doom-emacs", + "type": "github" + } + }, + "doom-snippets": { + "flake": false, + "locked": { + "lastModified": 1625547004, + "narHash": "sha256-V+ytAjB4ZZ+5dJJAu1OY7SbnqrokX5PVBWs0AsgQ8Vs=", + "owner": "hlissner", + "repo": "doom-snippets", + "rev": "5c0eb5bd70f035cefb981c2ce64f4367498bdda6", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "doom-snippets", + "type": "github" + } + }, + "emacs-overlay": { + "flake": false, + "locked": { + "lastModified": 1626972035, + "narHash": "sha256-YhBtnKmLDYiEzP5ZEMEQMg6oMP5EV+ToCkku7ZYfL+A=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "be04b45efb35db58e6ac6aa86b84f850c85b5dfe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-so-long": { + "flake": false, + "locked": { + "lastModified": 1575031854, + "narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=", + "owner": "hlissner", + "repo": "emacs-so-long", + "rev": "ed666b0716f60e8988c455804de24b55919e71ca", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "emacs-so-long", + "type": "github" + } + }, + "evil-markdown": { + "flake": false, + "locked": { + "lastModified": 1626852210, + "narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=", + "owner": "Somelauw", + "repo": "evil-markdown", + "rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477", + "type": "github" + }, + "original": { + "owner": "Somelauw", + "repo": "evil-markdown", + "type": "github" + } + }, + "evil-org-mode": { + "flake": false, + "locked": { + "lastModified": 1607203864, + "narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=", + "owner": "hlissner", + "repo": "evil-org-mode", + "rev": "a9706da260c45b98601bcd72b1d2c0a24a017700", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-org-mode", + "type": "github" + } + }, + "evil-quick-diff": { + "flake": false, + "locked": { + "lastModified": 1575189609, + "narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=", + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "rev": "69c883720b30a892c63bc89f49d4f0e8b8028908", + "type": "github" + }, + "original": { + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "type": "github" + } + }, + "explain-pause-mode": { + "flake": false, + "locked": { + "lastModified": 1595842060, + "narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=", + "owner": "lastquestion", + "repo": "explain-pause-mode", + "rev": "2356c8c3639cbeeb9751744dbe737267849b4b51", + "type": "github" + }, + "original": { + "owner": "lastquestion", + "repo": "explain-pause-mode", + "type": "github" + } + }, + "filesystem-keys": { + "flake": false, + "locked": { + "narHash": "sha256-K2wdsA4vcNTaLR9A9qxB+aMaeANL0LXOwBWvUm63lX0=", + "path": "./filesystem-keys", + "type": "path" + }, + "original": { + "path": "./filesystem-keys", + "type": "path" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "fudo-home": { + "inputs": { + "doom-emacs": "doom-emacs", + "home-manager": "home-manager", + "niten-doom-config": "niten-doom-config" + }, + "locked": { + "narHash": "sha256-AHoJKYZ0PSdz3rMuI6KdFQY9Z6YCw56NQIeimb+/QeY=", + "path": "../fudo-home", + "type": "path" + }, + "original": { + "path": "../fudo-home", + "type": "path" + } + }, + "fudo-nixos": { + "flake": false, + "locked": { + "narHash": "sha256-GKJ6ejLju+qA2sKGWZuqaYIbYzA99L4xf1PpC4J+wTE=", + "path": "../fudo-nixos", + "type": "path" + }, + "original": { + "path": "../fudo-nixos", + "type": "path" + } + }, + "fudo-pkgs": { + "locked": { + "narHash": "sha256-H1xthHmjvczP+qYQnoLmZjqagHEk5LVsv/0zDlmZoAc=", + "path": "../fudo-pkgs", + "type": "path" + }, + "original": { + "path": "../fudo-pkgs", + "type": "path" + } + }, + "fudo-secrets": { + "inputs": { + "backplane-passwords": "backplane-passwords", + "build-keypairs": "build-keypairs", + "filesystem-keys": "filesystem-keys", + "host-keytabs": "host-keytabs", + "service-passwords": "service-passwords", + "ssh-keypairs": "ssh-keypairs" + }, + "locked": { + "narHash": "sha256-2Oos5WO+NK4LPEvi2gzvfDhgiAyaalj/3YwMDILO6hY=", + "path": "/state/secrets", + "type": "path" + }, + "original": { + "path": "/state/secrets", + "type": "path" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1633291410, + "narHash": "sha256-IxUzCGwj+s2Rn/+u0NtY36ix5I8MopMOO8Ip59PnBlw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "382505714d10c6791a96712e0554587c75c5bf8b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.05", + "repo": "home-manager", + "type": "github" + } + }, + "host-keytabs": { + "flake": false, + "locked": { + "narHash": "sha256-yvGgY3mgzaGjYBNHr0m4Lg2rxrB0+CRlzWdJ2A06MeM=", + "path": "./kerberos/host-keytabs", + "type": "path" + }, + "original": { + "path": "./kerberos/host-keytabs", + "type": "path" + } + }, + "niten-doom-config": { + "flake": false, + "locked": { + "lastModified": 1628274414, + "narHash": "sha256-EIGqjTHcYnjVXceY1tpjaYxNmORh8NNiL2FVWCI5sBo=", + "ref": "master", + "rev": "0ab1532c856ccdb6ce46c5948054279f439eb1f2", + "revCount": 34, + "type": "git", + "url": "https://git.fudo.org/niten/doom-emacs.git" + }, + "original": { + "type": "git", + "url": "https://git.fudo.org/niten/doom-emacs.git" + } + }, + "nix-straight": { + "flake": false, + "locked": { + "lastModified": 1621543597, + "narHash": "sha256-E/m2Hrw2og//CfOCOWe2yapYC01Tqhozn4YMPYJsC3o=", + "owner": "vlaci", + "repo": "nix-straight.el", + "rev": "8e84d04f10b2298de856b2b8b9a0d13abc91b5ca", + "type": "github" + }, + "original": { + "owner": "vlaci", + "ref": "v2.2.0", + "repo": "nix-straight.el", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1626852498, + "narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixpkgs-unstable", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1633381874, + "narHash": "sha256-RkoVeo4K1IKqQzCI9W28UOyw4ic3Lhb3XoMDFDp7X74=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "35b808214a1ca158a04d6980cb95cc1a77ce1f94", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1633625029, + "narHash": "sha256-Ia3kwnN9DhcskAIElLSKb4u/OK7nZU/P0TkaikAX790=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "781b1f8e3a2194e1e233cd62b4f2193e129a07f7", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.05", + "type": "indirect" + } + }, + "nose": { + "flake": false, + "locked": { + "lastModified": 1400604510, + "narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=", + "owner": "emacsattic", + "repo": "nose", + "rev": "f8528297519eba911696c4e68fa88892de9a7b72", + "type": "github" + }, + "original": { + "owner": "emacsattic", + "repo": "nose", + "type": "github" + } + }, + "ob-racket": { + "flake": false, + "locked": { + "lastModified": 1584656173, + "narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=", + "owner": "xchrishawk", + "repo": "ob-racket", + "rev": "83457ec9e1e96a29fd2086ed19432b9d75787673", + "type": "github" + }, + "original": { + "owner": "xchrishawk", + "repo": "ob-racket", + "type": "github" + } + }, + "org": { + "flake": false, + "locked": { + "lastModified": 1627155762, + "narHash": "sha256-XS1eA6P0ePabdrnUNe5lN19EA9dfK615gMGObr9wfBQ=", + "owner": "emacs-straight", + "repo": "org-mode", + "rev": "c9dfed48a607c7f6524f1c6480f09cf61a5d6237", + "type": "github" + }, + "original": { + "owner": "emacs-straight", + "repo": "org-mode", + "type": "github" + } + }, + "org-contrib": { + "flake": false, + "locked": { + "lastModified": 1623339452, + "narHash": "sha256-E3pioqkmAKQm5N7YsgJZil0/ozkdRE7//tE9FGbrluM=", + "ref": "master", + "rev": "fc81309cf6756607a836f93049a9393c2967c4e0", + "revCount": 2599, + "type": "git", + "url": "https://git.sr.ht/~bzg/org-contrib" + }, + "original": { + "type": "git", + "url": "https://git.sr.ht/~bzg/org-contrib" + } + }, + "org-yt": { + "flake": false, + "locked": { + "lastModified": 1527381913, + "narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=", + "owner": "TobiasZawada", + "repo": "org-yt", + "rev": "40cc1ac76d741055cbefa13860d9f070a7ade001", + "type": "github" + }, + "original": { + "owner": "TobiasZawada", + "repo": "org-yt", + "type": "github" + } + }, + "php-extras": { + "flake": false, + "locked": { + "lastModified": 1573312690, + "narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=", + "owner": "arnested", + "repo": "php-extras", + "rev": "d410c5af663c30c01d461ac476d1cbfbacb49367", + "type": "github" + }, + "original": { + "owner": "arnested", + "repo": "php-extras", + "type": "github" + } + }, + "revealjs": { + "flake": false, + "locked": { + "lastModified": 1625811744, + "narHash": "sha256-Y67nVqcovn2PbHXmWOFWMq10Qz2ZIRyyWEO6qsZLbIM=", + "owner": "hakimel", + "repo": "reveal.js", + "rev": "b18f12d964ef80bd9ffb061aae48ff4c15fb43ad", + "type": "github" + }, + "original": { + "owner": "hakimel", + "repo": "reveal.js", + "type": "github" + } + }, + "root": { + "inputs": { + "fudo-home": "fudo-home", + "fudo-nixos": "fudo-nixos", + "fudo-pkgs": "fudo-pkgs", + "fudo-secrets": "fudo-secrets", + "nixpkgs": "nixpkgs_3" + } + }, + "rotate-text": { + "flake": false, + "locked": { + "lastModified": 1322962747, + "narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=", + "owner": "debug-ito", + "repo": "rotate-text.el", + "rev": "48f193697db996855aee1ad2bc99b38c6646fe76", + "type": "github" + }, + "original": { + "owner": "debug-ito", + "repo": "rotate-text.el", + "type": "github" + } + }, + "service-passwords": { + "flake": false, + "locked": { + "narHash": "sha256-JPMZdokzw+vyWoIKwgDhD60BYi5gch/MfgQyvx5AXZA=", + "path": "./service-passwords", + "type": "path" + }, + "original": { + "path": "./service-passwords", + "type": "path" + } + }, + "ssh-keypairs": { + "flake": false, + "locked": { + "narHash": "sha256-fD2ZTNMc399XtlVWLCU4crC0RZZ8yTZPFzEm9VWjiL8=", + "path": "./ssh-keypairs", + "type": "path" + }, + "original": { + "path": "./ssh-keypairs", + "type": "path" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/seattle/flake.nix b/seattle/flake.nix index e8b1af3..3eaddd9 100644 --- a/seattle/flake.nix +++ b/seattle/flake.nix @@ -4,39 +4,35 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-21.05"; - fudo-home.url = "path:/state/nixos/nix-home"; + fudo-home.url = "path:../fudo-home"; fudo-secrets.url = "path:/state/secrets"; + fudo-pkgs.url = "path:../fudo-pkgs"; + # fudo-pkgs.url = "path:/state/nixos/fudo-pkgs"; fudo-nixos = { - url = "path:/state/nixos"; + url = "path:../fudo-nixos"; # Don't import it as a flake flake = false; }; }; - outputs = { self, - nixpkgs, - fudo-home, - fudo-nixos, - fudo-secrets, - ... }: let - lib = nixpkgs.lib; - + outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let domain = "sea.fudo.org"; + site = "seattle"; - build-timestamp = builtins.trace self.sourceInfo self.sourceInfo.lastModified; + build-timestamp = self.sourceInfo.lastModified; - hostlib = import (fudo-nixos + /lib/hosts.nix) { - inherit lib; - }; + hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; }; - hosts = lib.filterAttrs (hostname: hostOpts: - hostOpts.nixos-system && hostOpts.domain == domain) + hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts: + hostOpts.nixos-system && hostOpts.site == site) (hostlib.base-host-config (fudo-nixos + /config/hosts)); + network-hosts = (import (fudo-nixos + /config/networks/${domain}.nix)).hosts; + pkgs-for = system: import nixpkgs { inherit system; config = { @@ -46,8 +42,8 @@ ]; }; overlays = [ - (import (fudo-nixos + /fudo-pkgs/overlay.nix)) - (import (fudo-nixos + /lib/overlay.nix)) + fudo-pkgs.overlay + (import (fudo-nixos + "/lib/overlay.nix")) ]; }; @@ -61,21 +57,21 @@ description = "Seattle NixOps network."; enableRollback = true; }; - - defaults._module.args = { inherit domain; }; - } // lib.mapAttrs (hostname: hostOpts: let - #system = hostOpts.arch; - pkgs = pkgs-for hostOpts.arch; - lib = pkgs.lib; - in { - #inherit system; - modules = [ + } // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let + system = hostOpts.arch; + profile = hostOpts.profile; + in { config, pkgs, lib, ... }: { + imports = [ fudo-home.nixosModule fudo-secrets.nixosModule (initialize-host { - inherit hostname pkgs lib build-timestamp fudo-secrets; + inherit hostname build-timestamp site domain profile config pkgs lib; }) ]; - }) hosts; + + nixpkgs.pkgs = pkgs-for system; + + deployment.targetHost = network-hosts.${hostname}.ipv4-address; + }) hosts); }; }