nixos-config/flake.nix

{
  description = "Fudo Host Configuration";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-21.05";

    fudo-home = {
      url = "git+https://git.fudo.org/fudo-nix/home.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # This MUST be a clean git repo, because we use the timestamp.
    fudo-entities = {
      url = "git+https://git.fudo.org/fudo-nix/entities.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    fudo-lib = {
      #url = "git+https://git.fudo.org/fudo-nix/lib.git";
      url = "path:/state/fudo-lib";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    fudo-pkgs.url = "git+https://git.fudo.org/fudo-nix/pkgs.git";

    fudo-secrets.url = "path:/state/secrets";

    chute.url = "git+https://git.fudo.org/chute/chute.git?ref=stable";

    chuteUnstable.url = "git+https://git.fudo.org/chute/chute.git?ref=master";

    nixpkgsUnstable.url = "nixpkgs/nixos-unstable";
  };

  outputs = { self,
              nixpkgs,
              fudo-home,
              fudo-lib,
              fudo-entities,
              fudo-pkgs,
              fudo-secrets,
              chute,
              chuteUnstable,
              nixpkgsUnstable,
              ... } @ inputs:
    with nixpkgs.lib;
    let
      fudo-nixos-hosts = filterAttrs
        (hostname: hostOpts: hostOpts.nixos-system)
        (fudo-entities.entities.hosts);

      fudo-networks = fudo-entities.entities.networks;

      unstable-for = arch: import nixpkgsUnstable {
        system = arch;
        config = {
          allowUnfree = true;
          permittedInsecurePackages = [
            "openssh-with-gssapi-8.4p1"
          ];
        };
      };

      pkgs-for = arch: let
        unstable = unstable-for arch;
      in import nixpkgs {
        system = arch;
        config = {
          allowUnfree = true;
          permittedInsecurePackages = [
            "openssh-with-gssapi-8.4p1"
          ];
        };
        overlays = [
          fudo-lib.overlay
          fudo-pkgs.overlay
          (final: prev: {
            chute = chute.packages.${arch}.chute;
            chuteUnstable = chuteUnstable.packages.${arch}.chute;
          })
          (final: prev: {
            nyxt = unstable.nyxt;
          })
        ];
      };

      latest-modified-timestamp = head
        (sort (a: b: a > b)
          (map (input: toInt input.lastModifiedDate)
            (filter (input: hasAttr "lastModifiedDate" input)
              (attrValues inputs))));

      concat-timestamp = timestamp:
        toInt (substring 0 10 (toString timestamp));

      common-host-config = hostname: hostOpts: let
        config-dir = ./config;
        build-timestamp =
          concat-timestamp latest-modified-timestamp;
      in { config, ... }: {
        imports = [
          fudo-home.nixosModule
          fudo-secrets.nixosModule
          fudo-lib.nixosModule
          fudo-entities.nixosModule

          ./config
          (config-dir + /hardware/${hostname}.nix)
          (config-dir + /host-config/${hostname}.nix)
          (config-dir + /profile-config/${hostOpts.profile}.nix)
          (config-dir + /domain-config/${hostOpts.domain}.nix)
          (config-dir + /site-config/${hostOpts.site}.nix)
        ];

        config = let
          pkgs = pkgs-for hostOpts.arch;
        in {
          instance = let
            build-seed = builtins.readFile
              config.fudo.secrets.files.build-seed;
          in {
            inherit hostname build-timestamp build-seed;
          };

          environment.etc.nixos-live.source = ./.;

          nix = {
            registry = {
              nixpkgs.flake = nixpkgs;
              fudo-nixos.flake = self;
              fudo-entities.flake = fudo-entities;
              fudo-lib.flake = fudo-lib;
              fudo-pkgs.flake = fudo-pkgs;
            };
            nixPath = let
              lib = nixpkgs.lib;
            in lib.mkDefault (lib.mkBefore [
              "nixpkgs=${nixpkgs}"
            ]);
          };

          nixpkgs.pkgs = pkgs;
        };
      };

      nixos-host-config = hostname: hostOpts: let
        system = hostOpts.arch;
      in nixosSystem {
        inherit system;
        modules = [
          (common-host-config hostname hostOpts)
        ];
      };

      nixops-host-config = hostname: hostOpts: let
        zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;
      in {
        imports = [
          (common-host-config hostname hostOpts)

          ({ ... }: {
            config.deployment.targetHost =
              zone-hosts.${hostname}.ipv4-address;
          })
        ];
      };

    in {
      nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts;
      nixopsHostConfigurations = mapAttrs nixops-host-config fudo-nixos-hosts;
    };
}
Add arch to hosts, share host config with flake. 2021-09-24 11:31:56 -07:00			`{`
			`description = "Fudo Host Configuration";`

			`inputs = {`
			`nixpkgs.url = "nixpkgs/nixos-21.05";`
Initial, broken 2021-09-29 17:55:13 -07:00
Added live disk flake 2022-03-16 09:49:35 -07:00			`fudo-home = {`
			`url = "git+https://git.fudo.org/fudo-nix/home.git";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Changes for cashew, added mobile site 2021-11-17 17:32:27 -08:00
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`# This MUST be a clean git repo, because we use the timestamp.`
Pretty massive changes really 2021-11-28 12:39:03 -08:00			`fudo-entities = {`
Move to using git.fudo.org directly 2021-11-30 10:52:00 -08:00			`url = "git+https://git.fudo.org/fudo-nix/entities.git";`
Pretty massive changes really 2021-11-28 12:39:03 -08:00			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00
Pretty massive changes really 2021-11-28 12:39:03 -08:00			`fudo-lib = {`
Got ldap working on nutboy3 and jabber on legatus 2021-12-10 18:47:20 -08:00			`#url = "git+https://git.fudo.org/fudo-nix/lib.git";`
			`url = "path:/state/fudo-lib";`
Pretty massive changes really 2021-11-28 12:39:03 -08:00			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00
Move to using git.fudo.org directly 2021-11-30 10:52:00 -08:00			`fudo-pkgs.url = "git+https://git.fudo.org/fudo-nix/pkgs.git";`
Initial, broken 2021-09-29 17:55:13 -07:00
			`fudo-secrets.url = "path:/state/secrets";`
Mostly stuff for selby forum 2021-12-18 12:10:42 -08:00
			`chute.url = "git+https://git.fudo.org/chute/chute.git?ref=stable";`

			`chuteUnstable.url = "git+https://git.fudo.org/chute/chute.git?ref=master";`
Added live disk flake 2022-03-16 09:49:35 -07:00
			`nixpkgsUnstable.url = "nixpkgs/nixos-unstable";`
Add arch to hosts, share host config with flake. 2021-09-24 11:31:56 -07:00			`};`

Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`outputs = { self,`
			`nixpkgs,`
			`fudo-home,`
			`fudo-lib,`
			`fudo-entities,`
			`fudo-pkgs,`
			`fudo-secrets,`
Mostly stuff for selby forum 2021-12-18 12:10:42 -08:00			`chute,`
			`chuteUnstable,`
Added live disk flake 2022-03-16 09:49:35 -07:00			`nixpkgsUnstable,`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`... } @ inputs:`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`with nixpkgs.lib;`
			`let`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`fudo-nixos-hosts = filterAttrs`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`(hostname: hostOpts: hostOpts.nixos-system)`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`(fudo-entities.entities.hosts);`
Initial, broken 2021-09-29 17:55:13 -07:00
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`fudo-networks = fudo-entities.entities.networks;`
Changes for cashew, added mobile site 2021-11-17 17:32:27 -08:00
Added live disk flake 2022-03-16 09:49:35 -07:00			`unstable-for = arch: import nixpkgsUnstable {`
			`system = arch;`
			`config = {`
			`allowUnfree = true;`
			`permittedInsecurePackages = [`
			`"openssh-with-gssapi-8.4p1"`
			`];`
			`};`
			`};`

			`pkgs-for = arch: let`
			`unstable = unstable-for arch;`
			`in import nixpkgs {`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`system = arch;`
			`config = {`
			`allowUnfree = true;`
			`permittedInsecurePackages = [`
			`"openssh-with-gssapi-8.4p1"`
			`];`
			`};`
			`overlays = [`
			`fudo-lib.overlay`
			`fudo-pkgs.overlay`
Mostly stuff for selby forum 2021-12-18 12:10:42 -08:00			`(final: prev: {`
			`chute = chute.packages.${arch}.chute;`
			`chuteUnstable = chuteUnstable.packages.${arch}.chute;`
			`})`
Added live disk flake 2022-03-16 09:49:35 -07:00			`(final: prev: {`
			`nyxt = unstable.nyxt;`
			`})`
Add arch to hosts, share host config with flake. 2021-09-24 11:31:56 -07:00			`];`
			`};`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00
Make the DNS serial correct 2021-11-29 19:21:38 -08:00			`latest-modified-timestamp = head`
			`(sort (a: b: a > b)`
Fixes to procul postgres SSL certs 2021-11-29 21:18:58 -08:00			`(map (input: toInt input.lastModifiedDate)`
			`(filter (input: hasAttr "lastModifiedDate" input)`
inputs isn't a list 2021-11-29 19:34:15 -08:00			`(attrValues inputs))));`
Make the DNS serial correct 2021-11-29 19:21:38 -08:00
			`concat-timestamp = timestamp:`
			`toInt (substring 0 10 (toString timestamp));`

Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`common-host-config = hostname: hostOpts: let`
			`config-dir = ./config;`
Make the DNS serial correct 2021-11-29 19:21:38 -08:00			`build-timestamp =`
last -> latest 2021-11-29 19:25:56 -08:00			`concat-timestamp latest-modified-timestamp;`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`in { config, ... }: {`
			`imports = [`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`fudo-home.nixosModule`
			`fudo-secrets.nixosModule`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`fudo-lib.nixosModule`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`fudo-entities.nixosModule`

			`./config`
			`(config-dir + /hardware/${hostname}.nix)`
			`(config-dir + /host-config/${hostname}.nix)`
			`(config-dir + /profile-config/${hostOpts.profile}.nix)`
			`(config-dir + /domain-config/${hostOpts.domain}.nix)`
			`(config-dir + /site-config/${hostOpts.site}.nix)`
			`];`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00
Added live disk flake 2022-03-16 09:49:35 -07:00			`config = let`
			`pkgs = pkgs-for hostOpts.arch;`
			`in {`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`instance = let`
			`build-seed = builtins.readFile`
			`config.fudo.secrets.files.build-seed;`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`in {`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`inherit hostname build-timestamp build-seed;`
			`};`

Added live disk flake 2022-03-16 09:49:35 -07:00			`environment.etc.nixos-live.source = ./.;`

			`nix = {`
			`registry = {`
			`nixpkgs.flake = nixpkgs;`
			`fudo-nixos.flake = self;`
			`fudo-entities.flake = fudo-entities;`
			`fudo-lib.flake = fudo-lib;`
			`fudo-pkgs.flake = fudo-pkgs;`
			`};`
			`nixPath = let`
			`lib = nixpkgs.lib;`
			`in lib.mkDefault (lib.mkBefore [`
			`"nixpkgs=${nixpkgs}"`
			`]);`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`};`

Added live disk flake 2022-03-16 09:49:35 -07:00			`nixpkgs.pkgs = pkgs;`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`};`
			`};`

			`nixos-host-config = hostname: hostOpts: let`
			`system = hostOpts.arch;`
			`in nixosSystem {`
			`inherit system;`
			`modules = [`
			`(common-host-config hostname hostOpts)`
			`];`
			`};`

			`nixops-host-config = hostname: hostOpts: let`
			`zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;`
			`in {`
			`imports = [`
			`(common-host-config hostname hostOpts)`

			`({ ... }: {`
			`config.deployment.targetHost =`
			`zone-hosts.${hostname}.ipv4-address;`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`})`
			`];`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`};`

			`in {`
			`nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts;`
			`nixopsHostConfigurations = mapAttrs nixops-host-config fudo-nixos-hosts;`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`};`
Add arch to hosts, share host config with flake. 2021-09-24 11:31:56 -07:00			`}`