Changes to nutmeg and flake.nix
This commit is contained in:
parent
c2b16c0342
commit
08b2da1b6f
|
@ -272,11 +272,19 @@ in {
|
|||
};
|
||||
|
||||
interfaces.eno2 = {
|
||||
ipv4.addresses = [{
|
||||
address = "208.81.4.82";
|
||||
prefixLength = 29;
|
||||
}];
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "208.81.4.82";
|
||||
prefixLength = 29;
|
||||
}
|
||||
{
|
||||
address = "208.81.1.141";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
services = {
|
||||
|
|
|
@ -1,21 +1,19 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
config = {
|
||||
fudo.slynk.enable = true;
|
||||
fudo.slynk.enable = true;
|
||||
|
||||
networking = {
|
||||
interfaces = {
|
||||
extif0 = { useDHCP = true; };
|
||||
};
|
||||
};
|
||||
|
||||
i18n.inputMethod = {
|
||||
enabled = "fcitx5";
|
||||
fcitx5.addons = with pkgs; [
|
||||
fcitx5-chinese-addons
|
||||
fcitx5-rime
|
||||
];
|
||||
networking = {
|
||||
interfaces = {
|
||||
extif0 = { useDHCP = true; };
|
||||
};
|
||||
};
|
||||
|
||||
i18n.inputMethod = {
|
||||
enabled = "fcitx5";
|
||||
fcitx5.addons = with pkgs; [
|
||||
fcitx5-chinese-addons
|
||||
fcitx5-rime
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
|
||||
with lib;
|
||||
let
|
||||
syslib = pkgs.callPackage ../lib/hosts.nix {};
|
||||
syslib = pkgs.callPackage ../lib/system.nix {};
|
||||
|
||||
in {
|
||||
config.fudo.hosts = let
|
||||
build-seed = config.instance.build-seed;
|
||||
base-config = syslib.base-host-config ./hosts;
|
||||
base-config = syslib.hosts ./hosts;
|
||||
in mapAttrs (hostname: base-config:
|
||||
base-config // {
|
||||
backplane-password-file =
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
enable-gui = false;
|
||||
rp = "niten";
|
||||
admin-email = "niten@fudo.org";
|
||||
domain = "sea.fudo.org";
|
||||
domain = "mobile.fudo.org";
|
||||
site = "mobile";
|
||||
profile = "laptop";
|
||||
arch = "x86_64-linux";
|
||||
|
|
|
@ -4,7 +4,5 @@ with lib;
|
|||
{
|
||||
imports = [ ./common-ui.nix ];
|
||||
|
||||
config = {
|
||||
networking.networkmanager.enable = mkForce false;
|
||||
};
|
||||
networking.networkmanager.enable = mkForce false;
|
||||
}
|
||||
|
|
118
flake.nix
118
flake.nix
|
@ -11,64 +11,92 @@
|
|||
fudo-secrets.url = "path:/state/secrets";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, fudo-home, fudo-pkgs, fudo-secrets, ... }: let
|
||||
hostlib = import ./lib/hosts.nix { lib = nixpkgs.lib; };
|
||||
outputs = { self, nixpkgs, fudo-home, fudo-pkgs, fudo-secrets, ... }:
|
||||
with nixpkgs.lib;
|
||||
let
|
||||
sys-lib = import ./lib/system.nix { lib = nixpkgs.lib; };
|
||||
|
||||
fudo-nix-hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
|
||||
hostOpts.nixos-system) (hostlib.base-host-config ./config/hosts);
|
||||
in {
|
||||
fudoHosts = fudo-nix-hosts;
|
||||
fudo-nix-hosts = nixpkgs.lib.filterAttrs
|
||||
(hostname: hostOpts: hostOpts.nixos-system)
|
||||
(sys-lib.hosts ./config/hosts);
|
||||
|
||||
nixosConfigurations = let
|
||||
fudo-networks = sys-lib.networks ./config/networks;
|
||||
in {
|
||||
fudoHosts = fudo-nix-hosts;
|
||||
|
||||
build-timestamp = self.sourceInfo.lastModified;
|
||||
fudoNetworks = fudo-networks;
|
||||
|
||||
pkgs-for = arch: import nixpkgs {
|
||||
system = arch;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [
|
||||
"openssh-with-gssapi-8.4p1"
|
||||
];
|
||||
};
|
||||
overlays = [
|
||||
fudo-pkgs.overlay
|
||||
(import ./lib/overlay.nix)
|
||||
nixosModule = {
|
||||
imports = [
|
||||
./lib
|
||||
];
|
||||
};
|
||||
in nixpkgs.lib.mapAttrs (hostname: hostOpts: let
|
||||
system = hostOpts.arch;
|
||||
site = hostOpts.site;
|
||||
domain = hostOpts.domain;
|
||||
profile = hostOpts.profile;
|
||||
in nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
|
||||
modules = let
|
||||
config-path = ./config;
|
||||
in [
|
||||
fudo-home.nixosModule
|
||||
fudo-secrets.nixosModule
|
||||
./lib
|
||||
./config
|
||||
nixosConfigurations = let
|
||||
|
||||
(config-path + /hardware/${hostname}.nix)
|
||||
(config-path + /host-config/${hostname}.nix)
|
||||
(config-path + /profile-config/${profile}.nix)
|
||||
(config-path + /domain-config/${domain}.nix)
|
||||
(config-path + /site-config/${site}.nix)
|
||||
({ config, ... }: {
|
||||
build-timestamp = self.sourceInfo.lastModified;
|
||||
|
||||
pkgs-for = arch: import nixpkgs {
|
||||
system = arch;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [
|
||||
"openssh-with-gssapi-8.4p1"
|
||||
];
|
||||
};
|
||||
overlays = [
|
||||
fudo-pkgs.overlay
|
||||
(import ./lib/overlay.nix)
|
||||
];
|
||||
};
|
||||
in mapAttrs (hostname: hostOpts: let
|
||||
system = hostOpts.arch;
|
||||
site = hostOpts.site;
|
||||
domain = hostOpts.domain;
|
||||
profile = hostOpts.profile;
|
||||
in nixosSystem {
|
||||
inherit system;
|
||||
|
||||
modules = let
|
||||
config-path = ./config;
|
||||
in [
|
||||
fudo-home.nixosModule
|
||||
fudo-secrets.nixosModule
|
||||
|
||||
({ config, ... }: let
|
||||
network-hosts = config.fudo.networks.${domain}.hosts;
|
||||
host-filesystem-keys =
|
||||
config.fudo.secrets.files.host-filesystem-keys;
|
||||
in {
|
||||
imports = [
|
||||
./lib
|
||||
./config
|
||||
(config-path + /hardware/${hostname}.nix)
|
||||
(config-path + /host-config/${hostname}.nix)
|
||||
(config-path + /profile-config/${profile}.nix)
|
||||
(config-path + /domain-config/${domain}.nix)
|
||||
(config-path + /site-config/${site}.nix)
|
||||
];
|
||||
instance = {
|
||||
inherit hostname build-timestamp;
|
||||
build-seed = builtins.readFile
|
||||
config.fudo.secrets.files.build-seed;
|
||||
};
|
||||
|
||||
nixpkgs.pkgs = pkgs-for system;
|
||||
};
|
||||
})
|
||||
];
|
||||
}) fudo-nix-hosts;
|
||||
};
|
||||
# deployment = {
|
||||
# targetHost =
|
||||
# network-hosts.${hostname}.ipv4-address;
|
||||
|
||||
# keys = if (hasAttr hostname host-filesystem-keys) then
|
||||
# mapAttrs (secret: secret-file: {
|
||||
# keyFile = secret-file;
|
||||
# user = "root";
|
||||
# permissions = "0400";
|
||||
# }) host-filesystem-keys.${hostname}
|
||||
# else {};
|
||||
# };
|
||||
})
|
||||
];
|
||||
}) fudo-nix-hosts;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
{ lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
hostname-from-file = filename: builtins.replaceStrings [".nix"] [""] filename;
|
||||
|
||||
is-nix-file = filename: type: (builtins.match ".+\.nix$" filename) != null;
|
||||
is-regular-file = filename: type: type == "regular" || type == "link";
|
||||
|
||||
host-files = host-path:
|
||||
attrNames
|
||||
(filterAttrs is-nix-file
|
||||
(filterAttrs is-regular-file
|
||||
(builtins.readDir host-path)));
|
||||
|
||||
hosts = host-path:
|
||||
map hostname-from-file (host-files host-path);
|
||||
in {
|
||||
base-host-config = host-path: let
|
||||
load-host-file = hostname: import (host-path + "/${hostname}.nix");
|
||||
in genAttrs (hosts host-path) (hostname: load-host-file hostname);
|
||||
|
||||
host-list = host-path: hosts host-path;
|
||||
}
|
|
@ -0,0 +1,36 @@
|
|||
{ lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
head-or-null = lst: if (lst == []) then null else head lst;
|
||||
is-regular-file = filename: type: type == "regular" || type == "link";
|
||||
regular-files = path: filterAttrs is-regular-file (builtins.readDir path);
|
||||
matches-ext = ext: filename: type: (builtins.match ".+[.]${ext}$" filename) != null;
|
||||
is-nix-file = matches-ext "nix";
|
||||
strip-ext = ext: filename: head-or-null (builtins.match "(.+)[.]${ext}$" filename);
|
||||
get-ext = filename: head-or-null (builtins.match "^.+[.](.+)$" filename);
|
||||
hostname-from-file = filename: strip-ext "nix";
|
||||
nix-files = path:
|
||||
attrNames
|
||||
(filterAttrs is-nix-file
|
||||
(filterAttrs is-regular-file
|
||||
(builtins.readDir path)));
|
||||
|
||||
basename-to-file = path: let
|
||||
files = nix-files path;
|
||||
in listToAttrs
|
||||
(map (file:
|
||||
nameValuePair (strip-ext "nix" file)
|
||||
(path + "/${file}"))
|
||||
files);
|
||||
|
||||
basename-import = path:
|
||||
mapAttrs (attr: attr-file: import attr-file)
|
||||
(basename-to-file path);
|
||||
|
||||
in {
|
||||
|
||||
hosts = host-path: basename-import host-path;
|
||||
|
||||
networks = network-path: basename-import network-path;
|
||||
}
|
Loading…
Reference in New Issue