361 lines
11 KiB
Nix
361 lines
11 KiB
Nix
{
|
|
description = "Fudo Host Configuration";
|
|
|
|
inputs = {
|
|
nixpkgs.url =
|
|
"nixpkgs/nixos-23.11"; # "git+https://fudo.dev/nix/nixpkgs.git";
|
|
|
|
fudo-home = {
|
|
url = "git+https://fudo.dev/nix/home.git";
|
|
# url = "path:/state/fudo-home";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# This MUST be a clean git repo, because we use the timestamp.
|
|
fudo-entities.url = "git+https://fudo.dev/nix/entities.git";
|
|
|
|
fudo-lib.url = "git+https://fudo.dev/nix/lib.git";
|
|
|
|
fudo-pkgs.url = "git+https://fudo.dev/nix/pkgs.git";
|
|
|
|
fudo-secrets = {
|
|
url = "path:/secrets";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# chute = {
|
|
# url = "git+https://fudo.dev/chute/chute.git?ref=stable";
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
# };
|
|
|
|
# chuteUnstable = {
|
|
# url = "git+https://fudo.dev/chute/chute.git?ref=master";
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
# };
|
|
|
|
# pricebot = {
|
|
# url = "git+https://fudo.dev/public/pricebot.git";
|
|
# inputs.nixpkgs.follows = "nixpkgs";
|
|
# };
|
|
|
|
nixpkgsUnstable.url = "nixpkgs/nixos-unstable";
|
|
|
|
wallfly = {
|
|
url = "git+https://fudo.dev/public/wallfly.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
objectifier = {
|
|
url = "git+https://fudo.dev/public/objectifier.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nexus = {
|
|
url = "git+https://fudo.dev/public/nexus.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
suanni = {
|
|
url = "git+https://fudo.dev/public/suanni.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
snooper = {
|
|
url = "git+https://fudo.dev/public/snooper.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
tattler = {
|
|
url = "git+https://fudo.dev/public/tattler.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
mabel = {
|
|
url = "git+https://fudo.dev/public/mabel.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
arion = {
|
|
url = "github:hercules-ci/arion";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
lemmy-docker = {
|
|
url = "git+https://fudo.dev/public/lemmy-docker.git";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
arion.follows = "arion";
|
|
};
|
|
};
|
|
|
|
tesla-mate-container = {
|
|
url = "git+https://fudo.dev/public/tesla-mate-container.git";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
arion.follows = "arion";
|
|
};
|
|
};
|
|
|
|
mastodon-container = {
|
|
url = "git+https://fudo.dev/public/mastodon-container.git";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
arion.follows = "arion";
|
|
};
|
|
};
|
|
|
|
lemmy-container = {
|
|
url = "git+https://fudo.dev/public/lemmy-container.git";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
arion.follows = "arion";
|
|
};
|
|
};
|
|
|
|
authentik-container = {
|
|
url = "git+https://fudo.dev/nix/authentik-container.git";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
arion.follows = "arion";
|
|
};
|
|
};
|
|
|
|
nextcloud-container = {
|
|
url = "git+https://fudo.dev/public/nextcloud-container.git";
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs";
|
|
arion.follows = "arion";
|
|
};
|
|
};
|
|
|
|
matrix-module = {
|
|
url = "git+https://fudo.dev/public/matrix-module.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
mail-server = {
|
|
url = "git+https://fudo.dev/public/mail-server.git";
|
|
inputs = {
|
|
arion.follows = "arion";
|
|
nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
immich-container = {
|
|
url = "git+https://fudo.dev/public/immich-container.git";
|
|
inputs = {
|
|
arion.follows = "arion";
|
|
nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
immich-ml-container = {
|
|
url = "git+https://fudo.dev/public/immich-ml-container.git";
|
|
inputs = {
|
|
arion.follows = "arion";
|
|
nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
authoritative-dns = {
|
|
url = "git+https://fudo.dev/public/authoritative-dns.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
frigate-container = {
|
|
url = "git+https://fudo.dev/public/frigate-container.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
grafana-module = {
|
|
url = "git+https://fudo.dev/public/grafana-module.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
textfiles = {
|
|
url = "git+https://git.informis.land/informis/textfiles.git";
|
|
flake = false;
|
|
};
|
|
|
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
|
};
|
|
|
|
outputs = { self, nixpkgs, fudo-home, fudo-lib, fudo-entities, fudo-pkgs
|
|
, fudo-secrets, nixpkgsUnstable, wallfly, objectifier, nexus, suanni
|
|
, snooper, tattler, lemmy-docker, tesla-mate-container, mastodon-container
|
|
, authentik-container, nextcloud-container, textfiles, matrix-module
|
|
, mail-server, authoritative-dns, frigate-container, grafana-module
|
|
, lemmy-container, immich-container, immich-ml-container, mabel
|
|
, nixos-hardware, ... }@inputs:
|
|
with nixpkgs.lib;
|
|
let
|
|
fudo-nixos-hosts = filterAttrs (hostname: hostOpts: hostOpts.nixos-system)
|
|
fudo-entities.entities.hosts;
|
|
|
|
fudo-networks = fudo-entities.entities.networks;
|
|
|
|
unstable-for = arch:
|
|
import nixpkgsUnstable {
|
|
system = arch;
|
|
config.allowUnfree = true;
|
|
};
|
|
|
|
pkgs-for = arch:
|
|
let unstable = unstable-for arch;
|
|
in import nixpkgs {
|
|
system = arch;
|
|
config = {
|
|
allowUnfree = true;
|
|
permittedInsecurePackages = [
|
|
# Necessary for Kerberos
|
|
"openssl-1.1.1w"
|
|
"python3.10-requests-2.28.2"
|
|
"python3.10-cryptography-40.0.1"
|
|
"gitea-1.19.4"
|
|
];
|
|
};
|
|
overlays = [
|
|
fudo-lib.overlays.default
|
|
fudo-pkgs.overlays.default
|
|
fudo-secrets.overlays.default
|
|
fudo-entities.overlays.default
|
|
self.overlays.fudoHostConfig
|
|
(final: prev: {
|
|
chute = chute.packages.${arch}.chute;
|
|
chuteUnstable = chuteUnstable.packages.${arch}.chute;
|
|
})
|
|
(final: prev: {
|
|
pkgsUnstable = unstable;
|
|
inherit nixos-hardware;
|
|
})
|
|
(final: prev: {
|
|
signal-desktop = unstable.signal-desktop;
|
|
factorio-experimental = unstable.factorio-experimental;
|
|
factorio-headless-experimental =
|
|
unstable.factorio-headless-experimental;
|
|
})
|
|
(final: prev: { inherit textfiles; })
|
|
(final: prev: {
|
|
nvidia-container-toolkit = unstable.nvidia-container-toolkit;
|
|
})
|
|
];
|
|
};
|
|
|
|
latest-modified-timestamp = head (sort (a: b: a > b)
|
|
(map (input: toInt input.lastModifiedDate)
|
|
(filter (input: hasAttr "lastModifiedDate" input)
|
|
(attrValues inputs))));
|
|
|
|
concat-timestamp = timestamp: toInt (substring 0 10 (toString timestamp));
|
|
|
|
mkFudoHostConfig = hostname: hostOpts:
|
|
let
|
|
config-dir = ./config;
|
|
build-timestamp = concat-timestamp latest-modified-timestamp;
|
|
in { config, ... }: {
|
|
imports = [
|
|
fudo-home.nixosModules.default
|
|
fudo-secrets.nixosModules.default
|
|
fudo-lib.nixosModules.default
|
|
fudo-entities.nixosModule
|
|
# pricebot.nixosModules.default
|
|
wallfly.nixosModule
|
|
objectifier.nixosModules.default
|
|
suanni.nixosModules.default
|
|
snooper.nixosModules.default
|
|
tattler.nixosModules.default
|
|
lemmy-docker.nixosModules.default
|
|
tesla-mate-container.nixosModules.default
|
|
mastodon-container.nixosModules.default
|
|
authentik-container.nixosModules.default
|
|
nextcloud-container.nixosModules.default
|
|
matrix-module.nixosModules.default
|
|
mail-server.nixosModules.default
|
|
authoritative-dns.nixosModules.default
|
|
frigate-container.nixosModules.default
|
|
grafana-module.nixosModules.default
|
|
lemmy-container.nixosModules.default
|
|
immich-container.nixosModules.default
|
|
immich-ml-container.nixosModules.default
|
|
mabel.nixosModules.default
|
|
|
|
nexus.nixosModules.nexus-client
|
|
nexus.nixosModules.nexus-server
|
|
nexus.nixosModules.nexus-powerdns
|
|
|
|
./config
|
|
(config-dir + "/hardware/${hostname}.nix")
|
|
(config-dir + "/host-config/${hostname}.nix")
|
|
(config-dir + "/profile-config/${hostOpts.profile}.nix")
|
|
(config-dir + "/domain-config/${hostOpts.domain}.nix")
|
|
(config-dir + "/site-config/${hostOpts.site}.nix")
|
|
|
|
(import ./hardware-modules.nix nixos-hardware.nixosModules hostname)
|
|
];
|
|
|
|
config = let pkgs = pkgs-for hostOpts.arch;
|
|
in {
|
|
instance = let
|
|
build-seed =
|
|
builtins.readFile config.fudo.secrets.files.build-seed;
|
|
in { inherit hostname build-timestamp build-seed; };
|
|
|
|
environment.etc.nixos-live.source = ./.;
|
|
|
|
nix = {
|
|
registry = {
|
|
nixpkgs.flake = nixpkgs;
|
|
fudo-nixos.flake = self;
|
|
fudo-entities.flake = fudo-entities;
|
|
fudo-lib.flake = fudo-lib;
|
|
fudo-pkgs.flake = fudo-pkgs;
|
|
};
|
|
nixPath = let lib = nixpkgs.lib;
|
|
in lib.mkDefault (lib.mkBefore [ "nixpkgs=${nixpkgs}" ]);
|
|
};
|
|
|
|
nixpkgs.pkgs = pkgs;
|
|
};
|
|
};
|
|
|
|
mkFudoNixOsSystem = hostname: hostOpts:
|
|
let system = hostOpts.arch;
|
|
in nixosSystem {
|
|
inherit system;
|
|
modules = [ (mkFudoHostConfig hostname hostOpts) ];
|
|
};
|
|
|
|
mkFudoNixopsHostConfig = hostname: hostOpts:
|
|
let zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;
|
|
in {
|
|
imports = [
|
|
(mkFudoHostConfig hostname hostOpts)
|
|
|
|
(_: {
|
|
config.deployment.targetHost =
|
|
zone-hosts.${hostname}.ipv4-address;
|
|
})
|
|
];
|
|
};
|
|
|
|
in {
|
|
nixosConfigurations = mapAttrs mkFudoNixOsSystem fudo-nixos-hosts;
|
|
nixopsHostConfigurations =
|
|
mapAttrs mkFudoNixopsHostConfig fudo-nixos-hosts;
|
|
|
|
lib = {
|
|
inherit mkFudoHostConfig mkFudoNixOsSystem mkFudoNixopsHostConfig;
|
|
};
|
|
|
|
overlays = rec {
|
|
default = fudoHostConfig;
|
|
fudoHostConfig = (final: prev: {
|
|
lib = prev.lib // self.lib;
|
|
moduleRegistry = {
|
|
authoritativeDns = authoritative-dns.nixosModules.default;
|
|
};
|
|
});
|
|
};
|
|
};
|
|
}
|