sstent/vmimages
1
0
Fork 0
mirror of https://github.com/sstent/vmimages.git synced 2025-12-06 06:01:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync

Browse Source
This commit is contained in:
sstent
2023-02-22 14:16:04 -05:00
parent 8693b08c96
commit 29566256bb
6 changed files with 172 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
configurations.nix Normal file
View File

@@ -0,0 +1,44 @@
{ self
, nixpkgs
, sops-nix
, inputs
, nixos-hardware
, nix
#, cardano-db-sync
, ...
}:
let
nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
customModules = import ./modules;
baseModules = [
# make flake inputs accessiable in NixOS
{ _module.args.inputs = inputs; }
{
imports = [
({ pkgs, ... }: {
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
# TODO: remove when switching to 22.05
nix.package = nixpkgs.lib.mkForce nix.packages.x86_64-linux.nix;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
documentation.info.enable = false;
})
sops-nix.nixosModules.sops
];
}
];
defaultModules = baseModules ++ customModules;
in
{
nixos = nixosSystem {
system = "x86_64-linux";
modules = defaultModules ++ [
./hosts/wsl2
inputs.nixos-wsl.nixosModules.wsl
];
};
}

25
deploy.nix Normal file
View File

@@ -0,0 +1,25 @@
{ self
, deploy
, ...
}:
let
mkNode = server: ip: fast: {
hostname = "${ip}:22";
fastConnection = fast;
profiles.system.path =
deploy.lib.x86_64-linux.activate.nixos
self.nixosConfigurations."${server}";
};
in
{
user = "root";
sshUser = "root";
nodes = {
optina = mkNode "optina" "10.40.33.20" true;
portal = mkNode "portal" "10.40.33.1" true;
sarov = mkNode "sarov" "10.40.33.183" true;
valaam = mkNode "valaam" "10.40.33.21" true;
prod01 = mkNode "prod01" "45.76.4.212" false;
prod03 = mkNode "prod03" "45.63.23.13" false;
};
}

68
flake.lock generated
View File

@@ -99,11 +99,11 @@
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
@@ -114,11 +114,11 @@
},
"flake-utils_2": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@@ -187,7 +187,7 @@
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
@@ -222,47 +222,67 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1672580127,
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
"lastModified": 1676771332,
"narHash": "sha256-YYn2K0AwyIyCzvP7C+xzEt64rlCRPyrllRPGNNu+50M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0874168639713f547c05947c76124f78441ea46c",
"rev": "f27a4e2f6a3a23b843ca1c736e6043fb8b99acc1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.05",
"ref": "release-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"npiperelay": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2"
},
"nixpkgs_2": {
"locked": {
"lastModified": 1,
"narHash": "sha256-jYKyhSKWW8XZHwETg4ix7lGrfQdcd3bwNWq9Jdn0WtU=",
"path": "./pkgs/npiperelay",
"type": "path"
"lastModified": 1676549890,
"narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
"type": "github"
},
"original": {
"path": "./pkgs/npiperelay",
"type": "path"
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"nixos-generators": "nixos-generators",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs",
"npiperelay": "npiperelay"
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1676959847,
"narHash": "sha256-KZS6sIsMXiNyN7jW45MrEo95iEXj6nMLKvxgxO181no=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2c5828439d718a6cddd9a511997d9ac7626a4aff",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"utils": {

114
flake.nix
View File

@@ -2,110 +2,16 @@
description = "NixOS configuration";
inputs = {
# Main nixpkgs channel
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# Import home-manager modules
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# Import deploy-rs for deployments
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs = "github:NixOS/nixpkgs/nixos-unstable"; # Main nixpkgs channel
home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs";};
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs";}; # Import deploy-rs for deployments
#nixos-hardware.url = "github:NixOS/nixos-hardware"; # Import nixos hardware quirks settings
nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs";}; #import nixos-generators for building images
nixos-wsl.url = {url = "github:nix-community/NixOS-WSL"; inputs.nixpkgs.follows = "nixpkgs";};
sops-nix.url = github:Mic92/sops-nix;
flake-utils.url = "github:numtide/flake-utils";
# Import nixos hardware quirks settings
#nixos-hardware.url = "github:NixOS/nixos-hardware";
#ssssh secret!! Agenix install
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
#import nixos-generators for building images
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
#nixos-wsl
nixos-wsl.url = github:nix-community/NixOS-WSL;
nixos-wsl.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.url = github:Mic92/sops-nix;
};
outputs = inputs@{ self, nixpkgs, nixos-generators, deploy-rs
, ... }:
let
system = "x86_64-linux";
myData = import ./data.nix;
# overlays = [ (final: prev: { npiperelay = npiperelay.defaultPackage.x86_64-linux; }) ];
in {
nixosConfigurations = {
HyperV = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
# specialArgs = { inherit inputs; }; # Pass flake inputs to our config
modules = [
./hosts/HyperV/configuration.nix
./modules
# Add agenix for secret management.
#inputs.agenix.nixosModules.age
# {
# environment.systemPackages = [agenix.defaultPackage.${system}];
# }
];
specialArgs = {
inherit inputs myData;
};
};
nixos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
# specialArgs = { inherit inputs; }; # Pass flake inputs to our config
modules = [
./hosts/wsl2
./modules
inputs.nixos-wsl.nixosModules.wsl
inputs.agenix.nixosModules.age
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
# inputs.agenix.nixosModules.age
# Add agenix for secret management.
# agenix.nixosModules.age
# {
# environment.systemPackages = [agenix.defaultPackage.${system}];
# }
];
specialArgs = {
inherit inputs myData;
};
};
};
packages.x86_64-linux = {
HV = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./hosts/HyperV/configuration.nix
./hosts/HyperV/hyperv.nix
./modules
];
format = "hyperv";
};
};
deploy.nodes.HyperV = {
sshUser = "sstent";
user = "root";
hostname = "192.168.1.230";
remoteBuild = true;
magicRollback = false;
profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.HyperV;
};
};
}
outputs = { ... } @ args: import ./outputs.nix args;
}

27
outputs.nix Normal file
View File

@@ -0,0 +1,27 @@
{ self
, flake-utils
, nixpkgs
, sops-nix
, deploy
, ...
} @ inputs:
(flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages."${system}";
in
{
devShell = pkgs.callPackage ./shell.nix {
inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
inherit (deploy.packages."${pkgs.system}") deploy-rs;
};
})) // {
nixosConfigurations = import ./configurations.nix (inputs // {
inherit inputs;
});
deploy = import ./deploy.nix (inputs // {
inherit inputs;
});
hydraJobs = nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations;
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy.lib;
}

22
shell.nix Normal file
View File

@@ -0,0 +1,22 @@
{ mkShell
, sops-import-keys-hook
, ssh-to-pgp
, sops-init-gpg-key
, sops
, deploy-rs
, nixpkgs-fmt
, python3
}:
mkShell {
sopsPGPKeyDirs = [ "./nixos/secrets/keys" ];
nativeBuildInputs = [
python3.pkgs.invoke
ssh-to-pgp
sops-import-keys-hook
sops-init-gpg-key
sops
deploy-rs
nixpkgs-fmt
];
}