146 lines
4.1 KiB
Nix
146 lines
4.1 KiB
Nix
{
|
|
description = "Price Hiller's flake for managing system configurations";
|
|
|
|
inputs = {
|
|
nix.url = "github:nixos/nix";
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
flake-utils.url = "github:numtide/flake-utils";
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
|
impermanence = { url = "github:nix-community/impermanence"; };
|
|
agenix = {
|
|
url = "github:yaxitech/ragenix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
disko = {
|
|
url = "github:nix-community/disko";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
blog = {
|
|
url = "git+https://git.orion-technologies.io/blog/blog";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs = inputs@{ self, nixpkgs, deploy-rs, impermanence, agenix, disko
|
|
, flake-utils, blog, ... }:
|
|
let
|
|
lib = (import ./lib { lib = nixpkgs.lib; }) // nixpkgs.lib;
|
|
persist-dir = "/persist";
|
|
defaults = {
|
|
config = {
|
|
environment.etc.machine-id.source =
|
|
"${persist-dir}/ephemeral/etc/machine-id";
|
|
environment.persistence.save = {
|
|
hideMounts = true;
|
|
persistentStoragePath = "${persist-dir}/save";
|
|
};
|
|
environment.persistence.ephemeral = {
|
|
persistentStoragePath = "${persist-dir}/ephemeral";
|
|
hideMounts = true;
|
|
directories = [ "/var/lib" "/etc/nixos" ];
|
|
};
|
|
};
|
|
};
|
|
in {
|
|
nixosConfigurations = {
|
|
orion = let hostname = "orion";
|
|
in nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
specialArgs = {
|
|
inherit self;
|
|
inherit inputs;
|
|
inherit hostname;
|
|
inherit lib;
|
|
inherit persist-dir;
|
|
root-disk = "/dev/vda";
|
|
};
|
|
modules = [
|
|
defaults
|
|
impermanence.nixosModules.impermanence
|
|
agenix.nixosModules.default
|
|
disko.nixosModules.disko
|
|
{
|
|
config = (import "${self}/secrets" {
|
|
agenix = false;
|
|
inherit lib;
|
|
}).${hostname};
|
|
}
|
|
./hosts/${hostname}
|
|
];
|
|
};
|
|
luna = let hostname = "luna";
|
|
in nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
specialArgs = {
|
|
inherit self;
|
|
inherit blog;
|
|
inherit flake-utils;
|
|
inherit inputs;
|
|
inherit hostname;
|
|
inherit nixpkgs;
|
|
inherit lib;
|
|
inherit persist-dir;
|
|
root-disk = "/dev/nvme0n1";
|
|
fqdn = "orion-technologies.io";
|
|
};
|
|
modules = [
|
|
defaults
|
|
impermanence.nixosModules.impermanence
|
|
agenix.nixosModules.default
|
|
disko.nixosModules.disko
|
|
{
|
|
config = (import "${self}/secrets" {
|
|
agenix = false;
|
|
inherit lib;
|
|
}).${hostname};
|
|
}
|
|
./hosts/${hostname}
|
|
];
|
|
};
|
|
};
|
|
|
|
deploy.nodes = {
|
|
orion = {
|
|
hostname = "boot";
|
|
fastConnection = true;
|
|
profiles.system = {
|
|
sshUser = "price";
|
|
user = "root";
|
|
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
self.nixosConfigurations.orion;
|
|
};
|
|
};
|
|
luna = {
|
|
hostname = "luna.hosts.orion-technologies.io";
|
|
fastConnection = true;
|
|
profiles.system = {
|
|
sshUser = "price";
|
|
user = "root";
|
|
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
|
self.nixosConfigurations.luna;
|
|
};
|
|
};
|
|
};
|
|
|
|
} // flake-utils.lib.eachDefaultSystem (system:
|
|
let
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
overlays = [ agenix.overlays.default ];
|
|
};
|
|
in {
|
|
devShells.default = pkgs.mkShell {
|
|
packages = with pkgs; [
|
|
age
|
|
age-plugin-yubikey
|
|
pkgs.agenix
|
|
nixos-rebuild
|
|
pkgs.deploy-rs
|
|
];
|
|
shellHook = ''
|
|
export RULES="$PWD/secrets/secrets.nix"
|
|
'';
|
|
};
|
|
});
|
|
}
|