NixOS/flake.nix

152 lines
4.3 KiB
Nix

{
description = "Price Hiller's flake for managing system configurations";
inputs = {
nix.url = "github:nixos/nix";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
deploy-rs.url = "github:serokell/deploy-rs";
impermanence = { url = "github:nix-community/impermanence"; };
agenix = {
url = "github:yaxitech/ragenix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
# For the nixd language server
flake-compat = {
url = "github:inclyc/flake-compat";
flake = false;
};
blog = {
url = "git+https://git.orion-technologies.io/blog/blog";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs@{ self, nixpkgs, deploy-rs, impermanence, agenix, disko
, flake-utils, blog, ... }:
let
lib = (import ./lib { lib = nixpkgs.lib; }) // nixpkgs.lib;
persist-dir = "/persist";
defaults = {
config = {
environment.etc.machine-id.source =
"${persist-dir}/ephemeral/etc/machine-id";
environment.persistence.save = {
hideMounts = true;
persistentStoragePath = "${persist-dir}/save";
};
environment.persistence.ephemeral = {
persistentStoragePath = "${persist-dir}/ephemeral";
hideMounts = true;
directories = [ "/var/lib" "/etc/nixos" ];
};
};
};
in {
nixosConfigurations = {
orion = let hostname = "orion";
in nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit self;
inherit inputs;
inherit hostname;
inherit lib;
inherit persist-dir;
root-disk = "/dev/vda";
};
modules = [
defaults
impermanence.nixosModules.impermanence
agenix.nixosModules.default
disko.nixosModules.disko
{
config = (import "${self}/secrets" {
agenix = false;
inherit lib;
}).${hostname};
}
./hosts/${hostname}
];
};
luna = let hostname = "luna";
in nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit self;
inherit blog;
inherit flake-utils;
inherit inputs;
inherit hostname;
inherit nixpkgs;
inherit lib;
inherit persist-dir;
root-disk = "/dev/nvme0n1";
fqdn = "orion-technologies.io";
};
modules = [
defaults
impermanence.nixosModules.impermanence
agenix.nixosModules.default
disko.nixosModules.disko
{
config = (import "${self}/secrets" {
agenix = false;
inherit lib;
}).${hostname};
}
./hosts/${hostname}
];
};
};
deploy.nodes = {
orion = {
hostname = "boot";
fastConnection = true;
profiles.system = {
sshUser = "price";
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.orion;
};
};
luna = {
hostname = "luna.hosts.orion-technologies.io";
fastConnection = true;
profiles.system = {
sshUser = "price";
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.luna;
};
};
};
} // flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [ agenix.overlays.default ];
};
in {
devShells.default = pkgs.mkShell {
packages = with pkgs; [
age
age-plugin-yubikey
pkgs.agenix
nixos-rebuild
pkgs.deploy-rs
];
shellHook = ''
export RULES="$PWD/secrets/secrets.nix"
nix eval --json --file ./.nixd.nix > .nixd.json
'';
};
});
}