nixos-servers/flake.nix

{
  description = "NixOS definitions for our physical servers";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";
    kubenix = {
      url = "github:hall/kubenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, kubenix, ... }:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
      pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
      machines = import ./machines;
      # TODO: Maybe use mergeAttrLists
      mkNixosSystems = systemDef:
        nixpkgs.lib.foldlAttrs
          (acc: name: machine:
            acc // {
              "${name}" = nixpkgs.lib.nixosSystem (systemDef machine);
            })
          { }
          machines;
      mkDeployNodes = nodeDef:
        nixpkgs.lib.foldlAttrs
          (acc: name: machine: acc // { "${name}" = nodeDef machine; })
          { }
          machines;
    in
    {
      devShells.${system}.default = pkgs.mkShell {
        packages = [
          pkgs.libsecret
          # TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.
          # Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242
          # Should wait until this is merged in nixos-unstable.
          # pkgs-unstable.nixos-anywhere
          pkgs-unstable.deploy-rs
          pkgs.openssl
          pkgs.postgresql_15
          pkgs-unstable.opentofu
          pkgs.cdrtools
          pkgs.kubectl
        ];
      };

      formatter.${system} = pkgs.nixfmt;

      nixosConfigurations = mkNixosSystems (machine: {
        inherit system;
        specialArgs = { inherit kubenix; };
        modules = [
          machine.nixosModule
          disko.nixosModules.disko
          agenix.nixosModules.default
          ./configuration.nix
          { networking.hostName = machine.name; }
        ];
      });

      deploy = {
        sshUser = "root";
        user = "root";

        nodes = mkDeployNodes (machine: {
          hostname = machine.hostname;
          profiles.hypervisor = {
            path = deploy-rs.lib.${system}.activate.nixos
              self.nixosConfigurations.${machine.name};
          };
        });
      };

      checks = builtins.mapAttrs
        (system: deployLib: deployLib.deployChecks self.deploy)
        deploy-rs.lib;
    };
}
init 2023-11-05 17:43:32 +00:00			`{`
			`description = "NixOS definitions for our physical servers";`

			`inputs = {`
			`nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`deploy-rs.url = "github:serokell/deploy-rs";`
use kubenix to generate bootstrap k8s manifests enable experimental features 2023-12-16 14:45:17 +00:00			`kubenix = {`
			`url = "github:hall/kubenix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`disko = {`
			`url = "github:nix-community/disko";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`agenix = {`
			`url = "github:ryantm/agenix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
init 2023-11-05 17:43:32 +00:00			`};`

enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00			`outputs =`
use kubenix to generate bootstrap k8s manifests enable experimental features 2023-12-16 14:45:17 +00:00			`{ self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, kubenix, ... }:`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`let`
			`system = "x86_64-linux";`
			`pkgs = nixpkgs.legacyPackages.${system};`
			`pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`machines = import ./machines;`
change k3s data dir to external disk add additional SAN to k3s certificates update README with k8s certificate instructions open port for kubectl 2023-12-14 20:42:58 +00:00			`# TODO: Maybe use mergeAttrLists`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`mkNixosSystems = systemDef:`
parameterize fqdn for k3s SAN 2023-12-15 14:11:14 +00:00			`nixpkgs.lib.foldlAttrs`
			`(acc: name: machine:`
			`acc // {`
			`"${name}" = nixpkgs.lib.nixosSystem (systemDef machine);`
			`})`
			`{ }`
			`machines;`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`mkDeployNodes = nodeDef:`
			`nixpkgs.lib.foldlAttrs`
parameterize fqdn for k3s SAN 2023-12-15 14:11:14 +00:00			`(acc: name: machine: acc // { "${name}" = nodeDef machine; })`
			`{ }`
			`machines;`
			`in`
			`{`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`devShells.${system}.default = pkgs.mkShell {`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`packages = [`
			`pkgs.libsecret`
switch to flake version of nixos-anywhere due to nixos-unstable issue 2023-11-15 12:37:13 +00:00			`# TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.`
			`# Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242`
			`# Should wait until this is merged in nixos-unstable.`
			`# pkgs-unstable.nixos-anywhere`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`pkgs-unstable.deploy-rs`
enable client certificate checking 2023-11-25 12:41:49 +00:00			`pkgs.openssl`
			`pkgs.postgresql_15`
WIP: nixos-anywhere for virtual machines 2023-11-25 20:00:21 +00:00			`pkgs-unstable.opentofu`
			`pkgs.cdrtools`
change k3s data dir to external disk add additional SAN to k3s certificates update README with k8s certificate instructions open port for kubectl 2023-12-14 20:42:58 +00:00			`pkgs.kubectl`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`];`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`};`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
fix formatter error 2023-11-15 12:10:27 +00:00			`formatter.${system} = pkgs.nixfmt;`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`nixosConfigurations = mkNixosSystems (machine: {`
			`inherit system;`
use kubenix to generate bootstrap k8s manifests enable experimental features 2023-12-16 14:45:17 +00:00			`specialArgs = { inherit kubenix; };`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`modules = [`
create module for disk configuration 2023-12-16 22:47:18 +00:00			`machine.nixosModule`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`disko.nixosModules.disko`
			`agenix.nixosModules.default`
			`./configuration.nix`
merge normal and hardware configuration 2023-11-22 17:54:05 +00:00			`{ networking.hostName = machine.name; }`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`];`
			`});`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
			`deploy = {`
			`sshUser = "root";`
			`user = "root";`

create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`nodes = mkDeployNodes (machine: {`
			`hostname = machine.hostname;`
			`profiles.hypervisor = {`
			`path = deploy-rs.lib.${system}.activate.nixos`
			`self.nixosConfigurations.${machine.name};`
			`};`
			`});`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`};`

			`checks = builtins.mapAttrs`
parameterize fqdn for k3s SAN 2023-12-15 14:11:14 +00:00			`(system: deployLib: deployLib.deployChecks self.deploy)`
			`deploy-rs.lib;`
init 2023-11-05 17:43:32 +00:00			`};`
			`}`