nixos-servers/flake.nix

{
  description = "NixOS definitions for our physical servers";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    dns = {
      url = "github:kirelagin/dns.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    microvm = {
      url = "github:astro/microvm.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, nixos-hardware, ... }:
    let
      controllerArch = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${controllerArch};
      lib = pkgs.lib;
      pkgs-unstable = nixpkgs-unstable.legacyPackages.${controllerArch};
      machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;
      physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines;
      mkNixosSystems = systemDef:
        builtins.mapAttrs
          (name: machine:
            nixpkgs.lib.nixosSystem (systemDef name machine)
          )
          physicalMachines;
      mkDeployNodes = nodeDef:
        builtins.mapAttrs
          (name: machine: nodeDef name machine)
          physicalMachines;
    in
    {
      devShells.${controllerArch}.default = pkgs.mkShell {
        packages = with pkgs; [
          libsecret
          # TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.
          # Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242
          # Should wait until this is merged in nixos-unstable.
          # pkgs-unstable.nixos-anywhere
          pkgs-unstable.deploy-rs
          openssl
          postgresql_15
          opentofu
          cdrtools
          kubectl
          ansible
        ];
      };

      formatter.${controllerArch} = pkgs.nixfmt;

      nixosConfigurations = mkNixosSystems (name: machine: {
        system = machine.arch;

        specialArgs = { inherit machines machine dns microvm disko agenix nixos-hardware; };
        modules = [
          ./nixos
          { networking.hostName = name; }
        ];
      });

      deploy = {
        sshUser = "root";
        user = "root";

        nodes = mkDeployNodes (name: machine: {
          hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
          profiles.system = {
            remoteBuild = machine.arch != controllerArch;
            path = deploy-rs.lib."${machine.arch}".activate.nixos
              self.nixosConfigurations.${name};
          };
        });
      };

      # Deploy-rs' flake checks seem broken for architectures different from the deployment machine.
      # We skip these here.
      checks = builtins.mapAttrs
        (system: deployLib:
          deployLib.deployChecks (self.deploy // {
            nodes = (lib.attrsets.filterAttrs
              (name: node:
                machines.${name}.arch == controllerArch
              )
              self.deploy.nodes);
          })
        )
        deploy-rs.lib;
    };
}
init 2023-11-05 17:43:32 +00:00			`{`
			`description = "NixOS definitions for our physical servers";`

			`inputs = {`
update to nixos 23.11 enable static IP for terraformed VMs restructure legacy code move hermes code to this repo don't use data disk for hermes leases 2023-12-17 15:22:22 +00:00			`nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`deploy-rs.url = "github:serokell/deploy-rs";`
deploy-rs works for raspberrypi 2024-02-27 19:14:53 +00:00			`nixos-hardware.url = "github:NixOS/nixos-hardware/master";`
enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`disko = {`
			`url = "github:nix-community/disko";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`agenix = {`
			`url = "github:ryantm/agenix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
use dns.nix voor zone file generation 2024-01-07 19:24:12 +00:00
			`dns = {`
			`url = "github:kirelagin/dns.nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
copy microvm config 2024-01-17 20:28:15 +00:00
			`microvm = {`
			`url = "github:astro/microvm.nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
init 2023-11-05 17:43:32 +00:00			`};`

enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00			`outputs =`
deploy-rs works for raspberrypi 2024-02-27 19:14:53 +00:00			`{ self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, nixos-hardware, ... }:`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`let`
skip deploy-rs flake check for architecture different from the deployment machine 2024-02-28 20:39:23 +00:00			`controllerArch = "x86_64-linux";`
			`pkgs = nixpkgs.legacyPackages.${controllerArch};`
add flake app to reboot vms on servers 2024-01-23 20:36:29 +00:00			`lib = pkgs.lib;`
skip deploy-rs flake check for architecture different from the deployment machine 2024-02-28 20:39:23 +00:00			`pkgs-unstable = nixpkgs-unstable.legacyPackages.${controllerArch};`
create module system for machines 2024-02-28 23:28:38 +00:00			`machines = (lib.modules.evalModules { modules = [ (import ./nixos/machines) ]; }).config.machines;`
integrate VM definitions 2024-01-28 10:48:13 +00:00			`physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines;`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`mkNixosSystems = systemDef:`
simplify flake functions 2024-01-28 12:57:36 +00:00			`builtins.mapAttrs`
			`(name: machine:`
			`nixpkgs.lib.nixosSystem (systemDef name machine)`
			`)`
integrate VM definitions 2024-01-28 10:48:13 +00:00			`physicalMachines;`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`mkDeployNodes = nodeDef:`
simplify flake functions 2024-01-28 12:57:36 +00:00			`builtins.mapAttrs`
			`(name: machine: nodeDef name machine)`
integrate VM definitions 2024-01-28 10:48:13 +00:00			`physicalMachines;`
parameterize fqdn for k3s SAN 2023-12-15 14:11:14 +00:00			`in`
			`{`
skip deploy-rs flake check for architecture different from the deployment machine 2024-02-28 20:39:23 +00:00			`devShells.${controllerArch}.default = pkgs.mkShell {`
update to nixos 23.11 enable static IP for terraformed VMs restructure legacy code move hermes code to this repo don't use data disk for hermes leases 2023-12-17 15:22:22 +00:00			`packages = with pkgs; [`
			`libsecret`
switch to flake version of nixos-anywhere due to nixos-unstable issue 2023-11-15 12:37:13 +00:00			`# TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.`
			`# Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242`
			`# Should wait until this is merged in nixos-unstable.`
			`# pkgs-unstable.nixos-anywhere`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`pkgs-unstable.deploy-rs`
update to nixos 23.11 enable static IP for terraformed VMs restructure legacy code move hermes code to this repo don't use data disk for hermes leases 2023-12-17 15:22:22 +00:00			`openssl`
			`postgresql_15`
			`opentofu`
			`cdrtools`
			`kubectl`
			`ansible`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`];`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`};`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
skip deploy-rs flake check for architecture different from the deployment machine 2024-02-28 20:39:23 +00:00			`formatter.${controllerArch} = pkgs.nixfmt;`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
set hostName and domain in nixos config directly 2024-01-28 11:55:58 +00:00			`nixosConfigurations = mkNixosSystems (name: machine: {`
WIP raspberry pi support 2024-02-26 22:08:12 +00:00			`system = machine.arch;`

deploy-rs works for raspberrypi 2024-02-27 19:14:53 +00:00			`specialArgs = { inherit machines machine dns microvm disko agenix nixos-hardware; };`
automatically set host name 2024-01-28 13:08:28 +00:00			`modules = [`
			`./nixos`
			`{ networking.hostName = name; }`
			`];`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`});`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
			`deploy = {`
			`sshUser = "root";`
			`user = "root";`

set hostName and domain in nixos config directly 2024-01-28 11:55:58 +00:00			`nodes = mkDeployNodes (name: machine: {`
			`hostname = self.nixosConfigurations.${name}.config.networking.fqdn;`
fix reboot reverting to old generation 2024-01-16 20:47:41 +00:00			`profiles.system = {`
skip deploy-rs flake check for architecture different from the deployment machine 2024-02-28 20:39:23 +00:00			`remoteBuild = machine.arch != controllerArch;`
integrate settings raspberry pi 2024-02-27 22:28:52 +00:00			`path = deploy-rs.lib."${machine.arch}".activate.nixos`
set hostName and domain in nixos config directly 2024-01-28 11:55:58 +00:00			`self.nixosConfigurations.${name};`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`};`
			`});`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`};`

skip deploy-rs flake check for architecture different from the deployment machine 2024-02-28 20:39:23 +00:00			`# Deploy-rs' flake checks seem broken for architectures different from the deployment machine.`
			`# We skip these here.`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`checks = builtins.mapAttrs`
skip deploy-rs flake check for architecture different from the deployment machine 2024-02-28 20:39:23 +00:00			`(system: deployLib:`
			`deployLib.deployChecks (self.deploy // {`
			`nodes = (lib.attrsets.filterAttrs`
			`(name: node:`
			`machines.${name}.arch == controllerArch`
			`)`
			`self.deploy.nodes);`
			`})`
			`)`
parameterize fqdn for k3s SAN 2023-12-15 14:11:14 +00:00			`deploy-rs.lib;`
init 2023-11-05 17:43:32 +00:00			`};`
			`}`