nixos-servers/flake.nix

{
  description = "NixOS definitions for our physical servers";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";

    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    dns = {
      url = "github:kirelagin/dns.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    microvm = {
      url = "github:astro/microvm.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, ... }:
    let
      pkgs = nixpkgs.legacyPackages."x86_64-linux";
      lib = pkgs.lib;
      pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
      machines = import ./nixos/machines;
      physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines;
      mkNixosSystems = systemDef:
        builtins.mapAttrs
          (name: machine:
            nixpkgs.lib.nixosSystem (systemDef name machine)
          )
          physicalMachines;
      mkDeployNodes = nodeDef:
        builtins.mapAttrs
          (name: machine: nodeDef name machine)
          physicalMachines;
    in
    {
      devShells."x86_64-linux".default = pkgs.mkShell {
        packages = with pkgs; [
          libsecret
          # TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.
          # Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242
          # Should wait until this is merged in nixos-unstable.
          # pkgs-unstable.nixos-anywhere
          pkgs-unstable.deploy-rs
          openssl
          postgresql_15
          opentofu
          cdrtools
          kubectl
          ansible
        ];
      };

      formatter."x86_64-linux" = pkgs.nixfmt;

      nixosConfigurations = mkNixosSystems (name: machine: {
        system = machine.arch;

        specialArgs = { inherit machines machine dns microvm disko agenix; };
        modules = [
          ./nixos
          { networking.hostName = name; }
        ];
      });

      deploy = {
        sshUser = "root";
        user = "root";

        nodes = mkDeployNodes (name: machine: {
          hostname = self.nixosConfigurations.${name}.config.networking.fqdn;
          profiles.system = {
            remoteBuild = true;
            path = deploy-rs.lib."aarch64-linux".activate.nixos
              self.nixosConfigurations.${name};
          };
        });
      };

      checks = builtins.mapAttrs
        (system: deployLib: deployLib.deployChecks self.deploy)
        deploy-rs.lib;
    };
}
init 2023-11-05 17:43:32 +00:00			`{`
			`description = "NixOS definitions for our physical servers";`

			`inputs = {`
update to nixos 23.11 enable static IP for terraformed VMs restructure legacy code move hermes code to this repo don't use data disk for hermes leases 2023-12-17 15:22:22 +00:00			`nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`deploy-rs.url = "github:serokell/deploy-rs";`
enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`disko = {`
			`url = "github:nix-community/disko";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`agenix = {`
			`url = "github:ryantm/agenix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
use dns.nix voor zone file generation 2024-01-07 19:24:12 +00:00
			`dns = {`
			`url = "github:kirelagin/dns.nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
copy microvm config 2024-01-17 20:28:15 +00:00
			`microvm = {`
			`url = "github:astro/microvm.nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
init 2023-11-05 17:43:32 +00:00			`};`

enable k3s cluster add simple kubenix script 2023-11-29 09:02:50 +00:00			`outputs =`
remove kubenix 2024-02-11 13:56:20 +00:00			`{ self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, dns, microvm, ... }:`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`let`
WIP raspberry pi support 2024-02-26 22:08:12 +00:00			`pkgs = nixpkgs.legacyPackages."x86_64-linux";`
add flake app to reboot vms on servers 2024-01-23 20:36:29 +00:00			`lib = pkgs.lib;`
WIP raspberry pi support 2024-02-26 22:08:12 +00:00			`pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";`
create shared entrypoint nixos config for physical and vm 2024-01-28 11:30:13 +00:00			`machines = import ./nixos/machines;`
integrate VM definitions 2024-01-28 10:48:13 +00:00			`physicalMachines = lib.filterAttrs (n: v: v.type == "physical") machines;`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`mkNixosSystems = systemDef:`
simplify flake functions 2024-01-28 12:57:36 +00:00			`builtins.mapAttrs`
			`(name: machine:`
			`nixpkgs.lib.nixosSystem (systemDef name machine)`
			`)`
integrate VM definitions 2024-01-28 10:48:13 +00:00			`physicalMachines;`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`mkDeployNodes = nodeDef:`
simplify flake functions 2024-01-28 12:57:36 +00:00			`builtins.mapAttrs`
			`(name: machine: nodeDef name machine)`
integrate VM definitions 2024-01-28 10:48:13 +00:00			`physicalMachines;`
parameterize fqdn for k3s SAN 2023-12-15 14:11:14 +00:00			`in`
			`{`
WIP raspberry pi support 2024-02-26 22:08:12 +00:00			`devShells."x86_64-linux".default = pkgs.mkShell {`
update to nixos 23.11 enable static IP for terraformed VMs restructure legacy code move hermes code to this repo don't use data disk for hermes leases 2023-12-17 15:22:22 +00:00			`packages = with pkgs; [`
			`libsecret`
switch to flake version of nixos-anywhere due to nixos-unstable issue 2023-11-15 12:37:13 +00:00			`# TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.`
			`# Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242`
			`# Should wait until this is merged in nixos-unstable.`
			`# pkgs-unstable.nixos-anywhere`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`pkgs-unstable.deploy-rs`
update to nixos 23.11 enable static IP for terraformed VMs restructure legacy code move hermes code to this repo don't use data disk for hermes leases 2023-12-17 15:22:22 +00:00			`openssl`
			`postgresql_15`
			`opentofu`
			`cdrtools`
			`kubectl`
			`ansible`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`];`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`};`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
WIP raspberry pi support 2024-02-26 22:08:12 +00:00			`formatter."x86_64-linux" = pkgs.nixfmt;`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
set hostName and domain in nixos config directly 2024-01-28 11:55:58 +00:00			`nixosConfigurations = mkNixosSystems (name: machine: {`
WIP raspberry pi support 2024-02-26 22:08:12 +00:00			`system = machine.arch;`

remove kubenix 2024-02-11 13:56:20 +00:00			`specialArgs = { inherit machines machine dns microvm disko agenix; };`
automatically set host name 2024-01-28 13:08:28 +00:00			`modules = [`
			`./nixos`
			`{ networking.hostName = name; }`
			`];`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`});`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
			`deploy = {`
			`sshUser = "root";`
			`user = "root";`

set hostName and domain in nixos config directly 2024-01-28 11:55:58 +00:00			`nodes = mkDeployNodes (name: machine: {`
			`hostname = self.nixosConfigurations.${name}.config.networking.fqdn;`
fix reboot reverting to old generation 2024-01-16 20:47:41 +00:00			`profiles.system = {`
WIP raspberry pi support 2024-02-26 22:08:12 +00:00			`remoteBuild = true;`
			`path = deploy-rs.lib."aarch64-linux".activate.nixos`
set hostName and domain in nixos config directly 2024-01-28 11:55:58 +00:00			`self.nixosConfigurations.${name};`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`};`
			`});`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`};`

			`checks = builtins.mapAttrs`
parameterize fqdn for k3s SAN 2023-12-15 14:11:14 +00:00			`(system: deployLib: deployLib.deployChecks self.deploy)`
			`deploy-rs.lib;`
init 2023-11-05 17:43:32 +00:00			`};`
			`}`