nixos-servers/flake.nix

{
  description = "NixOS definitions for our physical servers";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, ... }:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
      pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
      machines = import ./machines;
      mkNixosSystems = systemDef:
        nixpkgs.lib.foldlAttrs (acc: name: machine:
          acc // {
            "${name}" = nixpkgs.lib.nixosSystem (systemDef machine);
          }) { } machines;
      mkDeployNodes = nodeDef:
        nixpkgs.lib.foldlAttrs
        (acc: name: machine: acc // { "${name}" = nodeDef machine; }) { }
        machines;
    in {
      devShells.${system}.default = pkgs.mkShell {
        packages = [
          pkgs.libsecret
          # TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.
          # Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242
          # Should wait until this is merged in nixos-unstable.
          # pkgs-unstable.nixos-anywhere
          pkgs-unstable.deploy-rs
          pkgs.openssl
          pkgs.postgresql_15
          pkgs-unstable.opentofu
          pkgs.cdrtools
        ];
      };

      formatter.${system} = pkgs.nixfmt;

      nixosConfigurations = mkNixosSystems (machine: {
        inherit system;
        modules = [
          machine.specificConfig
          disko.nixosModules.disko
          agenix.nixosModules.default
          ./configuration.nix
          { networking.hostName = machine.name; }
        ];
      });

      deploy = {
        sshUser = "root";
        user = "root";

        nodes = mkDeployNodes (machine: {
          hostname = machine.hostname;
          profiles.hypervisor = {
            path = deploy-rs.lib.${system}.activate.nixos
              self.nixosConfigurations.${machine.name};
          };
        });
      };

      checks = builtins.mapAttrs
        (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
    };
}
init 2023-11-05 17:43:32 +00:00			`{`
			`description = "NixOS definitions for our physical servers";`

			`inputs = {`
			`nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`deploy-rs.url = "github:serokell/deploy-rs";`
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`disko = {`
			`url = "github:nix-community/disko";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`agenix = {`
			`url = "github:ryantm/agenix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
init 2023-11-05 17:43:32 +00:00			`};`

improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`outputs = { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, ... }:`
			`let`
			`system = "x86_64-linux";`
			`pkgs = nixpkgs.legacyPackages.${system};`
			`pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`machines = import ./machines;`
			`mkNixosSystems = systemDef:`
			`nixpkgs.lib.foldlAttrs (acc: name: machine:`
			`acc // {`
			`"${name}" = nixpkgs.lib.nixosSystem (systemDef machine);`
			`}) { } machines;`
			`mkDeployNodes = nodeDef:`
			`nixpkgs.lib.foldlAttrs`
			`(acc: name: machine: acc // { "${name}" = nodeDef machine; }) { }`
			`machines;`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`in {`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`devShells.${system}.default = pkgs.mkShell {`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`packages = [`
			`pkgs.libsecret`
switch to flake version of nixos-anywhere due to nixos-unstable issue 2023-11-15 12:37:13 +00:00			`# TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.`
			`# Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242`
			`# Should wait until this is merged in nixos-unstable.`
			`# pkgs-unstable.nixos-anywhere`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`pkgs-unstable.deploy-rs`
enable client certificate checking 2023-11-25 12:41:49 +00:00			`pkgs.openssl`
			`pkgs.postgresql_15`
WIP: nixos-anywhere for virtual machines 2023-11-25 20:00:21 +00:00			`pkgs-unstable.opentofu`
			`pkgs.cdrtools`
create top-level machine definition that is used by both deploy-rs and nixos rename bootstrap script 2023-11-15 11:55:57 +00:00			`];`
improve nixos anywhere script: - deploy age identity - make script machine indepdendent - add sanity check for wiping the system create nix shell for running the script 2023-11-15 10:41:45 +00:00			`};`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
fix formatter error 2023-11-15 12:10:27 +00:00			`formatter.${system} = pkgs.nixfmt;`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`nixosConfigurations = mkNixosSystems (machine: {`
			`inherit system;`
			`modules = [`
create custom module system 2023-11-22 17:28:55 +00:00			`machine.specificConfig`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`disko.nixosModules.disko`
			`agenix.nixosModules.default`
			`./configuration.nix`
merge normal and hardware configuration 2023-11-22 17:54:05 +00:00			`{ networking.hostName = machine.name; }`
create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`];`
			`});`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00
			`deploy = {`
			`sshUser = "root";`
			`user = "root";`

create helpers for creating nixos system and deploy nodes move machine definitions to separate directory 2023-11-15 12:06:59 +00:00			`nodes = mkDeployNodes (machine: {`
			`hostname = machine.hostname;`
			`profiles.hypervisor = {`
			`path = deploy-rs.lib.${system}.activate.nixos`
			`self.nixosConfigurations.${machine.name};`
			`};`
			`});`
use deploy-rs closes #2 2023-11-11 23:04:37 +00:00			`};`

			`checks = builtins.mapAttrs`
			`(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;`
init 2023-11-05 17:43:32 +00:00			`};`
			`}`