diff --git a/configuration.nix b/configuration.nix index 3e76d1a..df03f85 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,16 +1,26 @@ -{ pkgs, config, lib, machine, disko, agenix, nixos-hardware, ... }: { +{ pkgs, self, config, lib, inputs, machine, ... }: { imports = [ - ./nixos-modules + "${self}/nixos-modules" machine.nixosModule - disko.nixosModules.disko - agenix.nixosModules.default - ] ++ lib.lists.optional (machine.isRaspberryPi) nixos-hardware.nixosModules.raspberry-pi-4; + inputs.disko.nixosModules.disko + inputs.agenix.nixosModules.default + ] ++ lib.lists.optional (machine.isRaspberryPi) inputs.nixos-hardware.nixosModules.raspberry-pi-4; config = { time.timeZone = "Europe/Amsterdam"; hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware; age.identityPaths = [ "/etc/age_ed25519" ]; - nixpkgs.config.allowUnfree = true; + + nixpkgs = { + config.allowUnfree = true; + overlays = [ + (final: _prev: { + unstable = import inputs.nixpkgs-unstable { + system = machine.arch; + }; + }) + ]; + }; i18n = { defaultLocale = "en_US.UTF-8"; diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index a8e8bb9..d3774a3 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -1,4 +1,4 @@ -{ machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem +{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem (system: let mkKubenixPackage = module: kubenix.packages.${system}.default.override @@ -8,6 +8,6 @@ }; in { - kubenix = mkKubenixPackage ../kubenix-modules/all.nix; - kubenix-bootstrap = mkKubenixPackage ../kubenix-modules/base.nix; + kubenix = mkKubenixPackage "${self}/kubenix-modules/all.nix"; + kubenix-bootstrap = mkKubenixPackage "${self}/kubenix-modules/base.nix"; }) diff --git a/flake-parts/nixos.nix b/flake-parts/nixos.nix index 9013db7..a45f2b3 100644 --- a/flake-parts/nixos.nix +++ b/flake-parts/nixos.nix @@ -1,4 +1,4 @@ -{ myLib, nixpkgs, nixpkgs-unstable, machines, dns, agenix, nixos-hardware, kubenix, disko, ... }: +{ self, myLib, nixpkgs, machines, ... }@inputs: let mkNixosSystems = systemDef: builtins.mapAttrs @@ -11,19 +11,11 @@ in nixosConfigurations = mkNixosSystems (name: machine: { system = machine.arch; - specialArgs = { inherit myLib nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; }; + specialArgs = { inherit self inputs myLib machine machines; }; + modules = [ - ../configuration.nix + "${self}/configuration.nix" { networking.hostName = name; } - { - nixpkgs.overlays = [ - (final: _prev: { - unstable = import nixpkgs-unstable { - system = machine.arch; - }; - }) - ]; - } ]; }); } diff --git a/nixos-modules/backups.nix b/nixos-modules/backups.nix index 8ca3e87..447cb43 100644 --- a/nixos-modules/backups.nix +++ b/nixos-modules/backups.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ self, pkgs, lib, config, ... }: let cfg = config.lab.backups; @@ -84,8 +84,8 @@ in }; age.secrets = { - "borg_passphrase".file = ../secrets/borg_passphrase.age; - "borgbase.pem".file = ../secrets/borgbase.pem.age; + "borg_passphrase".file = "${self}/secrets/borg_passphrase.age"; + "borgbase.pem".file = "${self}/secrets/borgbase.pem.age"; }; }; } diff --git a/nixos-modules/k3s/default.nix b/nixos-modules/k3s/default.nix index fdec8ec..c014a02 100644 --- a/nixos-modules/k3s/default.nix +++ b/nixos-modules/k3s/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, kubenix, ... }: +{ self, inputs, pkgs, lib, config, ... }: let cfg = config.lab.k3s; in { options.lab.k3s = { @@ -80,7 +80,7 @@ in { activationScripts = { k3s-bootstrap.text = ( let - k3sBootstrapFile = (kubenix.evalModules.x86_64-linux { + k3sBootstrapFile = (inputs.kubenix.evalModules.x86_64-linux { module = import ./bootstrap.nix; }).config.kubernetes.result; in @@ -102,35 +102,35 @@ in { }; age.secrets = { - k3s-server-token.file = ../../secrets/k3s-server-token.age; + k3s-server-token.file = "${self}/secrets/k3s-server-token.age"; k3s-server-ca-key = lib.mkIf (cfg.role == "server") { - file = ../../secrets/k3s-ca/server-ca.key.age; + file = "${self}/secrets/k3s-ca/server-ca.key.age"; path = "/var/lib/rancher/k3s/server/tls/server-ca.key"; }; k3s-client-ca-key = lib.mkIf (cfg.role == "server") { - file = ../../secrets/k3s-ca/client-ca.key.age; + file = "${self}/secrets/k3s-ca/client-ca.key.age"; path = "/var/lib/rancher/k3s/server/tls/client-ca.key"; }; k3s-request-header-ca-key = lib.mkIf (cfg.role == "server") { - file = ../../secrets/k3s-ca/request-header-ca.key.age; + file = "${self}/secrets/k3s-ca/request-header-ca.key.age"; path = "/var/lib/rancher/k3s/server/tls/request-header-ca.key"; }; k3s-etcd-peer-ca-key = lib.mkIf (cfg.role == "server") { - file = ../../secrets/k3s-ca/etcd/peer-ca.key.age; + file = "${self}/secrets/k3s-ca/etcd/peer-ca.key.age"; path = "/var/lib/rancher/k3s/server/tls/etcd/peer-ca.key"; }; k3s-etcd-server-ca-key = lib.mkIf (cfg.role == "server") { - file = ../../secrets/k3s-ca/etcd/server-ca.key.age; + file = "${self}/secrets/k3s-ca/etcd/server-ca.key.age"; path = "/var/lib/rancher/k3s/server/tls/etcd/server-ca.key"; }; k3s-service-key = lib.mkIf (cfg.role == "server") { - file = ../../secrets/k3s-ca/service.key.age; + file = "${self}/secrets/k3s-ca/service.key.age"; path = "/var/lib/rancher/k3s/server/tls/service.key"; }; };