Refactor flake

2024-06-13 19:46:21 +02:00 · 2024-06-13 19:46:21 +02:00 · d79e0b8acc
commit d79e0b8acc
parent 5ca2b6f473
5 changed files with 35 additions and 33 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -1,16 +1,26 @@
-{ pkgs, config, lib, machine, disko, agenix, nixos-hardware, ... }: {
+{ pkgs, self, config, lib, inputs, machine, ... }: {
  imports = [
-    ./nixos-modules
+    "${self}/nixos-modules"
    machine.nixosModule
-    disko.nixosModules.disko
+    inputs.disko.nixosModules.disko
-    agenix.nixosModules.default
+    inputs.agenix.nixosModules.default
-  ] ++ lib.lists.optional (machine.isRaspberryPi) nixos-hardware.nixosModules.raspberry-pi-4;
+  ] ++ lib.lists.optional (machine.isRaspberryPi) inputs.nixos-hardware.nixosModules.raspberry-pi-4;
  config = {
    time.timeZone = "Europe/Amsterdam";
    hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware;
    age.identityPaths = [ "/etc/age_ed25519" ];
-    nixpkgs.config.allowUnfree = true;
+
    nixpkgs = {
      config.allowUnfree = true;
      overlays = [
        (final: _prev: {
          unstable = import inputs.nixpkgs-unstable {
            system = machine.arch;
          };
        })
      ];
    };
    i18n = {
      defaultLocale = "en_US.UTF-8";
--- a/flake-parts/kubenix.nix
+++ b/flake-parts/kubenix.nix
@ -1,4 +1,4 @@
-{ machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
+{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
  (system:
  let
    mkKubenixPackage = module: kubenix.packages.${system}.default.override
@ -8,6 +8,6 @@
      };
  in
  {
-    kubenix = mkKubenixPackage ../kubenix-modules/all.nix;
+    kubenix = mkKubenixPackage "${self}/kubenix-modules/all.nix";
-    kubenix-bootstrap = mkKubenixPackage ../kubenix-modules/base.nix;
+    kubenix-bootstrap = mkKubenixPackage "${self}/kubenix-modules/base.nix";
  })
--- a/flake-parts/nixos.nix
+++ b/flake-parts/nixos.nix
@ -1,4 +1,4 @@
-{ myLib, nixpkgs, nixpkgs-unstable, machines, dns, agenix, nixos-hardware, kubenix, disko, ... }:
+{ self, myLib, nixpkgs, machines, ... }@inputs:
 let
  mkNixosSystems = systemDef:
    builtins.mapAttrs
@ -11,19 +11,11 @@ in
  nixosConfigurations = mkNixosSystems (name: machine: {
    system = machine.arch;
-    specialArgs = { inherit myLib nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; };
+    specialArgs = { inherit self inputs myLib machine machines; };
    modules = [
-      ../configuration.nix
+      "${self}/configuration.nix"
      { networking.hostName = name; }
      {
        nixpkgs.overlays = [
          (final: _prev: {
            unstable = import nixpkgs-unstable {
              system = machine.arch;
            };
          })
        ];
      }
    ];
  });
 }
--- a/nixos-modules/backups.nix
+++ b/nixos-modules/backups.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ self, pkgs, lib, config, ... }:
 let
  cfg = config.lab.backups;
@ -84,8 +84,8 @@ in
    };
    age.secrets = {
-      "borg_passphrase".file = ../secrets/borg_passphrase.age;
+      "borg_passphrase".file = "${self}/secrets/borg_passphrase.age";
-      "borgbase.pem".file = ../secrets/borgbase.pem.age;
+      "borgbase.pem".file = "${self}/secrets/borgbase.pem.age";
    };
  };
 }
--- a/nixos-modules/k3s/default.nix
+++ b/nixos-modules/k3s/default.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, kubenix, ... }:
+{ self, inputs, pkgs, lib, config, ... }:
 let cfg = config.lab.k3s;
 in {
  options.lab.k3s = {
@ -80,7 +80,7 @@ in {
      activationScripts = {
        k3s-bootstrap.text = (
          let
-            k3sBootstrapFile = (kubenix.evalModules.x86_64-linux {
+            k3sBootstrapFile = (inputs.kubenix.evalModules.x86_64-linux {
              module = import ./bootstrap.nix;
            }).config.kubernetes.result;
          in
@ -102,35 +102,35 @@ in {
    };
    age.secrets = {
-      k3s-server-token.file = ../../secrets/k3s-server-token.age;
+      k3s-server-token.file = "${self}/secrets/k3s-server-token.age";
      k3s-server-ca-key = lib.mkIf (cfg.role == "server") {
-        file = ../../secrets/k3s-ca/server-ca.key.age;
+        file = "${self}/secrets/k3s-ca/server-ca.key.age";
        path = "/var/lib/rancher/k3s/server/tls/server-ca.key";
      };
      k3s-client-ca-key = lib.mkIf (cfg.role == "server") {
-        file = ../../secrets/k3s-ca/client-ca.key.age;
+        file = "${self}/secrets/k3s-ca/client-ca.key.age";
        path = "/var/lib/rancher/k3s/server/tls/client-ca.key";
      };
      k3s-request-header-ca-key = lib.mkIf (cfg.role == "server") {
-        file = ../../secrets/k3s-ca/request-header-ca.key.age;
+        file = "${self}/secrets/k3s-ca/request-header-ca.key.age";
        path = "/var/lib/rancher/k3s/server/tls/request-header-ca.key";
      };
      k3s-etcd-peer-ca-key = lib.mkIf (cfg.role == "server") {
-        file = ../../secrets/k3s-ca/etcd/peer-ca.key.age;
+        file = "${self}/secrets/k3s-ca/etcd/peer-ca.key.age";
        path = "/var/lib/rancher/k3s/server/tls/etcd/peer-ca.key";
      };
      k3s-etcd-server-ca-key = lib.mkIf (cfg.role == "server") {
-        file = ../../secrets/k3s-ca/etcd/server-ca.key.age;
+        file = "${self}/secrets/k3s-ca/etcd/server-ca.key.age";
        path = "/var/lib/rancher/k3s/server/tls/etcd/server-ca.key";
      };
      k3s-service-key = lib.mkIf (cfg.role == "server") {
-        file = ../../secrets/k3s-ca/service.key.age;
+        file = "${self}/secrets/k3s-ca/service.key.age";
        path = "/var/lib/rancher/k3s/server/tls/service.key";
      };
    };