Refactor flake

This commit is contained in:
Pim Kunis 2024-06-13 19:46:21 +02:00
parent 5ca2b6f473
commit d79e0b8acc
5 changed files with 35 additions and 33 deletions

View file

@ -1,16 +1,26 @@
{ pkgs, config, lib, machine, disko, agenix, nixos-hardware, ... }: {
{ pkgs, self, config, lib, inputs, machine, ... }: {
imports = [
./nixos-modules
"${self}/nixos-modules"
machine.nixosModule
disko.nixosModules.disko
agenix.nixosModules.default
] ++ lib.lists.optional (machine.isRaspberryPi) nixos-hardware.nixosModules.raspberry-pi-4;
inputs.disko.nixosModules.disko
inputs.agenix.nixosModules.default
] ++ lib.lists.optional (machine.isRaspberryPi) inputs.nixos-hardware.nixosModules.raspberry-pi-4;
config = {
time.timeZone = "Europe/Amsterdam";
hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware;
age.identityPaths = [ "/etc/age_ed25519" ];
nixpkgs.config.allowUnfree = true;
nixpkgs = {
config.allowUnfree = true;
overlays = [
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = machine.arch;
};
})
];
};
i18n = {
defaultLocale = "en_US.UTF-8";

View file

@ -1,4 +1,4 @@
{ machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
(system:
let
mkKubenixPackage = module: kubenix.packages.${system}.default.override
@ -8,6 +8,6 @@
};
in
{
kubenix = mkKubenixPackage ../kubenix-modules/all.nix;
kubenix-bootstrap = mkKubenixPackage ../kubenix-modules/base.nix;
kubenix = mkKubenixPackage "${self}/kubenix-modules/all.nix";
kubenix-bootstrap = mkKubenixPackage "${self}/kubenix-modules/base.nix";
})

View file

@ -1,4 +1,4 @@
{ myLib, nixpkgs, nixpkgs-unstable, machines, dns, agenix, nixos-hardware, kubenix, disko, ... }:
{ self, myLib, nixpkgs, machines, ... }@inputs:
let
mkNixosSystems = systemDef:
builtins.mapAttrs
@ -11,19 +11,11 @@ in
nixosConfigurations = mkNixosSystems (name: machine: {
system = machine.arch;
specialArgs = { inherit myLib nixpkgs-unstable machines machine dns agenix nixos-hardware kubenix disko; };
specialArgs = { inherit self inputs myLib machine machines; };
modules = [
../configuration.nix
"${self}/configuration.nix"
{ networking.hostName = name; }
{
nixpkgs.overlays = [
(final: _prev: {
unstable = import nixpkgs-unstable {
system = machine.arch;
};
})
];
}
];
});
}

View file

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }:
{ self, pkgs, lib, config, ... }:
let
cfg = config.lab.backups;
@ -84,8 +84,8 @@ in
};
age.secrets = {
"borg_passphrase".file = ../secrets/borg_passphrase.age;
"borgbase.pem".file = ../secrets/borgbase.pem.age;
"borg_passphrase".file = "${self}/secrets/borg_passphrase.age";
"borgbase.pem".file = "${self}/secrets/borgbase.pem.age";
};
};
}

View file

@ -1,4 +1,4 @@
{ pkgs, lib, config, kubenix, ... }:
{ self, inputs, pkgs, lib, config, ... }:
let cfg = config.lab.k3s;
in {
options.lab.k3s = {
@ -80,7 +80,7 @@ in {
activationScripts = {
k3s-bootstrap.text = (
let
k3sBootstrapFile = (kubenix.evalModules.x86_64-linux {
k3sBootstrapFile = (inputs.kubenix.evalModules.x86_64-linux {
module = import ./bootstrap.nix;
}).config.kubernetes.result;
in
@ -102,35 +102,35 @@ in {
};
age.secrets = {
k3s-server-token.file = ../../secrets/k3s-server-token.age;
k3s-server-token.file = "${self}/secrets/k3s-server-token.age";
k3s-server-ca-key = lib.mkIf (cfg.role == "server") {
file = ../../secrets/k3s-ca/server-ca.key.age;
file = "${self}/secrets/k3s-ca/server-ca.key.age";
path = "/var/lib/rancher/k3s/server/tls/server-ca.key";
};
k3s-client-ca-key = lib.mkIf (cfg.role == "server") {
file = ../../secrets/k3s-ca/client-ca.key.age;
file = "${self}/secrets/k3s-ca/client-ca.key.age";
path = "/var/lib/rancher/k3s/server/tls/client-ca.key";
};
k3s-request-header-ca-key = lib.mkIf (cfg.role == "server") {
file = ../../secrets/k3s-ca/request-header-ca.key.age;
file = "${self}/secrets/k3s-ca/request-header-ca.key.age";
path = "/var/lib/rancher/k3s/server/tls/request-header-ca.key";
};
k3s-etcd-peer-ca-key = lib.mkIf (cfg.role == "server") {
file = ../../secrets/k3s-ca/etcd/peer-ca.key.age;
file = "${self}/secrets/k3s-ca/etcd/peer-ca.key.age";
path = "/var/lib/rancher/k3s/server/tls/etcd/peer-ca.key";
};
k3s-etcd-server-ca-key = lib.mkIf (cfg.role == "server") {
file = ../../secrets/k3s-ca/etcd/server-ca.key.age;
file = "${self}/secrets/k3s-ca/etcd/server-ca.key.age";
path = "/var/lib/rancher/k3s/server/tls/etcd/server-ca.key";
};
k3s-service-key = lib.mkIf (cfg.role == "server") {
file = ../../secrets/k3s-ca/service.key.age;
file = "${self}/secrets/k3s-ca/service.key.age";
path = "/var/lib/rancher/k3s/server/tls/service.key";
};
};