{ description = "NixOS definitions for our physical servers"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; deploy-rs.url = "github:serokell/deploy-rs"; kubenix = { url = "github:hall/kubenix"; inputs.nixpkgs.follows = "nixpkgs"; }; disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; dns = { url = "github:kirelagin/dns.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; microvm = { url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, nixpkgs, deploy-rs, disko, agenix, kubenix, nixpkgs-unstable, dns, microvm, ... }: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; lib = pkgs.lib; pkgs-unstable = nixpkgs-unstable.legacyPackages.${system}; machines = import ./nixos/machines; # TODO: Maybe use mergeAttrLists mkNixosSystems = systemDef: nixpkgs.lib.foldlAttrs (acc: name: machine: acc // { "${name}" = nixpkgs.lib.nixosSystem (systemDef machine); }) { } machines; mkDeployNodes = nodeDef: nixpkgs.lib.foldlAttrs (acc: name: machine: acc // { "${name}" = nodeDef machine; }) { } machines; in { devShells.${system}.default = pkgs.mkShell { packages = with pkgs; [ libsecret # TODO: using nixos-anywhere from nixos-unstable produces buffer overflow. # Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242 # Should wait until this is merged in nixos-unstable. # pkgs-unstable.nixos-anywhere pkgs-unstable.deploy-rs openssl postgresql_15 opentofu cdrtools kubectl ansible ]; }; formatter.${system} = pkgs.nixfmt; nixosConfigurations = mkNixosSystems (machine: { inherit system; specialArgs = { inherit kubenix dns; }; modules = [ microvm.nixosModules.host machine.nixosModule disko.nixosModules.disko agenix.nixosModules.default ./nixos { networking.hostName = machine.name; } ]; }); deploy = { sshUser = "root"; user = "root"; nodes = mkDeployNodes (machine: { hostname = machine.hostName; profiles.system = { path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${machine.name}; }; }); }; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; apps.${system} = let hostNames = builtins.concatStringsSep " " (builtins.map (host: "\"${host.config.networking.fqdn}\"") (builtins.attrValues self.nixosConfigurations)); in { reboot-all-vms = let reboot-all-vms = pkgs.writeScriptBin "reboot-all-vms" '' hostNames=(${hostNames}) for hostName in ''${hostNames[@]}; do units=$(${pkgs.openssh}/bin/ssh root@$hostName systemctl list-units --all) microvmUnits=$(${pkgs.coreutils}/bin/echo "$units" | ${pkgs.gnugrep}/bin/grep 'microvm@.*\.service' | ${pkgs.gawkInteractive}/bin/awk '{print $1}') if [ -n "$microvmUnits" ]; then for microvmUnit in "$microvmUnits"; do ${pkgs.coreutils}/bin/echo "Restarting $microvmUnit on $hostName" ${pkgs.openssh}/bin/ssh root@$hostName systemctl restart "$microvmUnit" done fi done ''; in { type = "app"; program = "${reboot-all-vms}/bin/reboot-all-vms"; }; reboot-vm = let reboot-vm = pkgs.writeScriptBin "reboot-vm" '' if [ -z "$1" ]; then ${pkgs.coreutils}/bin/echo "Please provide a VM name!" exit 1 fi hostNames=(${hostNames}) unitName="microvm@$1.service" for hostName in ''${hostNames[@]}; do units=$(${pkgs.openssh}/bin/ssh root@$hostName systemctl list-units --all) if [[ "''${units[@]}" =~ "$unitName" ]]; then ${pkgs.coreutils}/bin/echo "Restarting $unitName on $hostName" ${pkgs.openssh}/bin/ssh root@$hostName systemctl restart "$unitName" fi done ''; in { type = "app"; program = "${reboot-vm}/bin/reboot-vm"; }; }; }; }