nixos-servers/flake.nix
Pim Kunis 721623c8fc update to nixos 23.11
enable static IP for terraformed VMs
restructure legacy code
move hermes code to this repo
don't use data disk for hermes leases
2023-12-17 16:22:22 +01:00

95 lines
2.6 KiB
Nix

{
description = "NixOS definitions for our physical servers";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs";
kubenix = {
url = "github:hall/kubenix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{ self, nixpkgs, deploy-rs, disko, agenix, kubenix, nixpkgs-unstable, ... }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
machines = import ./machines;
# TODO: Maybe use mergeAttrLists
mkNixosSystems = systemDef:
nixpkgs.lib.foldlAttrs
(acc: name: machine:
acc // {
"${name}" = nixpkgs.lib.nixosSystem (systemDef machine);
})
{ }
machines;
mkDeployNodes = nodeDef:
nixpkgs.lib.foldlAttrs
(acc: name: machine: acc // { "${name}" = nodeDef machine; })
{ }
machines;
in
{
devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [
libsecret
# TODO: using nixos-anywhere from nixos-unstable produces buffer overflow.
# Related to this issue: https://github.com/nix-community/nixos-anywhere/issues/242
# Should wait until this is merged in nixos-unstable.
# pkgs-unstable.nixos-anywhere
pkgs-unstable.deploy-rs
openssl
postgresql_15
opentofu
cdrtools
kubectl
ansible
];
};
formatter.${system} = pkgs.nixfmt;
nixosConfigurations = mkNixosSystems (machine: {
inherit system;
specialArgs = { inherit kubenix; };
modules = [
machine.nixosModule
disko.nixosModules.disko
agenix.nixosModules.default
./configuration.nix
{ networking.hostName = machine.name; }
];
});
deploy = {
sshUser = "root";
user = "root";
nodes = mkDeployNodes (machine: {
hostname = machine.hostName;
profiles.hypervisor = {
path = deploy-rs.lib.${system}.activate.nixos
self.nixosConfigurations.${machine.name};
};
});
};
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy)
deploy-rs.lib;
};
}