From cca6d259a741b760831980c4e02cf9116f1fb0dd Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 11 Nov 2024 20:43:36 +0100 Subject: [PATCH] Use Colmena for deployment --- flake.nix | 59 ++++++++++++++++--- home-manager/default.nix | 4 +- home-manager/gnome.nix | 4 +- machines/gamepc/configuration.nix | 98 ------------------------------- machines/gamepc/default.nix | 96 +++++++++++++++++++++++++++++- machines/sue/configuration.nix | 50 ---------------- machines/sue/default.nix | 52 +++++++++++++++- nixos/default.nix | 9 ++- nixos/sops.nix | 4 +- 9 files changed, 203 insertions(+), 173 deletions(-) delete mode 100644 machines/gamepc/configuration.nix delete mode 100644 machines/sue/configuration.nix diff --git a/flake.nix b/flake.nix index c70c15f..57b837b 100644 --- a/flake.nix +++ b/flake.nix @@ -75,24 +75,17 @@ formatter = forAllSystems (system: (treefmtEval.${system}.config.build.wrapper)); nixosConfigurations = nixpkgs.lib.mapAttrs ( - name: { - nixosModule, - homeManagerModule, - }: + name: nixosModule: nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; specialArgs = { - inherit inputs system; - flake = self; + inherit inputs system self; }; modules = [ nixosModule ./nixos - { - home-manager.users.pim.imports = [homeManagerModule]; - } ]; } ) (import ./machines); @@ -115,5 +108,53 @@ buildInputs = self.checks.${system}.pre-commit-check.enabledPackages; }; }); + + colmena = { + meta = { + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + }; + + specialArgs = { + inherit inputs self; + }; + + nodeSpecialArgs = { + sue = {}; + }; + }; + + sue = { + name, + nodes, + ... + }: { + deployment = { + allowLocalDeployment = true; + targetHost = null; + }; + + imports = [ + (import ./machines).sue + ./nixos + ]; + }; + + gamepc = { + name, + nodes, + ... + }: { + deployment = { + targetHost = "gamepc.lan"; + targetUser = "root"; + }; + + imports = [ + (import ./machines).gamepc + ./nixos + ]; + }; + }; }; } diff --git a/home-manager/default.nix b/home-manager/default.nix index 90f7c80..6a5da41 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -2,7 +2,7 @@ lib, config, inputs, - flake, + self, ... }: { imports = [ @@ -248,7 +248,7 @@ sops = { age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt"; - defaultSopsFile = "${flake}/secrets/pim.yaml"; + defaultSopsFile = "${self}/secrets/pim.yaml"; secrets = { "keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini"; diff --git a/home-manager/gnome.nix b/home-manager/gnome.nix index a68d4ca..3de2ead 100644 --- a/home-manager/gnome.nix +++ b/home-manager/gnome.nix @@ -1,7 +1,7 @@ { pkgs, lib, - flake, + self, config, ... }: let @@ -88,7 +88,7 @@ in { }; "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4; - "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers"; + "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${self}/wallpapers"; }; }; } diff --git a/machines/gamepc/configuration.nix b/machines/gamepc/configuration.nix deleted file mode 100644 index 62324d0..0000000 --- a/machines/gamepc/configuration.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ - config, - lib, - ... -}: { - config = { - pim = { - cinnamon.enable = true; - }; - - facter.reportPath = ./facter.json; - networking.hostName = "gamepc"; - - services = { - openssh.enable = true; - tailscale.enable = true; - }; - - users.users = { - root.password = ""; - pim = { - openssh.authorizedKeys.keys = config.pim.ssh.keys.pim; - password = ""; - }; - }; - - boot.loader.grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - }; - - disko.devices.disk = lib.genAttrs ["0" "1"] (name: { - type = "disk"; - device = "/dev/nvme${name}n1"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - ESP = { - size = "500M"; - type = "EF00"; - content = { - type = "mdraid"; - name = "boot"; - }; - }; - mdadm = { - size = "100%"; - content = { - type = "mdraid"; - name = "raid0"; - }; - }; - }; - }; - }); - - disko.devices.mdadm = { - boot = { - type = "mdadm"; - level = 1; - metadata = "1.0"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - raid0 = { - type = "mdadm"; - level = 0; - content = { - type = "gpt"; - partitions = { - primary = { - end = "-4G"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - swap = { - size = "100%"; - content = { - type = "swap"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/machines/gamepc/default.nix b/machines/gamepc/default.nix index 3786a86..027539a 100644 --- a/machines/gamepc/default.nix +++ b/machines/gamepc/default.nix @@ -1,4 +1,96 @@ { - nixosModule = import ./configuration.nix; - homeManagerModule = import ./home.nix; + config, + lib, + ... +}: { + config = { + pim = { + cinnamon.enable = true; + }; + + facter.reportPath = ./facter.json; + networking.hostName = "gamepc"; + home-manager.users.pim.imports = [./home.nix]; + + services = { + openssh.enable = true; + tailscale.enable = true; + }; + + users.users = { + root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim; + pim.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim; + }; + + boot.loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + disko.devices.disk = lib.genAttrs ["0" "1"] (name: { + type = "disk"; + device = "/dev/nvme${name}n1"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "mdraid"; + name = "boot"; + }; + }; + mdadm = { + size = "100%"; + content = { + type = "mdraid"; + name = "raid0"; + }; + }; + }; + }; + }); + + disko.devices.mdadm = { + boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + raid0 = { + type = "mdadm"; + level = 0; + content = { + type = "gpt"; + partitions = { + primary = { + end = "-4G"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + swap = { + size = "100%"; + content = { + type = "swap"; + }; + }; + }; + }; + }; + }; + }; } diff --git a/machines/sue/configuration.nix b/machines/sue/configuration.nix deleted file mode 100644 index 0dab29d..0000000 --- a/machines/sue/configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -{inputs, ...}: { - config = { - pim = { - lanzaboote.enable = true; - tidal.enable = true; - gnome.enable = true; - stylix.enable = true; - wireguard.enable = true; - compliance.enable = true; - sops.enable = true; - }; - - services.tailscale.enable = true; - - facter.reportPath = ./facter.json; - - networking.hostName = "xps-9315"; - swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}]; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/560E-F8A2"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; - }; - }; - - nix.settings = { - substituters = ["https://cosmic.cachix.org/"]; - trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; - }; - - boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494"; - - specialisation.cosmic.configuration = { - imports = [ - inputs.nixos-cosmic.nixosModules.default - ]; - - services = { - desktopManager.cosmic.enable = true; - displayManager.cosmic-greeter.enable = true; - }; - }; - }; -} diff --git a/machines/sue/default.nix b/machines/sue/default.nix index 3786a86..a8de8d6 100644 --- a/machines/sue/default.nix +++ b/machines/sue/default.nix @@ -1,4 +1,50 @@ -{ - nixosModule = import ./configuration.nix; - homeManagerModule = import ./home.nix; +{inputs, ...}: { + config = { + pim = { + lanzaboote.enable = true; + tidal.enable = true; + gnome.enable = true; + stylix.enable = true; + wireguard.enable = true; + compliance.enable = true; + sops.enable = true; + }; + + services.tailscale.enable = true; + facter.reportPath = ./facter.json; + home-manager.users.pim.imports = [./home.nix]; + + networking.hostName = "sue"; + swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}]; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/560E-F8A2"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + }; + + nix.settings = { + substituters = ["https://cosmic.cachix.org/"]; + trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; + }; + + boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494"; + + specialisation.cosmic.configuration = { + imports = [ + inputs.nixos-cosmic.nixosModules.default + ]; + + services = { + desktopManager.cosmic.enable = true; + displayManager.cosmic-greeter.enable = true; + }; + }; + }; } diff --git a/nixos/default.nix b/nixos/default.nix index 822edf8..a76d9ed 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -3,8 +3,7 @@ config, lib, inputs, - flake, - system, + self, ... }: { imports = [ @@ -140,7 +139,7 @@ inputs.nur.overlay (final: _prev: { unstable = import inputs.nixpkgs-unstable { - inherit system; + inherit (pkgs) system; config.allowUnfree = true; }; }) @@ -170,8 +169,8 @@ home-manager = { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = {inherit flake inputs;}; + extraSpecialArgs = {inherit self inputs;}; - users.pim.imports = ["${flake}/home-manager"]; + users.pim.imports = ["${self}/home-manager"]; }; } diff --git a/nixos/sops.nix b/nixos/sops.nix index f966469..70e206f 100644 --- a/nixos/sops.nix +++ b/nixos/sops.nix @@ -1,7 +1,7 @@ { inputs, pkgs, - flake, + self, config, lib, ... @@ -16,7 +16,7 @@ in { sops = { age.keyFile = "/home/pim/.config/sops/age/keys.txt"; - defaultSopsFile = "${flake}/secrets/secrets.yaml"; + defaultSopsFile = "${self}/secrets/secrets.yaml"; }; }; }