2021-04-12 01:35:24 +01:00
|
|
|
{
|
|
|
|
|
description = "tlater.net host configuration";
|
|
|
|
|
|
|
|
|
|
inputs = {
|
2025-01-18 16:09:40 +00:00
|
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
|
2024-06-28 19:28:15 +01:00
|
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
2024-03-02 01:27:24 +00:00
|
|
|
disko = {
|
|
|
|
|
url = "github:nix-community/disko";
|
|
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
2022-10-13 00:31:08 +01:00
|
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
2022-04-23 04:06:50 +01:00
|
|
|
sops-nix = {
|
|
|
|
|
url = "github:Mic92/sops-nix";
|
|
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
2021-04-12 01:44:10 +01:00
|
|
|
tlaternet-webserver = {
|
|
|
|
|
url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git";
|
2022-10-12 01:17:49 +01:00
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
2021-04-12 01:44:10 +01:00
|
|
|
};
|
2023-05-11 22:02:57 +01:00
|
|
|
foundryvtt = {
|
|
|
|
|
url = "github:reckenrode/nix-foundryvtt";
|
|
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
2024-04-08 19:02:53 +01:00
|
|
|
|
|
|
|
|
sonnenshift = {
|
2024-11-27 23:56:31 +00:00
|
|
|
url = "git+ssh://git@github.com/sonnenshift/battery-manager";
|
2024-04-08 19:02:53 +01:00
|
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
};
|
2025-01-23 16:35:23 +00:00
|
|
|
|
|
|
|
|
nixpkgs-crowdsec.url = "github:tlater/nixpkgs/tlater/fix-crowdsec";
|
2021-04-12 01:35:24 +01:00
|
|
|
};
|
|
|
|
|
|
2022-04-23 04:06:50 +01:00
|
|
|
outputs =
|
|
|
|
|
{
|
|
|
|
|
self,
|
|
|
|
|
nixpkgs,
|
|
|
|
|
sops-nix,
|
2022-10-13 00:31:08 +01:00
|
|
|
deploy-rs,
|
2023-02-26 05:44:54 +00:00
|
|
|
...
|
|
|
|
|
}@inputs:
|
|
|
|
|
let
|
2022-10-12 01:17:49 +01:00
|
|
|
system = "x86_64-linux";
|
2024-03-27 00:17:26 +00:00
|
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
2024-08-18 16:36:45 +01:00
|
|
|
|
|
|
|
|
vm = nixpkgs.lib.nixosSystem {
|
|
|
|
|
inherit system;
|
|
|
|
|
specialArgs.flake-inputs = inputs;
|
|
|
|
|
|
|
|
|
|
modules = [
|
|
|
|
|
./configuration
|
|
|
|
|
./configuration/hardware-specific/vm.nix
|
|
|
|
|
];
|
|
|
|
|
};
|
2022-10-12 01:17:49 +01:00
|
|
|
in
|
|
|
|
|
{
|
2022-10-13 00:03:32 +01:00
|
|
|
##################
|
|
|
|
|
# Configurations #
|
|
|
|
|
##################
|
2022-10-17 14:22:08 +01:00
|
|
|
nixosConfigurations = {
|
2022-10-13 00:03:32 +01:00
|
|
|
# The actual system definition
|
2024-03-02 01:27:24 +00:00
|
|
|
hetzner-1 = nixpkgs.lib.nixosSystem {
|
|
|
|
|
inherit system;
|
|
|
|
|
specialArgs.flake-inputs = inputs;
|
2024-06-28 19:12:55 +01:00
|
|
|
|
2024-03-02 01:27:24 +00:00
|
|
|
modules = [
|
|
|
|
|
./configuration
|
|
|
|
|
./configuration/hardware-specific/hetzner
|
|
|
|
|
];
|
2024-06-28 19:12:55 +01:00
|
|
|
};
|
2024-03-02 01:27:24 +00:00
|
|
|
};
|
2021-04-22 22:32:54 +01:00
|
|
|
|
2022-10-13 00:31:08 +01:00
|
|
|
############################
|
|
|
|
|
# Deployment configuration #
|
|
|
|
|
############################
|
2024-03-02 01:27:24 +00:00
|
|
|
deploy.nodes = {
|
|
|
|
|
hetzner-1 = {
|
|
|
|
|
hostname = "116.202.158.55";
|
|
|
|
|
|
|
|
|
|
profiles.system = {
|
|
|
|
|
user = "root";
|
|
|
|
|
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.hetzner-1;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sshUser = "tlater";
|
|
|
|
|
sshOpts = [
|
|
|
|
|
"-p"
|
|
|
|
|
"2222"
|
|
|
|
|
"-o"
|
|
|
|
|
"ForwardAgent=yes"
|
|
|
|
|
];
|
2024-06-28 19:12:55 +01:00
|
|
|
};
|
2024-03-02 01:27:24 +00:00
|
|
|
};
|
2022-10-13 00:31:08 +01:00
|
|
|
|
|
|
|
|
#########
|
|
|
|
|
# Tests #
|
|
|
|
|
#########
|
|
|
|
|
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
2024-06-28 19:12:55 +01:00
|
|
|
|
2024-08-18 16:36:45 +01:00
|
|
|
###########################
|
|
|
|
|
# Garbage collection root #
|
|
|
|
|
###########################
|
|
|
|
|
|
2025-01-23 16:35:23 +00:00
|
|
|
packages.${system} =
|
|
|
|
|
let
|
|
|
|
|
localPkgs = import ./pkgs { inherit pkgs; };
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
default = vm.config.system.build.vm;
|
|
|
|
|
crowdsec = pkgs.callPackage "${inputs.nixpkgs-crowdsec}/pkgs/by-name/cr/crowdsec/package.nix" { };
|
|
|
|
|
crowdsec-hub = localPkgs.crowdsec.hub;
|
|
|
|
|
crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer;
|
|
|
|
|
};
|
2024-08-18 16:36:45 +01:00
|
|
|
|
2022-11-05 16:00:50 +00:00
|
|
|
###################
|
|
|
|
|
# Utility scripts #
|
|
|
|
|
###################
|
2024-03-27 00:17:26 +00:00
|
|
|
apps.${system} = {
|
|
|
|
|
default = self.apps.${system}.run-vm;
|
2024-06-28 19:12:55 +01:00
|
|
|
|
2024-03-27 00:17:26 +00:00
|
|
|
run-vm = {
|
|
|
|
|
type = "app";
|
|
|
|
|
program =
|
|
|
|
|
let
|
|
|
|
|
in
|
|
|
|
|
(pkgs.writeShellScript "" ''
|
|
|
|
|
${vm.config.system.build.vm.outPath}/bin/run-testvm-vm
|
|
|
|
|
'').outPath;
|
2023-01-11 01:59:35 +00:00
|
|
|
};
|
2025-01-23 16:35:23 +00:00
|
|
|
|
|
|
|
|
update-crowdsec-packages =
|
|
|
|
|
let
|
|
|
|
|
git = pkgs.lib.getExe pkgs.git;
|
|
|
|
|
nvfetcher = pkgs.lib.getExe pkgs.nvfetcher;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
type = "app";
|
|
|
|
|
program =
|
|
|
|
|
(pkgs.writeShellScript "update-crowdsec-packages" ''
|
|
|
|
|
cd "$(${git} rev-parse --show-toplevel)"
|
|
|
|
|
cd ./pkgs/crowdsec
|
|
|
|
|
${nvfetcher}
|
|
|
|
|
echo 'Remember to update the vendorHash of any go packages!'
|
|
|
|
|
'').outPath;
|
|
|
|
|
};
|
2022-10-17 11:00:02 +01:00
|
|
|
};
|
2022-10-12 13:11:11 +01:00
|
|
|
|
2022-10-13 00:03:32 +01:00
|
|
|
###########################
|
|
|
|
|
# Development environment #
|
|
|
|
|
###########################
|
2022-10-22 20:01:44 +01:00
|
|
|
devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell {
|
|
|
|
|
sopsPGPKeyDirs = [
|
|
|
|
|
"./keys/hosts/"
|
|
|
|
|
"./keys/users/"
|
|
|
|
|
];
|
|
|
|
|
nativeBuildInputs = [ sops-nix.packages.${system}.sops-import-keys-hook ];
|
2024-06-28 19:12:55 +01:00
|
|
|
|
2024-04-30 05:09:04 +01:00
|
|
|
packages = with pkgs; [
|
2022-10-22 20:01:44 +01:00
|
|
|
sops-nix.packages.${system}.sops-init-gpg-key
|
|
|
|
|
deploy-rs.packages.${system}.default
|
2024-06-28 19:12:55 +01:00
|
|
|
|
|
|
|
|
nixpkgs-fmt
|
|
|
|
|
|
2024-04-30 05:09:04 +01:00
|
|
|
cargo
|
|
|
|
|
clippy
|
|
|
|
|
rustc
|
|
|
|
|
rustfmt
|
|
|
|
|
rust-analyzer
|
|
|
|
|
pkg-config
|
|
|
|
|
openssl
|
2022-10-22 20:01:44 +01:00
|
|
|
];
|
2024-06-28 19:12:55 +01:00
|
|
|
};
|
2022-10-22 20:01:44 +01:00
|
|
|
};
|
2021-04-12 01:35:24 +01:00
|
|
|
}
|
