From 669b87efe9f9e1b9a9954d94f032bb46bd6d36ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Thu, 13 Oct 2022 00:03:32 +0100 Subject: [PATCH] treewide: Refactor in order to clean up flake.nix --- configuration/default.nix | 12 ++ .../linode/default.nix} | 0 .../linode}/hardware-configuration.nix | 0 configuration/hardware-specific/vm.nix | 17 +++ flake.lock | 17 --- flake.nix | 139 ++++++++---------- lib/default.nix | 10 ++ 7 files changed, 97 insertions(+), 98 deletions(-) rename configuration/{linode.nix => hardware-specific/linode/default.nix} (100%) rename configuration/{ => hardware-specific/linode}/hardware-configuration.nix (100%) create mode 100644 configuration/hardware-specific/vm.nix create mode 100644 lib/default.nix diff --git a/configuration/default.nix b/configuration/default.nix index 8f51f0b..cc51bac 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -1,9 +1,13 @@ { pkgs, lib, + modulesPath, ... }: { imports = [ + "${modulesPath}/profiles/headless.nix" + (import ../modules) + ./services/gitea.nix ./services/nextcloud.nix ./services/webserver.nix @@ -12,6 +16,14 @@ ./sops.nix ]; + nixpkgs.overlays = [ + (final: prev: { + local = import ../pkgs { + pkgs = prev; + }; + }) + ]; + nix = { package = pkgs.nixFlakes; extraOptions = '' diff --git a/configuration/linode.nix b/configuration/hardware-specific/linode/default.nix similarity index 100% rename from configuration/linode.nix rename to configuration/hardware-specific/linode/default.nix diff --git a/configuration/hardware-configuration.nix b/configuration/hardware-specific/linode/hardware-configuration.nix similarity index 100% rename from configuration/hardware-configuration.nix rename to configuration/hardware-specific/linode/hardware-configuration.nix diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix new file mode 100644 index 0000000..aed39e4 --- /dev/null +++ b/configuration/hardware-specific/vm.nix @@ -0,0 +1,17 @@ +{lib, ...}: { + users.users.tlater.password = "insecure"; + + # Disable graphical tty so -curses works + boot.kernelParams = ["nomodeset"]; + + # Sets the base domain for nginx to localhost so that we + # can easily test locally with the VM. + services.nginx.domain = lib.mkOverride 99 "localhost"; + + # Use the staging secrets + sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml; + + # # Set up VM settings to match real VPS + # virtualisation.memorySize = 3941; + # virtualisation.cores = 2; +} diff --git a/flake.lock b/flake.lock index 11b5c2c..c44d4a0 100644 --- a/flake.lock +++ b/flake.lock @@ -190,22 +190,6 @@ "type": "indirect" } }, - "nixos-hardware": { - "locked": { - "lastModified": 1665321371, - "narHash": "sha256-0SO6MTW0bX6lxZmz1AZW/Xmk+hnTd7/hp1vF7Tp7jg0=", - "owner": "nixos", - "repo": "nixos-hardware", - "rev": "236ba4df714131059945d7754c0aa3fbe9d2f74c", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "master", - "repo": "nixos-hardware", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1665466769, @@ -299,7 +283,6 @@ }, "root": { "inputs": { - "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix", "tlaternet-webserver": "tlaternet-webserver" diff --git a/flake.nix b/flake.nix index 5603e08..a67b314 100644 --- a/flake.nix +++ b/flake.nix @@ -3,12 +3,10 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05"; - nixos-hardware.url = "github:nixos/nixos-hardware/master"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - tlaternet-webserver = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git"; inputs.nixpkgs.follows = "nixpkgs"; @@ -18,118 +16,97 @@ outputs = { self, nixpkgs, - nixos-hardware, sops-nix, tlaternet-webserver, }: let system = "x86_64-linux"; - - overlays = [ - (final: prev: { - local = import ./pkgs { - pkgs = prev; - }; - }) - ]; - - pkgs = import nixpkgs {inherit system overlays;}; - sops-pkgs = sops-nix.packages.${system}; in { - nixosConfigurations = { - tlaternet = nixpkgs.lib.nixosSystem { - inherit system; - - modules = [ - ({modulesPath, ...}: { - imports = [(modulesPath + "/profiles/headless.nix")]; - nixpkgs.overlays = overlays; - }) - (import ./modules) - - (import ./configuration) - (import ./configuration/linode.nix) - (import ./configuration/hardware-configuration.nix) + ################## + # Configurations # + ################## + nixosConfigurations = let + # Modules that should be generic to all systems + genericModule = {...}: { + imports = [ + # Inject flake dependencies sops-nix.nixosModules.sops tlaternet-webserver.nixosModules.default + + # Import actual configuration + (import ./configuration) + ]; + }; + in { + # The actual system definition + tlaternet = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + genericModule + (import ./configuration/hardware-specific/linode) ]; }; + # A qemu VM to test the above with vm = nixpkgs.lib.nixosSystem { inherit system; - modules = [ - ({modulesPath, ...}: { - imports = [(modulesPath + "/profiles/headless.nix")]; - nixpkgs.overlays = overlays; - }) - (import ./modules) - - (import ./configuration) - sops-nix.nixosModules.sops - tlaternet-webserver.nixosModules.default - ({lib, ...}: { - users.users.tlater.password = "insecure"; - - # Disable graphical tty so -curses works - boot.kernelParams = ["nomodeset"]; - - # Sets the base domain for nginx to localhost so that we - # can easily test locally with the VM. - services.nginx.domain = lib.mkOverride 99 "localhost"; - - # Use the staging secrets - sops.defaultSopsFile = lib.mkOverride 99 ./keys/staging.yaml; - - # # Set up VM settings to match real VPS - # virtualisation.memorySize = 3941; - # virtualisation.cores = 2; - }) + genericModule + (import ./configuration/hardware-specific/vm.nix) ]; }; }; + #################### + # Helper functions # + #################### + lib = import ./lib {lib = nixpkgs.lib;}; + + #################### + # VM launch script # + #################### apps.${system}.default = let inherit (self.nixosConfigurations.vm.config.system.build) vm; inherit (nixpkgs.legacyPackages.${system}) writeShellScript; - inherit (nixpkgs.lib.attrsets) mapAttrsToList; - inherit (nixpkgs.lib.strings) concatStringsSep; - ports = { + qemuNetOpts = self.lib.makeQemuNetOpts { "2222" = "2222"; "3080" = "80"; "3443" = "443"; - "2221" = "2221"; "21025" = "21025"; # Starbound }; - QEMU_NET_OPTS = - concatStringsSep "," - (mapAttrsToList - (host: vm: "hostfwd=::${host}-:${vm}") - ports); in { type = "app"; program = builtins.toString (writeShellScript "run-vm" '' export QEMU_OPTS="-m 3941 -smp 2 -curses" - export QEMU_NET_OPTS="${QEMU_NET_OPTS}" + export QEMU_NET_OPTS="${qemuNetOpts}" "${vm}/bin/run-tlaternet-vm" ''); }; - devShells.${system}.default = pkgs.mkShell { - sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"]; - nativeBuildInputs = [ - sops-pkgs.sops-import-keys-hook - ]; - buildInputs = with pkgs; [ - nixfmt - git-lfs - sops-pkgs.sops-init-gpg-key - ]; + ########################### + # Development environment # + ########################### + devShells.${system}.default = let + inherit (sops-nix.packages.${system}) sops-import-keys-hook sops-init-gpg-key; + deploy-rs-bin = deploy-rs.packages.${system}.default; + pkgs = nixpkgs.legacyPackages.${system}; + in + nixpkgs.legacyPackages.${system}.mkShell { + sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"]; + nativeBuildInputs = [ + sops-import-keys-hook + ]; + packages = with pkgs; [ + nixfmt + git-lfs + sops-init-gpg-key + deploy-rs-bin + ]; - shellHook = '' - # Work around sudo requiring a full terminal when deploying to - # a remote host - export NIX_SSHOPTS="-t" - ''; - }; + shellHook = '' + # Work around sudo requiring a full terminal when deploying to + # a remote host + export NIX_SSHOPTS="-t" + ''; + }; }; } diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..20d874d --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,10 @@ +{lib}: let + inherit (lib.attrsets) mapAttrsToList; + inherit (lib.strings) concatStringsSep; +in { + makeQemuNetOpts = portMapping: + concatStringsSep "," + (mapAttrsToList + (host: vm: "hostfwd=::${host}-:${vm}") + portMapping); +}