From e512e73b5eb66de52f04aaa996d6cce67c0d90c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 12 Oct 2022 01:17:49 +0100 Subject: [PATCH] flake.nix: Clean up and refactor --- flake.lock | 30 ++++++--- flake.nix | 191 ++++++++++++++++++++++++----------------------------- 2 files changed, 107 insertions(+), 114 deletions(-) diff --git a/flake.lock b/flake.lock index 5c75d61..c6f9923 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,26 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -70,7 +85,6 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix", @@ -125,9 +139,7 @@ }, "tlaternet-templates": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] @@ -148,9 +160,7 @@ }, "tlaternet-webserver": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_2", "naersk": "naersk", "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index 1ae56cc..e1f2353 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,6 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11"; nixos-hardware.url = "github:nixos/nixos-hardware/master"; - flake-utils.url = "github:numtide/flake-utils"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -12,17 +11,11 @@ tlaternet-webserver = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; + inputs.nixpkgs.follows = "nixpkgs"; }; tlaternet-templates = { url = "git+https://gitea.tlater.net/tlaternet/tlaternet-templates.git"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; + inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -30,12 +23,12 @@ self, nixpkgs, nixos-hardware, - flake-utils, sops-nix, tlaternet-webserver, tlaternet-templates, - ... - } @ inputs: let + }: let + system = "x86_64-linux"; + overlays = [ (final: prev: { tlaternet-webserver = @@ -47,102 +40,92 @@ }; }) ]; - in - { - nixosConfigurations = { - tlaternet = let - system = "x86_64-linux"; - in - nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - ({modulesPath, ...}: { - imports = [(modulesPath + "/profiles/headless.nix")]; - nixpkgs.overlays = overlays; - }) - (import ./modules) + pkgs = import nixpkgs {inherit system overlays;}; + sops-pkgs = sops-nix.packages.${system}; + in { + nixosConfigurations = { + tlaternet = nixpkgs.lib.nixosSystem { + inherit system; - (import ./configuration) - (import ./configuration/linode.nix) - (import ./configuration/hardware-configuration.nix) - sops-nix.nixosModules.sops - ]; - }; + modules = [ + ({modulesPath, ...}: { + imports = [(modulesPath + "/profiles/headless.nix")]; + nixpkgs.overlays = overlays; + }) + (import ./modules) - vm = let - system = "x86_64-linux"; - in - nixpkgs.lib.nixosSystem { - inherit system; - - modules = [ - ({modulesPath, ...}: { - imports = [(modulesPath + "/profiles/headless.nix")]; - nixpkgs.overlays = overlays; - }) - (import ./modules) - - (import ./configuration) - sops-nix.nixosModules.sops - ({lib, ...}: { - users.users.tlater.password = "insecure"; - - # Disable graphical tty so -curses works - boot.kernelParams = ["nomodeset"]; - - # Sets the base domain for nginx to localhost so that we - # can easily test locally with the VM. - services.nginx.domain = lib.mkOverride 99 "localhost"; - - # # Set up VM settings to match real VPS - # virtualisation.memorySize = 3941; - # virtualisation.cores = 2; - }) - ]; - }; - }; - } - // flake-utils.lib.eachDefaultSystem (system: let - pkgs = import nixpkgs {inherit system overlays;}; - sops-pkgs = sops-nix.packages.${system}; - in { - devShell = pkgs.mkShell { - sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"]; - nativeBuildInputs = with sops-pkgs; [ - sops-import-keys-hook + (import ./configuration) + (import ./configuration/linode.nix) + (import ./configuration/hardware-configuration.nix) + sops-nix.nixosModules.sops ]; - buildInputs = with pkgs; - with sops-pkgs; [ - nixfmt - git-lfs - sops-init-gpg-key - ]; - shellHook = let - inherit (pkgs.lib.attrsets) mapAttrsToList; - inherit (pkgs.lib.strings) concatStringsSep; - ports = { - "3022" = "2222"; - "3080" = "80"; - "3443" = "443"; - "3021" = "2221"; - "25565" = "25565"; - "21025" = "21025"; # Starbound - }; - QEMU_NET_OPTS = - concatStringsSep "," - (mapAttrsToList - (host: vm: "hostfwd=::${host}-:${vm}") - ports); - in '' - export QEMU_OPTS="-m 3941 -smp 2 -curses" - export QEMU_NET_OPTS="${QEMU_NET_OPTS}" - - # Work around sudo requiring a full terminal - export NIX_SSHOPTS="-t" - ''; }; - packages = import ./pkgs {inherit pkgs;}; - }); + vm = nixpkgs.lib.nixosSystem { + inherit system; + + modules = [ + ({modulesPath, ...}: { + imports = [(modulesPath + "/profiles/headless.nix")]; + nixpkgs.overlays = overlays; + }) + (import ./modules) + + (import ./configuration) + sops-nix.nixosModules.sops + ({lib, ...}: { + users.users.tlater.password = "insecure"; + + # Disable graphical tty so -curses works + boot.kernelParams = ["nomodeset"]; + + # Sets the base domain for nginx to localhost so that we + # can easily test locally with the VM. + services.nginx.domain = lib.mkOverride 99 "localhost"; + + # # Set up VM settings to match real VPS + # virtualisation.memorySize = 3941; + # virtualisation.cores = 2; + }) + ]; + }; + }; + + devShells.${system}.default = pkgs.mkShell { + sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"]; + nativeBuildInputs = [ + sops-pkgs.sops-import-keys-hook + ]; + buildInputs = with pkgs; [ + nixfmt + git-lfs + sops-pkgs.sops-init-gpg-key + ]; + + shellHook = let + inherit (pkgs.lib.attrsets) mapAttrsToList; + inherit (pkgs.lib.strings) concatStringsSep; + ports = { + "2222" = "2222"; + "3080" = "80"; + "3443" = "443"; + "2221" = "2221"; + "21025" = "21025"; # Starbound + }; + QEMU_NET_OPTS = + concatStringsSep "," + (mapAttrsToList + (host: vm: "hostfwd=::${host}-:${vm}") + ports); + in '' + export QEMU_OPTS="-m 3941 -smp 2 -curses" + export QEMU_NET_OPTS="${QEMU_NET_OPTS}" + + # Work around sudo requiring a full terminal when deploying to + # a remote host + export NIX_SSHOPTS="-t" + ''; + }; + }; }