Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/fa5746ecea1772cf59b3f34c5816ab3531478142?narHash=sha256-xFnU%2BuUl48Icas2wPQ%2BZzlL2O3n8f6J2LrzNK9f2nng%3D' (2025-02-15) → 'github:nix-community/disko/15dbf8cebd8e2655a883b74547108e089f051bf0?narHash=sha256-lSOXdgW/1zi/SSu7xp71v%2B55D5Egz8ACv0STkj7fhbs%3D' (2025-02-18) • Updated input 'foundryvtt': 'github:reckenrode/nix-foundryvtt/0a72a4bf64224c6584fd1b9e9f0012dd09af979a?narHash=sha256-vM9C1gFiQGa3nTYqmTBI8MoiUfprkQdepUBbxV7ECMQ%3D' (2025-01-17) → 'github:reckenrode/nix-foundryvtt/a7fa493ba2c623cf90e83756b62285b3b58f18d2?narHash=sha256-u3m%2BawbdL%2B0BKk8IWidsWMr%2BR0ian3GZMUlH7623kd8%3D' (2025-02-16) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/30d4471a8a2a13b716530d3aad60b9846ea5ff83?narHash=sha256-jGiez5BtGGJUB/LXzRa%2B4AQurMO9acc1B69kBfgQhJc%3D' (2025-02-15) → 'github:nixos/nixpkgs/11415c7ae8539d6292f2928317ee7a8410b28bb9?narHash=sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM%3D' (2025-02-21) • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/31ff66eb77d02e9ac34b7256a02edb1c43fb9998?narHash=sha256-3bnOIZz8KXtzcaXGuH9Eriv0HiQyr1EIfcye%2BVHLQZE%3D' (2025-02-15) → 'github:nixos/nixpkgs/8465e233b0668cf162c608a92e62e8d78c1ba7e4?narHash=sha256-wzBbGGZ6i1VVBA/cDJaLfuuGYCUriD7fwsLgJJHRVRk%3D' (2025-02-22)
171 lines
4.3 KiB
Nix
171 lines
4.3 KiB
Nix
{
|
|
description = "tlater.net host configuration";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
|
disko = {
|
|
url = "github:nix-community/disko";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
|
sops-nix = {
|
|
url = "github:Mic92/sops-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
tlaternet-webserver = {
|
|
url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
foundryvtt = {
|
|
url = "github:reckenrode/nix-foundryvtt";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
sonnenshift = {
|
|
url = "git+ssh://git@github.com/sonnenshift/battery-manager";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs,
|
|
sops-nix,
|
|
deploy-rs,
|
|
...
|
|
}@inputs:
|
|
let
|
|
system = "x86_64-linux";
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
|
|
vm = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs.flake-inputs = inputs;
|
|
|
|
modules = [
|
|
./configuration
|
|
./configuration/hardware-specific/vm.nix
|
|
];
|
|
};
|
|
in
|
|
{
|
|
##################
|
|
# Configurations #
|
|
##################
|
|
nixosConfigurations = {
|
|
# The actual system definition
|
|
hetzner-1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs.flake-inputs = inputs;
|
|
|
|
modules = [
|
|
./configuration
|
|
./configuration/hardware-specific/hetzner
|
|
];
|
|
};
|
|
};
|
|
|
|
############################
|
|
# Deployment configuration #
|
|
############################
|
|
deploy.nodes = {
|
|
hetzner-1 = {
|
|
hostname = "116.202.158.55";
|
|
|
|
profiles.system = {
|
|
user = "root";
|
|
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.hetzner-1;
|
|
};
|
|
|
|
sshUser = "tlater";
|
|
sshOpts = [
|
|
"-p"
|
|
"2222"
|
|
"-o"
|
|
"ForwardAgent=yes"
|
|
];
|
|
};
|
|
};
|
|
|
|
#########
|
|
# Tests #
|
|
#########
|
|
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
|
|
|
###########################
|
|
# Garbage collection root #
|
|
###########################
|
|
|
|
packages.${system} =
|
|
let
|
|
localPkgs = import ./pkgs { inherit pkgs; };
|
|
in
|
|
{
|
|
default = vm.config.system.build.vm;
|
|
crowdsec-hub = localPkgs.crowdsec.hub;
|
|
crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer;
|
|
};
|
|
|
|
###################
|
|
# Utility scripts #
|
|
###################
|
|
apps.${system} = {
|
|
default = self.apps.${system}.run-vm;
|
|
|
|
run-vm = {
|
|
type = "app";
|
|
program =
|
|
let
|
|
in
|
|
(pkgs.writeShellScript "" ''
|
|
${vm.config.system.build.vm.outPath}/bin/run-testvm-vm
|
|
'').outPath;
|
|
};
|
|
|
|
update-crowdsec-packages =
|
|
let
|
|
git = pkgs.lib.getExe pkgs.git;
|
|
nvfetcher = pkgs.lib.getExe pkgs.nvfetcher;
|
|
in
|
|
{
|
|
type = "app";
|
|
program =
|
|
(pkgs.writeShellScript "update-crowdsec-packages" ''
|
|
cd "$(${git} rev-parse --show-toplevel)"
|
|
cd ./pkgs/crowdsec
|
|
${nvfetcher}
|
|
echo 'Remember to update the vendorHash of any go packages!'
|
|
'').outPath;
|
|
};
|
|
};
|
|
|
|
###########################
|
|
# Development environment #
|
|
###########################
|
|
devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell {
|
|
sopsPGPKeyDirs = [
|
|
"./keys/hosts/"
|
|
"./keys/users/"
|
|
];
|
|
nativeBuildInputs = [ sops-nix.packages.${system}.sops-import-keys-hook ];
|
|
|
|
packages = with pkgs; [
|
|
sops-nix.packages.${system}.sops-init-gpg-key
|
|
deploy-rs.packages.${system}.default
|
|
|
|
nixpkgs-fmt
|
|
|
|
cargo
|
|
clippy
|
|
rustc
|
|
rustfmt
|
|
rust-analyzer
|
|
pkg-config
|
|
openssl
|
|
];
|
|
};
|
|
};
|
|
}
|