daniel/dotfiles
1
0
Fork 0
Code Activity Actions

all: switch back to deploy-rs
All checks were successful
Build / build-amd64-linux (push) Successful in 28s
Details
Build / build-arm64-linux (push) Successful in 57s
Details

Browse source
This commit is contained in:
Daniel Kempkens 2024-07-23 22:03:30 +02:00
parent e892312ecd
commit 2b55805176
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
10 changed files with 187 additions and 125 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
flake.lock
View file

@ -72,6 +72,28 @@
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -141,6 +163,22 @@
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@ -212,7 +250,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
@ -230,7 +268,7 @@
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
@ -381,7 +419,7 @@
},
"neovim-nightly-overlay": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-parts": [
"flake-parts"
],
@ -574,7 +612,7 @@
"nifoc-overlay",
"nixpkgs"
],
"systems": "systems_4",
"systems": "systems_5",
"treefmt-nix": "treefmt-nix"
},
"locked": {
@ -593,7 +631,7 @@
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
@ -618,6 +656,7 @@
"inputs": {
"agenix": "agenix",
"attic": "attic",
"deploy-rs": "deploy-rs",
"disko": "disko",
"flake-parts": "flake-parts",
"flake-root": "flake-root",
@ -679,6 +718,21 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -733,6 +787,24 @@
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

45
flake.nix
View file

@ -16,6 +16,11 @@
flake-root.url = "github:srid/flake-root";
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
@ -82,12 +87,13 @@
};
};
outputs = inputs@{ self, flake-parts, ... }:
outputs = inputs@{ flake-parts, lix-module, deploy-rs, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
flake =
let
Styx = import ./system/flakes/Styx.nix {
inherit (inputs) nixpkgs lix-module home-manager nix-darwin agenix;
inherit (inputs) nixpkgs home-manager nix-darwin agenix;
inherit lix-module;
inherit inputs;
};
@ -98,6 +104,7 @@
mediaserver = import ./system/flakes/mediaserver.nix {
inherit (inputs) nixpkgs home-manager agenix;
inherit lix-module;
inherit inputs;
};
@ -107,8 +114,8 @@
};
neon = import ./system/flakes/neon.nix {
inherit (inputs) nixpkgs nixos-hardware home-manager agenix;
inherit inputs;
inherit (inputs) nixpkgs nixos-hardware home-manager agenix neovim-nightly-overlay nifoc-overlay;
inherit lix-module;
};
adsb-antenna = import ./system/flakes/adsb-antenna.nix {
@ -129,26 +136,20 @@
adsb-antenna = adsb-antenna.system;
};
colmena =
deploy.nodes =
let
nixosConf = self.nixosConfigurations;
mkDeployConfig = node: node.deployment // {
profiles.system = {
path = deploy-rs.lib.${node.arch}.activate.nixos node.system;
};
};
in
{
meta = {
# Since I'm only deploying from Styx ...
nixpkgs = import inputs.nixpkgs {
system = "aarch64-darwin";
};
nodeNixpkgs = builtins.mapAttrs (_name: value: value.pkgs) nixosConf;
nodeSpecialArgs = builtins.mapAttrs (_name: value: value._module.specialArgs) nixosConf;
};
tanker = tanker.colmena;
mediaserver = mediaserver.colmena;
argon = argon.colmena;
neon = neon.colmena;
adsb-antenna = adsb-antenna.colmena;
tanker = mkDeployConfig tanker;
mediaserver = mkDeployConfig mediaserver;
argon = mkDeployConfig argon;
neon = mkDeployConfig neon;
adsb-antenna = mkDeployConfig adsb-antenna;
};
};
@ -199,7 +200,7 @@
packages = [
inputs'.agenix.packages.agenix
pkgs.colmena
inputs'.deploy-rs.packages.default
pkgs.nix-output-monitor
];

5
home/programs/scripts/nixpkgs-switch
View file

@ -35,7 +35,10 @@ if test "$other_hostname" = ""
end
else
git pull
colmena apply --on $other_hostname -v
nom build --eval-store auto --store "ssh-ng://$other_hostname.ts.kempkens.network" ".#nixosConfigurations.$other_hostname.config.system.build.toplevel"
if test $status -eq 0
deploy --skip-checks ".#$other_hostname"
end
end
if test $status -eq 0

21
system/flakes/adsb-antenna.nix
View file

@ -20,7 +20,9 @@ let
};
};
in
rec {
{
arch = default-system;
system = nixpkgs.lib.nixosSystem {
system = default-system;
modules = [
@ -44,16 +46,13 @@ rec {
];
};
colmena = {
deployment = {
targetHost = "adsb-antenna";
targetPort = 22;
targetUser = "root";
deployment = {
hostname = "adsb-antenna";
sshUser = "root";
remoteBuild = false;
autoRollback = false;
magicRollback = false;
tags = [ "home" "rpi4" ];
};
nixpkgs.system = default-system;
imports = system._module.args.modules;
activationTimeout = 600;
};
}

27
system/flakes/argon.nix
View file

@ -3,7 +3,6 @@
let
default-system = "aarch64-linux";
nixpkgsConfig = {
overlays = [
inputs.neovim-nightly-overlay.overlays.default
@ -14,13 +13,13 @@ let
allowUnfree = true;
allowBroken = true;
permittedInsecurePackages = [
"openssl-1.1.1t"
];
permittedInsecurePackages = [ ];
};
};
in
rec {
{
arch = default-system;
system = nixpkgs.lib.nixosSystem {
system = default-system;
modules = [
@ -46,17 +45,11 @@ rec {
];
};
colmena = {
deployment = {
targetHost = "argon";
targetPort = 22;
targetUser = "root";
buildOnTarget = true;
tags = [ "home" "rpi4" ];
};
nixpkgs.system = default-system;
imports = system._module.args.modules;
deployment = {
hostname = "argon";
sshUser = "root";
remoteBuild = true;
autoRollback = false;
magicRollback = false;
};
}

49
system/flakes/mediaserver.nix
View file

@ -1,4 +1,4 @@
{ nixpkgs, home-manager, agenix, inputs, ... }:
{ nixpkgs, lix-module, home-manager, agenix, inputs, ... }:
let
default-system = "x86_64-linux";
@ -13,47 +13,46 @@ let
allowUnfree = true;
allowBroken = true;
permittedInsecurePackages = [
"openssl-1.1.1t"
];
permittedInsecurePackages = [ ];
};
};
in
rec {
{
arch = default-system;
system = nixpkgs.lib.nixosSystem {
system = default-system;
modules = [
../hosts/mediaserver.nix
home-manager.nixosModules.home-manager
agenix.nixosModules.default
{
nixpkgs = nixpkgsConfig;
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
nix.registry.nixpkgs.flake = nixpkgs;
nix = {
registry.nixpkgs.to = { type = "path"; path = nixpkgs.outPath; };
nixPath = nixpkgs.lib.mkForce [ "nixpkgs=flake:nixpkgs" ];
};
}
lix-module.nixosModules.default
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.daniel = import ../../home/hosts/mediaserver.nix;
};
}
agenix.nixosModules.default
../hosts/mediaserver.nix
];
};
colmena = {
deployment = {
targetHost = "mediaserver";
targetPort = 22;
targetUser = "root";
buildOnTarget = true;
tags = [ "home" ];
};
nixpkgs.system = default-system;
imports = system._module.args.modules;
deployment = {
hostname = "mediaserver";
sshUser = "root";
remoteBuild = true;
autoRollback = false;
magicRollback = false;
};
}

53
system/flakes/neon.nix
View file

@ -1,61 +1,60 @@
{ nixpkgs, nixos-hardware, home-manager, agenix, inputs, ... }:
{ nixpkgs, lix-module, nixos-hardware, home-manager, agenix, neovim-nightly-overlay, nifoc-overlay }:
let
default-system = "aarch64-linux";
nixpkgsConfig = {
overlays = [
inputs.neovim-nightly-overlay.overlays.default
inputs.nifoc-overlay.overlay
neovim-nightly-overlay.overlays.default
nifoc-overlay.overlay
];
config = {
allowUnfree = true;
allowBroken = true;
permittedInsecurePackages = [
"openssl-1.1.1t"
];
permittedInsecurePackages = [ ];
};
};
in
rec {
{
arch = default-system;
system = nixpkgs.lib.nixosSystem {
system = default-system;
modules = [
../hosts/neon.nix
{
nixpkgs = nixpkgsConfig;
nix = {
registry.nixpkgs.to = { type = "path"; path = nixpkgs.outPath; };
nixPath = nixpkgs.lib.mkForce [ "nixpkgs=flake:nixpkgs" ];
};
}
nixos-hardware.nixosModules.raspberry-pi-4
lix-module.nixosModules.default
home-manager.nixosModules.home-manager
agenix.nixosModules.default
{
nixpkgs = nixpkgsConfig;
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
nix.registry.nixpkgs.flake = nixpkgs;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.daniel = import ../../home/hosts/neon.nix;
};
}
agenix.nixosModules.default
../hosts/neon.nix
];
};
colmena = {
deployment = {
targetHost = "neon";
targetPort = 22;
targetUser = "root";
buildOnTarget = true;
tags = [ "home" "rpi4" ];
};
nixpkgs.system = default-system;
imports = system._module.args.modules;
deployment = {
hostname = "neon";
sshUser = "root";
remoteBuild = true;
autoRollback = false;
magicRollback = false;
};
}

22
system/flakes/tanker.nix
View file

@ -18,7 +18,9 @@ let
};
};
in
rec {
{
arch = default-system;
system = nixpkgs.lib.nixosSystem {
system = default-system;
modules = [
@ -49,17 +51,11 @@ rec {
];
};
colmena = {
deployment = {
targetHost = "tanker";
targetPort = 22;
targetUser = "root";
buildOnTarget = true;
tags = [ "remote" ];
};
nixpkgs.system = default-system;
imports = system._module.args.modules;
deployment = {
hostname = "tanker";
sshUser = "root";
remoteBuild = true;
autoRollback = false;
magicRollback = false;
};
}

4
system/hosts/mediaserver.nix
View file

@ -55,8 +55,6 @@ in
system.stateVersion = "22.11";
nix = {
package = pkgs.nixVersions.stable;
settings = {
experimental-features = [ "nix-command" "flakes" ];
extra-platforms = [ "aarch64-linux" ];
@ -71,6 +69,7 @@ in
"https://attic.cache.daniel.sx/nifoc-ci?priority=35"
"https://nix-community.cachix.org?priority=50"
"https://cache.garnix.io?priority=60"
"https://cache.lix.systems?priority=70"
];
extra-trusted-public-keys = [
@ -78,6 +77,7 @@ in
"nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
trusted-users = [

4
system/hosts/neon.nix
View file

@ -34,8 +34,6 @@ in
system.stateVersion = "23.11";
nix = {
package = pkgs.nixVersions.stable;
settings = {
experimental-features = [ "nix-command" "flakes" ];
@ -49,6 +47,7 @@ in
"https://attic.cache.daniel.sx/nifoc-ci?priority=35"
"https://nix-community.cachix.org?priority=50"
"https://cache.garnix.io?priority=60"
"https://cache.lix.systems?priority=70"
];
extra-trusted-public-keys = [
@ -56,6 +55,7 @@ in
"nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
connect-timeout = 5;