diff --git a/.envrc b/.envrc index 18f695a..1678f0e 100644 --- a/.envrc +++ b/.envrc @@ -1,2 +1,4 @@ -use nix -watch_file nix/* +use flake +watch_file flake.nix + +export NIXOPS_DEPLOYMENT=jfdic-ops diff --git a/default.nix b/default.nix deleted file mode 100644 index e309c7a..0000000 --- a/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - sources ? import ./nix/sources.nix, - system ? builtins.currentSystem, - crossSystem ? null, - config ? {}, - alejandraUnstable ? (import sources.nixpkgsUnstable {}).alejandra, -} @ args: -with import ./nix args; { - shell = mkShell { - inherit (import sources.niv {}) niv; - buildInputs = [ - alejandraUnstable # The Uncompromising Nix Code Formatter - niv - nixopsUnstable # work around for issue #127423 - treefmt # one CLI to format the code tree - ]; - NIX_PATH = "nixpkgs=${sources.nixpkgs}"; - NIXOPS_DEPLOYMENT = "${globals.deploymentName}"; - }; -} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..5ce6f2b --- /dev/null +++ b/flake.lock @@ -0,0 +1,254 @@ +{ + "nodes": { + "hakyll-skeleton": { + "flake": false, + "locked": { + "lastModified": 1656491537, + "narHash": "sha256-bC8ND81E0Sq7i+7btoSzhpCB75oHoa3eEcFvvG8XB4g=", + "ref": "consensus", + "rev": "c0df6f6abed90c66e2eff2106ce89bac0a3344db", + "revCount": 3, + "type": "git", + "url": "https://source.jfdic.org/jfdic/hakyll-skeleton/" + }, + "original": { + "ref": "consensus", + "type": "git", + "url": "https://source.jfdic.org/jfdic/hakyll-skeleton/" + } + }, + "jfdic-web": { + "flake": false, + "locked": { + "lastModified": 1656489989, + "narHash": "sha256-cLsW+iddrxLyfUTV/uZTiXgmL8ZQ3cKG4NfKThc2tds=", + "ref": "consensus", + "rev": "6765cb4251eef6d660b761f7f40f99dbf51a739f", + "revCount": 31, + "type": "git", + "url": "https://source.jfdic.org/JFDIC/jfdic-web/" + }, + "original": { + "ref": "consensus", + "type": "git", + "url": "https://source.jfdic.org/JFDIC/jfdic-web/" + } + }, + "lowdown-src": { + "flake": false, + "locked": { + "lastModified": 1633514407, + "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", + "owner": "kristapsdz", + "repo": "lowdown", + "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", + "type": "github" + }, + "original": { + "owner": "kristapsdz", + "repo": "lowdown", + "type": "github" + } + }, + "nix": { + "inputs": { + "lowdown-src": "lowdown-src", + "nixpkgs": "nixpkgs", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1657886512, + "narHash": "sha256-B9EyDUz/9tlcWwf24lwxCFmkxuPTVW7HFYvp0C4xGbc=", + "owner": "NixOS", + "repo": "nix", + "rev": "0b62dab6db3da5b20e62697b14aaaf80f1a2eea6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "2.10.3", + "repo": "nix", + "type": "github" + } + }, + "nixops": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1657388807, + "narHash": "sha256-MtTM5KUHIDqnY254chIOp00EmsbYsXR3mXrnbbY4wg0=", + "owner": "NixOS", + "repo": "nixops", + "rev": "dcafae5258773dc0fbdd31b425f1ad3fb59173fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixops", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1657693803, + "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "365e1b3a859281cf11b94f87231adeabbdd878a2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgsUnstable": { + "locked": { + "lastModified": 1658103945, + "narHash": "sha256-1/kQlzKGt1563JZ+gIlNHU6rEbaDh2KopZLJ4CzraWI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2e3f6efdeda4cfff0259912495761885d8bee74a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1656753965, + "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1657972522, + "narHash": "sha256-JTiKsBT1BwMbtSUsvtSl8ffkiirby8FaujJVGV766Q8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "07a2e6a4e31ea48408861607198972d60adaf4ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "resrok-web": { + "flake": false, + "locked": { + "lastModified": 1656494547, + "narHash": "sha256-/8EgQxlqAX9tJv8TvsQybIh2O5TYSTOXmwtXC6gg3Dw=", + "ref": "consensus", + "rev": "e77bea1a3cc4da6f54c62ba21ca926392e842a21", + "revCount": 5, + "type": "git", + "url": "https://source.jfdic.org/resrok/resrok-web/" + }, + "original": { + "ref": "consensus", + "type": "git", + "url": "https://source.jfdic.org/resrok/resrok-web/" + } + }, + "root": { + "inputs": { + "hakyll-skeleton": "hakyll-skeleton", + "jfdic-web": "jfdic-web", + "nix": "nix", + "nixops": "nixops", + "nixpkgs": "nixpkgs_3", + "nixpkgsUnstable": "nixpkgsUnstable", + "resrok-web": "resrok-web", + "utils": "utils_2", + "voc-web": "voc-web" + } + }, + "utils": { + "locked": { + "lastModified": 1634851050, + "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "voc-web": { + "flake": false, + "locked": { + "lastModified": 1656493019, + "narHash": "sha256-vdQBbaoJXrH3bDa47OHC9jpFUsVMCi++dCCdRf0VXis=", + "ref": "consensus", + "rev": "85eb99b5a0a010d8819ea6850c5a359d9ec397b9", + "revCount": 8, + "type": "git", + "url": "https://source.jfdic.org/voc/voc-web/" + }, + "original": { + "ref": "consensus", + "type": "git", + "url": "https://source.jfdic.org/voc/voc-web/" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..04039bb --- /dev/null +++ b/flake.nix @@ -0,0 +1,29 @@ +{ + description = "jfdic-ops deployment"; + + inputs = { + hakyll-skeleton = { + flake = false; + url = git+https://source.jfdic.org/jfdic/hakyll-skeleton/?ref=consensus; + }; + jfdic-web = { + flake = false; + url = git+https://source.jfdic.org/JFDIC/jfdic-web/?ref=consensus; + }; + resrok-web = { + flake = false; + url = git+https://source.jfdic.org/resrok/resrok-web/?ref=consensus; + }; + nix.url = "github:NixOS/nix/?ref=2.10.3"; + nixops.url = github:NixOS/nixops/?ref=master; + nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-22.05; + nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable; + utils.url = "github:numtide/flake-utils"; + voc-web = { + flake = false; + url = git+https://source.jfdic.org/voc/voc-web/?ref=consensus; + }; + }; + + outputs = {...} @ args: import ./outputs.nix args; +} diff --git a/modules/modules-list.nix b/modules/modules-list.nix new file mode 100644 index 0000000..0d4f101 --- /dev/null +++ b/modules/modules-list.nix @@ -0,0 +1,2 @@ +[ +] diff --git a/nix/default.nix b/nix/default.nix deleted file mode 100644 index 9831bf2..0000000 --- a/nix/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ sources ? import ./sources.nix -, system ? builtins.currentSystem -, crossSystem ? null -, config ? {} }: - -let - # our own overlays: - local-overlays = [ - ]; - - globals = - if builtins.pathExists ../globals.nix - then [(import ../globals.nix)] - else builtins.trace "globals.nix missing, please add symlink" []; - - # merge upstream sources with our own: - upstream-overlays = [ - ( _: super: { - - sources = (super.sources or {}) // sources; - }) - ]; - - overlays = - local-overlays ++ - globals ++ - upstream-overlays; -in - import sources.nixpkgs { - inherit overlays system crossSystem config; - } diff --git a/nix/sources.json b/nix/sources.json deleted file mode 100644 index 5082374..0000000 --- a/nix/sources.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "hakyll-skeleton": { - "sha256": "12072xpvqvy127gav887kbpq3446nf2bdnzfifxjmla4rl7hsbvc", - "type": "tarball", - "url": "https://source.jfdic.org/jfdic/hakyll-skeleton/archive/c0df6f6abed90c66e2eff2106ce89bac0a3344db.tar.gz", - "url_template": "https://source.jfdic.org/jfdic/hakyll-skeleton/archive/c0df6f6abed90c66e2eff2106ce89bac0a3344db.tar.gz" - }, - "jfdic-web": { - "sha256": "1nxm6qblxjnpw23c5pahqqpjcy49agkgxma4gpr15bsx4zx1dfvh", - "type": "tarball", - "url": "https://source.jfdic.org/JFDIC/jfdic-web/archive/6765cb4251eef6d660b761f7f40f99dbf51a739f.tar.gz", - "url_template": "https://source.jfdic.org/JFDIC/jfdic-web/archive/6765cb4251eef6d660b761f7f40f99dbf51a739f.tar.gz" - }, - "niv": { - "branch": "master", - "description": "Easy dependency management for Nix projects", - "homepage": "https://github.com/nmattia/niv", - "owner": "nmattia", - "repo": "niv", - "rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41", - "sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7", - "type": "tarball", - "url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "nixpkgs": { - "branch": "nixos-22.05", - "builtin": false, - "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to", - "homepage": "https://github.com/NixOS/nixpkgs", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c06d5fa9c605d143b15cafdbbb61c7c95388d76e", - "sha256": "04fmbldsacmb8wba825didq1sj3r9na24ff3h993nimjav5mp4pv", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/c06d5fa9c605d143b15cafdbbb61c7c95388d76e.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "nixpkgsUnstable": { - "branch": "nixos-unstable", - "description": "Nix Packages collection", - "homepage": "", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "5f43d8b088d3771274bcfb69d3c7435b1121ac88", - "sha256": "1fh5inlikm3090l0n14g8byiz7vzhna377pkvv2a7armwl1gs8ql", - "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/5f43d8b088d3771274bcfb69d3c7435b1121ac88.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "resrok-web": { - "sha256": "0g6w42l0nmqbkfbk6jfqjhxpd23c6b2bw4zz4rnpy0ba351j1hgz", - "type": "tarball", - "url": "https://source.jfdic.org/resrok/resrok-web/archive/e77bea1a3cc4da6f54c62ba21ca926392e842a21.tar.gz", - "url_template": "https://source.jfdic.org/resrok/resrok-web/archive/e77bea1a3cc4da6f54c62ba21ca926392e842a21.tar.gz" - }, - "voc-web": { - "sha256": "0asy2pylb790fjz2y2jcqm94afpnqbhyrf1ndkvv2ph9m9nh3m5x", - "type": "tarball", - "url": "https://source.jfdic.org/voc/voc-web/archive/85eb99b5a0a010d8819ea6850c5a359d9ec397b9.tar.gz", - "url_template": "https://source.jfdic.org/voc/voc-web/archive/85eb99b5a0a010d8819ea6850c5a359d9ec397b9.tar.gz" - } -} diff --git a/nix/sources.nix b/nix/sources.nix deleted file mode 100644 index 9a01c8a..0000000 --- a/nix/sources.nix +++ /dev/null @@ -1,194 +0,0 @@ -# This file has been generated by Niv. - -let - - # - # The fetchers. fetch_ fetches specs of type . - # - - fetch_file = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchurl { inherit (spec) url sha256; name = name'; } - else - pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; - - fetch_tarball = pkgs: name: spec: - let - name' = sanitizeName name + "-src"; - in - if spec.builtin or true then - builtins_fetchTarball { name = name'; inherit (spec) url sha256; } - else - pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; - - fetch_git = name: spec: - let - ref = - if spec ? ref then spec.ref else - if spec ? branch then "refs/heads/${spec.branch}" else - if spec ? tag then "refs/tags/${spec.tag}" else - abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; - submodules = if spec ? submodules then spec.submodules else false; - submoduleArg = - let - nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0; - emptyArgWithWarning = - if submodules == true - then - builtins.trace - ( - "The niv input \"${name}\" uses submodules " - + "but your nix's (${builtins.nixVersion}) builtins.fetchGit " - + "does not support them" - ) - {} - else {}; - in - if nixSupportsSubmodules - then { inherit submodules; } - else emptyArgWithWarning; - in - builtins.fetchGit - ({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg); - - fetch_local = spec: spec.path; - - fetch_builtin-tarball = name: throw - ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=tarball -a builtin=true''; - - fetch_builtin-url = name: throw - ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. - $ niv modify ${name} -a type=file -a builtin=true''; - - # - # Various helpers - # - - # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 - sanitizeName = name: - ( - concatMapStrings (s: if builtins.isList s then "-" else s) - ( - builtins.split "[^[:alnum:]+._?=-]+" - ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) - ) - ); - - # The set of packages used when specs are fetched using non-builtins. - mkPkgs = sources: system: - let - sourcesNixpkgs = - import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; - hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; - hasThisAsNixpkgsPath = == ./.; - in - if builtins.hasAttr "nixpkgs" sources - then sourcesNixpkgs - else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then - import {} - else - abort - '' - Please specify either (through -I or NIX_PATH=nixpkgs=...) or - add a package called "nixpkgs" to your sources.json. - ''; - - # The actual fetching function. - fetch = pkgs: name: spec: - - if ! builtins.hasAttr "type" spec then - abort "ERROR: niv spec ${name} does not have a 'type' attribute" - else if spec.type == "file" then fetch_file pkgs name spec - else if spec.type == "tarball" then fetch_tarball pkgs name spec - else if spec.type == "git" then fetch_git name spec - else if spec.type == "local" then fetch_local spec - else if spec.type == "builtin-tarball" then fetch_builtin-tarball name - else if spec.type == "builtin-url" then fetch_builtin-url name - else - abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; - - # If the environment variable NIV_OVERRIDE_${name} is set, then use - # the path directly as opposed to the fetched source. - replace = name: drv: - let - saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; - ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; - in - if ersatz == "" then drv else - # this turns the string into an actual Nix path (for both absolute and - # relative paths) - if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; - - # Ports of functions for older nix versions - - # a Nix version of mapAttrs if the built-in doesn't exist - mapAttrs = builtins.mapAttrs or ( - f: set: with builtins; - listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) - ); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 - range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 - stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 - stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); - concatMapStrings = f: list: concatStrings (map f list); - concatStrings = builtins.concatStringsSep ""; - - # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 - optionalAttrs = cond: as: if cond then as else {}; - - # fetchTarball version that is compatible between all the versions of Nix - builtins_fetchTarball = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchTarball; - in - if lessThan nixVersion "1.12" then - fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchTarball attrs; - - # fetchurl version that is compatible between all the versions of Nix - builtins_fetchurl = { url, name ? null, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchurl; - in - if lessThan nixVersion "1.12" then - fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) - else - fetchurl attrs; - - # Create the final "sources" from the config - mkSources = config: - mapAttrs ( - name: spec: - if builtins.hasAttr "outPath" spec - then abort - "The values in sources.json should not have an 'outPath' attribute" - else - spec // { outPath = replace name (fetch config.pkgs name spec); } - ) config.sources; - - # The "config" used by the fetchers - mkConfig = - { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null - , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) - , system ? builtins.currentSystem - , pkgs ? mkPkgs sources system - }: rec { - # The sources, i.e. the attribute set of spec name to spec - inherit sources; - - # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers - inherit pkgs; - }; - -in -mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } diff --git a/nixops.nix b/nixops.nix deleted file mode 100644 index 4efccda..0000000 --- a/nixops.nix +++ /dev/null @@ -1,21 +0,0 @@ -# NixOps configuration for the jfdic-ops nodes - -{ - network = { - description = "jfdic-ops nodes"; - enableRollback = true; - }; - - network.storage.legacy = { - databasefile = "~/.nixops/deployments.nixops"; - }; - - defaults = - { config, pkgs, lib, ... }: - - { - system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps - }; - - toscano = import ./hosts/toscano.nix; -} diff --git a/outputs.nix b/outputs.nix new file mode 100644 index 0000000..d3be2f7 --- /dev/null +++ b/outputs.nix @@ -0,0 +1,43 @@ +{ + self, + hakyll-skeleton, + jfdic-web, + nix, + nixops, + nixpkgs, + nixpkgsUnstable, + resrok-web, + utils, + voc-web, + ... +} @ inputs: +(utils.lib.eachDefaultSystem (system: let + pkgs = + nixpkgs.legacyPackages."${system}"; +in { + devShell = + pkgs.callPackage + ./shell.nix { + inherit (nix.packages."${pkgs.system}") nix; + inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra; + nixops = nixops.defaultPackage."${pkgs.system}"; + }; +})) +// { + nixopsConfigurations.default = { + inherit nixpkgs; + network = { + description = "jfdic-ops nodes"; + enableRollback = true; + storage.legacy = { + databasefile = "~/.nixops/deployments.nixops"; + }; + }; + defaults = { + system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps + _module.args.inputs = inputs; # make flake inputs accessiable in NixOS + imports = [./profiles/host_common.nix]; + }; + toscano = import ./hosts/toscano.nix; + }; +} diff --git a/profiles/hakyll-skeleton.nix b/profiles/hakyll-skeleton.nix index 8a9ec7a..830ecbd 100644 --- a/profiles/hakyll-skeleton.nix +++ b/profiles/hakyll-skeleton.nix @@ -1,14 +1,14 @@ # NixOps configuration for deploying the JFDIC website - -{ config, pkgs, ... }: - -let - sources = import ../nix/sources.nix; - hakyll-skeleton = import sources.hakyll-skeleton { }; +{ + self, + config, + inputs, + pkgs, + ... +}: let + hakyll-skeleton = import inputs.hakyll-skeleton {}; webdomain = "skeleton.jfdic.org"; - in { - environment.sessionVariables = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; @@ -20,23 +20,23 @@ in { recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname + "${webdomain}" = { + # website hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL root = "${hakyll-skeleton}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) - locations."/".extraConfig = - "return 301 $scheme://${webdomain}$request_uri;"; + "www.${webdomain}" = { + # Respect our elders :-) + locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; security.acme = { acceptTerms = true; - certs = { "${webdomain}" = { email = "admin@${webdomain}"; }; }; + certs = {"${webdomain}" = {email = "admin@${webdomain}";};}; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/profiles/jfdic-web.nix b/profiles/jfdic-web.nix index 897534e..e60fdec 100644 --- a/profiles/jfdic-web.nix +++ b/profiles/jfdic-web.nix @@ -1,14 +1,14 @@ # NixOps configuration for deploying the JFDIC website - -{ config, pkgs, ... }: - -let - sources = import ../nix/sources.nix; - jfdic-web = import sources.jfdic-web { }; +{ + self, + config, + inputs, + pkgs, + ... +}: let + jfdic-web = import inputs.jfdic-web {}; webdomain = "jfdic.org"; - in { - environment.sessionVariables = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; @@ -20,14 +20,15 @@ in { recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname + "${webdomain}" = { + # website hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL root = "${jfdic-web}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) - locations."/".extraConfig = - "return 301 $scheme://${webdomain}$request_uri;"; + "www.${webdomain}" = { + # Respect our elders :-) + locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; @@ -42,6 +43,5 @@ in { }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/profiles/resrok-web.nix b/profiles/resrok-web.nix index df91b67..e0fa7b5 100644 --- a/profiles/resrok-web.nix +++ b/profiles/resrok-web.nix @@ -1,31 +1,33 @@ # NixOps configuration for deploying the JFDIC website - -{ config, pkgs, ...}: - -let - sources = import ../nix/sources.nix; - resrok-web = import sources.resrok-web {}; +{ + self, + config, + inputs, + pkgs, + ... +}: let + resrok-web = import inputs.resrok-web {}; webdomain = "resrok.org"; - in { - environment.sessionVariables = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; services.nginx = { - enable = true; # Enable Nginx - recommendedGzipSettings = true; - recommendedOptimisation = true; + enable = true; # Enable Nginx + recommendedGzipSettings = true; + recommendedOptimisation = true; recommendedProxySettings = true; - recommendedTlsSettings = true; + recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - root = "${resrok-web}"; # Wesbite root + "${webdomain}" = { + # website hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL + root = "${resrok-web}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) + "www.${webdomain}" = { + # Respect our elders :-) locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; }; }; @@ -41,6 +43,5 @@ in { }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/profiles/voc-web.nix b/profiles/voc-web.nix index a4d01f8..dc61399 100644 --- a/profiles/voc-web.nix +++ b/profiles/voc-web.nix @@ -1,14 +1,14 @@ # NixOps configuration for deploying the Voices of Capricornia website - -{ config, pkgs, ... }: - -let - sources = import ../nix/sources.nix; - voc-web = import sources.voc-web { }; +{ + self, + config, + inputs, + pkgs, + ... +}: let + voc-web = import inputs.voc-web {}; webdomain = "voicesofcapricornia.org"; - in { - environment.sessionVariables = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; @@ -20,14 +20,15 @@ in { recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname + "${webdomain}" = { + # website hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL root = "${voc-web}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) - locations."/".extraConfig = - "return 301 $scheme://${webdomain}$request_uri;"; + "www.${webdomain}" = { + # Respect our elders :-) + locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; @@ -42,6 +43,5 @@ in { }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..d1f5116 --- /dev/null +++ b/shell.nix @@ -0,0 +1,16 @@ +{ + pkgs ? import {}, + alejandra, + mkShell, + nixops, + nix, +}: +with pkgs; + mkShell { + buildInputs = [ + alejandra # The Uncompromising Nix Code Formatter + nixops + nix + treefmt # one CLI to format the code tree + ]; + }