infra/flake.nix

{
  description = "NixOS configuration of our builders";

  nixConfig.extra-substituters = [
    "https://nix-community.cachix.org"
    "https://nixpkgs-update.cachix.org"
  ];
  nixConfig.extra-trusted-public-keys = [
    "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    "nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8="
  ];

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-parts.url = "github:hercules-ci/flake-parts";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
    nix-darwin.url = "github:LnL7/nix-darwin";
    nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
    sops-nix.inputs.nixpkgs-stable.follows = "";
    srvos.url = "github:nix-community/srvos";
    # actually not used when using the modules but than nothing ever will try to fetch this nixpkgs variant
    srvos.inputs.nixpkgs.follows = "nixpkgs";

    nixpkgs-update.url = "github:qowoz/nixpkgs-update/wait60";
    nixpkgs-update.inputs.mmdoc.follows = "";
    nixpkgs-update-github-releases.url = "github:ryantm/nixpkgs-update-github-releases";
    nixpkgs-update-github-releases.flake = false;

    nur-update.url = "github:nix-community/nur-update";
    nur-update.inputs.nixpkgs.follows = "nixpkgs";

    disko.url = "github:nix-community/disko";
    disko.inputs.nixpkgs.follows = "nixpkgs";

    treefmt-nix.url = "github:numtide/treefmt-nix";
    treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";

    tf-pkgs.url = "github:NixOS/nixpkgs/982b24c40e743793c966b47b3bb3699881489ae0";

    hercules-ci-agent.url = "github:hercules-ci/hercules-ci-agent";
    hercules-ci-agent.inputs.flake-parts.follows = "flake-parts";
  };

  outputs = inputs @ { flake-parts, self, ... }:
    flake-parts.lib.mkFlake
      { inherit inputs; }
      {
        systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];

        imports = [
          inputs.treefmt-nix.flakeModule
        ];

        perSystem = { config, pkgs, ... }:
          let
            defaultPlatform = pkgs.stdenv.hostPlatform.system == "x86_64-linux";
          in
          {
            imports = [
              ./dev/shell.nix
              ./terraform/shell.nix
            ];
            treefmt = {
              flakeCheck = defaultPlatform;
              imports = [ ./dev/treefmt.nix ];
            };

            checks = pkgs.lib.optionalAttrs defaultPlatform {
              nixosTests-buildbot = pkgs.nixosTests.buildbot;
              nixosTests-hydra = pkgs.nixosTests.hydra.hydra_unstable;
              #nixosTests-lemmy = pkgs.nixosTests.lemmy;
              nixosTests-pict-rs = pkgs.nixosTests.pict-rs;
            };

            packages = pkgs.lib.optionalAttrs defaultPlatform {
              cachix-deploy-spec = pkgs.writeText "cachix-deploy.json" (builtins.toJSON {
                agents = {
                  # hercules-ci-agent IFD breaks darwin02
                  darwin03 = builtins.unsafeDiscardStringContext self.darwinConfigurations.darwin03.config.system.build.toplevel;
                };
              });
              pages = pkgs.runCommand "pages"
                {
                  buildInputs = [ config.devShells.mkdocs.nativeBuildInputs ];
                } ''
                cd ${self}
                mkdocs build --strict --site-dir $out
              '';
            };
          };

        flake.darwinConfigurations =
          let
            inherit (self.lib) darwinSystem;
          in
          {
            darwin02 = darwinSystem {
              pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
              modules = [ ./hosts/darwin02/configuration.nix ];
            };
            darwin03 = darwinSystem {
              pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
              modules = [ ./hosts/darwin03/configuration.nix ];
            };
          };

        flake.nixosConfigurations =
          let
            inherit (self.lib) nixosSystem;
          in
          {
            build01 = nixosSystem {
              pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
              modules = [ ./hosts/build01/configuration.nix ];
            };
            build02 = nixosSystem {
              pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
              modules = [ ./hosts/build02/configuration.nix ];
            };
            build03 = nixosSystem {
              pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
              modules = [ ./hosts/build03/configuration.nix ];
            };
            build04 = nixosSystem {
              pkgs = inputs.nixpkgs.legacyPackages.aarch64-linux;
              modules = [ ./hosts/build04/configuration.nix ];
            };
            web01 = nixosSystem {
              pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
              modules = [ ./hosts/web01/configuration.nix ];
            };
            web02 = nixosSystem {
              pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
              modules = [ ./hosts/web02/configuration.nix ];
            };
          };

        flake.darwinModules = {
          common = ./modules/darwin/common;

          builder = ./modules/darwin/builder.nix;
          community-builder = ./modules/darwin/community-builder;
          hercules-ci = ./modules/darwin/hercules-ci;
          remote-builder = ./modules/darwin/remote-builder.nix;
        };

        flake.nixosModules = {
          common = ./modules/nixos/common;

          builder = ./modules/nixos/builder.nix;
          community-builder = ./modules/nixos/community-builder;
          github-org-backup = ./modules/nixos/github-org-backup.nix;
          hercules-ci = ./modules/nixos/hercules-ci;
          hydra = ./modules/nixos/hydra.nix;
          monitoring = ./modules/nixos/monitoring;
          nur-update = ./modules/nixos/nur-update.nix;
          remote-builder = ./modules/nixos/remote-builder.nix;
          remote-workers = ./modules/nixos/remote-workers.nix;
          watch-store = ./modules/nixos/cachix/watch-store.nix;
          zfs = ./modules/nixos/zfs.nix;
        };

        flake.lib.darwinSystem = args:
          inputs.nix-darwin.lib.darwinSystem ({ specialArgs = { inherit inputs; }; } // args);
        flake.lib.nixosSystem = args:
          inputs.nixpkgs.lib.nixosSystem ({ specialArgs = { inherit inputs; }; } // args);
      };
}
switch to flake 2022-04-10 20:57:52 +02:00			`{`
			`description = "NixOS configuration of our builders";`

export binary caches via flake 2022-04-18 07:42:44 +02:00			`nixConfig.extra-substituters = [`
			`"https://nix-community.cachix.org"`
			`"https://nixpkgs-update.cachix.org"`
			`];`
			`nixConfig.extra-trusted-public-keys = [`
			`"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="`
			`"nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8="`
			`];`

switch to flake 2022-04-10 20:57:52 +02:00			`inputs = {`
flake: nixos-unstable-small -> nixos-unstable 2023-10-23 10:56:07 +10:00			`nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";`
flake: sort inputs 2022-12-12 07:18:12 +10:00			`flake-parts.url = "github:hercules-ci/flake-parts";`
			`flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";`
flake: rename darwin input to nix-darwin sometimes using anything other than `darwin` for this input could cause problems but this has been fixed upstream 2023-07-15 10:39:08 +10:00			`nix-darwin.url = "github:LnL7/nix-darwin";`
			`nix-darwin.inputs.nixpkgs.follows = "nixpkgs";`
switch to flake 2022-04-10 20:57:52 +02:00			`sops-nix.url = "github:Mic92/sops-nix";`
flake: update inputs 2022-09-25 07:27:35 +10:00			`sops-nix.inputs.nixpkgs.follows = "nixpkgs";`
flake: drop unused sops-nix input Flake lock file updates: • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/c3912035d00ef755ab19394488b41feab95d2e40' (2023-03-18) → follows '' 2023-03-20 13:22:34 +10:00			`sops-nix.inputs.nixpkgs-stable.follows = "";`
flake: srvos: numtide -> nix-community 2023-11-03 20:51:16 +10:00			`srvos.url = "github:nix-community/srvos";`
re-consolidate configuration by pulling from srvos 2022-12-19 15:59:28 +01:00			`# actually not used when using the modules but than nothing ever will try to fetch this nixpkgs variant`
			`srvos.inputs.nixpkgs.follows = "nixpkgs";`

flake: nixpkgs-update: bump 'wait for ofborg' to 60 minutes 2023-10-30 08:23:27 +10:00			`nixpkgs-update.url = "github:qowoz/nixpkgs-update/wait60";`
drop unused mmdoc 2023-01-15 23:47:28 +01:00			`nixpkgs-update.inputs.mmdoc.follows = "";`
flake: sort inputs 2022-12-12 07:18:12 +10:00			`nixpkgs-update-github-releases.url = "github:ryantm/nixpkgs-update-github-releases";`
			`nixpkgs-update-github-releases.flake = false;`
add nur-update service Flake lock file updates: • Added input 'nur-update': 'github:nix-community/nur-update/5e86794950e8061b6e19040f96cc2620c29e922e' (2022-12-10) • Added input 'nur-update/nixpkgs': follows 'nixpkgs' 2022-12-12 07:41:32 +10:00
			`nur-update.url = "github:nix-community/nur-update";`
			`nur-update.inputs.nixpkgs.follows = "nixpkgs";`
re-install build04 2022-12-30 20:49:32 +01:00
			`disko.url = "github:nix-community/disko";`
			`disko.inputs.nixpkgs.follows = "nixpkgs";`
add treefmt-nix to repository 2022-12-31 07:18:49 +01:00
			`treefmt-nix.url = "github:numtide/treefmt-nix";`
flake: `treefmt-nix` follow nixpkgs Flake lock file updates: • Updated input 'treefmt-nix/nixpkgs': 'github:nixos/nixpkgs/0591d6b57bfeb55dfeec99a671843337bc2c3323' (2023-02-04) → follows 'nixpkgs' 2023-02-06 14:42:30 +10:00			`treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";`
merge terraform flake 2023-05-19 23:51:43 +10:00
flake.lock: Update Flake lock file updates: • Updated input 'tf-pkgs': 'github:NixOS/nixpkgs/5cc930fbdf3e069df2efc5de6dd728a9f13e9ba9' (2023-08-13) → 'github:NixOS/nixpkgs/982b24c40e743793c966b47b3bb3699881489ae0' (2023-10-15) Terraform updates: terraform: 1.5.5 → 1.6.1 terraform-provider-cloudflare: 4.12.0 → 4.16.0 terraform-provider-gandi: 2.2.3 → 2.2.4 terraform-provider-sops: 0.7.2 → 1.0.0 terraform-provider-tfe: 0.48.0 → 0.49.2 2023-10-16 13:09:29 +10:00			`tf-pkgs.url = "github:NixOS/nixpkgs/982b24c40e743793c966b47b3bb3699881489ae0";`
switch to upstream hercules ci agent 2023-10-27 14:41:03 +10:00
			`hercules-ci-agent.url = "github:hercules-ci/hercules-ci-agent";`
			`hercules-ci-agent.inputs.flake-parts.follows = "flake-parts";`
switch to flake 2022-04-10 20:57:52 +02:00			`};`

ci.nix: remove - move effects to separate file - set ciSystems in flake 2023-04-06 11:49:28 +10:00			`outputs = inputs @ { flake-parts, self, ... }:`
Revert "flake: split up per host" This reverts commit 9db2dcf124346219cce4457c729058481b83edbc. 2023-05-16 06:54:11 +10:00			`flake-parts.lib.mkFlake`
			`{ inherit inputs; }`
			`{`
			`systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];`

			`imports = [`
			`inputs.treefmt-nix.flakeModule`
			`];`
add treefmt-nix to repository 2022-12-31 07:18:49 +01:00
flake: refactor checks 2023-09-13 11:35:21 +10:00			`perSystem = { config, pkgs, ... }:`
			`let`
			`defaultPlatform = pkgs.stdenv.hostPlatform.system == "x86_64-linux";`
			`in`
			`{`
			`imports = [`
			`./dev/shell.nix`
			`./terraform/shell.nix`
			`];`
			`treefmt = {`
			`flakeCheck = defaultPlatform;`
			`imports = [ ./dev/treefmt.nix ];`
			`};`

			`checks = pkgs.lib.optionalAttrs defaultPlatform {`
flake: re-enable buildbot nixosTest 2023-10-29 13:55:27 +10:00			`nixosTests-buildbot = pkgs.nixosTests.buildbot;`
flake: refactor checks 2023-09-13 11:35:21 +10:00			`nixosTests-hydra = pkgs.nixosTests.hydra.hydra_unstable;`
flake: disable broken nixosTests 2023-10-26 18:03:00 +10:00			`#nixosTests-lemmy = pkgs.nixosTests.lemmy;`
flake: refactor checks 2023-09-13 11:35:21 +10:00			`nixosTests-pict-rs = pkgs.nixosTests.pict-rs;`
			`};`
switch to mkdocs 2023-04-26 16:19:18 +10:00
switch to actions for github pages 2023-09-15 11:17:28 +10:00			`packages = pkgs.lib.optionalAttrs defaultPlatform {`
flake: add package for cachix deploy spec 2023-09-15 14:43:04 +10:00			`cachix-deploy-spec = pkgs.writeText "cachix-deploy.json" (builtins.toJSON {`
flake: cachix-deploy-spec: only deploy darwin03 2023-10-30 10:23:51 +10:00			`agents = {`
			`# hercules-ci-agent IFD breaks darwin02`
			`darwin03 = builtins.unsafeDiscardStringContext self.darwinConfigurations.darwin03.config.system.build.toplevel;`
			`};`
flake: add package for cachix deploy spec 2023-09-15 14:43:04 +10:00			`});`
switch to actions for github pages 2023-09-15 11:17:28 +10:00			`pages = pkgs.runCommand "pages"`
			`{`
			`buildInputs = [ config.devShells.mkdocs.nativeBuildInputs ];`
			`} ''`
			`cd ${self}`
			`mkdocs build --strict --site-dir $out`
			`'';`
			`};`
flake: add nixosTests to checks 2023-07-14 17:11:27 +10:00			`};`

darwin02: init 2023-05-16 18:58:13 +10:00			`flake.darwinConfigurations =`
			`let`
flake: add lib.darwinSystem for inputs 2023-06-05 15:34:12 +10:00			`inherit (self.lib) darwinSystem;`
darwin02: init 2023-05-16 18:58:13 +10:00			`in`
			`{`
			`darwin02 = darwinSystem {`
flake: set pkgs instead of system 2023-07-20 17:11:40 +10:00			`pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;`
darwin02: init 2023-05-16 18:58:13 +10:00			`modules = [ ./hosts/darwin02/configuration.nix ];`
			`};`
darwin03: init 2023-07-17 09:37:43 +10:00			`darwin03 = darwinSystem {`
flake: set pkgs instead of system 2023-07-20 17:11:40 +10:00			`pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;`
darwin03: init 2023-07-17 09:37:43 +10:00			`modules = [ ./hosts/darwin03/configuration.nix ];`
			`};`
darwin02: init 2023-05-16 18:58:13 +10:00			`};`

Revert "flake: split up per host" This reverts commit 9db2dcf124346219cce4457c729058481b83edbc. 2023-05-16 06:54:11 +10:00			`flake.nixosConfigurations =`
			`let`
flake: refactor 2023-05-16 09:53:27 +10:00			`inherit (self.lib) nixosSystem;`
Revert "flake: split up per host" This reverts commit 9db2dcf124346219cce4457c729058481b83edbc. 2023-05-16 06:54:11 +10:00			`in`
			`{`
			`build01 = nixosSystem {`
flake: set pkgs instead of system 2023-07-20 17:11:40 +10:00			`pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;`
build0*: move into /hosts 2023-05-18 13:24:26 +10:00			`modules = [ ./hosts/build01/configuration.nix ];`
Revert "flake: split up per host" This reverts commit 9db2dcf124346219cce4457c729058481b83edbc. 2023-05-16 06:54:11 +10:00			`};`
			`build02 = nixosSystem {`
flake: set pkgs instead of system 2023-07-20 17:11:40 +10:00			`pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;`
build0*: move into /hosts 2023-05-18 13:24:26 +10:00			`modules = [ ./hosts/build02/configuration.nix ];`
Revert "flake: split up per host" This reverts commit 9db2dcf124346219cce4457c729058481b83edbc. 2023-05-16 06:54:11 +10:00			`};`
			`build03 = nixosSystem {`
flake: set pkgs instead of system 2023-07-20 17:11:40 +10:00			`pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;`
build0*: move into /hosts 2023-05-18 13:24:26 +10:00			`modules = [ ./hosts/build03/configuration.nix ];`
Revert "flake: split up per host" This reverts commit 9db2dcf124346219cce4457c729058481b83edbc. 2023-05-16 06:54:11 +10:00			`};`
			`build04 = nixosSystem {`
flake: set pkgs instead of system 2023-07-20 17:11:40 +10:00			`pkgs = inputs.nixpkgs.legacyPackages.aarch64-linux;`
build0*: move into /hosts 2023-05-18 13:24:26 +10:00			`modules = [ ./hosts/build04/configuration.nix ];`
Revert "flake: split up per host" This reverts commit 9db2dcf124346219cce4457c729058481b83edbc. 2023-05-16 06:54:11 +10:00			`};`
hosts.web01: init This machine is intended to host web applications. Initially [Lemmy](https://join-lemmy.org/), but perhaps more down the line. The initial PR only deals with setting up the machine and required infra like DNS, not setting up Lemmy itself which will be a follow-up. 2023-07-04 16:55:32 +12:00			`web01 = nixosSystem {`
flake: set pkgs instead of system 2023-07-20 17:11:40 +10:00			`pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;`
hosts.web01: init This machine is intended to host web applications. Initially [Lemmy](https://join-lemmy.org/), but perhaps more down the line. The initial PR only deals with setting up the machine and required infra like DNS, not setting up Lemmy itself which will be a follow-up. 2023-07-04 16:55:32 +12:00			`modules = [ ./hosts/web01/configuration.nix ];`
			`};`
web02: init 2023-07-22 09:50:53 +10:00			`web02 = nixosSystem {`
flake: set pkgs instead of system 2023-07-20 17:11:40 +10:00			`pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;`
web02: init 2023-07-22 09:50:53 +10:00			`modules = [ ./hosts/web02/configuration.nix ];`
			`};`
Revert "flake: split up per host" This reverts commit 9db2dcf124346219cce4457c729058481b83edbc. 2023-05-16 06:54:11 +10:00			`};`
flake: refactor 2023-05-16 09:53:27 +10:00
modules/darwin: refactor 2023-07-17 13:53:06 +10:00			`flake.darwinModules = {`
			`common = ./modules/darwin/common;`

modules: add darwin/nixos builder 2023-09-07 12:47:33 +10:00			`builder = ./modules/darwin/builder.nix;`
modules/darwin: add community-builder 2023-10-27 13:42:58 +10:00			`community-builder = ./modules/darwin/community-builder;`
modules/darwin: refactor 2023-07-17 13:53:06 +10:00			`hercules-ci = ./modules/darwin/hercules-ci;`
modules: add darwin/nixos remote-builder 2023-09-06 10:14:00 +10:00			`remote-builder = ./modules/darwin/remote-builder.nix;`
modules/darwin: refactor 2023-07-17 13:53:06 +10:00			`};`

roles, services: refactor into modules 2023-05-17 07:21:20 +10:00			`flake.nixosModules = {`
modules: refactor common move common into directory 2023-07-02 08:16:12 +10:00			`common = ./modules/nixos/common;`
roles, services: refactor into modules 2023-05-17 07:21:20 +10:00
modules: add darwin/nixos builder 2023-09-07 12:47:33 +10:00			`builder = ./modules/nixos/builder.nix;`
modules: builder -> community-builder slightly better name for this module 2023-07-01 13:32:28 +10:00			`community-builder = ./modules/nixos/community-builder;`
modules/nixos: github-org-backup 2023-05-07 10:24:44 +10:00			`github-org-backup = ./modules/nixos/github-org-backup.nix;`
roles, services: refactor into modules 2023-05-17 07:21:20 +10:00			`hercules-ci = ./modules/nixos/hercules-ci;`
modules: refactor hydra, nur-update these are single files, don't need to be in a directory 2023-07-01 13:33:11 +10:00			`hydra = ./modules/nixos/hydra.nix;`
modules/nixos: monitoring 2023-07-21 20:18:58 +10:00			`monitoring = ./modules/nixos/monitoring;`
modules: refactor hydra, nur-update these are single files, don't need to be in a directory 2023-07-01 13:33:11 +10:00			`nur-update = ./modules/nixos/nur-update.nix;`
modules/nixos: refactor remote workers 2023-09-24 08:57:55 +10:00			`remote-builder = ./modules/nixos/remote-builder.nix;`
			`remote-workers = ./modules/nixos/remote-workers.nix;`
modules: refactor cachix secrets, watch-store move cachix related files into directory 2023-07-01 20:28:31 +10:00			`watch-store = ./modules/nixos/cachix/watch-store.nix;`
roles, services: refactor into modules 2023-05-17 07:21:20 +10:00			`zfs = ./modules/nixos/zfs.nix;`
			`};`

flake: add lib.darwinSystem for inputs 2023-06-05 15:34:12 +10:00			`flake.lib.darwinSystem = args:`
flake: rename darwin input to nix-darwin sometimes using anything other than `darwin` for this input could cause problems but this has been fixed upstream 2023-07-15 10:39:08 +10:00			`inputs.nix-darwin.lib.darwinSystem ({ specialArgs = { inherit inputs; }; } // args);`
flake: refactor 2023-05-16 09:53:27 +10:00			`flake.lib.nixosSystem = args:`
			`inputs.nixpkgs.lib.nixosSystem ({ specialArgs = { inherit inputs; }; } // args);`
flake.nix: Use mkFlake convenience (#260) 2022-09-07 17:47:16 +02:00			`};`
switch to flake 2022-04-10 20:57:52 +02:00			`}`
No results found.