roles, services: refactor into modules

.sops.yaml

@@ -57,7 +57,7 @@ creation_rules:
           - *ryantm
           - *zimbatm
           - *zowoq
-  - path_regex: roles/hercules-ci/.+\.yaml$
+  - path_regex: modules/nixos/hercules-ci/.+\.yaml$
     key_groups:
       - age:
           - *build02
@@ -67,7 +67,7 @@ creation_rules:
           - *ryantm
           - *zimbatm
           - *zowoq
-  - path_regex: roles/.+\.yaml$
+  - path_regex: modules/.+\.yaml$
     key_groups:
       - age:
           - *build01

build01/configuration.nix

@@ -12,11 +12,11 @@
 {
   imports = [
     inputs.srvos.nixosModules.hardware-hetzner-online-amd
-    ../roles/common.nix
-    ../roles/raid.nix
-    ../roles/zfs.nix
-    ../roles/builder
-    ../roles/remote-builder/aarch64-nixos-community.nix
+    inputs.self.nixosModules.common
+    inputs.self.nixosModules.raid
+    inputs.self.nixosModules.zfs
+    inputs.self.nixosModules.builder
+    inputs.self.nixosModules.remote-builder-aarch64-nixos-community
   ];
 
   # Emulate riscv64 until we have proper builders

build02/configuration.nix

@@ -6,11 +6,11 @@
     inputs.srvos.nixosModules.hardware-hetzner-online-amd
     ./nixpkgs-update.nix
     ./nixpkgs-update-backup.nix
-    ../roles/common.nix
-    ../roles/hercules-ci
-    ../roles/raid.nix
-    ../roles/zfs.nix
-    ../roles/remote-builder/aarch64-build04.nix
+    inputs.self.nixosModules.common
+    inputs.self.nixosModules.hercules-ci
+    inputs.self.nixosModules.raid
+    inputs.self.nixosModules.zfs
+    inputs.self.nixosModules.remote-builder-aarch64-build04
   ];
 
   # /boot is a mirror raid

build02/nixpkgs-update.nix

@@ -179,7 +179,7 @@ in
 
   sops.secrets.nix-community-cachix = {
     path = "/home/r-ryantm/.config/cachix/cachix.dhall";
-    sopsFile = "${toString inputs.self}/roles/nix-community-cache/secrets.yaml";
+    sopsFile = "${toString inputs.self}/modules/nixos/nix-community-cache/secrets.yaml";
     owner = "r-ryantm";
     group = "r-ryantm";
   };

build03/configuration.nix

@@ -12,14 +12,14 @@
   imports = [
     inputs.srvos.nixosModules.mixins-nginx
     inputs.srvos.nixosModules.hardware-hetzner-online-amd
-    ../roles/common.nix
-    ../roles/hercules-ci
-    ../roles/raid.nix
-    ../roles/zfs.nix
-    ../roles/remote-builder/aarch64-build04.nix
+    inputs.self.nixosModules.common
+    inputs.self.nixosModules.hercules-ci
+    inputs.self.nixosModules.raid
+    inputs.self.nixosModules.zfs
+    inputs.self.nixosModules.remote-builder-aarch64-build04
 
-    ../services/hydra
-    ../services/nur-update
+    inputs.self.nixosModules.hydra
+    inputs.self.nixosModules.nur-update
   ];
 
   # /boot is a mirror raid

build04/configuration.nix

@@ -3,15 +3,15 @@
   imports = [
     inputs.disko.nixosModules.disko
     ./hardware-configuration.nix
-    ../roles/common.nix
-    ../roles/hercules-ci
-    ../roles/remote-builder/user.nix
+    inputs.self.nixosModules.common
+    inputs.self.nixosModules.hercules-ci
+    inputs.self.nixosModules.remote-builder-user
   ];
 
   nixpkgs.system = "aarch64-linux";
 
   # disable kvm/nixos-tests
-  nix.settings.system-features = [ "big-parallel" ]; # sync with roles/remote-builder/aarch64-build04.nix
+  nix.settings.system-features = [ "big-parallel" ]; # sync with modules/nixos/remote-builder/aarch64-build04.nix
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.systemd-boot.configurationLimit = 3;

docs/community-builder.md

@@ -4,7 +4,7 @@ We provide an `x86_64-linux` build machine as a public remote builder for the ni
 
 #### Access
 
-If you want access read the security guide lines on [aarch64-build-box](https://github.com/nix-community/aarch64-build-box). Than add your username to [`roles/builder/users.nix`](https://github.com/nix-community/infra/blob/master/roles/builder/users.nix). Don't keep any important data in your home! We will regularly delete `/home` without further notice.
+If you want access read the security guide lines on [aarch64-build-box](https://github.com/nix-community/aarch64-build-box). Than add your username to [`builder/users.nix`](https://github.com/nix-community/infra/blob/master/modules/nixos/builder/users.nix). Don't keep any important data in your home! We will regularly delete `/home` without further notice.
 
 #### Using your NixOS home-manager configuration on the hosts
 

flake.nix

@@ -114,6 +114,21 @@
             };
           };
 
+        flake.nixosModules = {
+          common = ./modules/nixos/common.nix;
+
+          builder = ./modules/nixos/builder;
+          hercules-ci = ./modules/nixos/hercules-ci;
+          hydra = ./modules/nixos/hydra;
+          nur-update = ./modules/nixos/nur-update;
+          raid = ./modules/nixos/raid.nix;
+          remote-builder-aarch64-build04 = ./modules/nixos/remote-builder/aarch64-build04.nix;
+          remote-builder-aarch64-nixos-community = ./modules/nixos/remote-builder/aarch64-nixos-community.nix;
+          remote-builder-user = ./modules/nixos/remote-builder/user.nix;
+          watch-store = ./modules/nixos/watch-store.nix;
+          zfs = ./modules/nixos/zfs.nix;
+        };
+
         flake.lib.nixosSystem = args:
           inputs.nixpkgs.lib.nixosSystem ({ specialArgs = { inherit inputs; }; } // args);
       };

modules/nixos/hydra/default.nix

@@ -45,7 +45,7 @@ in
     ];
     nix.settings.post-build-hook = "${upload-to-cachix}/bin/upload-to-cachix";
 
-    sops.secrets.nix-community-cachix.sopsFile = "${toString inputs.self}/roles/nix-community-cache/secrets.yaml";
+    sops.secrets.nix-community-cachix.sopsFile = "${toString inputs.self}/modules/nixos/nix-community-cache/secrets.yaml";
     sops.secrets.id_buildfarm = { };
 
     # delete build logs older than 30 days