sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: refactor

Browse source
This commit is contained in:
zowoq 2023-05-16 09:53:27 +10:00 committed by Jonas Chevalier
parent be4ee54668
commit 91028319fa
6 changed files with 26 additions and 42 deletions

3
build01/configuration.nix
View file

@ -1,4 +1,4 @@
{ ... }:
{ inputs, ... }:
# Boot recovery:
# Activate 64-bit Rescue system in https://robot.your-server.de/server
# ssh root@build01.nix-community.org "mount /dev/md[0-9]* /mnt && /mnt/kexec_bundle"
@ -11,6 +11,7 @@
# nixos-enter
{
imports = [
inputs.srvos.nixosModules.hardware-hetzner-online-amd
../roles/common.nix
../roles/raid.nix
../roles/zfs.nix

4
build02/configuration.nix
View file

@ -1,7 +1,9 @@
{ ... }:
{ inputs, ... }:
{
imports = [
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
./nixpkgs-update.nix
./nixpkgs-update-backup.nix
../roles/common.nix

4
build03/configuration.nix
View file

@ -1,4 +1,4 @@
{ ... }:
{ inputs, ... }:
{
# Boot recovery:
# Activate 64-bit Rescue system in https://robot.your-server.de/server
@ -10,6 +10,8 @@
# $ zpool import -f zroot && mount -t zfs zroot/root/nixos /mnt && mount -t zfs zroot/root/home /mnt/home && mount /dev/md[0-9]* /mnt/boot
# $ nixos-enter
imports = [
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
../roles/common.nix
../roles/hercules-ci
../roles/watch-store.nix

2
build04/configuration.nix
View file

@ -1,5 +1,7 @@
{ inputs, ... }:
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
../roles/common.nix
../roles/hercules-ci

47
flake.nix
View file

@ -91,59 +91,28 @@
flake.nixosConfigurations =
let
inherit (inputs.nixpkgs.lib) nixosSystem;
common = [
{ _module.args.inputs = inputs; }
{ srvos.flake = inputs.self; }
inputs.sops-nix.nixosModules.sops
inputs.srvos.nixosModules.server
inputs.srvos.nixosModules.mixins-telegraf
{ networking.firewall.allowedTCPPorts = [ 9273 ]; }
];
inherit (self.lib) nixosSystem;
in
{
build01 = nixosSystem {
system = "x86_64-linux";
modules =
common
++ [
./build01/configuration.nix
inputs.srvos.nixosModules.hardware-hetzner-online-amd
];
modules = [ ./build01/configuration.nix ];
};
build02 = nixosSystem {
system = "x86_64-linux";
modules =
common
++ [
./build02/configuration.nix
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
];
modules = [ ./build02/configuration.nix ];
};
build03 = nixosSystem {
system = "x86_64-linux";
modules =
common
++ [
./build03/configuration.nix
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
];
modules = [ ./build03/configuration.nix ];
};
build04 = nixosSystem {
system = "aarch64-linux";
modules =
common
++ [
./build04/configuration.nix
inputs.disko.nixosModules.disko
];
modules = [ ./build04/configuration.nix ];
};
};
flake.lib.nixosSystem = args:
inputs.nixpkgs.lib.nixosSystem ({ specialArgs = { inherit inputs; }; } // args);
};
}

8
roles/common.nix
View file

@ -1,3 +1,4 @@
{ inputs, ... }:
{
imports = [
./auto-upgrade.nix
@ -5,8 +6,15 @@
./security.nix
./sops-nix.nix
./users.nix
inputs.sops-nix.nixosModules.sops
inputs.srvos.nixosModules.mixins-telegraf
inputs.srvos.nixosModules.server
];
networking.firewall.allowedTCPPorts = [ 9273 ];
srvos.flake = inputs.self;
zramSwap.enable = true;
security.acme.defaults.email = "trash@nix-community.org";