diff --git a/build01/configuration.nix b/build01/configuration.nix index aa74cbd..04f64fe 100644 --- a/build01/configuration.nix +++ b/build01/configuration.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: # Boot recovery: # Activate 64-bit Rescue system in https://robot.your-server.de/server # ssh root@build01.nix-community.org "mount /dev/md[0-9]* /mnt && /mnt/kexec_bundle" @@ -11,6 +11,7 @@ # nixos-enter { imports = [ + inputs.srvos.nixosModules.hardware-hetzner-online-amd ../roles/common.nix ../roles/raid.nix ../roles/zfs.nix diff --git a/build02/configuration.nix b/build02/configuration.nix index 77bac47..a9a88c3 100644 --- a/build02/configuration.nix +++ b/build02/configuration.nix @@ -1,7 +1,9 @@ -{ ... }: +{ inputs, ... }: { imports = [ + inputs.srvos.nixosModules.mixins-nginx + inputs.srvos.nixosModules.hardware-hetzner-online-amd ./nixpkgs-update.nix ./nixpkgs-update-backup.nix ../roles/common.nix diff --git a/build03/configuration.nix b/build03/configuration.nix index 5a3df75..f805418 100644 --- a/build03/configuration.nix +++ b/build03/configuration.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { # Boot recovery: # Activate 64-bit Rescue system in https://robot.your-server.de/server @@ -10,6 +10,8 @@ # $ zpool import -f zroot && mount -t zfs zroot/root/nixos /mnt && mount -t zfs zroot/root/home /mnt/home && mount /dev/md[0-9]* /mnt/boot # $ nixos-enter imports = [ + inputs.srvos.nixosModules.mixins-nginx + inputs.srvos.nixosModules.hardware-hetzner-online-amd ../roles/common.nix ../roles/hercules-ci ../roles/watch-store.nix diff --git a/build04/configuration.nix b/build04/configuration.nix index 6c77710..35e6663 100644 --- a/build04/configuration.nix +++ b/build04/configuration.nix @@ -1,5 +1,7 @@ +{ inputs, ... }: { imports = [ + inputs.disko.nixosModules.disko ./hardware-configuration.nix ../roles/common.nix ../roles/hercules-ci diff --git a/flake.nix b/flake.nix index 815054c..803c35c 100644 --- a/flake.nix +++ b/flake.nix @@ -91,59 +91,28 @@ flake.nixosConfigurations = let - inherit (inputs.nixpkgs.lib) nixosSystem; - common = [ - { _module.args.inputs = inputs; } - { srvos.flake = inputs.self; } - inputs.sops-nix.nixosModules.sops - inputs.srvos.nixosModules.server - - inputs.srvos.nixosModules.mixins-telegraf - { networking.firewall.allowedTCPPorts = [ 9273 ]; } - ]; + inherit (self.lib) nixosSystem; in { build01 = nixosSystem { system = "x86_64-linux"; - modules = - common - ++ [ - ./build01/configuration.nix - inputs.srvos.nixosModules.hardware-hetzner-online-amd - ]; + modules = [ ./build01/configuration.nix ]; }; - build02 = nixosSystem { system = "x86_64-linux"; - modules = - common - ++ [ - ./build02/configuration.nix - inputs.srvos.nixosModules.mixins-nginx - inputs.srvos.nixosModules.hardware-hetzner-online-amd - ]; + modules = [ ./build02/configuration.nix ]; }; - build03 = nixosSystem { system = "x86_64-linux"; - modules = - common - ++ [ - ./build03/configuration.nix - inputs.srvos.nixosModules.mixins-nginx - inputs.srvos.nixosModules.hardware-hetzner-online-amd - ]; + modules = [ ./build03/configuration.nix ]; }; - build04 = nixosSystem { system = "aarch64-linux"; - modules = - common - ++ [ - ./build04/configuration.nix - inputs.disko.nixosModules.disko - ]; + modules = [ ./build04/configuration.nix ]; }; }; + + flake.lib.nixosSystem = args: + inputs.nixpkgs.lib.nixosSystem ({ specialArgs = { inherit inputs; }; } // args); }; } diff --git a/roles/common.nix b/roles/common.nix index af3be6c..7150849 100644 --- a/roles/common.nix +++ b/roles/common.nix @@ -1,3 +1,4 @@ +{ inputs, ... }: { imports = [ ./auto-upgrade.nix @@ -5,8 +6,15 @@ ./security.nix ./sops-nix.nix ./users.nix + inputs.sops-nix.nixosModules.sops + inputs.srvos.nixosModules.mixins-telegraf + inputs.srvos.nixosModules.server ]; + networking.firewall.allowedTCPPorts = [ 9273 ]; + + srvos.flake = inputs.self; + zramSwap.enable = true; security.acme.defaults.email = "trash@nix-community.org";