sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: refactor

Browse source
This commit is contained in:
zowoq 2023-05-16 09:53:27 +10:00 committed by Jonas Chevalier
parent be4ee54668
commit 91028319fa
6 changed files with 26 additions and 42 deletions

3
build01/configuration.nix
View file

@ -1,4 +1,4 @@
{ ... }: { inputs, ... }:
# Boot recovery: # Boot recovery:
# Activate 64-bit Rescue system in https://robot.your-server.de/server # Activate 64-bit Rescue system in https://robot.your-server.de/server
# ssh root@build01.nix-community.org "mount /dev/md[0-9]* /mnt && /mnt/kexec_bundle" # ssh root@build01.nix-community.org "mount /dev/md[0-9]* /mnt && /mnt/kexec_bundle"
@ -11,6 +11,7 @@
# nixos-enter # nixos-enter
{ {
imports = [ imports = [
inputs.srvos.nixosModules.hardware-hetzner-online-amd
../roles/common.nix ../roles/common.nix
../roles/raid.nix ../roles/raid.nix
../roles/zfs.nix ../roles/zfs.nix

4
build02/configuration.nix
View file

@ -1,7 +1,9 @@
{ ... }: { inputs, ... }:
{ {
imports = [ imports = [
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
./nixpkgs-update.nix ./nixpkgs-update.nix
./nixpkgs-update-backup.nix ./nixpkgs-update-backup.nix
../roles/common.nix ../roles/common.nix

4
build03/configuration.nix
View file

@ -1,4 +1,4 @@
{ ... }: { inputs, ... }:
{ {
# Boot recovery: # Boot recovery:
# Activate 64-bit Rescue system in https://robot.your-server.de/server # Activate 64-bit Rescue system in https://robot.your-server.de/server
@ -10,6 +10,8 @@
# $ zpool import -f zroot && mount -t zfs zroot/root/nixos /mnt && mount -t zfs zroot/root/home /mnt/home && mount /dev/md[0-9]* /mnt/boot # $ zpool import -f zroot && mount -t zfs zroot/root/nixos /mnt && mount -t zfs zroot/root/home /mnt/home && mount /dev/md[0-9]* /mnt/boot
# $ nixos-enter # $ nixos-enter
imports = [ imports = [
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
../roles/common.nix ../roles/common.nix
../roles/hercules-ci ../roles/hercules-ci
../roles/watch-store.nix ../roles/watch-store.nix

2
build04/configuration.nix
View file

@ -1,5 +1,7 @@
{ inputs, ... }:
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix ./hardware-configuration.nix
../roles/common.nix ../roles/common.nix
../roles/hercules-ci ../roles/hercules-ci

47
flake.nix
View file

@ -91,59 +91,28 @@
flake.nixosConfigurations = flake.nixosConfigurations =
let let
inherit (inputs.nixpkgs.lib) nixosSystem; inherit (self.lib) nixosSystem;
common = [
{ _module.args.inputs = inputs; }
{ srvos.flake = inputs.self; }
inputs.sops-nix.nixosModules.sops
inputs.srvos.nixosModules.server
inputs.srvos.nixosModules.mixins-telegraf
{ networking.firewall.allowedTCPPorts = [ 9273 ]; }
];
in in
{ {
build01 = nixosSystem { build01 = nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = modules = [ ./build01/configuration.nix ];
common
++ [
./build01/configuration.nix
inputs.srvos.nixosModules.hardware-hetzner-online-amd
];
}; };
build02 = nixosSystem { build02 = nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = modules = [ ./build02/configuration.nix ];
common
++ [
./build02/configuration.nix
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
];
}; };
build03 = nixosSystem { build03 = nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = modules = [ ./build03/configuration.nix ];
common
++ [
./build03/configuration.nix
inputs.srvos.nixosModules.mixins-nginx
inputs.srvos.nixosModules.hardware-hetzner-online-amd
];
}; };
build04 = nixosSystem { build04 = nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
modules = modules = [ ./build04/configuration.nix ];
common
++ [
./build04/configuration.nix
inputs.disko.nixosModules.disko
];
}; };
}; };
flake.lib.nixosSystem = args:
inputs.nixpkgs.lib.nixosSystem ({ specialArgs = { inherit inputs; }; } // args);
}; };
} }

8
roles/common.nix
View file

@ -1,3 +1,4 @@
{ inputs, ... }:
{ {
imports = [ imports = [
./auto-upgrade.nix ./auto-upgrade.nix
@ -5,8 +6,15 @@
./security.nix ./security.nix
./sops-nix.nix ./sops-nix.nix
./users.nix ./users.nix
inputs.sops-nix.nixosModules.sops
inputs.srvos.nixosModules.mixins-telegraf
inputs.srvos.nixosModules.server
]; ];
networking.firewall.allowedTCPPorts = [ 9273 ];
srvos.flake = inputs.self;
zramSwap.enable = true; zramSwap.enable = true;
security.acme.defaults.email = "trash@nix-community.org"; security.acme.defaults.email = "trash@nix-community.org";