eve-psr-nix0/flake.nix

{
  inputs = {
    nixpkgs.url = "nixpkgs/nixos-23.05";
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.darwin.follows = "";
    };
  };

  outputs = { self, nixpkgs, agenix, ... }@attrs:
    let
      containerDef = import ./containers.nix;
      serviceContainers = containerDef.containers;

      pkgs = import nixpkgs { inherit system; };
      system = "x86_64-linux";
    in {
      devShell.x86_64-linux = pkgs.mkShell {
        buildInputs = [ 
          agenix.packages.x86_64-linux.default
          (pkgs.nixos { }).nixos-rebuild 
          pkgs.terraform 
        ];
        shellHook = ''
          alias deploy="nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0"
        '';
      };

      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;

      nixosConfigurations = {
        eve-psr-nix0 = nixpkgs.lib.nixosSystem {
          inherit system;
          specialArgs = attrs;
          modules = [
            ({ modulesPath, ... }: {

              imports = [ 
                agenix.nixosModules.default 
                ./hardware-configuration.nix 
              ];

              nix = {
                buildMachines = [ ];
                distributedBuilds = false;
                settings = {
                  auto-optimise-store = false; # https://github.com/NixOS/nix/issues/7273
                  experimental-features = [ "nix-command" "flakes" ];
                };
              };

              boot = {
                loader.systemd-boot.enable = true;
                loader.efi.canTouchEfiVariables = true;
              };

              time.timeZone = "America/Chicago";
              networking = {
                hostName = "eve-psr-nix0";
                firewall = {
                  allowedTCPPorts = [ 22 80 443 3034 ];
                  allowedUDPPorts = [ 22 80 443 ];
                };
              };

              environment.systemPackages = with pkgs; [ git pciutils vim wget ];

              services = {
                openssh = { 
                  enable = true;
                };

                hydra = {
                  enable = true;
                  hydraURL = "https://hydra.matri.cx";
                  listenHost = "192.168.0.130";
                  port = 3034;

                  extraConfig = ''
                    using_frontend_proxy = 1
                    base_uri = "https://hydra.matri.cx"
                  '';

                  useSubstitutes = true;

                  notificationSender = "hydra@matri.cx";
                  buildMachinesFiles = [ ];
                };
              };

              virtualisation = {
                oci-containers = {
                  backend = "podman";
                  containers = serviceContainers;
                };
              };

              security.sudo.wheelNeedsPassword = false;
              users = {
                users = {
                  sezycei = {
                    isNormalUser = true;
                    passwordFile = self.nixosConfigurations.eve-psr-nix0.config.age.secrets.sezycei.path;
                    extraGroups = [ "wheel" ];
                    packages = with pkgs; [ 
                      byobu 
                      tmux 
                      stack 
                    ];
                  };
                  torrent = {
                    isNormalUser = true;
                  };
                };
              };

              age = {
                secrets = {
                  keys.file = ./secrets/keys.age;
                  sezycei.file = ./secrets/sezycei.age;
                };
              };

              system.stateVersion = "22.11";
            })
          ];
        };
      };
    };
}
init 2023-06-01 14:39:07 -05:00			`{`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`inputs = {`
Use nixos.23-05 rather than unstable 2023-06-25 20:54:15 -05:00			`nixpkgs.url = "nixpkgs/nixos-23.05";`
Replace sops-nix with agenix; nix flake update 2023-06-25 20:49:00 -05:00			`agenix = {`
			`url = "github:ryantm/agenix";`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`inputs.nixpkgs.follows = "nixpkgs";`
Replace sops-nix with agenix; nix flake update 2023-06-25 20:49:00 -05:00			`inputs.darwin.follows = "";`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`};`
			`};`

Remove minio and attic 2023-06-26 14:57:56 -05:00			`outputs = { self, nixpkgs, agenix, ... }@attrs:`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`let`
Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`containerDef = import ./containers.nix;`
			`serviceContainers = containerDef.containers;`

Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`pkgs = import nixpkgs { inherit system; };`
			`system = "x86_64-linux";`
			`in {`
			`devShell.x86_64-linux = pkgs.mkShell {`
Replace sops-nix with agenix; nix flake update 2023-06-25 20:49:00 -05:00			`buildInputs = [`
			`agenix.packages.x86_64-linux.default`
			`(pkgs.nixos { }).nixos-rebuild`
			`pkgs.terraform`
			`];`
Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`shellHook = ''`
			`alias deploy="nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0"`
			`'';`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`};`
Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00
			`formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;`

Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`nixosConfigurations = {`
			`eve-psr-nix0 = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`specialArgs = attrs;`
			`modules = [`
			`({ modulesPath, ... }: {`
Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00
Install and enable atticd cache server 2023-06-26 13:26:53 -05:00			`imports = [`
			`agenix.nixosModules.default`
			`./hardware-configuration.nix`
			`];`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00
			`nix = {`
			`buildMachines = [ ];`
			`distributedBuilds = false;`
Enable auto-optimisation of nix store 2023-06-26 12:37:11 -05:00			`settings = {`
Disable auto-optimisation of nix store 2023-06-26 12:43:25 -05:00			`auto-optimise-store = false; # https://github.com/NixOS/nix/issues/7273`
Enable auto-optimisation of nix store 2023-06-26 12:37:11 -05:00			`experimental-features = [ "nix-command" "flakes" ];`
			`};`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`};`

Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`boot = {`
			`loader.systemd-boot.enable = true;`
			`loader.efi.canTouchEfiVariables = true;`
			`};`

			`time.timeZone = "America/Chicago";`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`networking = {`
			`hostName = "eve-psr-nix0";`
			`firewall = {`
Update Hydra configuration; update quick-deployment alias 2023-06-21 20:09:36 -05:00			`allowedTCPPorts = [ 22 80 443 3034 ];`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`allowedUDPPorts = [ 22 80 443 ];`
			`};`
			`};`

Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`environment.systemPackages = with pkgs; [ git pciutils vim wget ];`
init 2023-06-01 14:39:07 -05:00
Install and activate Hydra 2023-06-21 19:33:22 -05:00			`services = {`
Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`openssh = {`
			`enable = true;`
			`};`

Install and activate Hydra 2023-06-21 19:33:22 -05:00			`hydra = {`
			`enable = true;`
Update Hydra configuration; update quick-deployment alias 2023-06-21 20:09:36 -05:00			`hydraURL = "https://hydra.matri.cx";`
			`listenHost = "192.168.0.130";`
			`port = 3034;`

			`extraConfig = ''`
			`using_frontend_proxy = 1`
			`base_uri = "https://hydra.matri.cx"`
			`'';`

Install and activate Hydra 2023-06-21 19:33:22 -05:00			`useSubstitutes = true;`
Update Hydra configuration; update quick-deployment alias 2023-06-21 20:09:36 -05:00
			`notificationSender = "hydra@matri.cx";`
Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`buildMachinesFiles = [ ];`
Install and activate Hydra 2023-06-21 19:33:22 -05:00			`};`
			`};`

Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`virtualisation = {`
			`oci-containers = {`
			`backend = "podman";`
			`containers = serviceContainers;`
			`};`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`};`

Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`security.sudo.wheelNeedsPassword = false;`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`users = {`
			`users = {`
			`sezycei = {`
			`isNormalUser = true;`
Install and enable atticd cache server 2023-06-26 13:26:53 -05:00			`passwordFile = self.nixosConfigurations.eve-psr-nix0.config.age.secrets.sezycei.path;`
Remove Docker and replace Swarm orchestration with Podman systemd units 2023-06-25 13:27:19 -05:00			`extraGroups = [ "wheel" ];`
Use agenix for initial user credential 2023-06-26 12:53:48 -05:00			`packages = with pkgs; [`
			`byobu`
			`tmux`
			`stack`
			`];`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`};`
			`torrent = {`
			`isNormalUser = true;`
			`};`
			`};`
			`};`

Use agenix for initial user credential 2023-06-26 12:53:48 -05:00			`age = {`
			`secrets = {`
			`keys.file = ./secrets/keys.age;`
			`sezycei.file = ./secrets/sezycei.age;`
			`};`
			`};`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00
			`system.stateVersion = "22.11";`
			`})`
			`];`
			`};`
init 2023-06-01 14:39:07 -05:00			`};`
			`};`
			`}`