eve-psr-nix0/flake.nix

{
  inputs = {
    nixpkgs.url = "nixpkgs/nixos-unstable";
    sops = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, sops, ... }@attrs:
    let
      pkgs = import nixpkgs { inherit system; };
      system = "x86_64-linux";
    in {
      devShell.x86_64-linux = pkgs.mkShell {
        buildInputs =
          [ (pkgs.nixos { }).nixos-rebuild pkgs.terraform pkgs.sops ];
        shellHook =
          "	alias deploy=\"nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0\"\n";
      };
      nixosConfigurations = {
        eve-psr-nix0 = nixpkgs.lib.nixosSystem {
          inherit system;
          specialArgs = attrs;
          modules = [
            ({ modulesPath, ... }: {
              imports = [ sops.nixosModules.sops ./hardware-configuration.nix ];
              boot = {
                loader.systemd-boot.enable = true;
                loader.efi.canTouchEfiVariables = true;
              };

              nix = {
                buildMachines = [ ];
                distributedBuilds = false;
                settings.experimental-features = [ "nix-command" "flakes" ];
              };

              networking = {
                hostName = "eve-psr-nix0";
                firewall = {
                  allowedTCPPorts = [ 22 80 443 3034 ];
                  allowedUDPPorts = [ 22 80 443 ];
                };
              };

              time.timeZone = "America/Chicago";

              services = {
                hydra = {
                  enable = true;
                  hydraURL = "https://hydra.matri.cx";
                  listenHost = "192.168.0.130";
                  port = 3034;

                  extraConfig = ''
                    using_frontend_proxy = 1
                    base_uri = "https://hydra.matri.cx"
                  '';

                  useSubstitutes = true;

                  notificationSender = "hydra@matri.cx";
                  buildMachinesFiles = [];
                };
                openssh.enable = true;
              };

              virtualisation.docker = {
                enable = true;
                liveRestore = false;
              };

              environment.systemPackages = with pkgs; [ git pciutils vim wget ];

              programs.zsh.enable = true;
              users = {
                defaultUserShell = pkgs.zsh;
                users = {
                  sezycei = {
                    isNormalUser = true;
                    initialPassword = "bootMaster";
                    extraGroups = [ "wheel" "docker" ];
                    packages = with pkgs; [ byobu tmux stack ];
                  };
                  torrent = {
                    isNormalUser = true;
                    initialPassword = "torrentUserTemp";
                  };
                };

              };

              security.sudo.wheelNeedsPassword = false;

              sops = {
                age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; };
                defaultSopsFile = ./secrets/keys.yaml;
                secrets = { hostname = { }; };
              };

              system.stateVersion = "22.11";
            })
          ];
        };
      };
    };
}
init 2023-06-01 14:39:07 -05:00			`{`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`inputs = {`
			`nixpkgs.url = "nixpkgs/nixos-unstable";`
			`sops = {`
			`url = "github:Mic92/sops-nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`};`

			`outputs = { self, nixpkgs, sops, ... }@attrs:`
			`let`
			`pkgs = import nixpkgs { inherit system; };`
			`system = "x86_64-linux";`
			`in {`
			`devShell.x86_64-linux = pkgs.mkShell {`
			`buildInputs =`
			`[ (pkgs.nixos { }).nixos-rebuild pkgs.terraform pkgs.sops ];`
			`shellHook =`
Update Hydra configuration; update quick-deployment alias 2023-06-21 20:09:36 -05:00			`" alias deploy=\"nixos-rebuild switch --target-host root@matri.cx --build-host root@matri.cx --flake .#eve-psr-nix0\"\n";`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`};`
			`nixosConfigurations = {`
			`eve-psr-nix0 = nixpkgs.lib.nixosSystem {`
			`inherit system;`
			`specialArgs = attrs;`
			`modules = [`
			`({ modulesPath, ... }: {`
			`imports = [ sops.nixosModules.sops ./hardware-configuration.nix ];`
			`boot = {`
			`loader.systemd-boot.enable = true;`
			`loader.efi.canTouchEfiVariables = true;`
			`};`

			`nix = {`
			`buildMachines = [ ];`
			`distributedBuilds = false;`
			`settings.experimental-features = [ "nix-command" "flakes" ];`
			`};`

			`networking = {`
			`hostName = "eve-psr-nix0";`
			`firewall = {`
Update Hydra configuration; update quick-deployment alias 2023-06-21 20:09:36 -05:00			`allowedTCPPorts = [ 22 80 443 3034 ];`
Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`allowedUDPPorts = [ 22 80 443 ];`
			`};`
			`};`

			`time.timeZone = "America/Chicago";`
init 2023-06-01 14:39:07 -05:00
Install and activate Hydra 2023-06-21 19:33:22 -05:00			`services = {`
			`hydra = {`
			`enable = true;`
Update Hydra configuration; update quick-deployment alias 2023-06-21 20:09:36 -05:00			`hydraURL = "https://hydra.matri.cx";`
			`listenHost = "192.168.0.130";`
			`port = 3034;`

			`extraConfig = ''`
			`using_frontend_proxy = 1`
			`base_uri = "https://hydra.matri.cx"`
			`'';`

Install and activate Hydra 2023-06-21 19:33:22 -05:00			`useSubstitutes = true;`
Update Hydra configuration; update quick-deployment alias 2023-06-21 20:09:36 -05:00
			`notificationSender = "hydra@matri.cx";`
			`buildMachinesFiles = [];`
Install and activate Hydra 2023-06-21 19:33:22 -05:00			`};`
			`openssh.enable = true;`
			`};`

Refactor all into Flake.nix; introduce SOPS 2023-06-09 14:24:51 -05:00			`virtualisation.docker = {`
			`enable = true;`
			`liveRestore = false;`
			`};`

			`environment.systemPackages = with pkgs; [ git pciutils vim wget ];`

			`programs.zsh.enable = true;`
			`users = {`
			`defaultUserShell = pkgs.zsh;`
			`users = {`
			`sezycei = {`
			`isNormalUser = true;`
			`initialPassword = "bootMaster";`
			`extraGroups = [ "wheel" "docker" ];`
			`packages = with pkgs; [ byobu tmux stack ];`
			`};`
			`torrent = {`
			`isNormalUser = true;`
			`initialPassword = "torrentUserTemp";`
			`};`
			`};`

			`};`

			`security.sudo.wheelNeedsPassword = false;`

			`sops = {`
			`age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; };`
			`defaultSopsFile = ./secrets/keys.yaml;`
			`secrets = { hostname = { }; };`
			`};`

			`system.stateVersion = "22.11";`
			`})`
			`];`
			`};`
init 2023-06-01 14:39:07 -05:00			`};`
			`};`
			`}`