diff --git a/flake.lock b/flake.lock index db1227b..bc20aa9 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,48 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1685564631, + "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1687762428, + "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "nix-serve-ng": "nix-serve-ng", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "parts": "parts" } }, "utils": { diff --git a/flake.nix b/flake.nix index 2852d9b..bf7d2dd 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,6 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-23.05"; - agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -14,57 +13,67 @@ url = github:aristanetworks/nix-serve-ng; inputs.nixpkgs.follows = "nixpkgs"; }; + parts.url = "github:hercules-ci/flake-parts"; }; - outputs = { self, nixpkgs, agenix, nix-serve-ng, ... }@attrs: - let - forEachSystem = nixpkgs.lib.genAttrs systems; - pkgs = import nixpkgs { inherit system; }; - shell = import ./shell.nix { inherit agenix pkgs; }; - system = "x86_64-linux"; - systems = [ system ]; - in - { - devShell.x86_64-linux = shell.dev; - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; + outputs = { self, agenix, nix-serve-ng, nixpkgs, parts, ... }@inputs: + parts.lib.mkFlake { inherit inputs; } { + systems = + [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; - packages = shell.packages; - - nixosConfigurations = { - eve-psr-nix0 = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = attrs; - modules = [ - ({ modulesPath, ... }: { - - imports = [ - agenix.nixosModules.default - nix-serve-ng.nixosModules.default - - ./application/containers.nix - ./application/nginx.nix - - ./monitoring/nginx.nix - ./monitoring/grafana.nix - ./monitoring/prometheus.nix - ./monitoring/loki.nix - ./monitoring/promtail.nix - - ./system/age.nix - ./system/dns.nix - ./system/hardware.nix - ./system/nix-conf.nix - ./system/security.nix - ./system/system.nix - ./system/virtualisation.nix - - ./user/users.nix - ]; - - system.stateVersion = "22.11"; - }) - ]; + perSystem = { config, self', inputs', pkgs, system, ... }: + let + shell = import ./nix/shell.nix { inherit inputs' agenix pkgs; }; + in + { + devShells.default = shell.dev; + formatter = pkgs.nixpkgs-fmt; + }; + + flake = + let + pkgs = import nixpkgs { inherit system; }; + system = "x86_64-linux"; + in + { + inherit system; + + nixosConfigurations = { + eve-psr-nix0 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = inputs; + modules = [ + ({ modulesPath, ... }: { + + imports = [ + agenix.nixosModules.default + nix-serve-ng.nixosModules.default + + ./nix/application/containers.nix + ./nix/application/nginx.nix + + ./nix/monitoring/nginx.nix + ./nix/monitoring/grafana.nix + ./nix/monitoring/prometheus.nix + ./nix/monitoring/loki.nix + ./nix/monitoring/promtail.nix + + ./nix/system/age.nix + ./nix/system/dns.nix + ./nix/system/hardware.nix + ./nix/system/nix-conf.nix + ./nix/system/security.nix + ./nix/system/system.nix + ./nix/system/virtualisation.nix + + ./nix/user/users.nix + ]; + + system.stateVersion = "22.11"; + }) + ]; + }; + }; }; - }; }; } diff --git a/application/containers.nix b/nix/application/containers.nix similarity index 100% rename from application/containers.nix rename to nix/application/containers.nix diff --git a/application/nginx.nix b/nix/application/nginx.nix similarity index 100% rename from application/nginx.nix rename to nix/application/nginx.nix diff --git a/monitoring/grafana.nix b/nix/monitoring/grafana.nix similarity index 100% rename from monitoring/grafana.nix rename to nix/monitoring/grafana.nix diff --git a/monitoring/loki.nix b/nix/monitoring/loki.nix similarity index 100% rename from monitoring/loki.nix rename to nix/monitoring/loki.nix diff --git a/monitoring/nginx.nix b/nix/monitoring/nginx.nix similarity index 100% rename from monitoring/nginx.nix rename to nix/monitoring/nginx.nix diff --git a/monitoring/prometheus.nix b/nix/monitoring/prometheus.nix similarity index 100% rename from monitoring/prometheus.nix rename to nix/monitoring/prometheus.nix diff --git a/monitoring/promtail.nix b/nix/monitoring/promtail.nix similarity index 100% rename from monitoring/promtail.nix rename to nix/monitoring/promtail.nix diff --git a/nix/shell.nix b/nix/shell.nix new file mode 100644 index 0000000..f335261 --- /dev/null +++ b/nix/shell.nix @@ -0,0 +1,22 @@ +{ agenix, inputs', pkgs, ... }: rec { + dev = pkgs.mkShell { + buildInputs = [ + inputs'.agenix.packages.default + (pkgs.nixos { }).nixos-rebuild + pkgs.terraform + packages.deploy + packages.format + ]; + shellHook = '' + ''; + }; + + packages = { + deploy = pkgs.writeShellScriptBin "deploy" '' + nixos-rebuild switch --target-host root@192.168.0.130 --build-host root@192.168.0.130 --flake .#eve-psr-nix0 ; + ''; + format = pkgs.writeShellScriptBin "format" '' + find . -type f -name "*.nix" -exec sh -c 'echo "Formatting: $1"; nix fmt $1' _ {} \; + ''; + }; +} diff --git a/nix/system/age.nix b/nix/system/age.nix new file mode 100644 index 0000000..052732f --- /dev/null +++ b/nix/system/age.nix @@ -0,0 +1,19 @@ +{ ... }: { + age = { + secrets = { + cache-key.file = ../../secrets/cache-key.age; + gitlab-runner.file = ../../secrets/gitlab-runner.age; + graf-email = { + file = ../../secrets/graf-email.age; + mode = "770"; + owner = "grafana"; + group = "grafana"; + }; + htpasswd-dock.file = ../../secrets/htpasswd-dock.age; + keys.file = ../../secrets/keys.age; + sezycei.file = ../../secrets/sezycei.age; + transmission-env.file = ../../secrets/transmission-env.age; + }; + identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + }; +} diff --git a/system/dns.nix b/nix/system/dns.nix similarity index 100% rename from system/dns.nix rename to nix/system/dns.nix diff --git a/system/hardware.nix b/nix/system/hardware.nix similarity index 100% rename from system/hardware.nix rename to nix/system/hardware.nix diff --git a/system/nix-conf.nix b/nix/system/nix-conf.nix similarity index 100% rename from system/nix-conf.nix rename to nix/system/nix-conf.nix diff --git a/system/security.nix b/nix/system/security.nix similarity index 100% rename from system/security.nix rename to nix/system/security.nix diff --git a/system/system.nix b/nix/system/system.nix similarity index 100% rename from system/system.nix rename to nix/system/system.nix diff --git a/system/virtualisation.nix b/nix/system/virtualisation.nix similarity index 100% rename from system/virtualisation.nix rename to nix/system/virtualisation.nix diff --git a/user/users.nix b/nix/user/users.nix similarity index 100% rename from user/users.nix rename to nix/user/users.nix diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 7d71c73..0000000 --- a/shell.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ agenix, pkgs, ... }: rec { - dev = pkgs.mkShell { - buildInputs = [ - agenix.packages.x86_64-linux.default - (pkgs.nixos { }).nixos-rebuild - pkgs.terraform - packages.x86_64-linux.deploy - packages.x86_64-linux.format - ]; - shellHook = '' - ''; - }; - - packages = { - x86_64-linux = { - deploy = pkgs.writeShellScriptBin "deploy" '' - nixos-rebuild switch --target-host root@192.168.0.130 --build-host root@192.168.0.130 --flake .#eve-psr-nix0 ; - ''; - format = pkgs.writeShellScriptBin "format" '' - nix fmt ./*.nix; - for i in */; do - nix fmt $i/*.nix; - done; - ''; - }; - }; -} diff --git a/system/age.nix b/system/age.nix deleted file mode 100644 index 986756c..0000000 --- a/system/age.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: { - age = { - secrets = { - cache-key.file = ../secrets/cache-key.age; - gitlab-runner.file = ../secrets/gitlab-runner.age; - graf-email = { - file = ../secrets/graf-email.age; - mode = "770"; - owner = "grafana"; - group = "grafana"; - }; - htpasswd-dock.file = ../secrets/htpasswd-dock.age; - keys.file = ../secrets/keys.age; - sezycei.file = ../secrets/sezycei.age; - transmission-env.file = ../secrets/transmission-env.age; - }; - identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - }; -}