NixOS deployment for LinuxLab
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

168 lines
3.7 KiB

{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
git-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nixago = {
url = "github:jmgilman/nixago";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
sops = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
ldap-sync = {
type = "git";
url = "https://gogs.informatik.hs-fulda.de/fooker/ldap-sync.git";
flake = false;
};
};
outputs =
{ self
, nixpkgs
, flake-utils
, colmena
, git-hooks
, nixago
, ...
}@inputs:
let
# List of all machine names as defined in the machines directory
machines = builtins.attrNames (builtins.readDir ./machines);
# List of all client names
clients = builtins.attrNames (import ./clients.nix);
in
{
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = {
inherit inputs;
};
};
defaults = {
imports = [
inputs.disko.nixosModules.disko
inputs.sops.nixosModules.sops
./shared
];
deployment.replaceUnknownProfiles = false;
};
"client" = (import ./client) null;
}
# Machines
// (builtins.listToAttrs (builtins.map
(name: {
inherit name;
value = ./machines/${name};
})
machines))
# Clients
// (builtins.listToAttrs (builtins.map
(id: {
name = "client-${id}";
value = ./client;
})
clients))
;
} // flake-utils.lib.eachDefaultSystem (system: {
checks = {
pre-commit = git-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixpkgs-fmt.enable = true;
statix.enable = true;
shellcheck.enable = true;
};
};
};
devShells.default =
let
pkgs = nixpkgs.legacyPackages.${system};
sops-config = nixago.lib.${system}.make {
data = (pkgs.callPackage ./sops-config.nix {
inherit machines;
}).config;
output = ".sops.yaml";
format = "yaml";
};
in
pkgs.mkShell {
buildInputs =
self.checks.${system}.pre-commit.enabledPackages ++
[ colmena.packages.${system}.colmena ] ++
(with pkgs; [
bash
gitAndTools.git
sops
age
openssh
ssh-to-age
]);
shellHook = ''
${self.checks.${system}.pre-commit.shellHook}
${sops-config.shellHook}
'';
};
packages.disks =
let
pkgs = nixpkgs.legacyPackages.${system};
hive = colmena.lib.makeHive self.outputs.colmena;
in
pkgs.linkFarm "linuxlab-testing" (builtins.mapAttrs
(_: node: node.config.system.build.diskoImages)
hive.nodes);
});
nixConfig = {
extra-substituters = [
"https://colmena.cachix.org"
];
extra-trusted-public-keys = [
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
];
};
}