ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

enable external SMTP for hydra (#49)

Browse Source 
* external SMTP for hydra

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* nix-serve sops

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add binary cache

* add hydra jobs

* cleanup (#50)

* finish up cleanup branch merge

* switched back to nixpkgs-fmt

* add nixpkgs-fmt to hydrajobs.build

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
Co-authored-by: Dennis Wuitz <dennish@wuitz.de>
Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com>
This commit is contained in:
Alice Huston
2024-02-01 16:50:14 -05:00
committed by GitHub
parent 10ed0c633b
commit 241c66f5ec
27 changed files with 412 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

171
flake.nix
View File

@ -1,20 +1,25 @@
{
description = "NixOS configuration for RAD-Development Servers";
nixConfig = {
trusted-substituters = [ "https://cache.nixos.org" "https://nix-community.cachix.org" "https://cache.alicehuston.xyz" ];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.alicehuston.xyz:SJAm8HJVTWUjwcTTLAoi/5E1gUOJ0GWum2suPPv7CUo=%" ];
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
systems.url = "github:nix-systems/default";
nixpkgs-fmt = {
url = "github:rad-development/nixpkgs-fmt";
inputs.fenix.inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
systems = {
url = "github:nix-systems/default";
};
nixos-modules = {
url = "github:SuperSandro2000/nixos-modules";
inputs = {
@ -55,40 +60,48 @@
};
};
outputs =
{ home-manager
, mailserver
, nix-pre-commit
, nixos-modules
, nixpkgs
, sops-nix
, ...
}:
outputs = { self, nixpkgs-fmt, home-manager, mailserver, nix-pre-commit, nixos-modules, nixpkgs, sops-nix, ... }:
let
inherit (nixpkgs) lib;
systems = [ "x86_64-linux" "aarch64-linux" ];
forEachSystem = lib.genAttrs systems;
src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.;
ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}"));
lsdir = dir: if (builtins.pathExists (src + "/${dir}")) then (lib.attrNames (lib.filterAttrs (path: type: type == "directory") (builtins.readDir (src + "/${dir}")))) else [ ];
fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir);
recursiveMerge = attrList:
let
f = attrPath:
builtins.zipAttrsWith (n: values:
if builtins.tail values == [ ] then
builtins.head values
else if builtins.all builtins.isList values then
builtins.unique (builtins.concatLists values)
else if builtins.all builtins.isAttrs values then
f (attrPath ++ [ n ]) values
else
lib.last values);
in
f [ ] attrList;
config = {
repos = [
{
repo = "https://gitlab.com/vojko.pribudic/pre-commit-update";
rev = "bbd69145df8741f4f470b8f1cf2867121be52121";
hooks = [
{
id = "pre-commit-update";
args = [ "--dry-run" ];
}
];
hooks = [{
id = "pre-commit-update";
args = [ "--dry-run" ];
}];
}
{
repo = "local";
hooks = [
{
id = "nixpkgs-fmt check";
entry = "${nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt}/bin/nixpkgs-fmt";
id = "nixfmt check";
entry = "${nixpkgs-fmt.legacyPackages.x86_64-linux.nixpkgs-fmt}/bin/nixpkgs-fmt";
args = [ "--check" ];
language = "system";
files = "\\.nix";
@ -106,67 +119,55 @@
};
in
{
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
formatter = forEachSystem (system: nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt);
nixosConfigurations =
let
constructSystem =
{ hostname
, system ? "x86_64-linux"
, modules ? [ ]
, users ? [ "dennis" ]
}: lib.nixosSystem {
constructSystem = { hostname, users, home ? true, modules ? [ ], server ? true, sops ? true, system ? "x86_64-linux" }:
lib.nixosSystem {
inherit system;
modules = [
modules = [ nixos-modules.nixosModule sops-nix.nixosModules.sops { config.networking.hostName = "${hostname}"; } ] ++ (if server then [
mailserver.nixosModules.mailserver
nixos-modules.nixosModule
home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
./systems/programs.nix
./systems/configuration.nix
./systems/${hostname}/hardware.nix
./systems/${hostname}/configuration.nix
{ config.networking.hostName = "${hostname}"; }
] ++ modules ++ fileList "modules"
++ map
(user: { config, lib, pkgs, ... }@args: {
users.users.${user} = import ./users/${user} (args // { name = "${user}"; });
boot.initrd.network.ssh.authorizedKeys = config.users.users.${user}.openssh.authorizedKeys.keys;
sops = {
secrets."${user}/user-password" = {
sopsFile = ./users/${user}/secrets.yaml;
neededForUsers = true;
] else [
./users/${builtins.head users}/systems/${hostname}/configuration.nix
./users/${builtins.head users}/systems/${hostname}/hardware.nix
]) ++ fileList "modules" ++ modules ++ lib.optional home home-manager.nixosModules.home-manager
++ (if home then (map (user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users) else [ ]) ++ map
(user:
{ config, lib, pkgs, ... }@args: {
users.users.${user} = import ./users/${user} (args // { name = "${user}"; });
boot.initrd.network.ssh.authorizedKeys = lib.mkIf server config.users.users.${user}.openssh.authorizedKeys.keys;
sops = lib.mkIf sops {
secrets."${user}/user-password" = {
sopsFile = ./users/${user}/secrets.yaml;
neededForUsers = true;
};
};
};
})
users
++ map (user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users;
})
users;
};
in
(builtins.listToAttrs (map
(system: {
name = system;
value = constructSystem { hostname = system; } // (import ./systems/${system} { });
value = constructSystem ({ hostname = system; } // builtins.removeAttrs (import ./systems/${system} { }) [ "hostname" "server" "home" ]);
})
(lsdir "systems"))) //
(builtins.listToAttrs (builtins.concatMap
(user: map
(system: rec {
name = "${user}.${system}";
cfg = import ./users/${user}/systems/${system} { };
value = lib.nixosSystem {
system = cfg.system ? "x86_64-linux";
modules = [
nixos-modules.nixosModule
sops-nix.nixosModules.sops
./users/${user}/systems/${system}/configuration.nix
./users/${user}/systems/${system}/hardware.nix
{ config.networking.hostName = "${system}"; }
] ++ fileList "modules"
++ lib.optional (cfg.home-manager ? false) home-manager.nixosModules.home-manager;
};
})
(lsdir "users/${user}/systems"))
(lsdir "systems"))) // (builtins.listToAttrs (builtins.concatMap
(user:
map
(system: {
name = "${user}.${system}";
value = constructSystem ({
hostname = system;
server = false;
users = [ user ];
} // builtins.removeAttrs (import ./users/${user}/systems/${system} { }) [ "hostname" "server" "users" ]);
})
(lsdir "users/${user}/systems"))
(lsdir "users")));
devShell = lib.mapAttrs
@ -174,16 +175,30 @@
with nixpkgs.legacyPackages.${system};
mkShell {
sopsPGPKeyDirs = [ "./keys" ];
nativeBuildInputs = [
apacheHttpd
sopsPkgs.sops-import-keys-hook
];
shellHook = (nix-pre-commit.lib.${system}.mkConfig {
inherit pkgs config;
}).shellHook;
}
)
nativeBuildInputs = [ apacheHttpd sopsPkgs.sops-import-keys-hook ];
packages = [ self.formatter.${system} ];
shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook;
})
sops-nix.packages;
hydraJobs = {
build = (recursiveMerge
(
(map
(machine: {
${machine.pkgs.system} = (builtins.listToAttrs (map
(pkg: {
name = pkg.name;
value = pkg;
})
machine.config.environment.systemPackages));
})
(builtins.attrValues self.nixosConfigurations)) ++ [
(forEachSystem (system: {
${system}.${nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt.name} = nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt;
}))
]
));
};
};
}