feat(flake): switch to flake-parts
This commit is contained in:
parent
7aa13d2b42
commit
3e7b2e5f97
45
config/basic/generate-installer-package.nix
Normal file
45
config/basic/generate-installer-package.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
|
||||
disko-script = pkgs.writeShellScriptBin "disko-script" "${config.system.build.diskoScript}";
|
||||
disko-mount = pkgs.writeShellScriptBin "disko-mount" "${config.system.build.mountScript}";
|
||||
disko-format = pkgs.writeShellScriptBin "disko-format" "${config.system.build.formatScript}";
|
||||
|
||||
install-system = pkgs.writeShellScriptBin "install-system" ''
|
||||
set -euo pipefail
|
||||
|
||||
echo "Formatting disks..."
|
||||
${disko-script}/bin/disko-script
|
||||
|
||||
echo "Installing system..."
|
||||
nixos-install --no-root-password --system ${config.system.build.toplevel}
|
||||
|
||||
echo "Done!"
|
||||
'';
|
||||
|
||||
installer-package = pkgs.symlinkJoin {
|
||||
name = "installer-package-${config.node.name}";
|
||||
paths = [
|
||||
disko-script
|
||||
disko-mount
|
||||
disko-format
|
||||
install-system
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
options.system.build.installFromLive = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
description = ''
|
||||
A single script that can be used from a live system, which will
|
||||
format disks and copy the derivation.
|
||||
'';
|
||||
default = installer-package;
|
||||
readOnly = true;
|
||||
};
|
||||
}
|
43
flake.lock
43
flake.lock
|
@ -531,6 +531,24 @@
|
|||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722555600,
|
||||
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_2": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"lanzaboote",
|
||||
|
@ -551,7 +569,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_2": {
|
||||
"flake-parts_3": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixpkgs-wayland",
|
||||
|
@ -573,7 +591,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_3": {
|
||||
"flake-parts_4": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixvim",
|
||||
|
@ -997,7 +1015,7 @@
|
|||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
|
@ -1023,7 +1041,7 @@
|
|||
"lib-aggregate": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_6",
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
"nixpkgs-lib": "nixpkgs-lib_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722168631,
|
||||
|
@ -1100,7 +1118,7 @@
|
|||
},
|
||||
"nix-eval-jobs": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_2",
|
||||
"flake-parts": "flake-parts_3",
|
||||
"nix-github-actions": "nix-github-actions",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
|
@ -1295,6 +1313,18 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1722555339,
|
||||
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib_2": {
|
||||
"locked": {
|
||||
"lastModified": 1722128034,
|
||||
"narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=",
|
||||
|
@ -1464,7 +1494,7 @@
|
|||
"inputs": {
|
||||
"devshell": "devshell_5",
|
||||
"flake-compat": "flake-compat_6",
|
||||
"flake-parts": "flake-parts_3",
|
||||
"flake-parts": "flake-parts_4",
|
||||
"git-hooks": "git-hooks",
|
||||
"home-manager": "home-manager_2",
|
||||
"nix-darwin": "nix-darwin",
|
||||
|
@ -1654,6 +1684,7 @@
|
|||
"agenix-rekey": "agenix-rekey",
|
||||
"devshell": "devshell_2",
|
||||
"disko": "disko",
|
||||
"flake-parts": "flake-parts",
|
||||
"flake-utils": "flake-utils",
|
||||
"home-manager": "home-manager",
|
||||
"impermanence": "impermanence",
|
||||
|
|
97
flake.nix
97
flake.nix
|
@ -43,6 +43,8 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||
|
||||
# Bin zu faul des zu kopieren
|
||||
agenix-rekey = {
|
||||
url = "github:oddlama/agenix-rekey";
|
||||
|
@ -104,82 +106,37 @@
|
|||
outputs =
|
||||
{
|
||||
self,
|
||||
nixpkgs,
|
||||
flake-utils,
|
||||
agenix-rekey,
|
||||
nixos-generators,
|
||||
pre-commit-hooks,
|
||||
devshell,
|
||||
nixvim,
|
||||
nixos-extra-modules,
|
||||
nix-topology,
|
||||
...
|
||||
}@inputs:
|
||||
let
|
||||
inherit (nixpkgs) lib;
|
||||
stateVersion = "23.05";
|
||||
in
|
||||
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
|
||||
imports = [
|
||||
./nix/agenix-rekey.nix
|
||||
./nix/devshell.nix
|
||||
./nix/hosts.nix
|
||||
./nix/pkgs.nix
|
||||
nix-topology.flakeModule
|
||||
];
|
||||
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
|
||||
perSystem =
|
||||
{ pkgs, system, ... }:
|
||||
{
|
||||
secretsConfig = {
|
||||
# This should be a link to one of the age public keys is './keys'
|
||||
masterIdentities = [ ./keys/PatC.pub ];
|
||||
extraEncryptionPubkeys = [ ./secrets/recipients.txt ];
|
||||
};
|
||||
agenix-rekey = agenix-rekey.configure {
|
||||
userFlake = self;
|
||||
inherit (self) nodes pkgs;
|
||||
};
|
||||
|
||||
inherit stateVersion;
|
||||
inherit (import ./nix/hosts.nix inputs)
|
||||
hosts
|
||||
nixosConfigurations
|
||||
minimalConfigurations
|
||||
guestConfigurations
|
||||
;
|
||||
nodes = self.nixosConfigurations // self.guestConfigurations;
|
||||
|
||||
inherit
|
||||
(lib.foldl' lib.recursiveUpdate { } (
|
||||
lib.mapAttrsToList (import ./nix/generate-installer-package.nix inputs) self.minimalConfigurations
|
||||
))
|
||||
packages
|
||||
;
|
||||
}
|
||||
// flake-utils.lib.eachDefaultSystem (system: rec {
|
||||
topology.modules = [ ./nix/topology.nix ];
|
||||
apps.setupHetznerStorageBoxes =
|
||||
import (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix")
|
||||
{
|
||||
inherit pkgs;
|
||||
nixosConfigurations = self.nodes;
|
||||
nixosConfigurations = inputs.self.nodes;
|
||||
decryptIdentity = builtins.head self.secretsConfig.masterIdentities;
|
||||
};
|
||||
pkgs = import nixpkgs {
|
||||
overlays =
|
||||
import ./lib inputs
|
||||
++ import ./pkgs
|
||||
++ [
|
||||
# nixpkgs-wayland.overlay
|
||||
nixos-extra-modules.overlays.default
|
||||
nix-topology.overlays.default
|
||||
devshell.overlays.default
|
||||
agenix-rekey.overlays.default
|
||||
nixvim.overlays.default
|
||||
];
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
packages = pkgs;
|
||||
|
||||
topology = import nix-topology {
|
||||
inherit pkgs;
|
||||
modules = [
|
||||
{ inherit (self) nixosConfigurations; }
|
||||
./nix/topology.nix
|
||||
];
|
||||
};
|
||||
|
||||
images.live-iso = nixos-generators.nixosGenerate {
|
||||
packages.live-iso = nixos-generators.nixosGenerate {
|
||||
inherit pkgs;
|
||||
modules = [
|
||||
./nix/installer-configuration.nix
|
||||
|
@ -193,18 +150,6 @@
|
|||
.${system};
|
||||
};
|
||||
|
||||
checks.pre-commit-check = pre-commit-hooks.lib.${system}.run {
|
||||
src = lib.cleanSource ./.;
|
||||
hooks = {
|
||||
nixfmt = {
|
||||
enable = true;
|
||||
package = pkgs.nixfmt-rfc-style;
|
||||
};
|
||||
deadnix.enable = true;
|
||||
statix.enable = true;
|
||||
};
|
||||
};
|
||||
devShell = import ./nix/devshell.nix inputs system;
|
||||
formatter = pkgs.nixfmt-rfc-style;
|
||||
});
|
||||
}
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
_inputs: [ ]
|
31
nix/agenix-rekey.nix
Normal file
31
nix/agenix-rekey.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ inputs, self, ... }:
|
||||
{
|
||||
imports = [ inputs.agenix-rekey.flakeModule ];
|
||||
flake = {
|
||||
secretsConfig = {
|
||||
# This should be a link to one of the age public keys in './keys'
|
||||
masterIdentities = [ ../keys/PatC.pub ];
|
||||
extraEncryptionPubkeys = [ ../secrets/recipients.txt ];
|
||||
};
|
||||
};
|
||||
perSystem =
|
||||
{ config, ... }:
|
||||
{
|
||||
agenix-rekey.nodes = self.nodes;
|
||||
devshells.default = {
|
||||
commands = [
|
||||
{
|
||||
inherit (config.agenix-rekey) package;
|
||||
help = "Edit, generate and rekey secrets";
|
||||
}
|
||||
];
|
||||
env = [
|
||||
{
|
||||
# Always add files to git after agenix rekey and agenix generate.
|
||||
name = "AGENIX_REKEY_ADD_TO_GIT";
|
||||
value = "true";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,10 +1,23 @@
|
|||
{ self, ... }:
|
||||
system:
|
||||
let
|
||||
pkgs = self.pkgs.${system};
|
||||
in
|
||||
pkgs.devshell.mkShell {
|
||||
name = "nix-config";
|
||||
{ inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
inputs.devshell.flakeModule
|
||||
inputs.pre-commit-hooks.flakeModule
|
||||
];
|
||||
|
||||
perSystem =
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
pre-commit.settings.hooks = {
|
||||
nixfmt = {
|
||||
enable = true;
|
||||
package = pkgs.nixfmt-rfc-style;
|
||||
};
|
||||
deadnix.enable = true;
|
||||
statix.enable = true;
|
||||
};
|
||||
formatter = pkgs.nixfmt-rfc-style;
|
||||
devshells.default = {
|
||||
packages = with pkgs; [
|
||||
# Nix
|
||||
nil
|
||||
|
@ -22,10 +35,6 @@ pkgs.devshell.mkShell {
|
|||
package = pkgs.deploy;
|
||||
help = "build and deploy nix configurations";
|
||||
}
|
||||
{
|
||||
package = pkgs.agenix-rekey;
|
||||
help = "Edit and rekey repository secrets";
|
||||
}
|
||||
{
|
||||
package = pkgs.nixfmt-rfc-style;
|
||||
help = "Format nix code";
|
||||
|
@ -65,5 +74,7 @@ pkgs.devshell.mkShell {
|
|||
}
|
||||
];
|
||||
|
||||
devshell.startup.pre-commit.text = self.checks.${system}.pre-commit-check.shellHook;
|
||||
devshell.startup.pre-commit.text = config.pre-commit.installationScript;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
{ self, ... }:
|
||||
nodeName: nodeAttrs:
|
||||
let
|
||||
#FIXME inherit nodeAttrs. system;
|
||||
system = "x86_64-linux";
|
||||
pkgs = self.pkgs.${system};
|
||||
|
||||
disko-script = pkgs.writeShellScriptBin "disko-script" "${nodeAttrs.config.system.build.diskoScript
|
||||
}";
|
||||
disko-mount = pkgs.writeShellScriptBin "disko-mount" "${nodeAttrs.config.system.build.mountScript}";
|
||||
disko-format = pkgs.writeShellScriptBin "disko-format" "${nodeAttrs.config.system.build.formatScript
|
||||
}";
|
||||
|
||||
install-system = pkgs.writeShellScriptBin "install-system" ''
|
||||
set -euo pipefail
|
||||
|
||||
echo "Formatting disks..."
|
||||
${disko-script}/bin/disko-script
|
||||
|
||||
echo "Installing system..."
|
||||
nixos-install --no-root-password --system ${nodeAttrs.config.system.build.toplevel}
|
||||
|
||||
echo "Done!"
|
||||
'';
|
||||
|
||||
installer-package = pkgs.symlinkJoin {
|
||||
name = "installer-package-${nodeName}";
|
||||
paths = [
|
||||
disko-script
|
||||
disko-mount
|
||||
disko-format
|
||||
install-system
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
# Everything required for the installer as a single package,
|
||||
# so it can be used from an existing live system by copying the derivation.
|
||||
packages.${system}.installer-package.${nodeName} = installer-package;
|
||||
}
|
|
@ -1,14 +1,15 @@
|
|||
inputs:
|
||||
let
|
||||
inherit (inputs) self;
|
||||
inherit (inputs.nixpkgs.lib)
|
||||
{ inputs, ... }:
|
||||
{
|
||||
flake =
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
concatMapAttrs
|
||||
filterAttrs
|
||||
flip
|
||||
genAttrs
|
||||
mapAttrs'
|
||||
nameValuePair
|
||||
nixosSystem
|
||||
;
|
||||
|
||||
# Creates a new nixosSystem with the correct specialArgs, pkgs and name definition
|
||||
|
@ -16,14 +17,15 @@ let
|
|||
{ minimal }:
|
||||
name:
|
||||
let
|
||||
pkgs = self.pkgs.x86_64-linux;
|
||||
pkgs = config.pkgs.x86_64-linux;
|
||||
stateVersion = "23.05";
|
||||
in
|
||||
nixosSystem {
|
||||
inputs.nixpkgs.lib.nixosSystem {
|
||||
specialArgs = {
|
||||
# Use the correct instance lib that has our overlays
|
||||
inherit (pkgs) lib;
|
||||
inherit (self) nodes stateVersion;
|
||||
inherit inputs minimal;
|
||||
inherit (config) nodes;
|
||||
inherit inputs minimal stateVersion;
|
||||
};
|
||||
modules = [
|
||||
{
|
||||
|
@ -31,10 +33,17 @@ let
|
|||
# inputs.nixpkgs.nixosModules.readOnlyPkgs, since some nixosModules
|
||||
# like nixseparatedebuginfod depend on adding packages via nixpkgs.overlays.
|
||||
# So we just mimic the options and overlays defined by the passed pkgs set.
|
||||
nixpkgs.overlays = pkgs.overlays;
|
||||
nixpkgs.config = pkgs.config;
|
||||
node.name = name;
|
||||
node.secretsDir = ../. + "/hosts/${name}/secrets";
|
||||
nixpkgs.overlays = (import ../pkgs) ++ [
|
||||
# nixpkgs-wayland.overlay
|
||||
inputs.nixos-extra-modules.overlays.default
|
||||
inputs.nix-topology.overlays.default
|
||||
inputs.devshell.overlays.default
|
||||
inputs.agenix-rekey.overlays.default
|
||||
inputs.nixvim.overlays.default
|
||||
];
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
}
|
||||
../hosts/${name}
|
||||
];
|
||||
|
@ -44,7 +53,9 @@ let
|
|||
# associates the minimum amount of metadata that is necessary
|
||||
# to instanciate hosts correctly.
|
||||
hosts = builtins.attrNames (filterAttrs (_: type: type == "directory") (builtins.readDir ../hosts));
|
||||
in
|
||||
# Process each nixosHosts declaration and generatea nixosSystem definitions
|
||||
{
|
||||
nixosConfigurations = genAttrs hosts (mkHost {
|
||||
minimal = false;
|
||||
});
|
||||
|
@ -55,7 +66,7 @@ let
|
|||
# True NixOS nodes can define additional guest nodes that are built
|
||||
# together with it. We collect all defined guests from each node here
|
||||
# to allow accessing any node via the unified attribute `nodes`.
|
||||
guestConfigurations = flip concatMapAttrs self.nixosConfigurations (
|
||||
guestConfigurations = flip concatMapAttrs config.nixosConfigurations (
|
||||
_: node:
|
||||
flip mapAttrs' (node.config.guests or { }) (
|
||||
guestName: guestDef:
|
||||
|
@ -67,12 +78,8 @@ let
|
|||
)
|
||||
)
|
||||
);
|
||||
in
|
||||
{
|
||||
inherit
|
||||
hosts
|
||||
nixosConfigurations
|
||||
minimalConfigurations
|
||||
guestConfigurations
|
||||
;
|
||||
# All nixosSystem instanciations are collected here, so that we can refer
|
||||
# to any system via nodes.<name>
|
||||
nodes = config.nixosConfigurations // config.guestConfigurations;
|
||||
};
|
||||
}
|
||||
|
|
28
nix/pkgs.nix
Normal file
28
nix/pkgs.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
(
|
||||
{ lib, flake-parts-lib, ... }:
|
||||
flake-parts-lib.mkTransposedPerSystemModule {
|
||||
name = "pkgs";
|
||||
file = ./pkgs.nix;
|
||||
option = lib.mkOption { type = lib.types.unspecified; };
|
||||
}
|
||||
)
|
||||
];
|
||||
|
||||
perSystem =
|
||||
{ pkgs, system, ... }:
|
||||
{
|
||||
_module.args.pkgs = import inputs.nixpkgs {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
overlays = (import ../pkgs/default.nix) ++ [
|
||||
inputs.nix-topology.overlays.default
|
||||
inputs.nixos-extra-modules.overlays.default
|
||||
];
|
||||
};
|
||||
|
||||
inherit pkgs;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue