From bd2573228c2d6ec509f90f0784991b6d9e7f047b Mon Sep 17 00:00:00 2001 From: Joshua Potter Date: Sun, 10 Dec 2023 15:15:42 -0700 Subject: [PATCH] Move away from nested flakes in favor of flat modules. Multiple flakes within a repository doesn't seem to be well-supported. Transition to just defining top-level modules and passing module arguments as needed. --- README.md | 66 +-- digital-ocean/23.11pre-git/flake.lock | 27 -- digital-ocean/23.11pre-git/flake.nix | 22 - digital-ocean/default.nix | 11 + flake.lock | 637 ++------------------------ flake.nix | 71 ++- hive/framework/default.nix | 27 ++ hive/framework/flake.lock | 158 ------- hive/framework/flake.nix | 46 -- hive/phobos/default.nix | 60 +++ hive/phobos/flake.lock | 352 -------------- hive/phobos/flake.nix | 69 --- hive/titan/default.nix | 30 ++ hive/titan/flake.lock | 134 ------ hive/titan/flake.nix | 46 -- users/jrpotter/default.nix | 6 +- 16 files changed, 256 insertions(+), 1506 deletions(-) delete mode 100644 digital-ocean/23.11pre-git/flake.lock delete mode 100644 digital-ocean/23.11pre-git/flake.nix create mode 100644 digital-ocean/default.nix create mode 100644 hive/framework/default.nix delete mode 100644 hive/framework/flake.lock delete mode 100644 hive/framework/flake.nix create mode 100644 hive/phobos/default.nix delete mode 100644 hive/phobos/flake.lock delete mode 100644 hive/phobos/flake.nix create mode 100644 hive/titan/default.nix delete mode 100644 hive/titan/flake.lock delete mode 100644 hive/titan/flake.nix diff --git a/README.md b/README.md index 95d987f..763e3c2 100644 --- a/README.md +++ b/README.md @@ -5,28 +5,47 @@ my NixOS machines. Deployment (both local and remote) is managed using [colmena](https://github.com/zhaofengli/colmena). All machines can be found in the `flake.nix` file. +## Users + +[home-manager](https://nix-community.github.io/home-manager/) configurations +are found in the top-level `users` directory. As of now, there exists settings +for a single user called `jrpotter`. + ## Local Machines -My personal laptop configuration is reflected in the `hive/framework` directory -(named after the [framework](https://frame.work/) laptop I use). This flake -defines a [home-manager](https://nix-community.github.io/home-manager/) -configuration for a single user called `jrpotter`. We can apply a -`nixos-rebuild switch` by running: +My personal laptop configuration is stored in the `hive/framework` directory. +To invoke the equivalent of a local `nixos-rebuild switch` using colmena, run: ```bash -$ nix flake update # If any changes were made to local machines. $ colmena apply-local [--sudo] ``` ## Remote Machines Remote machines are hosted on [DigitalOcean](https://www.digitalocean.com/). -The custom image used by each droplet can be built using the top-level -`digital-ocean/23.11pre-git` flake. This image disables a root password -in favor of SSH. A droplet running this image will automatically pull in any -enabled SSH keys from your DigitalOcean account at creation time (so make sure -to include them when creating a new droplet). +The custom images used by each droplet is built by running: +```bash +$ nix build #.digital-ocean.[stoat|tapir] +``` +The above command produces an image with root password disabled in favor of SSH. +A droplet running this image will automatically pull in any enabled SSH keys +from your DigitalOcean account at creation time. -### Secrets +### Deployment + +Like our local configurations, remote updates are managed by `colmena`. +`colmena` requires non-interactively connecting over the `ssh-ng` protocol +meaning you must add the appropriate private SSH key to an `ssh-agent` before +deploying: +```bash +$ eval $(ssh-agent -s) +$ ssh-add ~/.ssh/id_ed25519 +``` +Afterward you can run the following: +```bash +$ colmena apply [--on ] +``` + +## Secrets Secrets are managed via [sops-nix](https://github.com/Mic92/sops-nix). The top-level `.sops.yaml` configures the `age` keys used to encrypt all secrets. @@ -37,7 +56,7 @@ $ nix-shell -p sops --run "sops " Keep in mind that `sops-nix` supports YAML, JSON, INI, dotenv and binary at the moment. What format is used is determined by ``'s extension. -#### Admins +### Admins To generate a new user-controlled key, you will need an ed25519 SSH key. Generate one (if you do not already have one) by running: @@ -56,7 +75,7 @@ $ nix-shell -p ssh-to-age --run "ssh-to-age < ~/.ssh/id_ed25519.pub" ``` This public key can then be written into the `.sops.yaml` file. -#### Servers +### Servers Each machine that needs to decrypt secret files will also need to be registered. To do so, run: @@ -65,21 +84,4 @@ $ nix-shell -p ssh-to-age --run 'ssh-keyscan | ssh-to-age' ``` This will look for any SSH host ed25519 public keys and automatically run through `ssh-to-age`. Include an appropriately top-level `keys` entry in -`.sops.yaml` before generating the secrets needed by the machine. Refer to -`phobos` for an example. - -### Deployment - -Like our local configurations, remote updates are managed by `colmena`. -`colmena` requires non-interactively connecting over the `ssh-ng` protocol -meaning you must add the appropriate private SSH key to an `ssh-agent` before -deploying: -```bash -$ eval $(ssh-agent -s) -$ ssh-add ~/.ssh/id_ed25519 -``` -Afterward you can run the following: -```bash -$ nix flake update # If any changes were made to remote machines. -$ colmena apply -``` +`.sops.yaml` before generating the secrets needed by the machine. diff --git a/digital-ocean/23.11pre-git/flake.lock b/digital-ocean/23.11pre-git/flake.lock deleted file mode 100644 index c19674c..0000000 --- a/digital-ocean/23.11pre-git/flake.lock +++ /dev/null @@ -1,27 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1701952659, - "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/digital-ocean/23.11pre-git/flake.nix b/digital-ocean/23.11pre-git/flake.nix deleted file mode 100644 index 9a3e0e7..0000000 --- a/digital-ocean/23.11pre-git/flake.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - description = "A NixOS image builder for DigitalOcean."; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; - }; - - outputs = { nixpkgs, ... }: - let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; - module = { - imports = [ - "${nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix" - ]; - - system.stateVersion = "23.11"; - }; - in { - packages.${system}.default = (pkgs.nixos module).digitalOceanImage; - }; -} diff --git a/digital-ocean/default.nix b/digital-ocean/default.nix new file mode 100644 index 0000000..654d0a4 --- /dev/null +++ b/digital-ocean/default.nix @@ -0,0 +1,11 @@ +{ pkgs, stateVersion }: +let + module = { modulesPath, ... }: { + imports = [ + (modulesPath + "/virtualisation/digital-ocean-image.nix") + ]; + + system.stateVersion = stateVersion; + }; +in + (pkgs.nixos module).digitalOceanImage diff --git a/flake.lock b/flake.lock index 3023dca..7e8e5d4 100644 --- a/flake.lock +++ b/flake.lock @@ -1,279 +1,11 @@ { "nodes": { - "boardwise": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1701963345, - "narHash": "sha256-ObPo2TtW4JqhpjR/bzuGDPvcQp21ykImi5DYD7gKg4Q=", - "owner": "boardwise-gg", - "repo": "website", - "rev": "0eca8e5f5f9cf1b4c12c1d50e851dad94b33c0a9", - "type": "github" - }, - "original": { - "owner": "boardwise-gg", - "ref": "v0.1.0", - "repo": "website", - "type": "github" - } - }, - "bootstrap": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1701362005, - "narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=", - "owner": "jrpotter", - "repo": "bootstrap", - "rev": "383ada86616194d8bf66b9646ec601f84c6add05", - "type": "github" - }, - "original": { - "owner": "jrpotter", - "ref": "v0.1.2", - "repo": "bootstrap", - "type": "github" - } - }, - "bootstrap_2": { - "inputs": { - "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_7" - }, - "locked": { - "lastModified": 1701362005, - "narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=", - "owner": "jrpotter", - "repo": "bootstrap", - "rev": "383ada86616194d8bf66b9646ec601f84c6add05", - "type": "github" - }, - "original": { - "owner": "jrpotter", - "ref": "v0.1.2", - "repo": "bootstrap", - "type": "github" - } - }, - "coach-scraper": { - "inputs": { - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_5", - "poetry2nix": "poetry2nix" - }, - "locked": { - "lastModified": 1702166256, - "narHash": "sha256-4/uubLykBYihTxlemkTN0g7ZWbJGBEAVZQSopAdmZhw=", - "owner": "boardwise-gg", - "repo": "coach-scraper", - "rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7", - "type": "github" - }, - "original": { - "owner": "boardwise-gg", - "repo": "coach-scraper", - "rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7", - "type": "github" - } - }, - "flake-compat": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-compat_2": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-compat_3": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-compat_4": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "inputs": { - "systems": "systems_6" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "framework": { - "inputs": { - "bootstrap": "bootstrap", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1, - "narHash": "sha256-fLpIvN3IMsXBmAFkKcqTAXtPJprGsQqukJ6iIYPuZO8=", - "path": "./hive/framework", - "type": "path" - }, - "original": { - "path": "./hive/framework", - "type": "path" - } - }, - "home-manager": { + "home-manager-23_05": { "inputs": { "nixpkgs": [ - "framework", - "nixpkgs" + "nixpkgs-23_05" ] }, - "locked": { - "lastModified": 1699748081, - "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "04bac349d585c9df38d78e0285b780a140dc74a4", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-23.05", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": "nixpkgs_8" - }, "locked": { "lastModified": 1702195668, "narHash": "sha256-Lxmjez0nfNBptdqV5GsXKm7Bb7swjGsrxiLxWJu0tL8=", @@ -289,52 +21,45 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "phobos", - "coach-scraper", - "poetry2nix", - "nixpkgs" - ] - }, + "nixpkgs-23_05": { "locked": { - "lastModified": 1698974481, - "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "4bb5e752616262457bc7ca5882192a564c0472d2", + "lastModified": 1701805708, + "narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0561103cedb11e7554cf34cea81e5f5d578a4753", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "nix-github-actions", + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", "type": "github" } }, - "nixpkgs": { + "nixpkgs-23_11": { "locked": { - "lastModified": 1702151865, - "narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=", - "owner": "nixos", + "lastModified": 1701952659, + "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd", + "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1701568804, - "narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=", + "lastModified": 1702148972, + "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4", + "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227", "type": "github" }, "original": { @@ -344,200 +69,27 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1699596684, - "narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1701805708, - "narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0561103cedb11e7554cf34cea81e5f5d578a4753", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1700794826, - "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1701718080, - "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1701952659, - "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1700390070, - "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1701805708, - "narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0561103cedb11e7554cf34cea81e5f5d578a4753", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_9": { - "locked": { - "lastModified": 1701952659, - "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "phobos": { - "inputs": { - "boardwise": "boardwise", - "coach-scraper": "coach-scraper", - "nixpkgs": "nixpkgs_6", - "sops-nix": "sops-nix" - }, - "locked": { - "lastModified": 1, - "narHash": "sha256-z3aSggYEk2UIsG7BMKX4qZXmwT9AiQFUqTNz6OoxUMU=", - "path": "./hive/phobos", - "type": "path" - }, - "original": { - "path": "./hive/phobos", - "type": "path" - } - }, - "poetry2nix": { - "inputs": { - "flake-utils": "flake-utils_4", - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "phobos", - "coach-scraper", - "nixpkgs" - ], - "systems": "systems_5", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1702073125, - "narHash": "sha256-vUCREr5o0/BebmjgIBxAo56zGJ6DfB0FvjB35rsu4aY=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "c25a0f550aee8d15879ece3a5c3c8837f3effda7", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, "root": { "inputs": { - "framework": "framework", - "nixpkgs": "nixpkgs_3", - "phobos": "phobos", - "titan": "titan" + "home-manager-23_05": "home-manager-23_05", + "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": "nixpkgs-23_11", + "sops-nix-23_11": "sops-nix-23_11" } }, - "sops-nix": { + "sops-nix-23_11": { "inputs": { "nixpkgs": [ - "phobos", - "nixpkgs" + "nixpkgs-23_11" ], "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1701728052, - "narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=", + "lastModified": 1702177193, + "narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d", + "rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9", "type": "github" }, "original": { @@ -545,135 +97,6 @@ "repo": "sops-nix", "type": "github" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "id": "systems", - "type": "indirect" - } - }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "titan": { - "inputs": { - "bootstrap": "bootstrap_2", - "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_9" - }, - "locked": { - "lastModified": 1, - "narHash": "sha256-QiGFNP7CWSdZQMmFrOG2fSr/keHCDfswNu460cae3hU=", - "path": "./hive/titan", - "type": "path" - }, - "original": { - "path": "./hive/titan", - "type": "path" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "phobos", - "coach-scraper", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699786194, - "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c9fd212..e4f400e 100644 --- a/flake.nix +++ b/flake.nix @@ -2,32 +2,70 @@ description = "Colmena hive configuration."; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; - framework.url = "path:./hive/framework"; - phobos.url = "path:./hive/phobos"; - titan.url = "path:./hive/titan"; + # Stoat + nixpkgs-23_05.url = "github:NixOS/nixpkgs/nixos-23.05"; + home-manager-23_05 = { + url = "github:nix-community/home-manager/release-23.05"; + inputs.nixpkgs.follows = "nixpkgs-23_05"; + }; + + # Tapir + nixpkgs-23_11.url = "github:NixOS/nixpkgs/nixos-23.11"; + sops-nix-23_11 = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs-23_11"; + }; }; - outputs = { nixpkgs, framework, phobos, titan, ... }: + outputs = { + nixpkgs-23_05, + home-manager-23_05, + nixpkgs-23_11, + sops-nix-23_11, + ... + }: let system = "x86_64-linux"; - jrpotter = import ./users/jrpotter; + stoat = { + stateVersion = "23.05"; + pkgs = import nixpkgs-23_05 { inherit system; }; + home-manager = home-manager-23_05; + sops-nix = null; + }; + tapir = { + stateVersion = "23.11"; + pkgs = import nixpkgs-23_11 { inherit system; }; + home-manager = null; + sops-nix = sops-nix-23_11; + }; in { colmena = { meta = { - nixpkgs = import nixpkgs { inherit system; }; + nixpkgs = stoat.pkgs; specialArgs = { inherit system; }; + nodeNixpkgs = { + framework = stoat.pkgs; + phobos = tapir.pkgs; + titan = stoat.pkgs; + }; nodeSpecialArgs = { - framework = { inherit jrpotter; }; - titan = { inherit jrpotter; }; + framework = { + inherit (stoat) stateVersion home-manager; + }; + phobos = { + inherit (tapir) stateVersion sops-nix; + }; + titan = { + inherit (stoat) stateVersion home-manager; + }; }; }; # Local machines. Deploy using `colmena apply-local [--sudo]` framework = { - imports = [ framework.nixosModules.default ]; + imports = [ ./hive/framework ]; deployment = { allowLocalDeployment = true; targetHost = null; # Disable SSH deployment. @@ -36,8 +74,17 @@ # Remote machines. Deploy using `colmena apply` - phobos = phobos.nixosModules.default; - titan = titan.nixosModules.default; + phobos.imports = [ ./hive/phobos ]; + titan.imports = [ ./hive/titan ]; + }; + + packages.${system}.digital-ocean = { + stoat = import ./digital-ocean { + inherit (stoat) pkgs stateVersion; + }; + tapir = import ./digital-ocean { + inherit (tapir) pkgs stateVersion; + }; }; }; } diff --git a/hive/framework/default.nix b/hive/framework/default.nix new file mode 100644 index 0000000..f68f1d9 --- /dev/null +++ b/hive/framework/default.nix @@ -0,0 +1,27 @@ +{ system, stateVersion, home-manager, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./configuration.nix + home-manager.nixosModules.home-manager + ]; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + users.jrpotter = import ../../users/jrpotter; + # Used to pass non-default parameters to submodules. + extraSpecialArgs = { inherit system stateVersion; }; + }; + + users.users.jrpotter = { + isNormalUser = true; + extraGroups = [ + "docker" + "networkmanager" + "wheel" + ]; + }; + + system.stateVersion = stateVersion; +} diff --git a/hive/framework/flake.lock b/hive/framework/flake.lock deleted file mode 100644 index 700efde..0000000 --- a/hive/framework/flake.lock +++ /dev/null @@ -1,158 +0,0 @@ -{ - "nodes": { - "bootstrap": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1701362005, - "narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=", - "owner": "jrpotter", - "repo": "bootstrap", - "rev": "383ada86616194d8bf66b9646ec601f84c6add05", - "type": "github" - }, - "original": { - "owner": "jrpotter", - "ref": "v0.1.2", - "repo": "bootstrap", - "type": "github" - } - }, - "flake-compat": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699748081, - "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "04bac349d585c9df38d78e0285b780a140dc74a4", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-23.05", - "repo": "home-manager", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1699596684, - "narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1701568804, - "narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "bootstrap": "bootstrap", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "sops-nix": "sops-nix" - } - }, - "sops-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1701728052, - "narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/hive/framework/flake.nix b/hive/framework/flake.nix deleted file mode 100644 index aae68d7..0000000 --- a/hive/framework/flake.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - description = "Local machine - framework"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; - bootstrap.url = "github:jrpotter/bootstrap/v0.1.2"; - home-manager = { - url = "github:nix-community/home-manager/release-23.05"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = { bootstrap, home-manager, ... }: { - nixosModules.default = { pkgs, system, jrpotter, ... }: { - imports = [ - ./hardware-configuration.nix - ./configuration.nix - home-manager.nixosModules.home-manager - ]; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - users.jrpotter = jrpotter; - - # Used to pass non-default parameters to submodules. - extraSpecialArgs = { - inherit system; - bootstrap = bootstrap.packages.${system}.default; - stateVersion = "23.05"; - }; - }; - - users.users.jrpotter = { - isNormalUser = true; - extraGroups = [ - "docker" - "networkmanager" - "wheel" - ]; - }; - - system.stateVersion = "23.05"; - }; - }; -} diff --git a/hive/phobos/default.nix b/hive/phobos/default.nix new file mode 100644 index 0000000..c927813 --- /dev/null +++ b/hive/phobos/default.nix @@ -0,0 +1,60 @@ +{ system, stateVersion, sops-nix, modulesPath, pkgs, lib, ... }: +let + boardwise = builtins.getFlake + "github:boardwise-gg/website/c605a09c56234b2c2c0e4593da8f3b798723a5d7"; + coach-scraper = builtins.getFlake + "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7"; +in +{ + imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ + (modulesPath + "/virtualisation/digital-ocean-config.nix") + sops-nix.nixosModules.sops + ]; + + deployment.targetHost = null; + + networking = { + hostName = "phobos"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; + }; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_15; + ensureDatabases = [ "boardwise" ]; + authentication = lib.mkOverride 10 '' + # TYPE DATABASE USER ADDRESS METHOD + local all all trust + host all all 127.0.0.1/32 trust + ''; + }; + + systemd.services.boardwise = { + enable = true; + description = "BoardWise Server"; + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + serviceConfig = { + Environment = [ + "PORT=80" + "DATABASE_URL=ecto://postgres:postgres@localhost/boardwise" + ]; + EnvironmentFile = "/run/secrets/SECRET_KEY_BASE"; + ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate"; + ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start"; + Restart = "on-failure"; + }; + }; + + environment.systemPackages = [ + coach-scraper.packages.${system}.app + ]; + + sops.defaultSopsFile = ./secrets.yaml; + sops.secrets.SECRET_KEY_BASE = {}; + + system.stateVersion = stateVersion; +} diff --git a/hive/phobos/flake.lock b/hive/phobos/flake.lock deleted file mode 100644 index 44b965d..0000000 --- a/hive/phobos/flake.lock +++ /dev/null @@ -1,352 +0,0 @@ -{ - "nodes": { - "boardwise": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1701963345, - "narHash": "sha256-ObPo2TtW4JqhpjR/bzuGDPvcQp21ykImi5DYD7gKg4Q=", - "owner": "boardwise-gg", - "repo": "website", - "rev": "0eca8e5f5f9cf1b4c12c1d50e851dad94b33c0a9", - "type": "github" - }, - "original": { - "owner": "boardwise-gg", - "ref": "v0.1.0", - "repo": "website", - "type": "github" - } - }, - "coach-scraper": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2", - "poetry2nix": "poetry2nix" - }, - "locked": { - "lastModified": 1702166256, - "narHash": "sha256-4/uubLykBYihTxlemkTN0g7ZWbJGBEAVZQSopAdmZhw=", - "owner": "boardwise-gg", - "repo": "coach-scraper", - "rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7", - "type": "github" - }, - "original": { - "owner": "boardwise-gg", - "repo": "coach-scraper", - "rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7", - "type": "github" - } - }, - "flake-compat": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-compat_2": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "coach-scraper", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1698974481, - "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "4bb5e752616262457bc7ca5882192a564c0472d2", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1700794826, - "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1701568804, - "narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1701718080, - "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1701952659, - "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "poetry2nix": { - "inputs": { - "flake-utils": "flake-utils_3", - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "coach-scraper", - "nixpkgs" - ], - "systems": "systems_4", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1702073125, - "narHash": "sha256-vUCREr5o0/BebmjgIBxAo56zGJ6DfB0FvjB35rsu4aY=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "c25a0f550aee8d15879ece3a5c3c8837f3effda7", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, - "root": { - "inputs": { - "boardwise": "boardwise", - "coach-scraper": "coach-scraper", - "nixpkgs": "nixpkgs_3", - "sops-nix": "sops-nix" - } - }, - "sops-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1701728052, - "narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "id": "systems", - "type": "indirect" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "coach-scraper", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699786194, - "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/hive/phobos/flake.nix b/hive/phobos/flake.nix deleted file mode 100644 index 2c0cf53..0000000 --- a/hive/phobos/flake.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - description = "Remote machine - phobos"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; - boardwise.url = "github:boardwise-gg/website/v0.1.0"; - coach-scraper.url = "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7"; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = { boardwise, coach-scraper, sops-nix, ... }: { - nixosModules.default = { modulesPath, pkgs, lib, system, ... }: { - imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ - (modulesPath + "/virtualisation/digital-ocean-config.nix") - sops-nix.nixosModules.sops - ]; - - deployment.targetHost = null; - - networking = { - hostName = "phobos"; - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - }; - }; - - services.postgresql = { - enable = true; - package = pkgs.postgresql_15; - ensureDatabases = [ "boardwise" ]; - authentication = lib.mkOverride 10 '' - # TYPE DATABASE USER ADDRESS METHOD - local all all trust - host all all 127.0.0.1/32 trust - ''; - }; - - systemd.services.boardwise = { - enable = true; - description = "BoardWise Server"; - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; - serviceConfig = { - Environment = [ - "PORT=80" - "DATABASE_URL=ecto://postgres:postgres@localhost/boardwise" - ]; - EnvironmentFile = "/run/secrets/SECRET_KEY_BASE"; - ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate"; - ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start"; - Restart = "on-failure"; - }; - }; - - environment.systemPackages = [ - coach-scraper.packages.${system}.app - ]; - - sops.defaultSopsFile = ./secrets.yaml; - sops.secrets.SECRET_KEY_BASE = {}; - - system.stateVersion = "23.11"; - }; - }; -} diff --git a/hive/titan/default.nix b/hive/titan/default.nix new file mode 100644 index 0000000..8bbbd7e --- /dev/null +++ b/hive/titan/default.nix @@ -0,0 +1,30 @@ +{ system, stateVersion, home-manager, modulesPath, lib, ... }: +{ + imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ + (modulesPath + "/virtualisation/digital-ocean-config.nix") + home-manager.nixosModules.home-manager + ]; + + deployment.targetHost = "143.198.97.253"; + + networking.hostName = "titan"; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + users.jrpotter = import ../../users/jrpotter; + # Used to pass non-default parameters to submodules. + extraSpecialArgs = { inherit system stateVersion; }; + }; + + users.users.jrpotter = { + isNormalUser = true; + extraGroups = [ + "docker" + "networkmanager" + "wheel" + ]; + }; + + system.stateVersion = stateVersion; +} diff --git a/hive/titan/flake.lock b/hive/titan/flake.lock deleted file mode 100644 index d2dfd04..0000000 --- a/hive/titan/flake.lock +++ /dev/null @@ -1,134 +0,0 @@ -{ - "nodes": { - "bootstrap": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1701362005, - "narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=", - "owner": "jrpotter", - "repo": "bootstrap", - "rev": "383ada86616194d8bf66b9646ec601f84c6add05", - "type": "github" - }, - "original": { - "owner": "jrpotter", - "ref": "v0.1.2", - "repo": "bootstrap", - "type": "github" - } - }, - "flake-compat": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1702195668, - "narHash": "sha256-Lxmjez0nfNBptdqV5GsXKm7Bb7swjGsrxiLxWJu0tL8=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "33110fb3c7fe6a94b98b641866a5eddb64b7c23f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-23.05", - "repo": "home-manager", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1700390070, - "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1701952659, - "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "bootstrap": "bootstrap", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/hive/titan/flake.nix b/hive/titan/flake.nix deleted file mode 100644 index 6e388fa..0000000 --- a/hive/titan/flake.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - description = "Remote machine - titan"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; - bootstrap.url = "github:jrpotter/bootstrap/v0.1.2"; - home-manager.url = "github:nix-community/home-manager/release-23.05"; - }; - - outputs = { bootstrap, home-manager, ... }: { - nixosModules.default = { modulesPath, pkgs, lib, system, jrpotter, ... }: { - imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ - (modulesPath + "/virtualisation/digital-ocean-config.nix") - home-manager.nixosModules.home-manager - ]; - - deployment.targetHost = "143.198.97.253"; - - networking.hostName = "titan"; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - users.jrpotter = jrpotter; - - # Used to pass non-default parameters to submodules. - extraSpecialArgs = { - inherit system; - bootstrap = bootstrap.packages.${system}.default; - stateVersion = "23.05"; - }; - }; - - users.users.jrpotter = { - isNormalUser = true; - extraGroups = [ - "docker" - "networkmanager" - "wheel" - ]; - }; - - system.stateVersion = "23.11"; - }; - }; -} diff --git a/users/jrpotter/default.nix b/users/jrpotter/default.nix index b255f3e..eb39ff1 100644 --- a/users/jrpotter/default.nix +++ b/users/jrpotter/default.nix @@ -1,4 +1,8 @@ -{ pkgs, bootstrap, stateVersion, ... }: +{ stateVersion, pkgs, ... }: +let + bootstrap = builtins.getFlake + "github:jrpotter/bootstrap/635395b9cc946d8c8f1851b5c4dc6210fb54e400"; +in { imports = [ ./bash