r
/
nixos-configuration
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move away from nested flakes in favor of flat modules. 

Multiple flakes within a repository doesn't seem to be well-supported.
Transition to just defining top-level modules and passing module
arguments as needed.
main
Joshua Potter 2023-12-10 15:15:42 -07:00
parent 8c9b14c785
commit bd2573228c
16 changed files with 256 additions and 1506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
README.md
View File

@ -5,28 +5,47 @@ my NixOS machines. Deployment (both local and remote) is managed using
[colmena](https://github.com/zhaofengli/colmena). All machines can be found in [colmena](https://github.com/zhaofengli/colmena). All machines can be found in
the `flake.nix` file. the `flake.nix` file.
## Users
[home-manager](https://nix-community.github.io/home-manager/) configurations
are found in the top-level `users` directory. As of now, there exists settings
for a single user called `jrpotter`.
## Local Machines ## Local Machines
My personal laptop configuration is reflected in the `hive/framework` directory My personal laptop configuration is stored in the `hive/framework` directory.
(named after the [framework](https://frame.work/) laptop I use). This flake To invoke the equivalent of a local `nixos-rebuild switch` using colmena, run:
defines a [home-manager](https://nix-community.github.io/home-manager/)
configuration for a single user called `jrpotter`. We can apply a
`nixos-rebuild switch` by running:
```bash ```bash
$ nix flake update # If any changes were made to local machines.
$ colmena apply-local [--sudo] $ colmena apply-local [--sudo]
``` ```
## Remote Machines ## Remote Machines
Remote machines are hosted on [DigitalOcean](https://www.digitalocean.com/). Remote machines are hosted on [DigitalOcean](https://www.digitalocean.com/).
The custom image used by each droplet can be built using the top-level The custom images used by each droplet is built by running:
`digital-ocean/23.11pre-git` flake. This image disables a root password ```bash
in favor of SSH. A droplet running this image will automatically pull in any $ nix build #.digital-ocean.[stoat|tapir]
enabled SSH keys from your DigitalOcean account at creation time (so make sure ```
to include them when creating a new droplet). The above command produces an image with root password disabled in favor of SSH.
A droplet running this image will automatically pull in any enabled SSH keys
from your DigitalOcean account at creation time.
### Secrets ### Deployment
Like our local configurations, remote updates are managed by `colmena`.
`colmena` requires non-interactively connecting over the `ssh-ng` protocol
meaning you must add the appropriate private SSH key to an `ssh-agent` before
deploying:
```bash
$ eval $(ssh-agent -s)
$ ssh-add ~/.ssh/id_ed25519
```
Afterward you can run the following:
```bash
$ colmena apply [--on <hostname>]
```
## Secrets
Secrets are managed via [sops-nix](https://github.com/Mic92/sops-nix). The Secrets are managed via [sops-nix](https://github.com/Mic92/sops-nix). The
top-level `.sops.yaml` configures the `age` keys used to encrypt all secrets. top-level `.sops.yaml` configures the `age` keys used to encrypt all secrets.
@ -37,7 +56,7 @@ $ nix-shell -p sops --run "sops <filename>"
Keep in mind that `sops-nix` supports YAML, JSON, INI, dotenv and binary at the Keep in mind that `sops-nix` supports YAML, JSON, INI, dotenv and binary at the
moment. What format is used is determined by `<filename>`'s extension. moment. What format is used is determined by `<filename>`'s extension.
#### Admins ### Admins
To generate a new user-controlled key, you will need an ed25519 SSH key. To generate a new user-controlled key, you will need an ed25519 SSH key.
Generate one (if you do not already have one) by running: Generate one (if you do not already have one) by running:
@ -56,7 +75,7 @@ $ nix-shell -p ssh-to-age --run "ssh-to-age < ~/.ssh/id_ed25519.pub"
``` ```
This public key can then be written into the `.sops.yaml` file. This public key can then be written into the `.sops.yaml` file.
#### Servers ### Servers
Each machine that needs to decrypt secret files will also need to be registered. Each machine that needs to decrypt secret files will also need to be registered.
To do so, run: To do so, run:
@ -65,21 +84,4 @@ $ nix-shell -p ssh-to-age --run 'ssh-keyscan <host> | ssh-to-age'
``` ```
This will look for any SSH host ed25519 public keys and automatically run This will look for any SSH host ed25519 public keys and automatically run
through `ssh-to-age`. Include an appropriately top-level `keys` entry in through `ssh-to-age`. Include an appropriately top-level `keys` entry in
`.sops.yaml` before generating the secrets needed by the machine. Refer to `.sops.yaml` before generating the secrets needed by the machine.
`phobos` for an example.
### Deployment
Like our local configurations, remote updates are managed by `colmena`.
`colmena` requires non-interactively connecting over the `ssh-ng` protocol
meaning you must add the appropriate private SSH key to an `ssh-agent` before
deploying:
```bash
$ eval $(ssh-agent -s)
$ ssh-add ~/.ssh/id_ed25519
```
Afterward you can run the following:
```bash
$ nix flake update # If any changes were made to remote machines.
$ colmena apply
```

27
digital-ocean/23.11pre-git/flake.lock
View File

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

22
digital-ocean/23.11pre-git/flake.nix
View File

@ -1,22 +0,0 @@
{
description = "A NixOS image builder for DigitalOcean.";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
};
outputs = { nixpkgs, ... }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
module = {
imports = [
"${nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
];
system.stateVersion = "23.11";
};
in {
packages.${system}.default = (pkgs.nixos module).digitalOceanImage;
};
}

11
digital-ocean/default.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, stateVersion }:
let
module = { modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/digital-ocean-image.nix")
];
system.stateVersion = stateVersion;
};
in
(pkgs.nixos module).digitalOceanImage

637
flake.lock
View File

@ -1,279 +1,11 @@
{ {
"nodes": { "nodes": {
"boardwise": { "home-manager-23_05": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1701963345,
"narHash": "sha256-ObPo2TtW4JqhpjR/bzuGDPvcQp21ykImi5DYD7gKg4Q=",
"owner": "boardwise-gg",
"repo": "website",
"rev": "0eca8e5f5f9cf1b4c12c1d50e851dad94b33c0a9",
"type": "github"
},
"original": {
"owner": "boardwise-gg",
"ref": "v0.1.0",
"repo": "website",
"type": "github"
}
},
"bootstrap": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1701362005,
"narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=",
"owner": "jrpotter",
"repo": "bootstrap",
"rev": "383ada86616194d8bf66b9646ec601f84c6add05",
"type": "github"
},
"original": {
"owner": "jrpotter",
"ref": "v0.1.2",
"repo": "bootstrap",
"type": "github"
}
},
"bootstrap_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1701362005,
"narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=",
"owner": "jrpotter",
"repo": "bootstrap",
"rev": "383ada86616194d8bf66b9646ec601f84c6add05",
"type": "github"
},
"original": {
"owner": "jrpotter",
"ref": "v0.1.2",
"repo": "bootstrap",
"type": "github"
}
},
"coach-scraper": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5",
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1702166256,
"narHash": "sha256-4/uubLykBYihTxlemkTN0g7ZWbJGBEAVZQSopAdmZhw=",
"owner": "boardwise-gg",
"repo": "coach-scraper",
"rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7",
"type": "github"
},
"original": {
"owner": "boardwise-gg",
"repo": "coach-scraper",
"rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"framework": {
"inputs": {
"bootstrap": "bootstrap",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1,
"narHash": "sha256-fLpIvN3IMsXBmAFkKcqTAXtPJprGsQqukJ6iIYPuZO8=",
"path": "./hive/framework",
"type": "path"
},
"original": {
"path": "./hive/framework",
"type": "path"
}
},
"home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"framework", "nixpkgs-23_05"
"nixpkgs"
] ]
}, },
"locked": {
"lastModified": 1699748081,
"narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": "nixpkgs_8"
},
"locked": { "locked": {
"lastModified": 1702195668, "lastModified": 1702195668,
"narHash": "sha256-Lxmjez0nfNBptdqV5GsXKm7Bb7swjGsrxiLxWJu0tL8=", "narHash": "sha256-Lxmjez0nfNBptdqV5GsXKm7Bb7swjGsrxiLxWJu0tL8=",
@ -289,52 +21,45 @@
"type": "github" "type": "github"
} }
}, },
"nix-github-actions": { "nixpkgs-23_05": {
"inputs": {
"nixpkgs": [
"phobos",
"coach-scraper",
"poetry2nix",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1698974481, "lastModified": 1701805708,
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=", "narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=",
"owner": "nix-community", "owner": "NixOS",
"repo": "nix-github-actions", "repo": "nixpkgs",
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2", "rev": "0561103cedb11e7554cf34cea81e5f5d578a4753",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "NixOS",
"repo": "nix-github-actions", "ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs-23_11": {
"locked": { "locked": {
"lastModified": 1702151865, "lastModified": 1701952659,
"narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=", "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd", "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1701568804, "lastModified": 1702148972,
"narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=", "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4", "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -344,200 +69,27 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1699596684,
"narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1701805708,
"narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0561103cedb11e7554cf34cea81e5f5d578a4753",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1701718080,
"narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1700390070,
"narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1701805708,
"narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0561103cedb11e7554cf34cea81e5f5d578a4753",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"phobos": {
"inputs": {
"boardwise": "boardwise",
"coach-scraper": "coach-scraper",
"nixpkgs": "nixpkgs_6",
"sops-nix": "sops-nix"
},
"locked": {
"lastModified": 1,
"narHash": "sha256-z3aSggYEk2UIsG7BMKX4qZXmwT9AiQFUqTNz6OoxUMU=",
"path": "./hive/phobos",
"type": "path"
},
"original": {
"path": "./hive/phobos",
"type": "path"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_4",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"phobos",
"coach-scraper",
"nixpkgs"
],
"systems": "systems_5",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1702073125,
"narHash": "sha256-vUCREr5o0/BebmjgIBxAo56zGJ6DfB0FvjB35rsu4aY=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "c25a0f550aee8d15879ece3a5c3c8837f3effda7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"framework": "framework", "home-manager-23_05": "home-manager-23_05",
"nixpkgs": "nixpkgs_3", "nixpkgs-23_05": "nixpkgs-23_05",
"phobos": "phobos", "nixpkgs-23_11": "nixpkgs-23_11",
"titan": "titan" "sops-nix-23_11": "sops-nix-23_11"
} }
}, },
"sops-nix": { "sops-nix-23_11": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"phobos", "nixpkgs-23_11"
"nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1701728052, "lastModified": 1702177193,
"narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=", "narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d", "rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -545,135 +97,6 @@
"repo": "sops-nix", "repo": "sops-nix",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"titan": {
"inputs": {
"bootstrap": "bootstrap_2",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1,
"narHash": "sha256-QiGFNP7CWSdZQMmFrOG2fSr/keHCDfswNu460cae3hU=",
"path": "./hive/titan",
"type": "path"
},
"original": {
"path": "./hive/titan",
"type": "path"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"phobos",
"coach-scraper",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

71
flake.nix
View File

@ -2,32 +2,70 @@
description = "Colmena hive configuration."; description = "Colmena hive configuration.";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; # Stoat
framework.url = "path:./hive/framework"; nixpkgs-23_05.url = "github:NixOS/nixpkgs/nixos-23.05";
phobos.url = "path:./hive/phobos"; home-manager-23_05 = {
titan.url = "path:./hive/titan"; url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs-23_05";
};
# Tapir
nixpkgs-23_11.url = "github:NixOS/nixpkgs/nixos-23.11";
sops-nix-23_11 = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs-23_11";
};
}; };
outputs = { nixpkgs, framework, phobos, titan, ... }: outputs = {
nixpkgs-23_05,
home-manager-23_05,
nixpkgs-23_11,
sops-nix-23_11,
...
}:
let let
system = "x86_64-linux"; system = "x86_64-linux";
jrpotter = import ./users/jrpotter; stoat = {
stateVersion = "23.05";
pkgs = import nixpkgs-23_05 { inherit system; };
home-manager = home-manager-23_05;
sops-nix = null;
};
tapir = {
stateVersion = "23.11";
pkgs = import nixpkgs-23_11 { inherit system; };
home-manager = null;
sops-nix = sops-nix-23_11;
};
in in
{ {
colmena = { colmena = {
meta = { meta = {
nixpkgs = import nixpkgs { inherit system; }; nixpkgs = stoat.pkgs;
specialArgs = { inherit system; }; specialArgs = { inherit system; };
nodeNixpkgs = {
framework = stoat.pkgs;
phobos = tapir.pkgs;
titan = stoat.pkgs;
};
nodeSpecialArgs = { nodeSpecialArgs = {
framework = { inherit jrpotter; }; framework = {
titan = { inherit jrpotter; }; inherit (stoat) stateVersion home-manager;
};
phobos = {
inherit (tapir) stateVersion sops-nix;
};
titan = {
inherit (stoat) stateVersion home-manager;
};
}; };
}; };
# Local machines. Deploy using `colmena apply-local [--sudo]` # Local machines. Deploy using `colmena apply-local [--sudo]`
framework = { framework = {
imports = [ framework.nixosModules.default ]; imports = [ ./hive/framework ];
deployment = { deployment = {
allowLocalDeployment = true; allowLocalDeployment = true;
targetHost = null; # Disable SSH deployment. targetHost = null; # Disable SSH deployment.
@ -36,8 +74,17 @@
# Remote machines. Deploy using `colmena apply` # Remote machines. Deploy using `colmena apply`
phobos = phobos.nixosModules.default; phobos.imports = [ ./hive/phobos ];
titan = titan.nixosModules.default; titan.imports = [ ./hive/titan ];
};
packages.${system}.digital-ocean = {
stoat = import ./digital-ocean {
inherit (stoat) pkgs stateVersion;
};
tapir = import ./digital-ocean {
inherit (tapir) pkgs stateVersion;
};
}; };
}; };
} }

27
hive/framework/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ system, stateVersion, home-manager, ... }:
{
imports = [
./hardware-configuration.nix
./configuration.nix
home-manager.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jrpotter = import ../../users/jrpotter;
# Used to pass non-default parameters to submodules.
extraSpecialArgs = { inherit system stateVersion; };
};
users.users.jrpotter = {
isNormalUser = true;
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
};
system.stateVersion = stateVersion;
}

158
hive/framework/flake.lock
View File

@ -1,158 +0,0 @@
{
"nodes": {
"bootstrap": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1701362005,
"narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=",
"owner": "jrpotter",
"repo": "bootstrap",
"rev": "383ada86616194d8bf66b9646ec601f84c6add05",
"type": "github"
},
"original": {
"owner": "jrpotter",
"ref": "v0.1.2",
"repo": "bootstrap",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1699748081,
"narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1699596684,
"narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1701568804,
"narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"bootstrap": "bootstrap",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1701728052,
"narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

46
hive/framework/flake.nix
View File

@ -1,46 +0,0 @@
{
description = "Local machine - framework";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
bootstrap.url = "github:jrpotter/bootstrap/v0.1.2";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { bootstrap, home-manager, ... }: {
nixosModules.default = { pkgs, system, jrpotter, ... }: {
imports = [
./hardware-configuration.nix
./configuration.nix
home-manager.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jrpotter = jrpotter;
# Used to pass non-default parameters to submodules.
extraSpecialArgs = {
inherit system;
bootstrap = bootstrap.packages.${system}.default;
stateVersion = "23.05";
};
};
users.users.jrpotter = {
isNormalUser = true;
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
};
system.stateVersion = "23.05";
};
};
}

60
hive/phobos/default.nix Normal file
View File

@ -0,0 +1,60 @@
{ system, stateVersion, sops-nix, modulesPath, pkgs, lib, ... }:
let
boardwise = builtins.getFlake
"github:boardwise-gg/website/c605a09c56234b2c2c0e4593da8f3b798723a5d7";
coach-scraper = builtins.getFlake
"github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7";
in
{
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
sops-nix.nixosModules.sops
];
deployment.targetHost = null;
networking = {
hostName = "phobos";
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
ensureDatabases = [ "boardwise" ];
authentication = lib.mkOverride 10 ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
'';
};
systemd.services.boardwise = {
enable = true;
description = "BoardWise Server";
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
Environment = [
"PORT=80"
"DATABASE_URL=ecto://postgres:postgres@localhost/boardwise"
];
EnvironmentFile = "/run/secrets/SECRET_KEY_BASE";
ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate";
ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start";
Restart = "on-failure";
};
};
environment.systemPackages = [
coach-scraper.packages.${system}.app
];
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.SECRET_KEY_BASE = {};
system.stateVersion = stateVersion;
}

352
hive/phobos/flake.lock
View File

@ -1,352 +0,0 @@
{
"nodes": {
"boardwise": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1701963345,
"narHash": "sha256-ObPo2TtW4JqhpjR/bzuGDPvcQp21ykImi5DYD7gKg4Q=",
"owner": "boardwise-gg",
"repo": "website",
"rev": "0eca8e5f5f9cf1b4c12c1d50e851dad94b33c0a9",
"type": "github"
},
"original": {
"owner": "boardwise-gg",
"ref": "v0.1.0",
"repo": "website",
"type": "github"
}
},
"coach-scraper": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1702166256,
"narHash": "sha256-4/uubLykBYihTxlemkTN0g7ZWbJGBEAVZQSopAdmZhw=",
"owner": "boardwise-gg",
"repo": "coach-scraper",
"rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7",
"type": "github"
},
"original": {
"owner": "boardwise-gg",
"repo": "coach-scraper",
"rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"coach-scraper",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698974481,
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1701568804,
"narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1701718080,
"narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_3",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"coach-scraper",
"nixpkgs"
],
"systems": "systems_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1702073125,
"narHash": "sha256-vUCREr5o0/BebmjgIBxAo56zGJ6DfB0FvjB35rsu4aY=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "c25a0f550aee8d15879ece3a5c3c8837f3effda7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": {
"inputs": {
"boardwise": "boardwise",
"coach-scraper": "coach-scraper",
"nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1701728052,
"narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"coach-scraper",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

69
hive/phobos/flake.nix
View File

@ -1,69 +0,0 @@
{
description = "Remote machine - phobos";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
boardwise.url = "github:boardwise-gg/website/v0.1.0";
coach-scraper.url = "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { boardwise, coach-scraper, sops-nix, ... }: {
nixosModules.default = { modulesPath, pkgs, lib, system, ... }: {
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
sops-nix.nixosModules.sops
];
deployment.targetHost = null;
networking = {
hostName = "phobos";
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
ensureDatabases = [ "boardwise" ];
authentication = lib.mkOverride 10 ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
'';
};
systemd.services.boardwise = {
enable = true;
description = "BoardWise Server";
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
Environment = [
"PORT=80"
"DATABASE_URL=ecto://postgres:postgres@localhost/boardwise"
];
EnvironmentFile = "/run/secrets/SECRET_KEY_BASE";
ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate";
ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start";
Restart = "on-failure";
};
};
environment.systemPackages = [
coach-scraper.packages.${system}.app
];
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.SECRET_KEY_BASE = {};
system.stateVersion = "23.11";
};
};
}

30
hive/titan/default.nix Normal file
View File

@ -0,0 +1,30 @@
{ system, stateVersion, home-manager, modulesPath, lib, ... }:
{
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
home-manager.nixosModules.home-manager
];
deployment.targetHost = "143.198.97.253";
networking.hostName = "titan";
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jrpotter = import ../../users/jrpotter;
# Used to pass non-default parameters to submodules.
extraSpecialArgs = { inherit system stateVersion; };
};
users.users.jrpotter = {
isNormalUser = true;
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
};
system.stateVersion = stateVersion;
}

134
hive/titan/flake.lock
View File

@ -1,134 +0,0 @@
{
"nodes": {
"bootstrap": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1701362005,
"narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=",
"owner": "jrpotter",
"repo": "bootstrap",
"rev": "383ada86616194d8bf66b9646ec601f84c6add05",
"type": "github"
},
"original": {
"owner": "jrpotter",
"ref": "v0.1.2",
"repo": "bootstrap",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1702195668,
"narHash": "sha256-Lxmjez0nfNBptdqV5GsXKm7Bb7swjGsrxiLxWJu0tL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "33110fb3c7fe6a94b98b641866a5eddb64b7c23f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1700390070,
"narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"bootstrap": "bootstrap",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

46
hive/titan/flake.nix
View File

@ -1,46 +0,0 @@
{
description = "Remote machine - titan";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
bootstrap.url = "github:jrpotter/bootstrap/v0.1.2";
home-manager.url = "github:nix-community/home-manager/release-23.05";
};
outputs = { bootstrap, home-manager, ... }: {
nixosModules.default = { modulesPath, pkgs, lib, system, jrpotter, ... }: {
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
home-manager.nixosModules.home-manager
];
deployment.targetHost = "143.198.97.253";
networking.hostName = "titan";
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jrpotter = jrpotter;
# Used to pass non-default parameters to submodules.
extraSpecialArgs = {
inherit system;
bootstrap = bootstrap.packages.${system}.default;
stateVersion = "23.05";
};
};
users.users.jrpotter = {
isNormalUser = true;
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
};
system.stateVersion = "23.11";
};
};
}

6
users/jrpotter/default.nix
View File

@ -1,4 +1,8 @@
{ pkgs, bootstrap, stateVersion, ... }: { stateVersion, pkgs, ... }:
let
bootstrap = builtins.getFlake
"github:jrpotter/bootstrap/635395b9cc946d8c8f1851b5c4dc6210fb54e400";
in
{ {
imports = [ imports = [
./bash ./bash