Move away from nested flakes in favor of flat modules.

Multiple flakes within a repository doesn't seem to be well-supported.
Transition to just defining top-level modules and passing module
arguments as needed.
main
Joshua Potter 2023-12-10 15:15:42 -07:00
parent 8c9b14c785
commit bd2573228c
16 changed files with 256 additions and 1506 deletions

View File

@ -5,28 +5,47 @@ my NixOS machines. Deployment (both local and remote) is managed using
[colmena](https://github.com/zhaofengli/colmena). All machines can be found in
the `flake.nix` file.
## Users
[home-manager](https://nix-community.github.io/home-manager/) configurations
are found in the top-level `users` directory. As of now, there exists settings
for a single user called `jrpotter`.
## Local Machines
My personal laptop configuration is reflected in the `hive/framework` directory
(named after the [framework](https://frame.work/) laptop I use). This flake
defines a [home-manager](https://nix-community.github.io/home-manager/)
configuration for a single user called `jrpotter`. We can apply a
`nixos-rebuild switch` by running:
My personal laptop configuration is stored in the `hive/framework` directory.
To invoke the equivalent of a local `nixos-rebuild switch` using colmena, run:
```bash
$ nix flake update # If any changes were made to local machines.
$ colmena apply-local [--sudo]
```
## Remote Machines
Remote machines are hosted on [DigitalOcean](https://www.digitalocean.com/).
The custom image used by each droplet can be built using the top-level
`digital-ocean/23.11pre-git` flake. This image disables a root password
in favor of SSH. A droplet running this image will automatically pull in any
enabled SSH keys from your DigitalOcean account at creation time (so make sure
to include them when creating a new droplet).
The custom images used by each droplet is built by running:
```bash
$ nix build #.digital-ocean.[stoat|tapir]
```
The above command produces an image with root password disabled in favor of SSH.
A droplet running this image will automatically pull in any enabled SSH keys
from your DigitalOcean account at creation time.
### Secrets
### Deployment
Like our local configurations, remote updates are managed by `colmena`.
`colmena` requires non-interactively connecting over the `ssh-ng` protocol
meaning you must add the appropriate private SSH key to an `ssh-agent` before
deploying:
```bash
$ eval $(ssh-agent -s)
$ ssh-add ~/.ssh/id_ed25519
```
Afterward you can run the following:
```bash
$ colmena apply [--on <hostname>]
```
## Secrets
Secrets are managed via [sops-nix](https://github.com/Mic92/sops-nix). The
top-level `.sops.yaml` configures the `age` keys used to encrypt all secrets.
@ -37,7 +56,7 @@ $ nix-shell -p sops --run "sops <filename>"
Keep in mind that `sops-nix` supports YAML, JSON, INI, dotenv and binary at the
moment. What format is used is determined by `<filename>`'s extension.
#### Admins
### Admins
To generate a new user-controlled key, you will need an ed25519 SSH key.
Generate one (if you do not already have one) by running:
@ -56,7 +75,7 @@ $ nix-shell -p ssh-to-age --run "ssh-to-age < ~/.ssh/id_ed25519.pub"
```
This public key can then be written into the `.sops.yaml` file.
#### Servers
### Servers
Each machine that needs to decrypt secret files will also need to be registered.
To do so, run:
@ -65,21 +84,4 @@ $ nix-shell -p ssh-to-age --run 'ssh-keyscan <host> | ssh-to-age'
```
This will look for any SSH host ed25519 public keys and automatically run
through `ssh-to-age`. Include an appropriately top-level `keys` entry in
`.sops.yaml` before generating the secrets needed by the machine. Refer to
`phobos` for an example.
### Deployment
Like our local configurations, remote updates are managed by `colmena`.
`colmena` requires non-interactively connecting over the `ssh-ng` protocol
meaning you must add the appropriate private SSH key to an `ssh-agent` before
deploying:
```bash
$ eval $(ssh-agent -s)
$ ssh-add ~/.ssh/id_ed25519
```
Afterward you can run the following:
```bash
$ nix flake update # If any changes were made to remote machines.
$ colmena apply
```
`.sops.yaml` before generating the secrets needed by the machine.

View File

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

View File

@ -1,22 +0,0 @@
{
description = "A NixOS image builder for DigitalOcean.";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
};
outputs = { nixpkgs, ... }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
module = {
imports = [
"${nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
];
system.stateVersion = "23.11";
};
in {
packages.${system}.default = (pkgs.nixos module).digitalOceanImage;
};
}

11
digital-ocean/default.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, stateVersion }:
let
module = { modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/digital-ocean-image.nix")
];
system.stateVersion = stateVersion;
};
in
(pkgs.nixos module).digitalOceanImage

View File

@ -1,279 +1,11 @@
{
"nodes": {
"boardwise": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1701963345,
"narHash": "sha256-ObPo2TtW4JqhpjR/bzuGDPvcQp21ykImi5DYD7gKg4Q=",
"owner": "boardwise-gg",
"repo": "website",
"rev": "0eca8e5f5f9cf1b4c12c1d50e851dad94b33c0a9",
"type": "github"
},
"original": {
"owner": "boardwise-gg",
"ref": "v0.1.0",
"repo": "website",
"type": "github"
}
},
"bootstrap": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1701362005,
"narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=",
"owner": "jrpotter",
"repo": "bootstrap",
"rev": "383ada86616194d8bf66b9646ec601f84c6add05",
"type": "github"
},
"original": {
"owner": "jrpotter",
"ref": "v0.1.2",
"repo": "bootstrap",
"type": "github"
}
},
"bootstrap_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1701362005,
"narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=",
"owner": "jrpotter",
"repo": "bootstrap",
"rev": "383ada86616194d8bf66b9646ec601f84c6add05",
"type": "github"
},
"original": {
"owner": "jrpotter",
"ref": "v0.1.2",
"repo": "bootstrap",
"type": "github"
}
},
"coach-scraper": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5",
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1702166256,
"narHash": "sha256-4/uubLykBYihTxlemkTN0g7ZWbJGBEAVZQSopAdmZhw=",
"owner": "boardwise-gg",
"repo": "coach-scraper",
"rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7",
"type": "github"
},
"original": {
"owner": "boardwise-gg",
"repo": "coach-scraper",
"rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"framework": {
"inputs": {
"bootstrap": "bootstrap",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1,
"narHash": "sha256-fLpIvN3IMsXBmAFkKcqTAXtPJprGsQqukJ6iIYPuZO8=",
"path": "./hive/framework",
"type": "path"
},
"original": {
"path": "./hive/framework",
"type": "path"
}
},
"home-manager": {
"home-manager-23_05": {
"inputs": {
"nixpkgs": [
"framework",
"nixpkgs"
"nixpkgs-23_05"
]
},
"locked": {
"lastModified": 1699748081,
"narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1702195668,
"narHash": "sha256-Lxmjez0nfNBptdqV5GsXKm7Bb7swjGsrxiLxWJu0tL8=",
@ -289,52 +21,45 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"phobos",
"coach-scraper",
"poetry2nix",
"nixpkgs"
]
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1698974481,
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
"lastModified": 1701805708,
"narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0561103cedb11e7554cf34cea81e5f5d578a4753",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"nixpkgs-23_11": {
"locked": {
"lastModified": 1702151865,
"narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=",
"owner": "nixos",
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1701568804,
"narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=",
"lastModified": 1702148972,
"narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4",
"rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
"type": "github"
},
"original": {
@ -344,200 +69,27 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1699596684,
"narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1701805708,
"narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0561103cedb11e7554cf34cea81e5f5d578a4753",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1701718080,
"narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1700390070,
"narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1701805708,
"narHash": "sha256-hh0S14E816Img0tPaNQSEKFvSscSIrvu1ypubtfh6M4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0561103cedb11e7554cf34cea81e5f5d578a4753",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"phobos": {
"inputs": {
"boardwise": "boardwise",
"coach-scraper": "coach-scraper",
"nixpkgs": "nixpkgs_6",
"sops-nix": "sops-nix"
},
"locked": {
"lastModified": 1,
"narHash": "sha256-z3aSggYEk2UIsG7BMKX4qZXmwT9AiQFUqTNz6OoxUMU=",
"path": "./hive/phobos",
"type": "path"
},
"original": {
"path": "./hive/phobos",
"type": "path"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_4",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"phobos",
"coach-scraper",
"nixpkgs"
],
"systems": "systems_5",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1702073125,
"narHash": "sha256-vUCREr5o0/BebmjgIBxAo56zGJ6DfB0FvjB35rsu4aY=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "c25a0f550aee8d15879ece3a5c3c8837f3effda7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": {
"inputs": {
"framework": "framework",
"nixpkgs": "nixpkgs_3",
"phobos": "phobos",
"titan": "titan"
"home-manager-23_05": "home-manager-23_05",
"nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11",
"sops-nix-23_11": "sops-nix-23_11"
}
},
"sops-nix": {
"sops-nix-23_11": {
"inputs": {
"nixpkgs": [
"phobos",
"nixpkgs"
"nixpkgs-23_11"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1701728052,
"narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=",
"lastModified": 1702177193,
"narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d",
"rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
"type": "github"
},
"original": {
@ -545,135 +97,6 @@
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"titan": {
"inputs": {
"bootstrap": "bootstrap_2",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1,
"narHash": "sha256-QiGFNP7CWSdZQMmFrOG2fSr/keHCDfswNu460cae3hU=",
"path": "./hive/titan",
"type": "path"
},
"original": {
"path": "./hive/titan",
"type": "path"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"phobos",
"coach-scraper",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

View File

@ -2,32 +2,70 @@
description = "Colmena hive configuration.";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
framework.url = "path:./hive/framework";
phobos.url = "path:./hive/phobos";
titan.url = "path:./hive/titan";
# Stoat
nixpkgs-23_05.url = "github:NixOS/nixpkgs/nixos-23.05";
home-manager-23_05 = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs-23_05";
};
outputs = { nixpkgs, framework, phobos, titan, ... }:
# Tapir
nixpkgs-23_11.url = "github:NixOS/nixpkgs/nixos-23.11";
sops-nix-23_11 = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs-23_11";
};
};
outputs = {
nixpkgs-23_05,
home-manager-23_05,
nixpkgs-23_11,
sops-nix-23_11,
...
}:
let
system = "x86_64-linux";
jrpotter = import ./users/jrpotter;
stoat = {
stateVersion = "23.05";
pkgs = import nixpkgs-23_05 { inherit system; };
home-manager = home-manager-23_05;
sops-nix = null;
};
tapir = {
stateVersion = "23.11";
pkgs = import nixpkgs-23_11 { inherit system; };
home-manager = null;
sops-nix = sops-nix-23_11;
};
in
{
colmena = {
meta = {
nixpkgs = import nixpkgs { inherit system; };
nixpkgs = stoat.pkgs;
specialArgs = { inherit system; };
nodeNixpkgs = {
framework = stoat.pkgs;
phobos = tapir.pkgs;
titan = stoat.pkgs;
};
nodeSpecialArgs = {
framework = { inherit jrpotter; };
titan = { inherit jrpotter; };
framework = {
inherit (stoat) stateVersion home-manager;
};
phobos = {
inherit (tapir) stateVersion sops-nix;
};
titan = {
inherit (stoat) stateVersion home-manager;
};
};
};
# Local machines. Deploy using `colmena apply-local [--sudo]`
framework = {
imports = [ framework.nixosModules.default ];
imports = [ ./hive/framework ];
deployment = {
allowLocalDeployment = true;
targetHost = null; # Disable SSH deployment.
@ -36,8 +74,17 @@
# Remote machines. Deploy using `colmena apply`
phobos = phobos.nixosModules.default;
titan = titan.nixosModules.default;
phobos.imports = [ ./hive/phobos ];
titan.imports = [ ./hive/titan ];
};
packages.${system}.digital-ocean = {
stoat = import ./digital-ocean {
inherit (stoat) pkgs stateVersion;
};
tapir = import ./digital-ocean {
inherit (tapir) pkgs stateVersion;
};
};
};
}

View File

@ -0,0 +1,27 @@
{ system, stateVersion, home-manager, ... }:
{
imports = [
./hardware-configuration.nix
./configuration.nix
home-manager.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jrpotter = import ../../users/jrpotter;
# Used to pass non-default parameters to submodules.
extraSpecialArgs = { inherit system stateVersion; };
};
users.users.jrpotter = {
isNormalUser = true;
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
};
system.stateVersion = stateVersion;
}

View File

@ -1,158 +0,0 @@
{
"nodes": {
"bootstrap": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1701362005,
"narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=",
"owner": "jrpotter",
"repo": "bootstrap",
"rev": "383ada86616194d8bf66b9646ec601f84c6add05",
"type": "github"
},
"original": {
"owner": "jrpotter",
"ref": "v0.1.2",
"repo": "bootstrap",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1699748081,
"narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1699596684,
"narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1701568804,
"narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"bootstrap": "bootstrap",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1701728052,
"narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

View File

@ -1,46 +0,0 @@
{
description = "Local machine - framework";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
bootstrap.url = "github:jrpotter/bootstrap/v0.1.2";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { bootstrap, home-manager, ... }: {
nixosModules.default = { pkgs, system, jrpotter, ... }: {
imports = [
./hardware-configuration.nix
./configuration.nix
home-manager.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jrpotter = jrpotter;
# Used to pass non-default parameters to submodules.
extraSpecialArgs = {
inherit system;
bootstrap = bootstrap.packages.${system}.default;
stateVersion = "23.05";
};
};
users.users.jrpotter = {
isNormalUser = true;
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
};
system.stateVersion = "23.05";
};
};
}

60
hive/phobos/default.nix Normal file
View File

@ -0,0 +1,60 @@
{ system, stateVersion, sops-nix, modulesPath, pkgs, lib, ... }:
let
boardwise = builtins.getFlake
"github:boardwise-gg/website/c605a09c56234b2c2c0e4593da8f3b798723a5d7";
coach-scraper = builtins.getFlake
"github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7";
in
{
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
sops-nix.nixosModules.sops
];
deployment.targetHost = null;
networking = {
hostName = "phobos";
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
ensureDatabases = [ "boardwise" ];
authentication = lib.mkOverride 10 ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
'';
};
systemd.services.boardwise = {
enable = true;
description = "BoardWise Server";
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
Environment = [
"PORT=80"
"DATABASE_URL=ecto://postgres:postgres@localhost/boardwise"
];
EnvironmentFile = "/run/secrets/SECRET_KEY_BASE";
ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate";
ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start";
Restart = "on-failure";
};
};
environment.systemPackages = [
coach-scraper.packages.${system}.app
];
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.SECRET_KEY_BASE = {};
system.stateVersion = stateVersion;
}

View File

@ -1,352 +0,0 @@
{
"nodes": {
"boardwise": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1701963345,
"narHash": "sha256-ObPo2TtW4JqhpjR/bzuGDPvcQp21ykImi5DYD7gKg4Q=",
"owner": "boardwise-gg",
"repo": "website",
"rev": "0eca8e5f5f9cf1b4c12c1d50e851dad94b33c0a9",
"type": "github"
},
"original": {
"owner": "boardwise-gg",
"ref": "v0.1.0",
"repo": "website",
"type": "github"
}
},
"coach-scraper": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1702166256,
"narHash": "sha256-4/uubLykBYihTxlemkTN0g7ZWbJGBEAVZQSopAdmZhw=",
"owner": "boardwise-gg",
"repo": "coach-scraper",
"rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7",
"type": "github"
},
"original": {
"owner": "boardwise-gg",
"repo": "coach-scraper",
"rev": "58815d3ae5a69cac12436a01e77019a5ac5d16a7",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"coach-scraper",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698974481,
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1700794826,
"narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1701568804,
"narHash": "sha256-iwr1fjOCvlirVL/xNvOTwY9kg3L/F3TC/7yh/QszaPI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc01248a9c946953ad4d438b0a626f5c987a93e4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1701718080,
"narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_3",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"coach-scraper",
"nixpkgs"
],
"systems": "systems_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1702073125,
"narHash": "sha256-vUCREr5o0/BebmjgIBxAo56zGJ6DfB0FvjB35rsu4aY=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "c25a0f550aee8d15879ece3a5c3c8837f3effda7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": {
"inputs": {
"boardwise": "boardwise",
"coach-scraper": "coach-scraper",
"nixpkgs": "nixpkgs_3",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1701728052,
"narHash": "sha256-7lOMc3PtW5a55vFReBJLLLOnopsoi1W7MkjJ93jPV4E=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e91ece6d2cf5a0ae729796b8f0dedceab5107c3d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"coach-scraper",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

View File

@ -1,69 +0,0 @@
{
description = "Remote machine - phobos";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
boardwise.url = "github:boardwise-gg/website/v0.1.0";
coach-scraper.url = "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { boardwise, coach-scraper, sops-nix, ... }: {
nixosModules.default = { modulesPath, pkgs, lib, system, ... }: {
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
sops-nix.nixosModules.sops
];
deployment.targetHost = null;
networking = {
hostName = "phobos";
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
ensureDatabases = [ "boardwise" ];
authentication = lib.mkOverride 10 ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
'';
};
systemd.services.boardwise = {
enable = true;
description = "BoardWise Server";
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
Environment = [
"PORT=80"
"DATABASE_URL=ecto://postgres:postgres@localhost/boardwise"
];
EnvironmentFile = "/run/secrets/SECRET_KEY_BASE";
ExecStartPre = "${boardwise.packages.${system}.app}/bin/migrate";
ExecStart = "${boardwise.packages.${system}.app}/bin/boardwise start";
Restart = "on-failure";
};
};
environment.systemPackages = [
coach-scraper.packages.${system}.app
];
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.SECRET_KEY_BASE = {};
system.stateVersion = "23.11";
};
};
}

30
hive/titan/default.nix Normal file
View File

@ -0,0 +1,30 @@
{ system, stateVersion, home-manager, modulesPath, lib, ... }:
{
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
home-manager.nixosModules.home-manager
];
deployment.targetHost = "143.198.97.253";
networking.hostName = "titan";
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jrpotter = import ../../users/jrpotter;
# Used to pass non-default parameters to submodules.
extraSpecialArgs = { inherit system stateVersion; };
};
users.users.jrpotter = {
isNormalUser = true;
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
};
system.stateVersion = stateVersion;
}

View File

@ -1,134 +0,0 @@
{
"nodes": {
"bootstrap": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1701362005,
"narHash": "sha256-YueE+a2t54o41flddLpOlz3O6XZtSlaQyQVn909k4R4=",
"owner": "jrpotter",
"repo": "bootstrap",
"rev": "383ada86616194d8bf66b9646ec601f84c6add05",
"type": "github"
},
"original": {
"owner": "jrpotter",
"ref": "v0.1.2",
"repo": "bootstrap",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1702195668,
"narHash": "sha256-Lxmjez0nfNBptdqV5GsXKm7Bb7swjGsrxiLxWJu0tL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "33110fb3c7fe6a94b98b641866a5eddb64b7c23f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1700390070,
"narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1701952659,
"narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"bootstrap": "bootstrap",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

View File

@ -1,46 +0,0 @@
{
description = "Remote machine - titan";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
bootstrap.url = "github:jrpotter/bootstrap/v0.1.2";
home-manager.url = "github:nix-community/home-manager/release-23.05";
};
outputs = { bootstrap, home-manager, ... }: {
nixosModules.default = { modulesPath, pkgs, lib, system, jrpotter, ... }: {
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
home-manager.nixosModules.home-manager
];
deployment.targetHost = "143.198.97.253";
networking.hostName = "titan";
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jrpotter = jrpotter;
# Used to pass non-default parameters to submodules.
extraSpecialArgs = {
inherit system;
bootstrap = bootstrap.packages.${system}.default;
stateVersion = "23.05";
};
};
users.users.jrpotter = {
isNormalUser = true;
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
};
system.stateVersion = "23.11";
};
};
}

View File

@ -1,4 +1,8 @@
{ pkgs, bootstrap, stateVersion, ... }:
{ stateVersion, pkgs, ... }:
let
bootstrap = builtins.getFlake
"github:jrpotter/bootstrap/635395b9cc946d8c8f1851b5c4dc6210fb54e400";
in
{
imports = [
./bash