mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-22 08:04:20 +01:00
9297025b53
Signed-off-by: magic_rb <magic_rb@redalder.org>
368 lines
13 KiB
Nix
368 lines
13 KiB
Nix
# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
|
|
#
|
|
# SPDX-License-Identifier: LGPL-3.0-or-later
|
|
{
|
|
inputs = {
|
|
nixpkgs.follows = "nixpkgs-unstable";
|
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs?ref=nixos-unstable-small";
|
|
nixpkgs-stable.url = "github:NixOS/nixpkgs?ref=nixos-24.05";
|
|
home-manager.follows = "home-manager-unstable";
|
|
home-manager-stable.url = "github:nix-community/home-manager?ref=release-24.05";
|
|
home-manager-unstable.url = "github:nix-community/home-manager?ref=master";
|
|
nixng.url = "github:nix-community/NixNG";
|
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
|
nix-gaming.url = "github:fufexan/nix-gaming";
|
|
nix-gaming.inputs.nixpkgs.follows = "nixpkgs";
|
|
nix-gaming.inputs.flake-parts.follows = "flake-parts";
|
|
nil.url = "github:oxalica/nil";
|
|
uterranix.url = "sourcehut:~magic_rb/uterranix";
|
|
dwarffs.url = "github:edolstra/dwarffs";
|
|
dwarffs.inputs.nix.follows = "nix";
|
|
website.url = "sourcehut:~magic_rb/website";
|
|
microvm.url = "github:astro/microvm.nix";
|
|
notnft.url = "github:chayleaf/notnft";
|
|
impermenance.url = "github:MagicRB/impermanence";
|
|
hydra.url = "github:NixOS/hydra";
|
|
nix.url = "github:NixOS/nix";
|
|
thingiverse-downloader.url = "sourcehut:~magic_rb/thingiverse_downloader";
|
|
thingiverse-downloader.flake = false;
|
|
nix-snapshotter.url = "github:pdtpartners/nix-snapshotter";
|
|
uk3s-nix.url = "sourcehut:~magic_rb/uk3s.nix";
|
|
uk3s-nix.inputs.nix-snapshotter.follows = "nix-snapshotter";
|
|
uk3s-nix.inputs.nixng.follows = "nixng";
|
|
pre-commit-hooks.url = "github:magicrb/git-hooks.nix?ref=imports-modules";
|
|
buildbot-nix.url = "path:///home/main/repos/buildbot-nix"; # "github:magicrb/buildbot-nix?ref=github_app";
|
|
# buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; # do not override buildbot-nix vendors its buildbot instance
|
|
haumea = {
|
|
url = "github:nix-community/haumea/v0.2.2";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
percept.url = "git+https://codeberg.org/magic_rb/percept?ref=master";
|
|
percept.flake = false;
|
|
|
|
yafas.url = "github:UbiqueLambda/yafas";
|
|
yafas.inputs.flake-schemas.follows = "nix-empty-flake";
|
|
nix-empty-flake.url = "github:chaotic-cx/nix-empty-flake";
|
|
chaotic-nyx.url = "github:chaotic-cx/nyx";
|
|
chaotic-nyx.inputs.nixpkgs.follows = "nixpkgs";
|
|
chaotic-nyx.inputs.home-manager.follows = "home-manager";
|
|
|
|
disko.url = "github:nix-community/disko";
|
|
nixos-anywhere.url = "github:numtide/nixos-anywhere";
|
|
|
|
tuxedo-rs.url = "github:AaronErhardt/tuxedo-rs";
|
|
tuxedo-rs.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
tuxedo-nixos.url = "github:blitz/tuxedo-nixos";
|
|
tuxedo-nixos.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
emacs.url = "git+https://git.savannah.gnu.org/git/emacs.git?ref=master";
|
|
emacs.flake = false;
|
|
|
|
vtermModule.url = "github:akermu/emacs-libvterm";
|
|
vtermModule.flake = false;
|
|
|
|
secret.url = "path:///home/main/dotfiles/secret";
|
|
secret.flake = false;
|
|
|
|
ical2org.url = "sourcehut:~magic_rb/ical2orgpy";
|
|
ical2org.flake = false;
|
|
|
|
udp-over-tcp.url = "github:mullvad/udp-over-tcp";
|
|
udp-over-tcp.flake = false;
|
|
|
|
qmk.url = "github:qmk/qmk_firmware";
|
|
qmk.flake = false;
|
|
};
|
|
|
|
outputs = inputs @ {
|
|
flake-parts,
|
|
self,
|
|
secret,
|
|
...
|
|
}:
|
|
flake-parts.lib.mkFlake {inherit inputs;} ({
|
|
config,
|
|
lib',
|
|
...
|
|
}: {
|
|
imports = [
|
|
modules/qmk
|
|
modules/nixngConfigurations.nix
|
|
modules/lib_overlays.nix
|
|
lib/load_secrets.nix
|
|
|
|
nixos/systems/omen
|
|
nixos/systems/buildbot-container
|
|
nixos/systems/heater
|
|
nixos/systems/toothpick
|
|
nixos/systems/liveusb
|
|
nixos/systems/blowhole
|
|
nixos/systems/altra
|
|
nixos/systems/gooseberry
|
|
nixos/systems/grasshopper
|
|
nixos/systems/inkbook
|
|
nixos/systems/hela
|
|
|
|
nixng/containers/ingress-blowhole
|
|
nixng/containers/ingress-toothpick
|
|
nixng/containers/matrix/mautrix-signal
|
|
nixng/containers/matrix/mautrix-discord
|
|
nixng/containers/matrix/mautrix-slack
|
|
nixng/containers/matrix/mautrix-facebook
|
|
nixng/containers/matrix/heisenbridge
|
|
nixng/containers/matrix/synapse
|
|
nixng/containers/website
|
|
nixng/containers/home-assistant
|
|
nixng/containers/email/getmail
|
|
nixng/containers/email/dovecot.nix
|
|
nixng/containers/email/postfix
|
|
nixng/containers/gitea
|
|
nixng/containers/hydra
|
|
nixng/containers/syncthing
|
|
nixng/containers/minecraft/enigmatica-6
|
|
# nixng/containers/minecraft/vanilla
|
|
# nixng/containers/minecraft/ftb-infinity
|
|
# nixng/containers/minecraft/ftb-integrations
|
|
|
|
overlays/udp-over-tcp.nix
|
|
overlays/emacsclient-remote
|
|
overlays/magic-screenshot
|
|
overlays/emacs-rofi
|
|
overlays/tree-sitter-grammars.nix
|
|
overlays/emacs-master-nativecomp
|
|
overlays/zfs-relmount
|
|
overlays/mautrix-discord.nix
|
|
overlays/mautrix-slack.nix
|
|
overlays/getmail6
|
|
overlays/maildrop
|
|
overlays/courier-unicode.nix
|
|
overlays/ds3os.nix
|
|
overlays/terraform-provider-vault.nix
|
|
overlays/terraform-provider-influxdb-v2.nix
|
|
overlays/bootloadHID.nix
|
|
overlays/itp
|
|
overlays/virtiofsd-zfs
|
|
overlays/show-files-to-be-deleted
|
|
overlays/rolling_datasets
|
|
overlays/ledger-compat
|
|
overlays/ifstate
|
|
overlays/microvmp
|
|
overlays/symlink-state
|
|
overlays/thingiverse-downloader
|
|
overlays/bumps.nix
|
|
overlays/kobo-firmware-extractor
|
|
overlays/ip-search
|
|
overlays/perl.nix
|
|
overlays/uboot
|
|
overlays/linux
|
|
overlays/rp-pppoe.nix
|
|
overlays/gather-town
|
|
inputs.percept.outPath
|
|
|
|
dev-shells/default.nix
|
|
|
|
./checks
|
|
|
|
nixos/tests
|
|
|
|
inputs.uterranix.flakeModule
|
|
inputs.uk3s-nix.flakeModules.helmCharts
|
|
];
|
|
|
|
_module.args.lib' = let
|
|
inherit (inputs.nixpkgs) lib;
|
|
inherit
|
|
(inputs.nixpkgs.lib)
|
|
extend
|
|
;
|
|
in
|
|
lib.foldl (acc: x: acc.extend x) lib (with config.flake.libOverlays; [
|
|
loadSecrets
|
|
]);
|
|
|
|
flake.hydraJobs = let
|
|
inherit
|
|
(lib')
|
|
mapAttrs
|
|
filterAttrs
|
|
;
|
|
recurseIntoAttrs = attrs: attrs // {recurseForDerivations = {};};
|
|
in {
|
|
nixng = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixngConfigurations);
|
|
nixos = recurseIntoAttrs (mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations);
|
|
packages =
|
|
recurseIntoAttrs
|
|
(mapAttrs (_: v: recurseIntoAttrs v)
|
|
(filterAttrs (n: v: n != "armv8-linux" && n != "riscv64-linux") config.flake.packages));
|
|
};
|
|
|
|
flake.nixngBuilds = lib'.mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixngConfigurations;
|
|
flake.nixosBuilds = lib'.mapAttrs (_: v: v.config.system.build.toplevel) config.flake.nixosConfigurations;
|
|
|
|
flake.evalJobs = let
|
|
tweak =
|
|
lib'.mapAttrs
|
|
(
|
|
name: val:
|
|
if name == "recurseForDerivations"
|
|
then true
|
|
else if lib'.isAttrs val && val.type or null != "derivation"
|
|
then lib'.recurseIntoAttrs (tweak val)
|
|
else val
|
|
);
|
|
in
|
|
tweak config.flake.hydraJobs;
|
|
|
|
uterranix.configurations.main = [
|
|
./terranix/main/default.nix
|
|
{
|
|
_module.args.secret = lib'.loadSecrets secret;
|
|
_module.args.vars = {
|
|
flake_rev = self.rev or (lib'.warn "No flake revision available, do not deploy containers!" "");
|
|
flake_sha = self.narHash or (lib'.warn "No flake nar hash available, do not deploy containers!" "");
|
|
flake_ref = "master";
|
|
flake_host = "git+https://git.sr.ht/~magic_rb/dotfiles";
|
|
};
|
|
_module.args.config' = config;
|
|
}
|
|
];
|
|
|
|
uterranix.configurations.prepare = [
|
|
./terranix/prepare/default.nix
|
|
];
|
|
|
|
uterranix.specialArgs = {pkgs, ...}: {
|
|
paths.root = ./.;
|
|
elib = import ./terranix/lib {
|
|
lib = lib';
|
|
inherit pkgs;
|
|
uterranix-lib = inputs.uterranix.lib.${pkgs.stdenv.system};
|
|
};
|
|
};
|
|
|
|
uterranix.preInit = ''
|
|
TEMPFILE="$(ssh -t blowhole.hosts.in.redalder.org mktemp)"
|
|
ssh -t blowhole.hosts.in.redalder.org $"sudo sh -c $'kubectl -s https://172.26.96.2:6443 create token --duration=10m cluster-admin --namespace kube-system 1>$TEMPFILE ; chown \"\$SUDO_USER:root\" $TEMPFILE'"
|
|
export KUBE_TOKEN=$(ssh blowhole.hosts.in.redalder.org "cat $TEMPFILE")
|
|
ssh blowhole.hosts.in.redalder.org "rm $TEMPFILE"
|
|
export FLAKE_ROOT="$(pwd)"
|
|
'';
|
|
|
|
uterranix.terraform = pkgs: let
|
|
hpkgs = import inputs.nixpkgs {
|
|
inherit (pkgs.stdenv) system;
|
|
overlays = with self.overlays; [
|
|
terraform-provider-vault
|
|
terraform-provider-influxdb-v2
|
|
];
|
|
config.allowUnfreePredicate = pkgs:
|
|
builtins.elem (lib'.getName pkgs) [
|
|
"terraform"
|
|
];
|
|
};
|
|
in
|
|
hpkgs.terraform.withPlugins (p: [
|
|
p.consul
|
|
p.kubernetes
|
|
p.nomad
|
|
p.local
|
|
p.vault
|
|
p.random
|
|
p.null
|
|
p.external
|
|
p.influxdb-v2
|
|
p.hcloud
|
|
]);
|
|
|
|
flake.nixosModules = {
|
|
hashicorp = nixos/modules/hashicorp.nix;
|
|
acme-sh = nixos/modules/acme-sh.nix;
|
|
hashicorp-envoy = nixos/modules/hashicorp-envoy.nix;
|
|
telegraf = nixos/modules/telegraf.nix;
|
|
grafana = nixos/modules/grafana.nix;
|
|
influx-provisioning = nixos/modules/influx-provisioning.nix;
|
|
notnft = nixos/modules/notnft.nix;
|
|
notnft-ns = nixos/modules/notnft-ns.nix;
|
|
ucontainers = nixos/modules/ucontainers.nix;
|
|
netboot-xyz = nixos/modules/netboot-xyz.nix;
|
|
netnsIf = nixos/modules/router/netns-if.nix;
|
|
};
|
|
|
|
flake.apps = inputs.nixpkgs.lib.genAttrs config.systems (system: {
|
|
nixos-anywhere.program = inputs.nixos-anywhere.packages.${system}.nixos-anywhere;
|
|
nixos-anywhere.type = "app";
|
|
});
|
|
|
|
perSystem = {
|
|
system,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
helmCharts.main = {
|
|
};
|
|
|
|
packages = let
|
|
inherit
|
|
(lib')
|
|
attrValues
|
|
;
|
|
pkgs' = pkgs.appendOverlays (attrValues config.flake.overlays
|
|
++ [
|
|
inputs.nixng.overlays.default
|
|
]);
|
|
in {
|
|
terraform-provider-influxdb-v2 = pkgs'.terraform-providers.influxdb-v2;
|
|
terraform-provider-vault = pkgs'.terraform-providers.vault;
|
|
|
|
ubootClaraHD = pkgs'.pkgsCross.armv7l-hf-multiplatform.ubootClaraHD;
|
|
linuxClaraHD = pkgs'.pkgsCross.armv7l-hf-multiplatform.linuxClaraHD;
|
|
ubootBananaPiR4 = pkgs'.pkgsCross.aarch64-multiplatform.ubootBananaPiR4;
|
|
linuxBananaPiR4 = pkgs'.pkgsCross.aarch64-multiplatform.linuxBananaPiR4;
|
|
|
|
inherit
|
|
(pkgs')
|
|
thingiverse-downloader-bash
|
|
emacsclient-remote
|
|
emacs-master-nativecomp
|
|
emacs-rofi
|
|
getmail6
|
|
magic-screenshot
|
|
maildrop
|
|
zfs-relmount
|
|
bootloadHID
|
|
tree-sitter-grammars
|
|
udp-over-tcp
|
|
itp
|
|
rolling_datasets
|
|
ifstate
|
|
microvmp
|
|
symlink-state
|
|
kobo-firmware-extractor
|
|
ip-search
|
|
percept
|
|
;
|
|
# ds3os;
|
|
};
|
|
};
|
|
|
|
flake.patches = {
|
|
hashicorp-nomad.revert-change-consul-si-tokens-to-be-local = patches/0001-Revert-Change-consul-SI-tokens-to-be-local.patch;
|
|
hashicorp-nomad.add-nix-integration = patches/0001-Add-Nix-integration.patch;
|
|
hostapd.intel_lar-and-noscan = patches/0001-intel_lar-and-noscan.patch;
|
|
hostapd.hostapd-2_10-lar = patches/999-hostapd-2.10-lar.patch;
|
|
hostapd.hostapd-2_10-lar-2 = patches/hostapd-2.10-lar.patch;
|
|
terraform-provider-nomad.allow-null-in-authMountTuneSchema = patches/vault-provider-Allow-null-in-authMountTuneSchema.patch;
|
|
systemd.override-cgroup-hierarchy = patches/0001-Add-env-SYSTEMD_UNIFIED_CGROUP_HIERARCHY.patch;
|
|
bubblewrap.dont-bail-on-caps = patches/0001-Don-t-bail-if-we-have-capabilities-in-non-setuid-cas.patch;
|
|
emacs-native-comp-driver-options = patches/emacs-native-comp-driver-options.patch;
|
|
};
|
|
|
|
systems = [
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
"armv7l-linux"
|
|
];
|
|
});
|
|
}
|