Use nixinate for nas and oracle forgejo runner

2023-09-01 20:19:14 +01:00 · 2023-09-01 20:19:14 +01:00 · 95008c4d35
parent b5c9676ceb
commit 95008c4d35
4 changed files with 233 additions and 88 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,20 +1,38 @@
 {
  "nodes": {
-    "flake-utils": {
+    "home-manager": {
      "inputs": {
-        "systems": "systems"
+        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1689068808,
-        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
+        "lastModified": 1693399033,
+        "narHash": "sha256-yXhiMo8MnE86sGtPIHAKaLHhmhe8v9tqGGotlUgKJvY=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "f5c15668f9842dd4d5430787d6aa8a28a07f7c10",
        "type": "github"
      },
      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixinate": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1688141737,
+        "narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
+        "owner": "matthewcroughan",
+        "repo": "nixinate",
+        "rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "matthewcroughan",
+        "repo": "nixinate",
        "type": "github"
      }
    },
@ -56,11 +74,43 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1691683125,
-        "narHash": "sha256-FMU62G57HDbJwU+9V3q7I0mBaQYTYQdtPNlJt2t5/A4=",
+        "lastModified": 1693003285,
+        "narHash": "sha256-5nm4yrEHKupjn62MibENtfqlP6pWcRTuSKrMiH9bLkc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4d2389b927696ef8da4ef76b03f2d306faf87929",
+        "rev": "5690c4271f2998c304a45c91a0aeb8fb69feaea7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1653060744,
+        "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "dfd82985c273aac6eced03625f454b334daae2e8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1693500674,
+        "narHash": "sha256-HDlg/j0Et+D8NWayNOsdvZrJ+nA4h3muXQxIMUlpDXo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "da938d190e2335209df6806ddcb982634e51918c",
        "type": "github"
      },
      "original": {
@ -72,24 +122,10 @@
    },
    "root": {
      "inputs": {
-        "flake-utils": "flake-utils",
+        "home-manager": "home-manager",
+        "nixinate": "nixinate",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
+        "nixpkgs": "nixpkgs_3"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,37 +1,40 @@
 {
-  description = "A basic flake with a shell";
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-  inputs.flake-utils.url = "github:numtide/flake-utils";
-  inputs.nixos-generators = {
-    url = "github:nix-community/nixos-generators";
-    inputs.nixpkgs.follows = "nixpkgs";
+  description = "Nix flake for my infrastructure";
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixinate.url = "github:matthewcroughan/nixinate";
+    home-manager.url = "github:nix-community/home-manager";
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

-  outputs = { self, nixpkgs, flake-utils, nixos-generators }:
-    flake-utils.lib.eachDefaultSystem (system: let
-      pkgs = nixpkgs.legacyPackages.${system};
+  outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager }:
+    let
+      pkgs = nixpkgs.legacyPackages.x86_64-linux;
    in {
-      devShells.default = pkgs.mkShell {
+      devShells.x86_64-linux.default = with pkgs; mkShell {
        shellHook =
          ''
            set -o allexport
-            source .env  set
-            +o allexport
+            source .env set
+            set +o allexport
          '';
        nativeBuildInputs = [
-          pkgs.jq
-          pkgs.terraform
-          pkgs.ansible
-          pkgs.kubectl
-          pkgs.awscli2
-          pkgs.nodePackages.yaml-language-server
-          pkgs.nodePackages_latest.typescript-language-server
-          pkgs.k9s
-          pkgs.terraform-ls
-          pkgs.kubernetes-helm
-          pkgs.k6
-          pkgs.pulumi-bin
-          pkgs.nodejs
+          jq
+          terraform
+          ansible
+          kubectl
+          awscli2
+          nodePackages.yaml-language-server
+          nodePackages_latest.typescript-language-server
+          k9s
+          terraform-ls
+          kubernetes-helm
+          k6
+          pulumi-bin
+          nodejs
        ];
        buildInputs = [ ];
      };
@ -39,10 +42,46 @@
        k3s-server = nixos-generators.nixosGenerate {
          system = "aarch64-linux";
          modules = [
-            ./pi-imgs/k3s-server.nix
+            (nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
+            ./pi-imgs/pi-initial.nix
          ];
          format = "sd-aarch64-installer";
        };
      };
-    });
+      apps = nixinate.nixinate.x86_64-linux self;
+      nixosConfigurations = {
+        oracle-gitea-runner = nixpkgs.lib.nixosSystem {
+          system = "aarch64-linux";
+          modules = [
+            (import ./krops/oracle-gitea-runner/configuration.nix)
+            {
+              _module.args.nixinate = {
+                host = "143.47.229.209";
+                sshUser = "root";
+                buildOn = "remote";
+                substituteOnTarget = true;
+                hermetic = false;
+              };
+            }
+          ];
+        };
+        nas = nixpkgs.lib.nixosSystem {
+          system = "aarch64-linux";
+          modules = [
+            (import ./krops/nas/configuration.nix)
+            home-manager.nixosModules.home-manager
+            {
+              home-manager.users.gsimmer = import ./krops/nas/home.nix;
+              _module.args.nixinate = {
+                host = "vancouver";
+                sshUser = "gsimmer";
+                buildOn = "remote";
+                substituteOnTarget = true;
+                hermetic = false;
+              };
+            }
+          ];
+        };
+      };
+    };
 }
--- a/krops/nas/configuration.nix
+++ b/krops/nas/configuration.nix
@ -1,12 +1,9 @@
 { config, pkgs, ... }:

 {
-  disabledModules = [ "services/misc/n8n.nix" ];
  imports =
    [ # Include the results of the hardware scan.
      ./hardware.nix
-      <home-manager/nixos>
-      <n8n.nix>
    ];

  nix = {
@ -50,14 +47,6 @@
    tailscale.enable = true;
    openssh.enable = true;
    xserver.videoDrivers = [ "nvidia" ];
-    n8n = {
-      enable = true;
-      openFirewall = true;
-      webhookUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/";
-      settings = {
-        editorBaseUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/";
-      };
-    };
    nfs.server.enable = true;
    samba-wsdd.enable = true;
    samba = {
@ -137,20 +126,6 @@
            error_page 404 /404.html;
          '';
        };
-        locations."/git" = {
-          extraConfig =
-            ''
-            return 301 $scheme://git.gmem.ca;
-            '';
-        };
-        locations."/n8n/" = {
-          proxyPass = "http://127.0.0.1:5678/";
-          proxyWebsockets = true; # needed if you need to use WebSocket
-          extraConfig =
-            ''
-            proxy_pass_header Authorization;
-            '';
-        };
      };
      virtualHosts."git.gmem.ca" =  {
        enableACME = true;
@ -229,7 +204,7 @@
      };
    };
    gitea-actions-runner = {
-      # package = pkgs.forgejo-actions-runner;
+      package = pkgs.forgejo-actions-runner;
      instances = {
        vancouver = {
          name = "vancouver";
@ -285,7 +260,6 @@
    };
  };

-
  networking = {
    hostId = "e1e29bf4";
    hostName = "vancouver";
@ -303,12 +277,14 @@
        interfaces = [ "eno1" ];
      };
    };
-    interfaces.br0.ipv4.addresses = [ {
-      address = "192.168.50.229";
-      prefixLength = 24;
-    } ];
+    interfaces.br0.ipv4.addresses = [
+      {
+        address = "192.168.50.229";
+        prefixLength = 24;
+      }
+    ];
    defaultGateway = "192.168.50.1";
-    nameservers = ["100.100.100.100" "45.90.28.116" "45.90.30.116"];
+    nameservers = ["45.90.28.116" "45.90.30.116"];
    nftables.enable = true;
  };
  environment.systemPackages = with pkgs; [
--- a/krops/nas/home.nix
+++ b/krops/nas/home.nix
@ -0,0 +1,94 @@
+{ config, pkgs, callPackage, ... }:
+
+{
+  nixpkgs.overlays = [
+    (import (builtins.fetchTarball {
+      url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
+      sha256 = "11knjfj2gnj8y6jy4xali11g86clq7jmy5ndzy1gg0yy1y72xrhm";
+    }))
+  ];
+
+  home.username = "gsimmer";
+  home.homeDirectory = "/Primary/gabriel";
+
+  nixpkgs.config.allowUnfree = true;
+
+  programs.bash.enable = false;
+  programs.fish = {
+    enable = true;
+    interactiveShellInit = ''
+      set fish_greeting
+if test "$TERM" = "dumb"
+  function fish_prompt
+    echo "\$ "
+  end
+
+  function fish_right_prompt; end
+  function fish_greeting; end
+  function fish_title; end
+end
+atuin init fish | source
+    '';
+    loginShellInit = ''
+if test "$TERM" = "dumb"
+  function fish_prompt
+    echo "\$ "
+  end
+
+  function fish_right_prompt; end
+  function fish_greeting; end
+  function fish_title; end
+end
+    '';
+    plugins = [
+      {
+        name = "z";
+        src = pkgs.fetchFromGitHub {
+          owner = "jethrokuan";
+          repo = "z";
+          rev = "e0e1b9dfdba362f8ab1ae8c1afc7ccf62b89f7eb";
+          sha256 = "0dbnir6jbwjpjalz14snzd3cgdysgcs3raznsijd6savad3qhijc";
+        };
+      }
+    ];
+  };
+  
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+  };
+
+  # services.lorri.enable = true;
+
+  programs.emacs = {
+    enable = false;
+    package = pkgs.emacs-unstable-pgtk;
+    extraPackages = epkgs: [
+      epkgs.vterm
+    ];
+  };
+
+  programs.exa = {
+    enable = true;
+    enableAliases = true;
+  };
+
+  programs.bat = {
+    enable = true;
+  };
+  
+  home.packages = with pkgs; [ ];
+
+  # This value determines the Home Manager release that your
+  # configuration is compatible with. This helps avoid breakage
+  # when a new Home Manager release introduces backwards
+  # incompatible changes.
+  #
+  # You can update Home Manager without changing this value. See
+  # the Home Manager release notes for a list of state version
+  # changes in each release.
+  home.stateVersion = "23.05";
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}