From 95008c4d358ece70b5dd252d08cc24f3222d9c77 Mon Sep 17 00:00:00 2001 From: Gabriel Simmer Date: Fri, 1 Sep 2023 20:19:14 +0100 Subject: [PATCH] Use nixinate for nas and oracle forgejo runner --- flake.lock | 94 +++++++++++++++++++++++++------------ flake.nix | 93 +++++++++++++++++++++++++----------- krops/nas/configuration.nix | 40 ++++------------ krops/nas/home.nix | 94 +++++++++++++++++++++++++++++++++++++ 4 files changed, 233 insertions(+), 88 deletions(-) create mode 100644 krops/nas/home.nix diff --git a/flake.lock b/flake.lock index 51923be..97ef6d1 100644 --- a/flake.lock +++ b/flake.lock @@ -1,20 +1,38 @@ { "nodes": { - "flake-utils": { + "home-manager": { "inputs": { - "systems": "systems" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "lastModified": 1693399033, + "narHash": "sha256-yXhiMo8MnE86sGtPIHAKaLHhmhe8v9tqGGotlUgKJvY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "f5c15668f9842dd4d5430787d6aa8a28a07f7c10", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixinate": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1688141737, + "narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=", + "owner": "matthewcroughan", + "repo": "nixinate", + "rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9", + "type": "github" + }, + "original": { + "owner": "matthewcroughan", + "repo": "nixinate", "type": "github" } }, @@ -56,11 +74,43 @@ }, "nixpkgs": { "locked": { - "lastModified": 1691683125, - "narHash": "sha256-FMU62G57HDbJwU+9V3q7I0mBaQYTYQdtPNlJt2t5/A4=", + "lastModified": 1693003285, + "narHash": "sha256-5nm4yrEHKupjn62MibENtfqlP6pWcRTuSKrMiH9bLkc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4d2389b927696ef8da4ef76b03f2d306faf87929", + "rev": "5690c4271f2998c304a45c91a0aeb8fb69feaea7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1653060744, + "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dfd82985c273aac6eced03625f454b334daae2e8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1693500674, + "narHash": "sha256-HDlg/j0Et+D8NWayNOsdvZrJ+nA4h3muXQxIMUlpDXo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "da938d190e2335209df6806ddcb982634e51918c", "type": "github" }, "original": { @@ -72,24 +122,10 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", + "home-manager": "home-manager", + "nixinate": "nixinate", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" + "nixpkgs": "nixpkgs_3" } } }, diff --git a/flake.nix b/flake.nix index 060c785..b296d14 100644 --- a/flake.nix +++ b/flake.nix @@ -1,37 +1,40 @@ { - description = "A basic flake with a shell"; - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - inputs.flake-utils.url = "github:numtide/flake-utils"; - inputs.nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; + description = "Nix flake for my infrastructure"; + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nixinate.url = "github:matthewcroughan/nixinate"; + home-manager.url = "github:nix-community/home-manager"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = { self, nixpkgs, flake-utils, nixos-generators }: - flake-utils.lib.eachDefaultSystem (system: let - pkgs = nixpkgs.legacyPackages.${system}; + outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager }: + let + pkgs = nixpkgs.legacyPackages.x86_64-linux; in { - devShells.default = pkgs.mkShell { + devShells.x86_64-linux.default = with pkgs; mkShell { shellHook = '' set -o allexport - source .env set - +o allexport + source .env set + set +o allexport ''; nativeBuildInputs = [ - pkgs.jq - pkgs.terraform - pkgs.ansible - pkgs.kubectl - pkgs.awscli2 - pkgs.nodePackages.yaml-language-server - pkgs.nodePackages_latest.typescript-language-server - pkgs.k9s - pkgs.terraform-ls - pkgs.kubernetes-helm - pkgs.k6 - pkgs.pulumi-bin - pkgs.nodejs + jq + terraform + ansible + kubectl + awscli2 + nodePackages.yaml-language-server + nodePackages_latest.typescript-language-server + k9s + terraform-ls + kubernetes-helm + k6 + pulumi-bin + nodejs ]; buildInputs = [ ]; }; @@ -39,10 +42,46 @@ k3s-server = nixos-generators.nixosGenerate { system = "aarch64-linux"; modules = [ - ./pi-imgs/k3s-server.nix + (nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") + ./pi-imgs/pi-initial.nix ]; format = "sd-aarch64-installer"; }; }; - }); + apps = nixinate.nixinate.x86_64-linux self; + nixosConfigurations = { + oracle-gitea-runner = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + (import ./krops/oracle-gitea-runner/configuration.nix) + { + _module.args.nixinate = { + host = "143.47.229.209"; + sshUser = "root"; + buildOn = "remote"; + substituteOnTarget = true; + hermetic = false; + }; + } + ]; + }; + nas = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + (import ./krops/nas/configuration.nix) + home-manager.nixosModules.home-manager + { + home-manager.users.gsimmer = import ./krops/nas/home.nix; + _module.args.nixinate = { + host = "vancouver"; + sshUser = "gsimmer"; + buildOn = "remote"; + substituteOnTarget = true; + hermetic = false; + }; + } + ]; + }; + }; + }; } diff --git a/krops/nas/configuration.nix b/krops/nas/configuration.nix index 9347266..d59e36e 100644 --- a/krops/nas/configuration.nix +++ b/krops/nas/configuration.nix @@ -1,12 +1,9 @@ { config, pkgs, ... }: { - disabledModules = [ "services/misc/n8n.nix" ]; imports = [ # Include the results of the hardware scan. ./hardware.nix - - ]; nix = { @@ -50,14 +47,6 @@ tailscale.enable = true; openssh.enable = true; xserver.videoDrivers = [ "nvidia" ]; - n8n = { - enable = true; - openFirewall = true; - webhookUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/"; - settings = { - editorBaseUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/"; - }; - }; nfs.server.enable = true; samba-wsdd.enable = true; samba = { @@ -137,20 +126,6 @@ error_page 404 /404.html; ''; }; - locations."/git" = { - extraConfig = - '' - return 301 $scheme://git.gmem.ca; - ''; - }; - locations."/n8n/" = { - proxyPass = "http://127.0.0.1:5678/"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = - '' - proxy_pass_header Authorization; - ''; - }; }; virtualHosts."git.gmem.ca" = { enableACME = true; @@ -229,7 +204,7 @@ }; }; gitea-actions-runner = { - # package = pkgs.forgejo-actions-runner; + package = pkgs.forgejo-actions-runner; instances = { vancouver = { name = "vancouver"; @@ -285,7 +260,6 @@ }; }; - networking = { hostId = "e1e29bf4"; hostName = "vancouver"; @@ -303,12 +277,14 @@ interfaces = [ "eno1" ]; }; }; - interfaces.br0.ipv4.addresses = [ { - address = "192.168.50.229"; - prefixLength = 24; - } ]; + interfaces.br0.ipv4.addresses = [ + { + address = "192.168.50.229"; + prefixLength = 24; + } + ]; defaultGateway = "192.168.50.1"; - nameservers = ["100.100.100.100" "45.90.28.116" "45.90.30.116"]; + nameservers = ["45.90.28.116" "45.90.30.116"]; nftables.enable = true; }; environment.systemPackages = with pkgs; [ diff --git a/krops/nas/home.nix b/krops/nas/home.nix new file mode 100644 index 0000000..851f8bd --- /dev/null +++ b/krops/nas/home.nix @@ -0,0 +1,94 @@ +{ config, pkgs, callPackage, ... }: + +{ + nixpkgs.overlays = [ + (import (builtins.fetchTarball { + url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz"; + sha256 = "11knjfj2gnj8y6jy4xali11g86clq7jmy5ndzy1gg0yy1y72xrhm"; + })) + ]; + + home.username = "gsimmer"; + home.homeDirectory = "/Primary/gabriel"; + + nixpkgs.config.allowUnfree = true; + + programs.bash.enable = false; + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting +if test "$TERM" = "dumb" + function fish_prompt + echo "\$ " + end + + function fish_right_prompt; end + function fish_greeting; end + function fish_title; end +end +atuin init fish | source + ''; + loginShellInit = '' +if test "$TERM" = "dumb" + function fish_prompt + echo "\$ " + end + + function fish_right_prompt; end + function fish_greeting; end + function fish_title; end +end + ''; + plugins = [ + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "e0e1b9dfdba362f8ab1ae8c1afc7ccf62b89f7eb"; + sha256 = "0dbnir6jbwjpjalz14snzd3cgdysgcs3raznsijd6savad3qhijc"; + }; + } + ]; + }; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + + # services.lorri.enable = true; + + programs.emacs = { + enable = false; + package = pkgs.emacs-unstable-pgtk; + extraPackages = epkgs: [ + epkgs.vterm + ]; + }; + + programs.exa = { + enable = true; + enableAliases = true; + }; + + programs.bat = { + enable = true; + }; + + home.packages = with pkgs; [ ]; + + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + home.stateVersion = "23.05"; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +}