{ description = "Nix flake for my infrastructure"; inputs = { agenix.url = "github:ryantm/agenix?rev=1f677b3e161d3bdbfd08a939e8f25de2568e0ef4"; terranix.url = "github:terranix/terranix"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixinate.url = "github:matthewcroughan/nixinate"; nixos-dns.url = "github:Janik-Haag/nixos-dns"; nixos-dns.inputs.nixpkgs.follows = "nixpkgs"; nixpkgs-wayland = { url = "github:nix-community/nixpkgs-wayland"; inputs.nixpkgs.follows = "nixpkgs"; }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy"; kubenix.url = "github:hall/kubenix"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix, nixos-dns, nixos-hardware, } @ inputs: let pkgs = nixpkgs.legacyPackages.x86_64-linux; tf = terranix.lib.terranixConfiguration { system = "x86_64-linux"; modules = [./terraform/main.nix]; }; dnsConfig = { extraConfig = import ./dns/dns.nix; }; generate = nixos-dns.utils.generate nixpkgs.legacyPackages.x86_64-linux; octodns-cloudflare = pkgs.python311Packages.buildPythonPackage rec { pname = "octodns-cloudflare"; version = "0.0.4"; src = pkgs.fetchFromGitHub { owner = "octodns"; repo = pname; rev = "main"; sha256 = "sha256-KVdH55wkTk2n2t/Y+n9+/5SCk3ml8vXIlFbtmOL4DlA="; }; doCheck = false; propagatedBuildInputs = with pkgs.python3Packages; [ pyyaml certifi charset-normalizer dnspython fqdn idna natsort pkgs.octodns requests python-dateutil six urllib3 # Specify dependencies ]; }; in { devShells.x86_64-linux.default = with pkgs; mkShell { nativeBuildInputs = [ jq opentofu kubectl k9s terraform-ls kubernetes-helm nil (octodns.withProviders (ps: [ octodns-providers.bind octodns-cloudflare ])) ]; buildInputs = []; }; dnsDebugConfig = nixos-dns.utils.debug.config dnsConfig; packages.aarch64-linux = { raspberry-pi = nixos-generators.nixosGenerate { system = "aarch64-linux"; modules = [ (nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix") ./pi-imgs/pi-initial.nix ]; format = "sd-aarch64-installer"; }; }; packages.x86_64-linux = { nextdns-rewrites = pkgs.writeText "$out" ( builtins.toJSON ( ((pkgs.callPackage ./dns/nextdns.nix) {}).data ) ); kubernetes = (kubenix.evalModules.x86_64-linux { module = {kubenix, ...}: { imports = [ kubenix.modules.k8s ./homelab/kubernetes.nix ]; }; }) .config .kubernetes .result; dns = generate.octodnsConfig { inherit dnsConfig; config = { processors = { ownership = { class = "octodns.processor.ownership.OwnershipProcessor"; }; ttl-to-proxy = { class = "octodns_cloudflare.processor.ttl.TtlToProxy"; ttl = 0; }; }; providers = { config = { check_origin = false; }; cloudflare = { class = "octodns_cloudflare.CloudflareProvider"; token = "env/CLOUDFLARE_API_TOKEN"; min_ttl = 0; }; }; }; zones = { "gmem.ca." = { processors = ["ownership" "ttl-to-proxy"]; sources = ["config"]; targets = ["cloudflare"]; }; }; }; }; apps = nixinate.nixinate.x86_64-linux self // { x86_64-linux = { nextdns = { type = "app"; program = toString (pkgs.writers.writePython3 "nextdns" { libraries = [ pkgs.python3Packages.requests ]; flakeIgnore = [ "E501" ]; } '' import json import requests import os auth = os.getenv("NEXTDNS_API_KEY") g with open('${self.packages.x86_64-linux.nextdns-rewrites}', 'r') as file: rewrites = json.load(file) for profile in rewrites: for rewrite in rewrites[profile]: print(json.dumps(rewrite)) req = requests.post( f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite), headers={'X-Api-Key': auth, 'Content-Type': 'application/json'} ) print(req.text) ''); }; dns = { type = "app"; program = toString (pkgs.writers.writeBash "diff" '' set -o allexport source .env.tf set set +o allexport ${pkgs.octodns.withProviders (ps: [ pkgs.octodns-providers.bind octodns-cloudflare ])}/bin/octodns-sync --config-file ${self.packages.x86_64-linux.dns} ''); }; dns-do = { type = "app"; program = toString (pkgs.writers.writeBash "diff" '' set -o allexport source .env.tf set set +o allexport ${pkgs.octodns.withProviders (ps: [ pkgs.octodns-providers.bind octodns-cloudflare ])}/bin/octodns-sync --config-file ${self.packages.x86_64-linux.dns} --doit ''); }; kube-apply = { type = "app"; program = toString (pkgs.writers.writeBash "diff" '' ${pkgs.kubectl}/bin/kubectl apply -f ${self.packages.x86_64-linux.kubernetes} ''); }; kube-diff = { type = "app"; program = toString (pkgs.writers.writeBash "diff" '' ${pkgs.kubectl}/bin/kubectl diff -f ${self.packages.x86_64-linux.kubernetes} ''); }; tf-plan = { type = "app"; program = toString (pkgs.writers.writeBash "plan" '' if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi cp ${tf} terraform/config.tf.json \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform init \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform plan -out=plan.out ''); }; tf-apply = { type = "app"; program = toString (pkgs.writers.writeBash "apply" '' if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi cp ${tf} terraform/config.tf.json \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform init \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform apply plan.out ''); }; }; }; homeConfigurations."gsimmer" = home-manager.lib.homeManagerConfiguration { inherit pkgs; modules = [./nix/london/gsimmer.nix]; }; nixosConfigurations = { london = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ (import ./nix/london/configuration.nix) (import ./modules/cloudflare-warp.nix) (import ./modules/vfio.nix) home-manager.nixosModules.home-manager { home-manager.useUserPackages = true; home-manager.users.gsimmer = import ./nix/london/gsimmer.nix; } ( { pkgs, config, ... }: { config = { nix.settings = { # add binary caches trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; substituters = [ "https://cache.nixos.org" "https://nixpkgs-wayland.cachix.org" "https://nix-community.cachix.org" ]; }; # use it as an overlay nixpkgs.overlays = [nixpkgs-wayland.overlay]; }; } ) ]; }; oracle-gitea-runner = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ (import ./nix/oracle-gitea-runner/configuration.nix) { _module.args.nixinate = { host = "143.47.229.209"; sshUser = "root"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; oracle-stream = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ (import ./nix/oracle-stream/configuration.nix) { _module.args.nixinate = { host = "100.98.25.34"; sshUser = "root"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; monitoring = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ (import ./nix/monitoring/configuration.nix) agenix.nixosModules.default alertmanager-ntfy.nixosModules.x86_64-linux.default { _module.args.nixinate = { host = "100.126.232.130"; sshUser = "root"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; nas = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ (import ./nix/nas/configuration.nix) agenix.nixosModules.default home-manager.nixosModules.home-manager { home-manager.users.gsimmer = import ./nix/nas/home.nix; _module.args.nixinate = { host = "vancouver"; sshUser = "gsimmer"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; seattle = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ nixos-hardware.nixosModules.raspberry-pi-4 agenix.nixosModules.default (import ./nix/seattle/configuration.nix) { _module.args.nixinate = { host = "seattle"; sshUser = "gsimmer"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; glasgow = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ agenix.nixosModules.default nixos-hardware.nixosModules.raspberry-pi-4 (import ./nix/glasgow/configuration.nix) { _module.args.nixinate = { host = "glasgow"; sshUser = "gsimmer"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; proxmox-k3s-node-1 = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ agenix.nixosModules.default (import ./nix/proxmox-k3s-node/configuration.nix) { _module.args.nixinate = { host = "proxmox-node-1"; sshUser = "gsimmer"; buildOn = "remote"; substituteOnTarget = true; hermetic = false; }; } ]; }; }; }; }