CCCHH/nix-infra
CCCHH/nix-infra
16
2
Fork 2
Code Issues Pull requests 3 Projects Wiki Activity

Run "nix fmt" to format this entire flake

Browse source
This commit is contained in:
June 2024-03-06 22:50:32 +01:00 committed by June
parent 71e1684f76
commit 1ad6ac9dc0
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
8 changed files with 181 additions and 180 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
config/common/users.nix
View file

@ -16,24 +16,24 @@ let
}; };
authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys")); authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
in in
{ {
users.mutableUsers = false; users.mutableUsers = false;
users.users.chaos = { users.users.chaos = {
isNormalUser = true; isNormalUser = true;
description = "Chaos"; description = "Chaos";
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = authorizedKeys; openssh.authorizedKeys.keys = authorizedKeys;
}; };
users.users.colmena-deploy = { users.users.colmena-deploy = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = authorizedKeys; openssh.authorizedKeys.keys = authorizedKeys;
}; };
nix.settings.trusted-users = [ "colmena-deploy" ]; nix.settings.trusted-users = [ "colmena-deploy" ];
# Since our user doesn't have a password, allow passwordless sudo for wheel. # Since our user doesn't have a password, allow passwordless sudo for wheel.
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
} }

315
flake.nix
View file

@ -58,169 +58,170 @@
}); });
}; };
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux"; pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in { in
colmena = { {
meta = { colmena = {
nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; meta = {
nodeNixpkgs = { nixpkgs = nixpkgs.legacyPackages."x86_64-linux";
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; nodeNixpkgs = {
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay; audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
};
nodeSpecialArgs = {
git = { inherit pkgs-unstable; };
};
}; };
nodeSpecialArgs = {
git = { inherit pkgs-unstable; }; audio-hauptraum-kueche = {
deployment = {
targetHost = "audio-hauptraum-kueche.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-kueche
];
};
audio-hauptraum-tafel = {
deployment = {
targetHost = "audio-hauptraum-tafel.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-tafel
];
};
esphome = {
deployment = {
targetHost = "esphome.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/esphome
];
};
public-reverse-proxy = {
deployment = {
targetHost = "public-reverse-proxy.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-reverse-proxy
];
};
netbox = {
deployment = {
targetHost = "netbox-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/netbox
];
};
matrix = {
deployment = {
targetHost = "matrix-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/matrix
];
};
public-web-static = {
deployment = {
targetHost = "public-web-static-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-web-static
];
};
git = {
deployment = {
targetHost = "git.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/git
];
};
forgejo-actions-runner = {
deployment = {
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/forgejo-actions-runner
];
}; };
}; };
audio-hauptraum-kueche = { packages.x86_64-linux = {
deployment = { proxmox-nixos-template = nixos-generators.nixosGenerate {
targetHost = "audio-hauptraum-kueche.z9.ccchh.net"; system = "x86_64-linux";
targetPort = 22; modules = [
targetUser = "colmena-deploy"; ./config/nixos-generators/proxmox.nix
tags = [ "thinkcccluster" ]; ./config/common
./config/proxmox-vm
];
format = "proxmox";
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
}; };
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-kueche
];
}; };
audio-hauptraum-tafel = { formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
deployment = {
targetHost = "audio-hauptraum-tafel.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/audio-hauptraum-tafel
];
};
esphome = {
deployment = {
targetHost = "esphome.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/esphome
];
};
public-reverse-proxy = {
deployment = {
targetHost = "public-reverse-proxy.z9.ccchh.net";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "thinkcccluster" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-reverse-proxy
];
};
netbox = {
deployment = {
targetHost = "netbox-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/netbox
];
};
matrix = {
deployment = {
targetHost = "matrix-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/matrix
];
};
public-web-static = {
deployment = {
targetHost = "public-web-static-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/public-web-static
];
};
git = {
deployment = {
targetHost = "git.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/git
];
};
forgejo-actions-runner = {
deployment = {
targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/forgejo-actions-runner
];
};
}; };
packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
} }