279 lines
8.8 KiB
Nix
279 lines
8.8 KiB
Nix
{
|
|
description = "CCCHH Nix Infrastructure";
|
|
|
|
inputs = {
|
|
# Use the NixOS small channels for nixpkgs.
|
|
# https://nixos.org/manual/nixos/stable/#sec-upgrading
|
|
# https://github.com/NixOS/nixpkgs
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
|
|
|
|
# Add nixos-generators as an input.
|
|
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
|
|
nixos-generators = {
|
|
url = "github:nix-community/nixos-generators";
|
|
#inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
# Add sops-nix as an input for secret management.
|
|
# See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation
|
|
sops-nix = {
|
|
url = "github:Mic92/sops-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
authorizedKeysRepo = {
|
|
url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/archive/fc95460e9e6ae759b2b08c93b10a8e010e9e14e6.tar.gz";
|
|
flake = false;
|
|
};
|
|
};
|
|
|
|
outputs = { self, nixpkgs, nixos-generators, sops-nix, authorizedKeysRepo, ... }:
|
|
let
|
|
specialArgs = {
|
|
inherit authorizedKeysRepo;
|
|
};
|
|
system = "x86_64-linux";
|
|
in
|
|
{
|
|
nixosModules = {
|
|
common = ./config/common;
|
|
proxmox-vm = ./config/proxmox-vm;
|
|
prometheus-exporter = ./config/extra/prometheus-exporter.nix;
|
|
};
|
|
overlays = {
|
|
matrixSynapseFix = final: prev: {
|
|
matrix-synapse-unwrapped = prev.matrix-synapse-unwrapped.overrideAttrs (finalAttrs: prevAttrs: rec {
|
|
version = "1.135.2";
|
|
src = prev.fetchFromGitHub {
|
|
owner = "element-hq";
|
|
repo = "synapse";
|
|
rev = "v${version}";
|
|
hash = "sha256-4HAA9Xq4C3DHxz0BgqBitfM4wZwPSEu+IO/OPfHzLVw=";
|
|
};
|
|
cargoDeps = final.rustPlatform.fetchCargoVendor {
|
|
inherit src;
|
|
hash = "sha256-4J92s6cSgsEIYQpbU6OOLI/USIJX2Gc7UdEHgWQgmXc=";
|
|
};
|
|
patches = [];
|
|
});
|
|
};
|
|
librespotFixOverlay = final: prev: {
|
|
librespot = (prev.librespot.override { withAvahi = true; }).overrideAttrs (finalAttrs: prevAttr: rec {
|
|
# Build dev branch.
|
|
name = "${prevAttr.pname}-${version}";
|
|
version = "dev";
|
|
src = prev.fetchFromGitHub {
|
|
owner = "librespot-org";
|
|
repo = "librespot";
|
|
rev = "dev";
|
|
sha256 = "sha256-s9JpIbqXiVXMlhEuIuKio+rD1rM3kc7bAT0+8+5s35w=";
|
|
};
|
|
cargoDeps = final.rustPlatform.fetchCargoVendor {
|
|
inherit src;
|
|
hash = "sha256-Lujz2revTAok9B0hzdl8NVQ5XMRY9ACJzoQHIkIgKMg=";
|
|
};
|
|
# Fix librespot failing with "Unable to load audio item: Error { kind: Unavailable, error: StatusCode(500) }".
|
|
patches = (prevAttr.patches or []) ++ [
|
|
./patches/librespot_PR1528_conflicts_resolved.patch
|
|
];
|
|
});
|
|
};
|
|
};
|
|
nixosConfigurations = {
|
|
audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
./config/hosts/audio-hauptraum-kueche
|
|
];
|
|
};
|
|
|
|
audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
./config/hosts/audio-hauptraum-tafel
|
|
{ nixpkgs.overlays = [ self.overlays.librespotFixOverlay ]; }
|
|
];
|
|
};
|
|
|
|
esphome = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
./config/hosts/esphome
|
|
];
|
|
};
|
|
|
|
public-reverse-proxy = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
./config/hosts/public-reverse-proxy
|
|
];
|
|
};
|
|
|
|
matrix = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
self.nixosModules.prometheus-exporter
|
|
./config/hosts/matrix
|
|
{ nixpkgs.overlays = [ self.overlays.matrixSynapseFix ]; }
|
|
];
|
|
};
|
|
|
|
public-web-static = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
self.nixosModules.prometheus-exporter
|
|
./config/hosts/public-web-static
|
|
];
|
|
};
|
|
|
|
git = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
self.nixosModules.prometheus-exporter
|
|
./config/hosts/git
|
|
];
|
|
};
|
|
|
|
forgejo-actions-runner = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
self.nixosModules.prometheus-exporter
|
|
./config/hosts/forgejo-actions-runner
|
|
];
|
|
};
|
|
|
|
ptouch-print-server = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
./config/hosts/ptouch-print-server
|
|
];
|
|
};
|
|
|
|
yate = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
./config/hosts/yate
|
|
];
|
|
};
|
|
|
|
mqtt = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
./config/hosts/mqtt
|
|
];
|
|
};
|
|
|
|
mjolnir = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
self.nixosModules.prometheus-exporter
|
|
./config/hosts/mjolnir
|
|
];
|
|
};
|
|
|
|
woodpecker = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
self.nixosModules.prometheus-exporter
|
|
./config/hosts/woodpecker
|
|
];
|
|
};
|
|
|
|
status = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
./config/hosts/status
|
|
];
|
|
};
|
|
|
|
penpot = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
sops-nix.nixosModules.sops
|
|
self.nixosModules.prometheus-exporter
|
|
./config/hosts/penpot
|
|
];
|
|
};
|
|
|
|
hydra = nixpkgs.lib.nixosSystem {
|
|
inherit system specialArgs;
|
|
modules = [
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
self.nixosModules.prometheus-exporter
|
|
./config/hosts/hydra
|
|
];
|
|
};
|
|
};
|
|
|
|
packages.x86_64-linux = {
|
|
proxmox-nixos-template = nixos-generators.nixosGenerate {
|
|
inherit specialArgs;
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
./config/nixos-generators/proxmox.nix
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
];
|
|
format = "proxmox";
|
|
};
|
|
|
|
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
|
|
inherit specialArgs;
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
./config/nixos-generators/proxmox-chaosknoten.nix
|
|
./config/proxmox-chaosknoten-additional-initial-config.nix
|
|
self.nixosModules.common
|
|
self.nixosModules.proxmox-vm
|
|
];
|
|
format = "proxmox";
|
|
};
|
|
};
|
|
|
|
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
|
|
|
|
hydraJobs = {
|
|
inherit (self) packages;
|
|
nixosConfigurations = builtins.mapAttrs (name: value: value.config.system.build.toplevel) self.nixosConfigurations;
|
|
};
|
|
};
|
|
}
|