nix-infra/flake.nix
June 41f04732c2
Switch from colmena to standard nixosConfigurations
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00

216 lines
7 KiB
Nix

{
description = "CCCHH Nix Infrastructure";
inputs = {
# Use the NixOS small channels for nixpkgs.
# https://nixos.org/manual/nixos/stable/#sec-upgrading
# https://github.com/NixOS/nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
# Add nixos-generators as an input.
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
# Add sops-nix as an input for secret management.
# See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
let
system = "x86_64-linux";
# Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
# Use specific Shairport Sync and nqptp versions, since with those the
# following error doesn't happen:
# fatal error: The nqptp service on this system, which is required for
# Shairport Sync to operate, does not seem to be initialised.
#
# Also use a more recent dev version to fix Pipewire stuttering issue.
# See:
# https://github.com/mikebrady/shairport-sync/issues/1736
# https://github.com/mikebrady/shairport-sync/blob/a65ec2d7f1f380bbae196d7f8f1cd6a88ef5777b/RELEASENOTES-DEVELOPMENT.md#version-432-dev-51-g98679bbb
src = final.fetchFromGitHub {
owner = "mikebrady";
repo = finalAttr.pname;
rev = "98679bbb54f5aaeda859e34aa28425647b8d179e";
hash = "sha256-k0kcgtWk2xlG34lP0ryEaqdskYMNM68YnIRLwFR3jaY=";
};
});
nqptp = prev.nqptp.overrideAttrs (finalAttr: previousAttr: {
# See Shairport Sync version note.
src = final.fetchFromGitHub {
owner = "mikebrady";
repo = finalAttr.pname;
rev = "1.2.4";
hash = "sha256-roTNcr3v2kzE6vQ5plAVtlw1+2yJplltOYsGGibtoZo=";
};
# Custom install phase to avoid setcap.
# See:
# https://github.com/mikebrady/nqptp/blob/1.2.4/Makefile.am#L23
installPhase = ''
mkdir -p $out/bin
cp nqptp $out/bin/
'';
});
};
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in
{
nixosConfigurations = {
audio-hauptraum-kueche = nixpkgs-unstable.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-kueche
];
};
audio-hauptraum-tafel = nixpkgs-unstable.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
{ nixpkgs.overlays = [ shairportSync431ExtendedNixpkgsUnstableOverlay ]; }
./config/hosts/audio-hauptraum-tafel
];
};
esphome = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
./config/hosts/esphome
];
};
public-reverse-proxy = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
./config/hosts/public-reverse-proxy
];
};
netbox = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
./config/hosts/netbox
];
};
matrix = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
./config/hosts/matrix
];
};
public-web-static = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
./config/hosts/public-web-static
];
};
git = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
./config/hosts/git
];
specialArgs = {
inherit pkgs-unstable;
};
};
forgejo-actions-runner = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
./config/hosts/forgejo-actions-runner
];
};
ptouch-print-server = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
./config/hosts/ptouch-print-server
];
};
eh22-wiki = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
./config/hosts/eh22-wiki
];
};
nix-box-june = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
./config/hosts/nix-box-june
];
};
};
packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
./config/common
./config/proxmox-vm
];
format = "proxmox";
};
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
}