2021-07-15 13:38:22 +02:00
|
|
|
{
|
2021-11-29 02:04:29 +01:00
|
|
|
inputs = {
|
2022-12-02 03:29:02 +01:00
|
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
|
2021-11-29 02:04:29 +01:00
|
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
|
|
|
sops-nix.url = "github:Mic92/sops-nix";
|
|
|
|
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
2022-12-02 03:29:02 +01:00
|
|
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11";
|
2021-11-29 02:04:29 +01:00
|
|
|
};
|
2021-07-15 13:38:22 +02:00
|
|
|
|
2023-02-28 22:18:26 +01:00
|
|
|
outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix, simple-nixos-mailserver }:
|
2021-07-15 13:38:22 +02:00
|
|
|
let
|
|
|
|
|
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
2021-11-29 02:04:29 +01:00
|
|
|
pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux;
|
2022-07-19 06:34:33 +02:00
|
|
|
defaultModuleArgs = { pkgs, ... }: {
|
|
|
|
|
_module.args.pkgs-unstable = import nixpkgs-unstable {
|
|
|
|
|
inherit (pkgs.stdenv.targetPlatform) system;
|
|
|
|
|
config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [
|
|
|
|
|
"minecraft-server"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
2021-07-15 17:33:31 +02:00
|
|
|
in
|
2021-11-25 00:33:28 +01:00
|
|
|
{
|
2022-07-19 06:34:33 +02:00
|
|
|
devShells.x86_64-linux.default = pkgs.mkShell {
|
2021-11-29 02:04:29 +01:00
|
|
|
sopsPGPKeyDirs = [
|
|
|
|
|
"./keys/hosts"
|
|
|
|
|
"./keys/users"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
nativeBuildInputs = [
|
|
|
|
|
(pkgs.callPackage sops-nix { }).sops-import-keys-hook
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
buildInputs = with pkgs-unstable; [
|
2021-11-25 00:33:28 +01:00
|
|
|
nixpkgs-fmt
|
|
|
|
|
terraform
|
|
|
|
|
terraform-ls
|
|
|
|
|
sops
|
|
|
|
|
deploy-rs.packages."x86_64-linux".deploy-rs
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nixosConfigurations = {
|
|
|
|
|
db1 = nixpkgs.lib.nixosSystem {
|
|
|
|
|
system = "x86_64-linux";
|
2022-07-31 22:40:10 +02:00
|
|
|
specialArgs = { inherit nixpkgs; };
|
2021-11-25 00:59:46 +01:00
|
|
|
modules = [
|
2021-11-29 02:04:29 +01:00
|
|
|
sops-nix.nixosModules.sops
|
2021-11-25 00:59:46 +01:00
|
|
|
./profiles/db.nix
|
2021-11-25 00:33:28 +01:00
|
|
|
(
|
|
|
|
|
{
|
2021-11-29 02:04:29 +01:00
|
|
|
sops.defaultSopsFile = ./secrets.enc.yml;
|
2021-11-25 00:33:28 +01:00
|
|
|
networking.hostName = "db1";
|
|
|
|
|
networking.domain = "banditlair.com";
|
2021-11-29 02:04:29 +01:00
|
|
|
nix.registry.nixpkgs.flake = nixpkgs;
|
2021-11-25 00:59:46 +01:00
|
|
|
|
2021-11-25 00:33:28 +01:00
|
|
|
system.stateVersion = "21.05";
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
backend1 = nixpkgs.lib.nixosSystem {
|
|
|
|
|
system = "x86_64-linux";
|
2022-07-31 22:40:10 +02:00
|
|
|
specialArgs = { inherit nixpkgs; };
|
2021-11-25 00:59:46 +01:00
|
|
|
modules = [
|
2021-11-29 02:04:29 +01:00
|
|
|
sops-nix.nixosModules.sops
|
2021-11-25 00:59:46 +01:00
|
|
|
./profiles/backend.nix
|
2021-11-25 00:33:28 +01:00
|
|
|
(
|
|
|
|
|
{
|
2021-11-29 02:04:29 +01:00
|
|
|
sops.defaultSopsFile = ./secrets.enc.yml;
|
2021-11-25 00:33:28 +01:00
|
|
|
networking.hostName = "backend1";
|
|
|
|
|
networking.domain = "banditlair.com";
|
2021-11-29 02:04:29 +01:00
|
|
|
nix.registry.nixpkgs.flake = nixpkgs;
|
2021-11-25 00:59:46 +01:00
|
|
|
|
2021-11-26 00:14:44 +01:00
|
|
|
system.stateVersion = "21.05";
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
storage1 = nixpkgs.lib.nixosSystem {
|
|
|
|
|
system = "x86_64-linux";
|
2022-07-31 22:40:10 +02:00
|
|
|
specialArgs = { inherit nixpkgs; };
|
2021-11-26 00:14:44 +01:00
|
|
|
modules = [
|
2022-07-19 06:34:33 +02:00
|
|
|
defaultModuleArgs
|
2021-11-29 02:04:29 +01:00
|
|
|
sops-nix.nixosModules.sops
|
|
|
|
|
simple-nixos-mailserver.nixosModule
|
2021-11-26 00:14:44 +01:00
|
|
|
./profiles/storage.nix
|
|
|
|
|
(
|
|
|
|
|
{
|
2021-11-29 02:04:29 +01:00
|
|
|
sops.defaultSopsFile = ./secrets.enc.yml;
|
2021-11-26 00:14:44 +01:00
|
|
|
networking.hostName = "storage1";
|
|
|
|
|
networking.domain = "banditlair.com";
|
2021-11-29 02:04:29 +01:00
|
|
|
nix.registry.nixpkgs.flake = nixpkgs;
|
2021-11-26 00:14:44 +01:00
|
|
|
|
2021-11-25 00:33:28 +01:00
|
|
|
system.stateVersion = "21.05";
|
|
|
|
|
}
|
|
|
|
|
)
|
2021-07-15 17:09:32 +02:00
|
|
|
];
|
|
|
|
|
};
|
2021-11-25 00:33:28 +01:00
|
|
|
};
|
2021-09-02 16:11:58 +02:00
|
|
|
|
2021-11-29 02:04:29 +01:00
|
|
|
deploy.nodes =
|
|
|
|
|
let
|
|
|
|
|
createSystemProfile = configuration: {
|
2021-11-25 00:33:28 +01:00
|
|
|
user = "root";
|
|
|
|
|
sshUser = "root";
|
2021-11-29 02:04:29 +01:00
|
|
|
path = deploy-rs.lib.x86_64-linux.activate.nixos configuration;
|
2021-09-02 16:11:58 +02:00
|
|
|
};
|
2021-11-29 02:04:29 +01:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
db1 = {
|
|
|
|
|
hostname = "db1.banditlair.com";
|
|
|
|
|
profiles.system = createSystemProfile self.nixosConfigurations.db1;
|
2021-09-02 16:11:58 +02:00
|
|
|
};
|
2021-11-29 02:04:29 +01:00
|
|
|
backend1 = {
|
|
|
|
|
hostname = "backend1.banditlair.com";
|
|
|
|
|
profiles.system = createSystemProfile self.nixosConfigurations.backend1;
|
|
|
|
|
};
|
|
|
|
|
storage1 = {
|
|
|
|
|
hostname = "78.46.96.243";
|
|
|
|
|
profiles.system = createSystemProfile self.nixosConfigurations.storage1;
|
2021-11-26 00:14:44 +01:00
|
|
|
};
|
|
|
|
|
};
|
2021-11-25 00:33:28 +01:00
|
|
|
|
|
|
|
|
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
|
|
|
|
};
|
2021-07-15 13:38:22 +02:00
|
|
|
}
|
