fern/flock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: fern:b23046ea5d09432294e9181e5b47c3286e03dbdd
Branches Tags
fern:main
fern:testing
..
compare: fern:7417d918095fb4041e5e794bdbb231ca0cb1e20f
Branches Tags
fern:testing
fern:main

No commits in common. "b23046ea5d09432294e9181e5b47c3286e03dbdd" and "7417d918095fb4041e5e794bdbb231ca0cb1e20f" have entirely different histories.
b23046ea5d ... 7417d91809

5 changed files with 85 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

5
flake.nix
View file

@ -103,10 +103,5 @@
(mkHost "nextcloud" {
suite = "server/lxc";
})
# Container for managing server flock.
(mkHost "ornithologist" {
suite = "server/lxc";
})
];
}

166
helpers.nix
View file

@ -12,101 +12,99 @@ with inputs.nixpkgs.lib; {
suite ? "",
docker ? false,
hostModules ? [],
}: let
# Secrets directory.
secrets = builtins.toString inputs.secrets;
}:
{
nixosConfigurations.${hostname} = nixosSystem rec {
# Architecture.
system = platform;
# Architecture.
system = platform;
# nixpkgs config.
pkgs = import nixpkgs {
inherit system;
# Stable nixpkgs with overlay.
pkgs = import nixpkgs {
inherit system;
config = {
# Allow installation of proprietary software.
allowUnfree = true;
# Allow the installation of packages marked as insecure in nixpkgs.
permittedInsecurePackages = [
"dotnet-sdk-6.0.428" # For WebOne.
"dotnet-runtime-6.0.36" # For WebOne.
];
};
# Import my overlays.
overlays = [
(import ./overlay.nix {inherit nixpkgs-unstable nixpkgs-pr-feishin;})
];
};
# deploy-rs.
deployPkgs = import nixpkgs {
inherit system;
overlays = [
deploy-rs.overlays.default
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = super.deploy-rs.lib;
config = {
# Allow installation of proprietary software.
allowUnfree = true;
# Allow the installation of packages marked as insecure in nixpkgs.
permittedInsecurePackages = [
"dotnet-sdk-6.0.428" # For WebOne.
"dotnet-runtime-6.0.36" # For WebOne.
];
};
})
];
};
in {
nixosConfigurations.${hostname} = nixosSystem {
inherit system pkgs;
specialArgs = {
# Pass variables to config.
inherit inputs secrets hostname;
};
# Import my overlays.
overlays = [
(import ./overlay.nix {inherit nixpkgs-unstable nixpkgs-pr-feishin;})
];
};
modules =
[
nixvim.nixosModules.nixvim # Neovim.
lanzaboote.nixosModules.lanzaboote # Secure boot.
sops-nix.nixosModules.sops # Secrets management.
specialArgs = {
# Pass hostname & inputs to config.
inherit inputs hostname;
./suites/${suite} # Collection of configuration options for different types of systems.
./hosts/${hostname} # Host-specific config.
# Secrets directory.
secrets = builtins.toString inputs.secrets;
};
# Home manager.
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "backup";
users.fern = {
# Me!
home.username = "fern";
home.homeDirectory = "/home/fern";
modules =
[
nixvim.nixosModules.nixvim # Neovim.
lanzaboote.nixosModules.lanzaboote # Secure boot.
sops-nix.nixosModules.sops # Secrets management.
# Home manager version.
home.stateVersion = "25.05";
./suites/${suite} # Collection of configuration options for different types of systems.
./hosts/${hostname} # Host-specific config.
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
# Home manager.
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "backup";
users.fern = {
# Me!
home.username = "fern";
home.homeDirectory = "/home/fern";
# Import config.
imports = [./suites/${suite}/home.nix];
# Home manager version.
home.stateVersion = "25.05";
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
# Import config.
imports = [./suites/${suite}/home.nix];
};
};
};
}
]
++ hostModules # Host-specific modules.
++ optionals (docker == true) [./suites/server/docker] # Enable docker if required.
++ (filesystem.listFilesRecursive ./modules); # Custom modules.
};
deploy.nodes.${hostname} = mkIf (strings.hasPrefix "server" suite) {
hostname = "${hostname}.local";
profiles.system = {
user = "root";
sshuser = "fern";
path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${hostname};
}
]
++ hostModules # Host-specific modules.
++ optionals (docker == true) [./suites/server/docker] # Enable docker if required.
++ (filesystem.listFilesRecursive ./modules); # Custom modules.
};
}
// optionalAttrs (strings.hasPrefix "server" suite) {
deploy.nodes.${hostname} = let
deployPkgs = import nixpkgs {
inherit system;
overlays = [
deploy-rs.overlays.default
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = super.deploy-rs.lib;
};
})
];
};
in {
hostname = "${hostname}.local";
profiles.system = {
user = "root";
sshuser = "fern";
path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.${hostname};
};
};
};
};
}

3
hosts/muskduck/default.nix
View file

@ -39,9 +39,6 @@ with lib; {
];
};
# Allow emulating aarch64 to build for Raspberry Pi.
boot.binfmt.emulatedSystems = ["aarch64-linux"];
# Share Music dir.
services.samba = {
enable = true;

7
hosts/ornithologist/default.nix
View file

@ -1,7 +0,0 @@
{pkgs, ...}: {
# Allow emulating aarch64 to build for Raspberry Pi.
boot.binfmt.emulatedSystems = ["aarch64-linux"];
# Install some packages.
environment.systemPackages = with pkgs; [deploy-rs];
}

3
suites/desktop/default.nix
View file

@ -26,6 +26,9 @@ with lib; {
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
# Allow emulating aarch64 to build for Raspberry Pi.
binfmt.emulatedSystems = ["aarch64-linux"];
};
# Enable smart card support (for YubiKey).