parent
f2bc058e20
commit
65fc8af6d8
@ -1,40 +0,0 @@
|
||||
# common/default.nix
|
||||
|
||||
# inputs to this NixOS module. We don't use any here
|
||||
# so we can ignore them all.
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
# User account definitions
|
||||
./users
|
||||
];
|
||||
|
||||
# clean /tmp on boot.
|
||||
boot.cleanTmpDir = true;
|
||||
# Allow any admin to build packages, not just root.
|
||||
## if you don't set this then your sshUser MUST BE ROOT, or you'll get untrusted sig errors.
|
||||
nix.settings.trusted-users = [ "@wheel" ];
|
||||
|
||||
# Automatically optimize the Nix store to save space
|
||||
# by hard-linking identical files together. These savings
|
||||
# add up.
|
||||
#nix.settings.autoOptimiseStore = true;
|
||||
|
||||
# Limit the systemd journal to 100 MB of disk or the
|
||||
# last 7 days of logs, whichever happens first.
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=100M
|
||||
MaxFileSec=7day
|
||||
'';
|
||||
|
||||
# Use systemd-resolved for DNS lookups, but disable
|
||||
# its dnssec support because it is kinda broken in
|
||||
# surprising ways.
|
||||
|
||||
# Who is surprised that dnssec is broken? no one.
|
||||
# services.resolved = {
|
||||
# enable = true;
|
||||
# dnssec = "false";
|
||||
# };
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
# common/users/default.nix
|
||||
|
||||
# Inputs to this NixOS module, in this case we are
|
||||
# using `pkgs` so I can configure my favorite shell fish
|
||||
# and `config` so we can make my SSH key also work with
|
||||
# the root user.
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
# The block that specifies my user account.
|
||||
users.users.josiah = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.bash;
|
||||
|
||||
# My SSH keys.
|
||||
openssh.authorizedKeys.keys = [
|
||||
# Replace this with your SSH key!
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
|
||||
];
|
||||
};
|
||||
}
|
@ -1,95 +0,0 @@
|
||||
{
|
||||
"nodes": {
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1674127017,
|
||||
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1671417167,
|
||||
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1672580127,
|
||||
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0874168639713f547c05947c76124f78441ea46c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-22.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"deploy-rs": "deploy-rs",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
@ -1,117 +0,0 @@
|
||||
{
|
||||
description = "Test deployment for my server cluster";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url =
|
||||
"github:nixos/nixpkgs/nixos-22.05"; # change this to your desired NixOS version
|
||||
# For accessing `deploy-rs`'s utility Nix functions
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, deploy-rs }: {
|
||||
nixosConfigurations.seraph = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
../hosts/seraph/configuration.nix
|
||||
../common/default.nix
|
||||
];
|
||||
};
|
||||
nixosConfigurations.demiurge = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
../hosts/demiurge/configuration.nix
|
||||
../common/default.nix
|
||||
];
|
||||
};
|
||||
nixosConfigurations.exgod = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
../hosts/exgod/configuration.nix
|
||||
../common/default.nix
|
||||
];
|
||||
};
|
||||
|
||||
nixosConfigurations.hoyden = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
../hosts/hoyden/configuration.nix
|
||||
../common/default.nix
|
||||
];
|
||||
};
|
||||
|
||||
deploy.nodes.hoyden = {
|
||||
hostname = "hoyden";
|
||||
user = "root";
|
||||
sshUser = "josiah";
|
||||
# magicRollback = false;
|
||||
remoteBuild = false;
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.hoyden;
|
||||
|
||||
# This forces ssh to connect over IPv4.
|
||||
sshOpts = [ "-4" ];
|
||||
|
||||
profiles.system = {
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.hoyden;
|
||||
};
|
||||
};
|
||||
|
||||
deploy.nodes.seraph = {
|
||||
hostname = "seraph";
|
||||
user = "root";
|
||||
sshUser = "alice";
|
||||
# magicRollback = false;
|
||||
remoteBuild = false;
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.seraph;
|
||||
|
||||
# This forces ssh to connect over IPv4.
|
||||
sshOpts = [ "-4" ];
|
||||
|
||||
profiles.system = {
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.seraph;
|
||||
};
|
||||
};
|
||||
deploy.nodes.demiurge = {
|
||||
hostname = "demiurge";
|
||||
user = "root";
|
||||
sshUser = "alice";
|
||||
# magicRollback = false;
|
||||
remoteBuild = false;
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.demiurge;
|
||||
|
||||
# This forces ssh to connect over IPv4.
|
||||
sshOpts = [ "-4" ];
|
||||
|
||||
profiles.system = {
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.demiurge;
|
||||
};
|
||||
};
|
||||
deploy.nodes.exgod = {
|
||||
hostname = "exgod";
|
||||
user = "root";
|
||||
sshUser = "alice";
|
||||
# magicRollback = false;
|
||||
remoteBuild = false;
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.exgod;
|
||||
|
||||
# This forces ssh to connect over IPv4.
|
||||
sshOpts = [ "-4" ];
|
||||
|
||||
profiles.system = {
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.exgod;
|
||||
};
|
||||
};
|
||||
|
||||
# This is highly advised, and will prevent many possible mistakes
|
||||
checks =
|
||||
builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy)
|
||||
deploy-rs.lib;
|
||||
};
|
||||
}
|
@ -1,25 +0,0 @@
|
||||
{
|
||||
description = "Hoyden's Flake";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url =
|
||||
"github:nixos/nixpkgs/nixos-22.05"; # change this to your desired NixOS version
|
||||
# For accessing `deploy-rs`'s utility Nix functions
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
unstableTarball = fetchTarball
|
||||
"https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, unstableTarball }@attrs: {
|
||||
nixosConfigurations.hoyden = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = attrs;
|
||||
modules = [ ./configuration.nix ];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
/nix/store/lwyi13rbiw9afcjps9fyiarjfkjkqq12-morph
|
@ -1 +0,0 @@
|
||||
hoyden:mzRpcmjuqPqre3Si990zXvAeD9xwqRJMezGsxdXV2vTayggi7ycd8bhQlPQGg3u2YhjbaztvTo1bogdeAlI/bg==
|
@ -1 +0,0 @@
|
||||
hoyden:2soIIu8nHfG4UJT0BoN7tmIY22s7b06NW6IHXgJSP24=
|
@ -1,40 +0,0 @@
|
||||
# ops/home/network.nix
|
||||
|
||||
{
|
||||
# Configuration for the network in general.
|
||||
network = { description = "home.jowj.net cluster definition"; };
|
||||
|
||||
# This specifies the configuration for
|
||||
# `seraph` as a NixOS module.
|
||||
|
||||
# "seraph" = { config, pkgs, lib, ... }: {
|
||||
# deployment.targetUser = "alice";
|
||||
# deployment.targetHost = "seraph";
|
||||
|
||||
# # Import seraph configuration.nix
|
||||
# imports = [
|
||||
# ../../hosts/seraph/configuration.nix
|
||||
# ../../common ];
|
||||
# };
|
||||
|
||||
"exgod" = { config, pkgs, lib, ... }: {
|
||||
deployment.targetUser = "alice";
|
||||
deployment.targetHost = "exgod";
|
||||
|
||||
# Import exgod configuration.nix
|
||||
imports = [
|
||||
../../hosts/exgod/configuration.nix
|
||||
../../common ];
|
||||
};
|
||||
|
||||
"hoyden" = { config, pkgs, lib, ... }: {
|
||||
deployment.targetUser = "alice";
|
||||
deployment.targetHost = "hoyden";
|
||||
|
||||
# Import seraph configuration.nix
|
||||
imports = [
|
||||
../../hosts/hoyden/configuration.nix
|
||||
../../common ];
|
||||
};
|
||||
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
#!/usr/bin/env nix-shell
|
||||
|
||||
# Specify the packages we are using in this
|
||||
# script as well as the fact that we are running it
|
||||
# in bash.
|
||||
#! nix-shell -p morph -i bash
|
||||
|
||||
# Explode on any error.
|
||||
set -e
|
||||
|
||||
# Build the system configurations for every
|
||||
# machine in this network and register them as
|
||||
# garbage collector roots so `nix-collect-garbage`
|
||||
# doesn't sweep them away.
|
||||
morph build --keep-result ~/Documents/projects/adc/nixos-configs/ops/home/network.nix
|
||||
|
||||
# Push the config to the hosts.
|
||||
morph push ~/Documents/projects/adc/nixos-configs/ops/home/network.nix
|
||||
|
||||
# Activate the NixOS configuration on the
|
||||
# network.
|
||||
morph deploy ~/Documents/projects/adc/nixos-configs/ops/home/network.nix test
|
@ -1,40 +0,0 @@
|
||||
let
|
||||
pkgs = import (import ../nixpkgs.nix) {};
|
||||
in
|
||||
{
|
||||
network = {
|
||||
inherit pkgs;
|
||||
description = "simple hosts";
|
||||
ordering = {
|
||||
tags = [ "db" "web" ];
|
||||
};
|
||||
};
|
||||
|
||||
"web01" = { config, pkgs, ... }: {
|
||||
deployment.tags = [ "web" ];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
services.nginx.enable = true;
|
||||
|
||||
fileSystems = {
|
||||
"/" = { label = "nixos"; fsType = "ext4"; };
|
||||
"/boot" = { label = "boot"; fsType = "vfat"; };
|
||||
};
|
||||
};
|
||||
|
||||
"db01" = { config, pkgs, ... }: {
|
||||
deployment.tags = [ "db" ];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
services.postgresql.enable = true;
|
||||
|
||||
fileSystems = {
|
||||
"/" = { label = "nixos"; fsType = "ext4"; };
|
||||
"/boot" = { label = "boot"; fsType = "vfat"; };
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in new issue