jahanson/forgejo-ci-runners
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'cachix-deploy' (#46) from cachix-deploy into main

Browse source 
Reviewed-on: #46
This commit is contained in:
Joseph Hanson 2024-06-19 10:31:04 -05:00
commit 9fd630f81d
2 changed files with 660 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

571
flake.lock
View file

@ -1,8 +1,124 @@
{ {
"nodes": { "nodes": {
"cachix-deploy-flake": {
"inputs": {
"darwin": "darwin",
"disko": "disko",
"home-manager": "home-manager",
"nixos-anywhere": "nixos-anywhere",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1716236735,
"narHash": "sha256-/VTQfiobFPcEyBjWgvI1NBDBIoolPNhvRvbnTekLav8=",
"owner": "cachix",
"repo": "cachix-deploy-flake",
"rev": "63ad0e83b5873909902ea55a69663e8122bd3b56",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "cachix-deploy-flake",
"type": "github"
}
},
"cachix-flake": {
"inputs": {
"devenv": "devenv",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1718730519,
"narHash": "sha256-9/Jmflf9vs97uG0UyJXBSxsZzkpH9xOdeMMwBYhfHfQ=",
"owner": "cachix",
"repo": "cachix",
"rev": "7913ce3dce4439907a259480cf03ca3c5dd75725",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "cachix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"cachix-deploy-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715871485,
"narHash": "sha256-ywapEXmBBI+DVRx/YYC6+6Lk+W8vhShz1uJNvqPKzng=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "cb02884fa1ff5a619a44ab5f1bcc4dedd2d623c2",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"devenv": {
"inputs": {
"flake-compat": [
"cachix-flake",
"flake-compat"
],
"nix": "nix",
"nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix",
"pre-commit-hooks": [
"cachix-flake",
"pre-commit-hooks"
]
},
"locked": {
"lastModified": 1708704632,
"narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=",
"owner": "cachix",
"repo": "devenv",
"rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "python-rewrite",
"repo": "devenv",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"cachix-deploy-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715822638,
"narHash": "sha256-Z4ZoyK8jYRmBZwMaEZLEmAilrfdpekwwwohliqC14/E=",
"owner": "nix-community",
"repo": "disko",
"rev": "476eef8d85aa09389ae7baf6e6b60357f6a01432",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"disko_2": {
"inputs": {
"nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1718588625, "lastModified": 1718588625,
@ -18,23 +134,321 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "flake-compat": {
"flake": false,
"locked": { "locked": {
"lastModified": 1718276985, "lastModified": 1673956053,
"narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"cachix-deploy-flake",
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"cachix-flake",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"cachix-deploy-flake",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715486357,
"narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"cachix-flake",
"devenv",
"nixpkgs"
],
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1708577783,
"narHash": "sha256-92xq7eXlxIT5zFNccLpjiP7sdQqQI30Gyui2p/PfKZM=",
"owner": "domenkozar",
"repo": "nix",
"rev": "ecd0af0c1f56de32cbad14daa1d82a132bf298f8",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "devenv-2.21",
"repo": "nix",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"cachix-flake",
"devenv",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688870561,
"narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "165b1650b753316aa7f1787f3005a8d2da0f5301",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixos-anywhere": {
"inputs": {
"disko": [
"cachix-deploy-flake",
"disko"
],
"flake-parts": "flake-parts",
"nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": [
"cachix-deploy-flake",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1715150548,
"narHash": "sha256-pb2xIGuzzkPOjUlZnBahpfQWVvtCSOcW8vLL7rQUiEY=",
"owner": "numtide",
"repo": "nixos-anywhere",
"rev": "242444d228636b1f0e89d3681f04a75254c29f66",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixos-anywhere",
"type": "github"
}
},
"nixos-images": {
"inputs": {
"nixos-2311": [
"cachix-deploy-flake",
"nixos-anywhere",
"nixos-stable"
],
"nixos-unstable": [
"cachix-deploy-flake",
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702375325,
"narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-stable": {
"locked": {
"lastModified": 1702233072,
"narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3f84a279f1a6290ce154c5531378acc827836fbb", "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixpkgs-unstable", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": {
"locked": {
"lastModified": 1713995372,
"narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=",
"path": "/nix/store/22chir190mpfvp59lgh39q7fp7w77br9-source",
"rev": "dd37924974b9202f8226ed5d74a252a9785aedf8",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1718478900, "lastModified": 1718478900,
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
@ -51,6 +465,38 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1692808169,
"narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9201b5ff357e781bf014d0330d18555695df7ba8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1718276985,
"narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3f84a279f1a6290ce154c5531378acc827836fbb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1718437845, "lastModified": 1718437845,
"narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=", "narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=",
@ -66,7 +512,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1718541509, "lastModified": 1718541509,
"narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=", "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=",
@ -82,10 +528,61 @@
"type": "github" "type": "github"
} }
}, },
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"cachix-flake",
"devenv",
"nixpkgs"
]
},
"locked": {
"lastModified": 1692876271,
"narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2",
"gitignore": "gitignore",
"nixpkgs": [
"cachix-flake",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1715609711,
"narHash": "sha256-/5u29K0c+4jyQ8x7dUIEUWlz2BoTSZWUP2quPwFCE7M=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "c182c876690380f8d3b9557c4609472ebfa1b141",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "cachix-deploy-flake": "cachix-deploy-flake",
"nixpkgs": "nixpkgs_2", "cachix-flake": "cachix-flake",
"disko": "disko_2",
"nixpkgs": "nixpkgs_4",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"srvos": "srvos" "srvos": "srvos"
} }
@ -95,7 +592,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1718506969, "lastModified": 1718506969,
@ -113,7 +610,7 @@
}, },
"srvos": { "srvos": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1718585173, "lastModified": 1718585173,
@ -128,6 +625,58 @@
"repo": "srvos", "repo": "srvos",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"cachix-deploy-flake",
"nixos-anywhere",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702376629,
"narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

158
flake.nix
View file

@ -5,6 +5,11 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
srvos.url = "github:numtide/srvos"; srvos.url = "github:numtide/srvos";
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake";
cachix-flake = {
url = "github:cachix/cachix";
inputs.nixpkgs.follows = "nixpkgs";
};
# sops-nix - secrets with mozilla sops # sops-nix - secrets with mozilla sops
# https://github.com/Mic92/sops-nix # https://github.com/Mic92/sops-nix
sops-nix = { sops-nix = {
@ -13,18 +18,22 @@
}; };
}; };
outputs = { self, sops-nix, nixpkgs, srvos, disko, ... }@inputs: outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-flake, cachix-deploy-flake, ... }@inputs:
let let
lib = nixpkgs.lib; lib = nixpkgs.lib;
inherit (self) outputs; common = system: rec {
in { pkgs = import nixpkgs {
nixosConfigurations = inherit system;
{ overlays = [
"fj-hetzner-aarch64-01" = lib.nixosSystem { (final: prev: {
system = "aarch64-linux"; cachix = cachix-flake.packages.${system}.default;
specialArgs = {inherit inputs outputs;}; })
modules = [ ];
sops-nix.nixosModules.sops };
cachix-deploy-lib = cachix-deploy-flake.lib pkgs;
};
aarch64-linux-modules = [
sops-nix.nixosModules.sops
srvos.nixosModules.hardware-hetzner-cloud srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot srvos.nixosModules.mixins-systemd-boot
@ -41,55 +50,88 @@
]; ];
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password"; services.openssh.settings.PermitRootLogin = "without-password";
}]; }
];
x86_64-linux-modules = [
sops-nix.nixosModules.sops
./hardware/shadowfax-kubevirt.nix
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
./agents/fj-shadowfax-x86_64.nix
(import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-shadowfax-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}
];
in
{
# NixOS configurations for manual deployment
nixosConfigurations =
{
"fj-hetzner-aarch64-01" = lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs; };
modules = aarch64-linux-modules;
}; };
"fj-shadowfax-01" = lib.nixosSystem { "fj-shadowfax-01" = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs; };
modules = [ modules = x86_64-linux-modules;
sops-nix.nixosModules.sops
./hardware/shadowfax-kubevirt.nix
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
./agents/fj-shadowfax-x86_64.nix
(import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-shadowfax-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}];
};
"fj-shadowfax-02" = lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
sops-nix.nixosModules.sops
./hardware/shadowfax-kubevirt.nix
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
./agents/fj-shadowfax-x86_64.nix
(import ./disko-shadowfax-kubevirt.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-shadowfax-02";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}];
}; };
}; };
# Cachix deploy for automated deployments
packages.aarch64-linux.default =
let
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
in
cachix-deploy-lib.nixos {
# system = "aarch64-linux";
imports = aarch64-linux-modules;
};
packages.x86_64-linux.default =
let
inherit (common "x86_64-linux") cachix-deploy-lib pkgs;
in
cachix-deploy-lib.nixos {
imports = x86_64-linux-modules;
};
# Constructs a deploy.json output that can be used to deploy the runners
# https://docs.cachix.org/deploy/reference#deploy-json
deploy-json =
let
inherit (common "aarch64-linux") cachix-deploy-lib;
in
cachix-deploy-lib.spec
{
agents = {
"fj-hetzner-aarch64-01" =
let
inherit (common "aarch64-linux") cachix-deploy-lib pkgs;
in
cachix-deploy-lib.nixos {
# system = "aarch64-linux";
imports = aarch64-linux-modules;
};
"fj-shadowfax-01" =
let
inherit (common "x86_64-linux") cachix-deploy-lib pkgs;
in
cachix-deploy-lib.nixos {
imports = x86_64-linux-modules;
};
};
};
# Convenience output that aggregates the outputs for home, nixos. # Convenience output that aggregates the outputs for home, nixos.
# Also used in ci to build targets generally. # Also used in ci to build targets generally.
top = top =
@ -99,5 +141,5 @@
(attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel);
in in
nixtop; nixtop;
}; };
} }