commit 814c97ecec1ddc16b737fdbbf6233e98f8229701
parent e77080245ca90b1165190366c42337b98a40ad10
Author: Katja (ctucx) <git@ctu.cx>
Date: Tue, 11 Mar 2025 22:54:59 +0100
parent e77080245ca90b1165190366c42337b98a40ad10
Author: Katja (ctucx) <git@ctu.cx>
Date: Tue, 11 Mar 2025 22:54:59 +0100
reduce redundancy in nixos / darwin configuration
2 files changed, 81 insertions(+), 94 deletions(-)
diff --git a/flake.nix b/flake.nix @@ -25,6 +25,60 @@ loadDir = loader: src: inputs.haumea.lib.load { inherit src loader transformer; }; + systemConfiguration = nodeName: node: { + system = node.system; + + specialArgs = { + inherit inputs nodeName node; + dnsNix = inputs.dnsNix.lib; + nixStd = inputs.nixStd.lib; + secrets = inputs.self.secrets; + ctucxLib = inputs.self.lib; + ctucxConfig = inputs.self.ctucxConfig.nixos; + } // nixpkgsLib.optionalAttrs (nixpkgsLib.hasSuffix "darwin" node.system) { + ctucxConfig = inputs.self.ctucxConfig.darwin; + }; + + modules = [ + { nixpkgs.overlays = [ + inputs.self.overlays.packages + inputs.self.overlays.nixpkgsUnstable + + inputs.ctucxWebsite.overlays.default + ] ++ (if nixpkgsLib.hasSuffix "linux" node.system then [ + inputs.stagit.overlays.default + inputs.travelynx2fedi.overlays.default + inputs.mqttWebUI.overlays.default + inputs.ctucxThings.overlays.default + inputs.ctucxGallery.overlays.default + inputs.trainsearch.overlays.default + inputs.flauschehornSexy.overlays.default + inputs.gpxMap.overlays.default + inputs.mobileCoverageMap.overlays.default + ] else [ + inputs.self.overlays.darwinPackages + inputs.self.overlays.darwinOverlay + ]); } + + inputs.lixModule.nixosModules.default + node.configuration + ] ++ (if nixpkgsLib.hasSuffix "linux" node.system then [ + inputs.impermanence.nixosModules.default + inputs.homeManager.nixosModules.default + inputs.agenix.nixosModules.default + inputs.lanzaboote.nixosModules.lanzaboote + inputs.simpleNixosMailserver.nixosModules.default + inputs.ctucxThings.nixosModules.default + inputs.self.nixosModules.default + inputs.self.ctucxConfig.nixos.default + ] else [ + inputs.homeManager.darwinModules.default + inputs.agenix.darwinModules.default + inputs.self.darwinModules.default + inputs.self.ctucxConfig.darwin.default + ]); + }; + in { checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) (nixpkgsLib.filterAttrs (key: value: key != "x86_64-darwin") inputs.deploy-rs.lib); @@ -52,11 +106,11 @@ |> nixpkgsLib.mapAttrsRecursive (path: value: [ (nixpkgsLib.nameValuePair "secrets/${nixpkgsLib.concatStringsSep "/" path}.age" { publicKeys = ( - if inputs.self.nodes ? "${builtins.elemAt path 0}" then [ + if inputs.self.nodes ? "${builtins.head path}" then [ inputs.self.agenixKeys.main - inputs.self.agenixKeys."${builtins.elemAt path 0}" + inputs.self.agenixKeys."${builtins.head path}" ] else ( - if (builtins.elemAt path 0) == "global" then + if (builtins.head path) == "all" then inputs.self.agenixKeys else [ inputs.self.agenixKeys.main ] @@ -68,8 +122,6 @@ |> nixpkgsLib.flatten |> builtins.listToAttrs ) // { - "secrets/resticServer/briefkasten.age".publicKeys = with inputs.self.agenixKeys; [ main trabbi hector briefkasten ]; - "secrets/resticServer/wanderduene.age".publicKeys = with inputs.self.agenixKeys; [ main trabbi hector briefkasten ]; "secrets/briefkasten/influx/grafanaTokenMqttData.age".publicKeys = with inputs.self.agenixKeys; [ main briefkasten hector ]; }; @@ -80,91 +132,27 @@ darwin = nixpkgsLib.recursiveUpdate common (loadDir pathLoader ./configurations/darwin); }; - deploy.activationTimeout = 600; - deploy.confirmTimeout = 240; - deploy.nodes = builtins.mapAttrs (nodeName: node: { - hostname = node.config.networking.fqdn; - sshUser = "root"; - sshOpts = [ "-p" "${builtins.toString (nixpkgsLib.head node.config.services.openssh.ports)}" ]; - profiles.system = { - user = "root"; - path = inputs.deploy-rs.lib.${node.config.nixpkgs.system}.activate.nixos node; - }; - }) inputs.self.nixosConfigurations; - - nixosConfigurations = builtins.mapAttrs (nodeName: node: nixpkgsLib.nixosSystem { - system = node.system; - - specialArgs = { - inherit inputs nodeName node; - secrets = inputs.self.secrets; - ctucxConfig = inputs.self.ctucxConfig.nixos; - ctucxLib = inputs.self.lib; - dnsNix = inputs.dnsNix.lib; - nixStd = inputs.nixStd.lib; - }; - - modules = [ - { nixpkgs.overlays = [ - inputs.self.overlays.packages - inputs.self.overlays.nixpkgsUnstable - - inputs.stagit.overlays.default - inputs.travelynx2fedi.overlays.default - - inputs.mqttWebUI.overlays.default - inputs.ctucxThings.overlays.default - inputs.ctucxGallery.overlays.default - inputs.ctucxWebsite.overlays.default - inputs.trainsearch.overlays.default - inputs.flauschehornSexy.overlays.default - inputs.gpxMap.overlays.default - inputs.mobileCoverageMap.overlays.default - ]; } - - inputs.lixModule.nixosModules.default - inputs.impermanence.nixosModules.default - inputs.homeManager.nixosModules.default - inputs.agenix.nixosModules.default - inputs.lanzaboote.nixosModules.lanzaboote - inputs.simpleNixosMailserver.nixosModules.default - inputs.ctucxThings.nixosModules.default - inputs.self.nixosModules.default - inputs.self.ctucxConfig.nixos.default - node.configuration - ]; - }) (nixpkgsLib.filterAttrs (name: machine: nixpkgsLib.strings.hasSuffix "linux" machine.system) inputs.self.nodes); - - darwinConfigurations = builtins.mapAttrs (nodeName: node: inputs.nixDarwin.lib.darwinSystem { - system = node.system; - - specialArgs = { - inputs = inputs; - ctucxConfig = inputs.self.ctucxConfig.darwin; - ctucxLib = inputs.self.lib; - secrets = inputs.self.secrets; - nixStd = inputs.nixStd.lib; - }; - - modules = [ - { nixpkgs.overlays = [ - inputs.self.overlays.nixpkgsUnstable - inputs.self.overlays.packages - inputs.self.overlays.darwinPackages - inputs.self.overlays.darwinOverlay - - inputs.ctucxWebsite.overlays.default - ]; } - inputs.lixModule.nixosModules.default - inputs.homeManager.darwinModules.default - inputs.agenix.darwinModules.default - inputs.self.darwinModules.default - inputs.self.ctucxConfig.darwin.default - node.configuration - ]; - - }) (nixpkgsLib.filterAttrs (name: machine: nixpkgsLib.strings.hasSuffix "darwin" machine.system) inputs.self.nodes); - + nixosConfigurations = builtins.mapAttrs (nodeName: node: ( + nixpkgsLib.nixosSystem (systemConfiguration nodeName node) + )) (nixpkgsLib.filterAttrs (nodeName: node: nixpkgsLib.hasSuffix "linux" node.system) inputs.self.nodes); + + darwinConfigurations = builtins.mapAttrs (nodeName: node: ( + inputs.nixDarwin.lib.darwinSystem (systemConfiguration nodeName node) + )) (nixpkgsLib.filterAttrs (nodeName: node: nixpkgsLib.hasSuffix "darwin" node.system) inputs.self.nodes); + + deploy = { + activationTimeout = 600; + confirmTimeout = 240; + nodes = builtins.mapAttrs (nodeName: node: { + hostname = node.config.networking.fqdn; + sshUser = "root"; + sshOpts = [ "-p" "${builtins.toString (nixpkgsLib.head node.config.services.openssh.ports)}" ]; + profiles.system = { + user = "root"; + path = inputs.deploy-rs.lib.${node.config.nixpkgs.system}.activate.nixos node; + }; + }) inputs.self.nixosConfigurations; + }; }; inputs = { @@ -177,7 +165,6 @@ flakeUtils.inputs.systems.follows = "nixSystemsDefault"; flakeParts.inputs.nixpkgs-lib.follows = "nixpkgs"; - # nixpkgs nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgsDarwin.url = "github:NixOS/nixpkgs/nixpkgs-24.11-darwin";
diff --git a/machines/blechkasten/default.nix b/machines/blechkasten/default.nix @@ -4,10 +4,10 @@ sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMnLFWr1zTU8sEJr3XZaRoLxto0QAB9HOQRbyDphBS+"; - configuration = { config, pkgs, lib, ... }: { + configuration = { nodeName, config, pkgs, lib, ... }: { - networking.hostName = "blechkasten"; - networking.computerName = config.networking.hostName; + networking.hostName = nodeName; + networking.computerName = nodeName; home-manager.users.katja.home.stateVersion = "24.11"; system.stateVersion = 4;