-
Notifications
You must be signed in to change notification settings - Fork 0
/
flake.nix
128 lines (122 loc) · 4.56 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
{
description = "my project description";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs";
dream2nix.url = "github:nix-community/dream2nix";
dream2nix.inputs.nixpkgs.follows = "nixpkgs";
# separate flake
# Setup vm disks
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
# Manage secrets
# sops-nix.url = "github:Mic92/sops-nix";
# sops-nix.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
# optionally choose not to download darwin deps (saves some resources on Linux)
agenix.inputs.darwin.follows = "";
};
outputs = { self, nixpkgs, dream2nix, disko, agenix }@attrs:
let
pkgs = nixpkgs.legacyPackages."x86_64-linux";
lib = nixpkgs.lib // builtins;
systems = [ "x86_64-linux" ];
system = "x86_64-linux";
forAllSystems = f:
lib.genAttrs systems
(system: f system (nixpkgs.legacyPackages.${system}));
in {
packages."x86_64-linux".rustnixos =
pkgs.callPackage ./nix/rustnixos.package.nix { };
packages."x86_64-linux".migration-data =
pkgs.callPackage ./nix/migration-data.package.nix { };
nixosModules.rustnixos = import ./module.nix;
nixosModules.default = import ./module.nix;
nixosModules.caddy = import ./nix/caddy.module.nix;
nixosModules.db-dev = import ./nix/postgresql-dev.nix;
# Run database+migration only in container for dev
nixosConfigurations.db-dev = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = attrs // {
inherit (self.packages.${system}) migration-data;
inherit system;
};
modules = [
self.nixosModules.db-dev
({ pkgs, config, ... }: {
boot.isContainer = true;
system.stateVersion = "23.11";
# firewall seem to be enabled by default
networking.firewall.enable = false;
})
];
};
# Run whole setup in container
nixosConfigurations.all = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = attrs // {
inherit (self.packages.${system}) migration-data;
inherit system;
};
modules = [
self.nixosModules.rustnixos
self.nixosModules.caddy
({ pkgs, config, ... }: {
# Only allow this to boot as a container
boot.isContainer = true;
system.stateVersion = "23.11";
})
];
};
#-----------------------------------------------------------
# The following line names the configuration as hetzner-cloud
# This name will be referenced when nixos-remote is run
#-----------------------------------------------------------
nixosConfigurations.hetzner-cloud = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = attrs // {
inherit (self.packages.${system}) migration-data;
inherit system;
};
modules = [
({ modulesPath, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
disko.nixosModules.disko
agenix.nixosModules.default
self.nixosModules.rustnixos
self.nixosModules.caddy
];
disko.devices =
import ./nix/disk-config.disko.nix { lib = nixpkgs.lib; };
age.secrets.secret1.file = ./secrets/secret1.age;
boot.loader.grub = {
devices = [ "/dev/sda" ];
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh.enable = true;
system.stateVersion = "23.11";
#-------------------------------------------------------
# Change the line below replacing <insert your key here>
# with your own ssh public key
#-------------------------------------------------------
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV/MZW0GP6guibA1rNwPwK6Q0WGg1of6MQRMpeqiUR8 mahene"
];
})
];
};
};
# // dream2nix.lib.makeFlakeOutputs {
# inherit systems;
# config.projectRoot = ./.;
# source =
# lib.sourceFilesBySuffices ./. [ ".rs" "Cargo.toml" "Cargo.lock" ];
# projects."rust-nixos" = {
# name = "2rust-nixos";
# translator = "cargo-lock";
# };
# };
}