2024-12-12 14:41:43 +01:00
|
|
|
# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
|
|
|
|
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: EUPL-1.2
|
2024-02-02 10:51:31 +01:00
|
|
|
|
2024-07-11 10:33:01 +02:00
|
|
|
{
|
|
|
|
sources ? import ./npins,
|
|
|
|
pkgs ? import sources.nixpkgs { },
|
|
|
|
}:
|
2024-02-02 10:51:31 +01:00
|
|
|
|
2024-07-11 10:33:01 +02:00
|
|
|
let
|
2024-11-11 17:52:23 +01:00
|
|
|
inherit (pkgs.lib)
|
|
|
|
isFunction
|
2024-11-14 22:18:40 +01:00
|
|
|
mapAttrs
|
2024-11-11 17:52:23 +01:00
|
|
|
mapAttrs'
|
|
|
|
nameValuePair
|
|
|
|
removeSuffix
|
|
|
|
;
|
|
|
|
|
2024-12-12 14:41:43 +01:00
|
|
|
nix-reuse = import sources.nix-reuse { inherit pkgs; };
|
2024-12-26 21:25:49 +01:00
|
|
|
nix-actions = import sources.nix-actions { inherit pkgs; };
|
2024-12-12 14:41:43 +01:00
|
|
|
|
2024-11-11 17:52:23 +01:00
|
|
|
git-checks = (import sources.git-hooks).run {
|
2024-09-10 21:10:55 +02:00
|
|
|
src = ./.;
|
|
|
|
|
|
|
|
hooks = {
|
2024-09-12 20:13:31 +02:00
|
|
|
statix = {
|
|
|
|
enable = true;
|
|
|
|
stages = [ "pre-push" ];
|
|
|
|
settings.ignore = [
|
2024-09-20 11:27:33 +02:00
|
|
|
"**/lon.nix"
|
2024-09-12 20:13:31 +02:00
|
|
|
"**/npins"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
deadnix = {
|
|
|
|
enable = true;
|
|
|
|
stages = [ "pre-push" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
nixfmt-rfc-style = {
|
|
|
|
enable = true;
|
|
|
|
stages = [ "pre-push" ];
|
2024-12-16 16:38:56 +01:00
|
|
|
package = pkgs.nixfmt-rfc-style;
|
2024-09-12 20:13:31 +02:00
|
|
|
};
|
2024-09-10 21:10:55 +02:00
|
|
|
|
2024-12-12 14:41:43 +01:00
|
|
|
reuse = nix-reuse.hook {
|
|
|
|
enable = true;
|
|
|
|
stages = [ "pre-push" ];
|
2025-01-04 12:00:59 +01:00
|
|
|
package = pkgs.reuse; # git-hooks.nix is lagging on nixpkgs update
|
2024-12-12 14:41:43 +01:00
|
|
|
};
|
|
|
|
|
2024-09-10 21:10:55 +02:00
|
|
|
commitizen.enable = true;
|
|
|
|
};
|
|
|
|
};
|
2024-11-11 17:52:23 +01:00
|
|
|
|
2024-12-12 14:41:43 +01:00
|
|
|
reuse = nix-reuse.install {
|
|
|
|
defaultLicense = "EUPL-1.2";
|
|
|
|
defaultCopyright = "La Délégation Générale Numérique <contact@dgnum.eu>";
|
|
|
|
|
|
|
|
downloadLicenses = true;
|
|
|
|
generatedPaths = [
|
|
|
|
"**/.envrc"
|
|
|
|
"**/Cargo.lock"
|
|
|
|
"**/_hardware-configuration.nix"
|
|
|
|
".gitignore"
|
|
|
|
"REUSE.toml"
|
|
|
|
"shell.nix"
|
|
|
|
];
|
|
|
|
|
|
|
|
annotations = [
|
|
|
|
# Auto-generated workflow files using nix-actions
|
|
|
|
{ path = [ ".forgejo/workflows/*" ]; }
|
|
|
|
|
|
|
|
# Secrets
|
|
|
|
{
|
|
|
|
path = [
|
|
|
|
"machines/**/secrets/*"
|
|
|
|
"modules/nixos/dgn-backups/keys/*"
|
|
|
|
"modules/nixos/dgn-netbox-agent/secrets/netbox-agent"
|
|
|
|
"modules/nixos/dgn-notify/mail"
|
|
|
|
"modules/nixos/dgn-records/__arkheon-token_file"
|
|
|
|
];
|
|
|
|
license = "CC-BY-NC-ND-4.0";
|
|
|
|
}
|
|
|
|
|
|
|
|
# Patches
|
|
|
|
{
|
|
|
|
path = [
|
2024-12-18 09:50:31 +01:00
|
|
|
"machines/nixos/compute01/ds-fr/01-smtp-tls.patch"
|
2024-12-12 14:41:43 +01:00
|
|
|
"machines/nixos/compute01/librenms/kanidm.patch"
|
|
|
|
"machines/nixos/compute01/stirling-pdf/*.patch"
|
|
|
|
"machines/nixos/vault01/k-radius/packages/01-python_path.patch"
|
2024-12-15 18:16:17 +01:00
|
|
|
"machines/nixos/web01/crabfit/*.patch"
|
2024-12-12 14:41:43 +01:00
|
|
|
"machines/nixos/web02/cas-eleves/01-pytest-cas.patch"
|
|
|
|
"patches/lix/01-disable-installChecks.patch"
|
2024-12-15 21:34:53 +01:00
|
|
|
"patches/nixpkgs/03-crabfit-karla.patch"
|
2024-12-12 14:41:43 +01:00
|
|
|
"patches/nixpkgs/05-netbird-relay.patch"
|
|
|
|
];
|
|
|
|
copyright = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
path = [ "patches/nixpkgs/06-netbox-qrcode.patch" ];
|
|
|
|
copyright = "2024 Maurice Debray <maurice.debray@dgnum.eu>";
|
|
|
|
}
|
2024-12-21 11:21:34 +01:00
|
|
|
{
|
|
|
|
path = [
|
|
|
|
"modules/nixos/extranix/0001-revert-don-t-parse-md-in-js.patch"
|
|
|
|
"modules/nixos/extranix/0002-chore-remove-useless-dependencies.patch"
|
|
|
|
"modules/nixos/extranix/0003-feat-separate-HTML-description-of-MD-description.patch"
|
|
|
|
"modules/nixos/extranix/0004-fix-indentation-of-ul.patch"
|
|
|
|
"modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch"
|
|
|
|
];
|
|
|
|
copyright = "2024 Lubin Bailly <lubin.bailly@dgnum.eu>";
|
|
|
|
}
|
2024-12-12 14:41:43 +01:00
|
|
|
|
|
|
|
# colmena wrapper
|
|
|
|
{
|
|
|
|
path = "lib/colmena/*";
|
|
|
|
license = "MIT";
|
|
|
|
}
|
|
|
|
|
|
|
|
# npins generated files
|
|
|
|
{
|
|
|
|
path = "**/npins/*";
|
|
|
|
license = "EUPL-1.2";
|
|
|
|
copyright = "The [npins](https://github.com/andir/npins) contributors";
|
|
|
|
}
|
2024-12-21 11:21:34 +01:00
|
|
|
|
|
|
|
# images
|
|
|
|
{
|
2024-12-28 22:37:26 +01:00
|
|
|
path = "machines/nixos/compute01/extranix/static-data/images/forgejo.png";
|
2024-12-21 11:21:34 +01:00
|
|
|
license = "GPL-3.0-or-later";
|
|
|
|
copyright = "The [forgejo](https://codeberg.org/forgejo/forgejo) contributors";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
path = [
|
2024-12-28 22:37:26 +01:00
|
|
|
"machines/nixos/compute01/extranix/static-data/images/dgnum.png"
|
|
|
|
"machines/nixos/compute01/extranix/static-data/images/favicon.ico"
|
|
|
|
"machines/nixos/compute01/extranix/static-data/images/favicon.png"
|
2024-12-21 11:21:34 +01:00
|
|
|
];
|
|
|
|
license = "LicenseRef-Reserved";
|
|
|
|
}
|
2024-12-12 14:41:43 +01:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2024-12-26 21:25:49 +01:00
|
|
|
workflows = nix-actions.install {
|
2024-11-11 17:52:23 +01:00
|
|
|
src = ./.;
|
|
|
|
|
|
|
|
workflows = mapAttrs' (
|
|
|
|
name: _:
|
|
|
|
nameValuePair (removeSuffix ".nix" name) (
|
|
|
|
let
|
|
|
|
w = import ./workflows/${name};
|
2024-12-26 21:25:49 +01:00
|
|
|
args = {
|
|
|
|
inherit nix-actions;
|
|
|
|
inherit (pkgs) lib;
|
|
|
|
};
|
2024-11-11 17:52:23 +01:00
|
|
|
in
|
2024-12-26 21:25:49 +01:00
|
|
|
if (isFunction w) then (w args) else w
|
2024-11-11 17:52:23 +01:00
|
|
|
)
|
|
|
|
) (builtins.readDir ./workflows);
|
|
|
|
};
|
2024-11-14 22:18:40 +01:00
|
|
|
|
2024-12-07 15:30:42 +01:00
|
|
|
scripts = import ./scripts { inherit pkgs sources; };
|
2024-02-02 10:51:31 +01:00
|
|
|
in
|
|
|
|
|
|
|
|
{
|
2024-03-10 01:03:30 +01:00
|
|
|
nodes = builtins.mapAttrs (
|
|
|
|
host: { site, ... }: "${host}.${site}.infra.dgnum.eu"
|
|
|
|
) (import ./meta/nodes.nix);
|
2024-02-19 23:14:27 +01:00
|
|
|
|
2024-02-23 12:20:12 +01:00
|
|
|
dns = import ./meta/dns.nix;
|
|
|
|
|
2024-12-10 11:14:10 +01:00
|
|
|
mkCacheSettings = import ./machines/nixos/storage01/tvix-cache/cache-settings.nix;
|
2024-10-06 23:54:00 +02:00
|
|
|
|
2024-11-14 22:18:40 +01:00
|
|
|
devShell = pkgs.mkShell {
|
|
|
|
name = "dgnum-infra";
|
2024-07-11 10:33:01 +02:00
|
|
|
|
2024-11-14 22:18:40 +01:00
|
|
|
packages = [
|
|
|
|
(pkgs.nixos-generators.overrideAttrs (_: {
|
|
|
|
version = "1.8.0-unstable";
|
|
|
|
src = sources.nixos-generators;
|
|
|
|
}))
|
|
|
|
pkgs.npins
|
2024-09-12 20:16:20 +02:00
|
|
|
|
2024-12-07 15:39:53 +01:00
|
|
|
# SSO testing
|
|
|
|
pkgs.kanidm
|
|
|
|
pkgs.freeradius
|
|
|
|
pkgs.picocom # for serial access
|
|
|
|
|
2024-12-07 13:03:35 +01:00
|
|
|
(pkgs.callPackage ./lib/colmena {
|
|
|
|
colmena = pkgs.callPackage "${sources.colmena}/package.nix" { };
|
|
|
|
})
|
2024-11-14 22:18:40 +01:00
|
|
|
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
|
|
|
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
|
2024-12-16 16:38:56 +01:00
|
|
|
] ++ git-checks.enabledPackages ++ (builtins.attrValues scripts);
|
2024-02-02 10:51:31 +01:00
|
|
|
|
2024-12-26 21:25:49 +01:00
|
|
|
shellHook = builtins.concatStringsSep "\n" [
|
|
|
|
git-checks.shellHook
|
|
|
|
reuse.shellHook
|
|
|
|
workflows.shellHook
|
|
|
|
];
|
2024-02-02 10:51:31 +01:00
|
|
|
|
2024-11-14 22:18:40 +01:00
|
|
|
preferLocalBuild = true;
|
2024-02-02 10:51:31 +01:00
|
|
|
|
2024-11-14 22:18:40 +01:00
|
|
|
###
|
|
|
|
# Alternative shells
|
2024-02-02 10:51:31 +01:00
|
|
|
|
2024-11-14 22:18:40 +01:00
|
|
|
passthru = mapAttrs (name: value: pkgs.mkShell (value // { inherit name; })) {
|
|
|
|
pre-commit.shellHook = git-checks.shellHook;
|
|
|
|
check-workflows.shellHook = workflows.shellHook;
|
2024-12-08 13:15:03 +01:00
|
|
|
eval-nodes.packages = [ scripts.cache-node ];
|
2024-12-21 14:01:10 +01:00
|
|
|
eval-shell.packages = [ scripts.nix-build-and-cache ];
|
2024-02-02 10:51:31 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|