chore: Abstract machines and modules
This adds subdirectories for the different types of systems, for the modules and the machines
This commit is contained in:
parent
c3f4e7ade6
commit
ecbad0a638
264 changed files with 49 additions and 38 deletions
hive.nix
machines
bridge01/secrets
geo01/secrets
geo02/secrets
nixos
bridge01
compute01
_configuration.nix_hardware-configuration.nixarkheon.nix
dgsi
ds-fr
grafana.nixhedgedoc.nixkanidm
librenms
mastodon.nixnextcloud.nixollama-proxy.nixoutline.nixplausible.nixpostgresql.nixrstudio-server.nixsatosa
secrets
arkheon-env_filebupstash-put_keydgsi-email_host_password_filedgsi-kanidm_auth_token_filedgsi-kanidm_secret_filedgsi-secret_key_filedgsi-x509_cert_filedgsi-x509_key_fileds-fr-secret_filegrafana-oauth_client_secret_filegrafana-smtp_password_filehedgedoc-environment_filelibrenms-database_password_filelibrenms-environment_filemastodon-extra_env_filemastodon-smtp-passwordnextcloud-adminpass_filenextcloud-s3_secret_fileoutline-oidc_client_secret_fileoutline-smtp_password_fileoutline-storage_secret_key_fileplausible-admin_user_password_fileplausible-secret_key_base_fileplausible-smtp_password_filesatosa-env_filesecrets.nixsignal-irc-bridge-configtelegraf-environment_filevaultwarden-environment_filezammad-secret_key_base_file
signal-irc-bridge.nixsignald.nixstirling-pdf
01-spotless.patch02-propsfile.patch03-jar-timestamps.patch04-local-maven-deps.patch05-java-output-test.patchdefault.nix
takumi.nixtelegraf.nixvaultwarden.nixzammad.nixgeo01
geo02
rescue01
storage01
24
hive.nix
24
hive.nix
|
@ -14,10 +14,7 @@ let
|
|||
nodes = builtins.attrNames nodes';
|
||||
|
||||
mkNode = node: {
|
||||
# Import the base configuration for each node
|
||||
imports = [ ./machines/${node}/_configuration.nix ];
|
||||
|
||||
deployment.systemType = "nixos";
|
||||
deployment.systemType = system node;
|
||||
};
|
||||
|
||||
nixpkgs' = import ./meta/nixpkgs.nix;
|
||||
|
@ -28,6 +25,7 @@ let
|
|||
# defaulting to the one defined in meta/nixpkgs
|
||||
version = node: nodes'.${node}.nixpkgs.version;
|
||||
system = node: nodes'.${node}.nixpkgs.system;
|
||||
category = node: nixpkgs'.categories.${system node};
|
||||
|
||||
nodePkgs = node: nixpkgs.${system node}.${version node};
|
||||
|
||||
|
@ -77,6 +75,7 @@ let
|
|||
meta = (import ./meta) lib;
|
||||
|
||||
nodeMeta = meta.nodes.${node};
|
||||
nodePath = "machines/${category node}/${node}";
|
||||
};
|
||||
in
|
||||
|
||||
|
@ -97,23 +96,32 @@ in
|
|||
nixos = {
|
||||
evalConfig = args: import "${args.specialArgs.sourcePkgs.path}/nixos/lib/eval-config.nix" args;
|
||||
defaults =
|
||||
{ name, nodeMeta, ... }:
|
||||
{
|
||||
name,
|
||||
nodeMeta,
|
||||
nodePath,
|
||||
sourcePkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
# Import the default modules
|
||||
imports = [
|
||||
./modules
|
||||
# Import the base configuration for each node
|
||||
./${nodePath}/_configuration.nix
|
||||
./modules/generic
|
||||
(import "${sources.lix-module}/module.nix" { inherit (sources) lix; })
|
||||
./modules/${category name}
|
||||
];
|
||||
|
||||
# Include default secrets
|
||||
age-secrets.sources = [ ./machines/${name}/secrets ];
|
||||
age-secrets.sources = [ ./${nodePath}/secrets ];
|
||||
|
||||
# Deployment config is specified in meta.nodes.${node}.deployment
|
||||
inherit (nodeMeta) deployment;
|
||||
|
||||
nix = {
|
||||
# Set NIX_PATH to the patched version of nixpkgs
|
||||
nixPath = [ "nixpkgs=${mkNixpkgs' (version name)}" ];
|
||||
nixPath = [ "nixpkgs=${sourcePkgs.path}" ];
|
||||
optimise.automatic = true;
|
||||
|
||||
gc = {
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
(import ../../../keys).mkSecrets [ "bridg01" ] [
|
||||
# List of secrets for bridge01
|
||||
]
|
|
@ -1,3 +0,0 @@
|
|||
(import ../../../keys).mkSecrets [ "geo01" ] [
|
||||
# List of secrets for geo01
|
||||
]
|
|
@ -1,3 +0,0 @@
|
|||
(import ../../../keys).mkSecrets [ "geo02" ] [
|
||||
# List of secrets for geo02
|
||||
]
|
3
machines/nixos/bridge01/secrets/secrets.nix
Normal file
3
machines/nixos/bridge01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
(import ../../../../keys).mkSecrets [ "bridg01" ] [
|
||||
# List of secrets for bridge01
|
||||
]
|
|
@ -1,4 +1,4 @@
|
|||
(import ../../../../keys).mkSecrets [ "compute01" ] [
|
||||
(import ../../../../../keys).mkSecrets [ "compute01" ] [
|
||||
"kanidm-password_admin"
|
||||
"kanidm-password_idm_admin"
|
||||
]
|
|
@ -1,4 +1,4 @@
|
|||
(import ../../../keys).mkSecrets [ "compute01" ] [
|
||||
(import ../../../../keys).mkSecrets [ "compute01" ] [
|
||||
# List of secrets for compute01
|
||||
"arkheon-env_file"
|
||||
"bupstash-put_key"
|
3
machines/nixos/geo01/secrets/secrets.nix
Normal file
3
machines/nixos/geo01/secrets/secrets.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
(import ../../../../keys).mkSecrets [ "geo01" ] [
|
||||
# List of secrets for geo01
|
||||
]
|
3
machines/nixos/geo02/secrets/secrets.nix
Normal file
3
machines/nixos/geo02/secrets/secrets.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
(import ../../../../keys).mkSecrets [ "geo02" ] [
|
||||
# List of secrets for geo02
|
||||
]
|
|
@ -1,4 +1,4 @@
|
|||
(import ../../../keys).mkSecrets [ "rescue01" ] [
|
||||
(import ../../../../keys).mkSecrets [ "rescue01" ] [
|
||||
# List of secrets for rescue01
|
||||
"stateless-uptime-kuma-password"
|
||||
]
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue