# SPDX-FileCopyrightText: 2024 Maurice Debray # SPDX-FileCopyrightText: 2024 Tom Hubrecht # # SPDX-License-Identifier: EUPL-1.2 { sources ? import ./npins, pkgs ? import sources.nixpkgs { }, }: let inherit (pkgs.lib) isFunction mapAttrs mapAttrs' nameValuePair removeSuffix ; nix-reuse = import sources.nix-reuse { inherit pkgs; }; git-checks = (import sources.git-hooks).run { src = ./.; hooks = { statix = { enable = true; stages = [ "pre-push" ]; settings.ignore = [ "**/lon.nix" "**/npins" ]; }; deadnix = { enable = true; stages = [ "pre-push" ]; }; nixfmt-rfc-style = { enable = true; stages = [ "pre-push" ]; package = pkgs.nixfmt-rfc-style; }; reuse = nix-reuse.hook { enable = true; stages = [ "pre-push" ]; }; commitizen.enable = true; }; }; reuse = nix-reuse.install { defaultLicense = "EUPL-1.2"; defaultCopyright = "La Délégation Générale Numérique "; downloadLicenses = true; generatedPaths = [ "**/.envrc" "**/Cargo.lock" "**/_hardware-configuration.nix" ".gitignore" "REUSE.toml" "shell.nix" ]; annotations = [ # Auto-generated workflow files using nix-actions { path = [ ".forgejo/workflows/*" ]; } # Secrets { path = [ "machines/**/secrets/*" "modules/nixos/dgn-backups/keys/*" "modules/nixos/dgn-netbox-agent/secrets/netbox-agent" "modules/nixos/dgn-notify/mail" "modules/nixos/dgn-records/__arkheon-token_file" ]; license = "CC-BY-NC-ND-4.0"; } # Patches { path = [ "machines/nixos/compute01/librenms/kanidm.patch" "machines/nixos/compute01/stirling-pdf/*.patch" "machines/nixos/vault01/k-radius/packages/01-python_path.patch" "machines/nixos/web01/crabfit/*.patch" "machines/nixos/web02/cas-eleves/01-pytest-cas.patch" "patches/lix/01-disable-installChecks.patch" "patches/nixpkgs/03-crabfit-karla.patch" "patches/nixpkgs/05-netbird-relay.patch" ]; copyright = "2024 Tom Hubrecht "; } { path = [ "patches/nixpkgs/06-netbox-qrcode.patch" ]; copyright = "2024 Maurice Debray "; } # colmena wrapper { path = "lib/colmena/*"; license = "MIT"; } # npins generated files { path = "**/npins/*"; license = "EUPL-1.2"; copyright = "The [npins](https://github.com/andir/npins) contributors"; } ]; }; workflows = (import sources.nix-actions { inherit pkgs; }).install { src = ./.; workflows = mapAttrs' ( name: _: nameValuePair (removeSuffix ".nix" name) ( let w = import ./workflows/${name}; in if isFunction w then w { inherit (pkgs) lib; } else w ) ) (builtins.readDir ./workflows); }; scripts = import ./scripts { inherit pkgs sources; }; in { nodes = builtins.mapAttrs ( host: { site, ... }: "${host}.${site}.infra.dgnum.eu" ) (import ./meta/nodes.nix); dns = import ./meta/dns.nix; mkCacheSettings = import ./machines/nixos/storage01/tvix-cache/cache-settings.nix; devShell = pkgs.mkShell { name = "dgnum-infra"; packages = [ (pkgs.nixos-generators.overrideAttrs (_: { version = "1.8.0-unstable"; src = sources.nixos-generators; })) pkgs.npins # SSO testing pkgs.kanidm pkgs.freeradius pkgs.picocom # for serial access (pkgs.callPackage ./lib/colmena { colmena = pkgs.callPackage "${sources.colmena}/package.nix" { }; }) (pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { }) (pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { }) ] ++ git-checks.enabledPackages ++ (builtins.attrValues scripts); shellHook = '' ${git-checks.shellHook} ${workflows.shellHook} ${reuse.shellHook} ''; preferLocalBuild = true; ### # Alternative shells passthru = mapAttrs (name: value: pkgs.mkShell (value // { inherit name; })) { pre-commit.shellHook = git-checks.shellHook; check-workflows.shellHook = workflows.shellHook; eval-nodes.packages = [ scripts.cache-node ]; }; }; }