Payas Relekar
f6a099b239
I'm not sure whether the passwordless sudo is required, but I'm too tired to test right now. Anyway, this works. Also unsure on the statelessness of deploy-rs, but again, its simple enough, didn't require changing anything else much and it works. Perhaps some day, I'll see about trying out colmena for deploying secrets, but until then, agenix is good enough for my needs.
128 lines
3.4 KiB
Nix
128 lines
3.4 KiB
Nix
{
|
|
description = "NixOS configuration (flake edition)";
|
|
|
|
inputs = {
|
|
nixpkgs = {
|
|
url = "github:nixos/nixpkgs/nixos-unstable";
|
|
};
|
|
nixos-wsl = {
|
|
url = "github:nix-community/NixOS-WSL";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
emacs-overlay = {
|
|
url = "github:nix-community/emacs-overlay";
|
|
};
|
|
agenix = {
|
|
url = "github:ryantm/agenix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
|
};
|
|
|
|
outputs =
|
|
{ self
|
|
, nixpkgs
|
|
, nixos-wsl
|
|
, home-manager
|
|
, emacs-overlay
|
|
, agenix
|
|
, nixos-hardware
|
|
, deploy-rs
|
|
, ...
|
|
}:
|
|
let
|
|
common-modules = [
|
|
./cachix.nix
|
|
./modules/nix.nix
|
|
./modules/common.nix
|
|
];
|
|
in
|
|
{
|
|
nixosConfigurations = {
|
|
|
|
# The Workhorse: WSL2 edition
|
|
hermes = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = common-modules ++ [
|
|
|
|
# Overlays
|
|
{ nixpkgs.overlays = [ emacs-overlay.overlay ]; }
|
|
|
|
# Modules and module config
|
|
./modules/fish.nix
|
|
./modules/users.nix
|
|
./modules/fonts.nix
|
|
|
|
# Host-specific config
|
|
./hosts/hermes/configuration.nix
|
|
nixos-wsl.nixosModules.wsl
|
|
./hosts/hermes/wsl.nix
|
|
./hosts/hermes/syncthing.nix
|
|
# ./hosts/hermes/backup.nix
|
|
agenix.nixosModules.age
|
|
./hosts/hermes/secrets/agenix.nix
|
|
|
|
# User-specific config
|
|
home-manager.nixosModules.home-manager
|
|
{
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
home-manager.users = {
|
|
payas = import ./hosts/hermes/home.nix;
|
|
root = import ./modules/root-home.nix;
|
|
};
|
|
}
|
|
|
|
];
|
|
};
|
|
|
|
# My Pi
|
|
bebop = nixpkgs.lib.nixosSystem {
|
|
system = "aarch64-linux";
|
|
modules = common-modules ++ [
|
|
|
|
# Modules and module config
|
|
./modules/fish.nix
|
|
./modules/monitoring/monitoring.nix
|
|
|
|
# Host-specific config
|
|
nixos-hardware.nixosModules.raspberry-pi-4
|
|
./hosts/bebop/configuration.nix
|
|
./hosts/bebop/syncthing.nix
|
|
./hosts/bebop/navidrome.nix
|
|
./hosts/bebop/pihole.nix
|
|
./hosts/bebop/ssh.nix
|
|
|
|
# User-specific config : Home-manager
|
|
home-manager.nixosModules.home-manager
|
|
{
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
home-manager.users.payas = import ./hosts/bebop/home.nix;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
deploy.nodes = {
|
|
bebop = {
|
|
hostname = "bebop";
|
|
fastConnection = true;
|
|
remoteBuild = true;
|
|
profiles.system = {
|
|
sshUser = "payas";
|
|
user = "root";
|
|
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.bebop;
|
|
};
|
|
};
|
|
};
|
|
|
|
# This is highly advised, and will prevent many possible mistakes
|
|
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
|
};
|
|
}
|