diff --git a/dev/docs.nix b/dev/docs.nix deleted file mode 100644 index d86eda092..000000000 --- a/dev/docs.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, pkgs, ... }: -{ - devShells.mkdocs = pkgs.mkShellNoCC { inputsFrom = [ config.packages.docs ]; }; - packages = { - docs = - pkgs.runCommand "docs" - { - buildInputs = [ pkgs.python3.pkgs.mkdocs-material ]; - files = pkgs.lib.fileset.toSource { - root = ../.; - fileset = pkgs.lib.fileset.unions [ - ../docs - ../mkdocs.yml - ]; - }; - } - '' - cd $files - mkdocs build --strict --site-dir $out - ''; - docs-linkcheck = pkgs.testers.lycheeLinkCheck rec { - extraConfig = { - exclude = [ - "https://fonts.gstatic.com" - "https://monitoring.nix-community.org/alertmanager" # 401 behind auth - ]; - include_mail = true; - include_verbatim = true; - }; - remap = { - "https://nix-community.org" = site; - }; - site = config.packages.docs; - }; - }; -} diff --git a/dev/shell.nix b/dev/shell.nix deleted file mode 100644 index 1d058e505..000000000 --- a/dev/shell.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ inputs', pkgs, ... }: -{ - devShells = { - default = - with pkgs; - mkShellNoCC { - packages = [ - inputs'.agenix.packages.default - jq - python3.pkgs.deploykit - python3.pkgs.invoke - sops - ssh-to-age - ]; - }; - sotp = - with pkgs; - mkShellNoCC { - packages = [ - (buildGoModule rec { - pname = "sotp"; - version = "e7f7c804b1641169ce850d8352fb07294881609e"; - src = pkgs.fetchFromGitHub { - owner = "getsops"; - repo = "sotp"; - rev = version; - hash = "sha256-Cu8cZCmM19G5zeMIiiaCwVJee8wrBZP3Ltk1jWKb2vs="; - }; - vendorHash = "sha256-vQruuohwi53By8UZLrPbRtUrmNbmPt+Sku9hI5J3Dlc="; - ldflags = [ - "-s" - "-w" - ]; - doCheck = false; - }) - ]; - }; - }; -} diff --git a/devshells/default.nix b/devshells/default.nix new file mode 100644 index 000000000..e4741244a --- /dev/null +++ b/devshells/default.nix @@ -0,0 +1,14 @@ +{ inputs, pkgs, ... }: + +with pkgs; + +mkShellNoCC { + packages = [ + inputs.agenix.packages.${pkgs.system}.default + jq + python3.pkgs.deploykit + python3.pkgs.invoke + sops + ssh-to-age + ]; +} diff --git a/devshells/mkdocs.nix b/devshells/mkdocs.nix new file mode 100644 index 000000000..223cc8989 --- /dev/null +++ b/devshells/mkdocs.nix @@ -0,0 +1,5 @@ +{ inputs, pkgs, ... }: + +pkgs.mkShellNoCC { + inputsFrom = [ inputs.self.packages.${pkgs.system}.docs ]; +} diff --git a/devshells/sotp.nix b/devshells/sotp.nix new file mode 100644 index 000000000..df6f9918e --- /dev/null +++ b/devshells/sotp.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +pkgs.mkShellNoCC { + packages = [ + (pkgs.buildGoModule rec { + pname = "sotp"; + version = "e7f7c804b1641169ce850d8352fb07294881609e"; + src = pkgs.fetchFromGitHub { + owner = "getsops"; + repo = "sotp"; + rev = version; + hash = "sha256-Cu8cZCmM19G5zeMIiiaCwVJee8wrBZP3Ltk1jWKb2vs="; + }; + vendorHash = "sha256-vQruuohwi53By8UZLrPbRtUrmNbmPt+Sku9hI5J3Dlc="; + ldflags = [ + "-s" + "-w" + ]; + doCheck = false; + }) + ]; +} diff --git a/devshells/terraform.nix b/devshells/terraform.nix new file mode 100644 index 000000000..6bc040b22 --- /dev/null +++ b/devshells/terraform.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +pkgs.mkShellNoCC { + packages = [ + (pkgs.terraform.withPlugins (p: [ + p.cloudflare + p.external + p.hydra + p.null + p.sops + p.tfe + ])) + ]; +} diff --git a/flake.lock b/flake.lock index 419c38998..34f973b9a 100644 --- a/flake.lock +++ b/flake.lock @@ -29,6 +29,29 @@ "type": "github" } }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1730470544, + "narHash": "sha256-0CVvVXYUOk6KnJHCjnPWC0jwZJwhG9Sd4EwZbahTDMc=", + "owner": "numtide", + "repo": "blueprint", + "rev": "19df68dde6fe1aeaf15c747b16708136b40d2ab7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, "buildbot-nix": { "inputs": { "flake-parts": [ @@ -185,21 +208,6 @@ "type": "github" } }, - "lite-config": { - "locked": { - "lastModified": 1723691425, - "narHash": "sha256-xOroQo/+CAtocvJQsGPE5ukr1Btp72xlcWPB4tBZp6M=", - "owner": "yelite", - "repo": "lite-config", - "rev": "34357ad12ad0a66b2de55a2457159bda36c71a06", - "type": "github" - }, - "original": { - "owner": "yelite", - "repo": "lite-config", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -351,6 +359,7 @@ "root": { "inputs": { "agenix": "agenix", + "blueprint": "blueprint", "buildbot-nix": "buildbot-nix", "cgroup-exporter": "cgroup-exporter", "disko": "disko", @@ -359,7 +368,6 @@ "flake-parts": "flake-parts", "hercules-ci-effects": "hercules-ci-effects", "hydra": "hydra", - "lite-config": "lite-config", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixos-facter-modules": "nixos-facter-modules", diff --git a/flake.nix b/flake.nix index d78cfd688..4546c5e26 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,9 @@ agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.systems.follows = "systems"; agenix.url = "github:ryantm/agenix"; + blueprint.inputs.nixpkgs.follows = "nixpkgs"; + blueprint.inputs.systems.follows = "systems"; + blueprint.url = "github:numtide/blueprint"; buildbot-nix.inputs.flake-parts.follows = "flake-parts"; buildbot-nix.inputs.nixpkgs.follows = "nixpkgs"; buildbot-nix.inputs.treefmt-nix.follows = "treefmt-nix"; @@ -29,7 +32,6 @@ hercules-ci-effects.url = "github:hercules-ci/hercules-ci-effects"; hydra.flake = false; hydra.url = "github:qowoz/hydra/community"; - lite-config.url = "github:yelite/lite-config"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.url = "github:LnL7/nix-darwin"; nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; @@ -54,123 +56,51 @@ treefmt-nix.url = "github:numtide/treefmt-nix"; }; - outputs = - inputs@{ flake-parts, self, ... }: - flake-parts.lib.mkFlake { inherit inputs; } { - systems = import inputs.systems; - - imports = [ - inputs.lite-config.flakeModule - inputs.treefmt-nix.flakeModule - ]; - - lite-config = - { lib, ... }: - { - nixpkgs = { - config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "terraform" ]; - overlays = [ - (final: prev: { - hydra = (prev.hydra.override { nix = final.nixVersions.nix_2_24; }).overrideAttrs (o: { - version = inputs.hydra.shortRev; - src = inputs.hydra; - buildInputs = o.buildInputs ++ [ final.perlPackages.DBIxClassHelpers ]; - }); - }) - ]; - }; - - hostModuleDir = ./hosts; + # overlays = [ + # (final: prev: { + # hydra = (prev.hydra.override { nix = final.nixVersions.nix_2_24; }).overrideAttrs (o: { + # version = inputs.hydra.shortRev; + # src = inputs.hydra; + # buildInputs = o.buildInputs ++ [ final.perlPackages.DBIxClassHelpers ]; + # }); + # }) + # ]; - hosts = { - build01.system = "x86_64-linux"; - build02.system = "x86_64-linux"; - build03.system = "x86_64-linux"; - build04.system = "aarch64-linux"; - darwin01.system = "aarch64-darwin"; - darwin02.system = "aarch64-darwin"; - web02.system = "x86_64-linux"; - }; + # treefmt = { + # flakeCheck = system == "x86_64-linux"; + # imports = [ ./dev/treefmt.nix ]; + # }; - systemModules = [ - ( - { hostPlatform, ... }: - { - imports = - lib.optionals hostPlatform.isDarwin [ ./modules/darwin/common ] - ++ lib.optionals hostPlatform.isLinux [ ./modules/nixos/common ]; - } - ) - ]; - }; + # checks = + # let + # darwinConfigurations = lib.mapAttrs' ( + # name: config: lib.nameValuePair "host-${name}" config.config.system.build.toplevel + # ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.darwinConfigurations); + # devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells; + # nixosConfigurations = lib.mapAttrs' ( + # name: config: lib.nameValuePair "host-${name}" config.config.system.build.toplevel + # ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations); + # in + # darwinConfigurations + # // devShells + # // { + # inherit (self') formatter; + # } + # // nixosConfigurations + # // pkgs.lib.optionalAttrs (system == "x86_64-linux") { + # inherit (self'.packages) docs docs-linkcheck; + # nixpkgs-update-supervisor-test = pkgs.callPackage ./hosts/build02/supervisor_test.nix { }; + # nixosTests-buildbot = pkgs.nixosTests.buildbot; + # nixosTests-buildbot-nix-master = inputs'.buildbot-nix.checks.master; + # nixosTests-buildbot-nix-worker = inputs'.buildbot-nix.checks.worker; + # nixosTests-hydra = pkgs.nixosTests.hydra.hydra; + # }; - perSystem = - { - inputs', - lib, - pkgs, - self', - system, - ... - }: - { - imports = [ - ./dev/docs.nix - ./dev/shell.nix - ./terraform/shell.nix - ]; - treefmt = { - flakeCheck = system == "x86_64-linux"; - imports = [ ./dev/treefmt.nix ]; - }; - - checks = - let - darwinConfigurations = lib.mapAttrs' ( - name: config: lib.nameValuePair "host-${name}" config.config.system.build.toplevel - ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.darwinConfigurations); - devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells; - nixosConfigurations = lib.mapAttrs' ( - name: config: lib.nameValuePair "host-${name}" config.config.system.build.toplevel - ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations); - in - darwinConfigurations - // devShells - // { - inherit (self') formatter; - } - // nixosConfigurations - // pkgs.lib.optionalAttrs (system == "x86_64-linux") { - inherit (self'.packages) docs docs-linkcheck; - nixpkgs-update-supervisor-test = pkgs.callPackage ./hosts/build02/supervisor_test.nix { }; - nixosTests-buildbot = pkgs.nixosTests.buildbot; - nixosTests-buildbot-nix-master = inputs'.buildbot-nix.checks.master; - nixosTests-buildbot-nix-worker = inputs'.buildbot-nix.checks.worker; - nixosTests-hydra = pkgs.nixosTests.hydra.hydra; - }; - }; - - flake.darwinModules = { - builder = ./modules/darwin/builder.nix; - community-builder = ./modules/darwin/community-builder; - hercules-ci = ./modules/darwin/hercules-ci.nix; - remote-builder = ./modules/darwin/remote-builder.nix; - }; - - flake.nixosModules = { - backup = ./modules/nixos/backup.nix; - buildbot = ./modules/nixos/buildbot.nix; - builder = ./modules/nixos/builder.nix; - community-builder = ./modules/nixos/community-builder; - disko-zfs = ./modules/nixos/disko-zfs.nix; - github-org-backup = ./modules/nixos/github-org-backup.nix; - hercules-ci = ./modules/nixos/hercules-ci.nix; - hydra = ./modules/nixos/hydra.nix; - monitoring = ./modules/nixos/monitoring; - nginx = ./modules/nixos/nginx.nix; - nur-update = ./modules/nixos/nur-update.nix; - remote-builder = ./modules/nixos/remote-builder.nix; - watch-store = ./modules/nixos/watch-store.nix; - }; + outputs = + inputs: + inputs.blueprint { + inherit inputs; + nixpkgs.config.allowUnfreePredicate = + pkg: builtins.elem (inputs.nixpkgs.lib.getName pkg) [ "terraform" ]; }; } diff --git a/hosts/build01/default.nix b/hosts/build01/configuration.nix similarity index 81% rename from hosts/build01/default.nix rename to hosts/build01/configuration.nix index 43882dc8b..81ad34212 100644 --- a/hosts/build01/default.nix +++ b/hosts/build01/configuration.nix @@ -1,12 +1,17 @@ { inputs, ... }: { imports = [ + inputs.self.nixosModules.common inputs.srvos.nixosModules.hardware-hetzner-online-amd inputs.self.nixosModules.disko-zfs inputs.self.nixosModules.builder inputs.self.nixosModules.community-builder ]; + networking.hostName = "build01"; + + nixpkgs.hostPlatform = "x86_64-linux"; + # Emulate riscv64 until we have proper builders boot.binfmt.emulatedSystems = [ "riscv64-linux" ]; boot.binfmt.preferStaticEmulators = true; diff --git a/hosts/build02/default.nix b/hosts/build02/configuration.nix similarity index 85% rename from hosts/build02/default.nix rename to hosts/build02/configuration.nix index 2bbc8d974..bac728d29 100644 --- a/hosts/build02/default.nix +++ b/hosts/build02/configuration.nix @@ -2,6 +2,7 @@ { imports = [ + inputs.self.nixosModules.common inputs.self.nixosModules.nginx inputs.srvos.nixosModules.hardware-hetzner-online-amd ./nixpkgs-update.nix @@ -10,6 +11,10 @@ inputs.self.nixosModules.disko-zfs ]; + networking.hostName = "build02"; + + nixpkgs.hostPlatform = "x86_64-linux"; + # set in srvos, remove when reinstalling networking.hostId = "deadbeef"; diff --git a/hosts/build03/default.nix b/hosts/build03/configuration.nix similarity index 84% rename from hosts/build03/default.nix rename to hosts/build03/configuration.nix index 17e984bc1..5198fd5e3 100644 --- a/hosts/build03/default.nix +++ b/hosts/build03/configuration.nix @@ -1,6 +1,7 @@ { inputs, ... }: { imports = [ + inputs.self.nixosModules.common inputs.self.nixosModules.nginx inputs.srvos.nixosModules.hardware-hetzner-online-amd inputs.self.nixosModules.disko-zfs @@ -16,6 +17,10 @@ ./postgresql.nix ]; + networking.hostName = "build03"; + + nixpkgs.hostPlatform = "x86_64-linux"; + systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f8:2190:2698::2"; system.stateVersion = "23.11"; diff --git a/hosts/build04/default.nix b/hosts/build04/configuration.nix similarity index 86% rename from hosts/build04/default.nix rename to hosts/build04/configuration.nix index c270f6fb1..3f930a195 100644 --- a/hosts/build04/default.nix +++ b/hosts/build04/configuration.nix @@ -1,6 +1,7 @@ { inputs, ... }: { imports = [ + inputs.self.nixosModules.common inputs.srvos.nixosModules.hardware-hetzner-online-arm inputs.self.nixosModules.disko-zfs inputs.self.nixosModules.builder @@ -8,6 +9,10 @@ inputs.self.nixosModules.remote-builder ]; + networking.hostName = "build04"; + + nixpkgs.hostPlatform = "aarch64-linux"; + # error: failed to start SSH connection # https://github.com/nix-community/infra/issues/1416 services.openssh.settings.MaxStartups = 100; diff --git a/hosts/darwin01/default.nix b/hosts/darwin01/darwin-configuration.nix similarity index 76% rename from hosts/darwin01/default.nix rename to hosts/darwin01/darwin-configuration.nix index 7f3194a49..863a39587 100644 --- a/hosts/darwin01/default.nix +++ b/hosts/darwin01/darwin-configuration.nix @@ -2,10 +2,15 @@ { imports = [ + inputs.self.darwinModules.common inputs.self.darwinModules.builder inputs.self.darwinModules.community-builder ]; + networking.hostName = "darwin02"; + + nixpkgs.hostPlatform = "aarch64-darwin"; + nixCommunity.darwin.ipv6 = "2a09:9340:808:630::1 64 fe80::1"; nix.settings.sandbox = "relaxed"; diff --git a/hosts/darwin02/default.nix b/hosts/darwin02/darwin-configuration.nix similarity index 82% rename from hosts/darwin02/default.nix rename to hosts/darwin02/darwin-configuration.nix index e81b30e89..444039a03 100644 --- a/hosts/darwin02/default.nix +++ b/hosts/darwin02/darwin-configuration.nix @@ -2,11 +2,16 @@ { imports = [ + inputs.self.darwinModules.common inputs.self.darwinModules.builder inputs.self.darwinModules.hercules-ci inputs.self.darwinModules.remote-builder ]; + networking.hostName = "darwin02"; + + nixpkgs.hostPlatform = "aarch64-darwin"; + nixCommunity.darwin.ipv6 = "2a09:9340:808:60b::1 64 fe80::1"; nixCommunity.remote-builder.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmdo1x1QkRepZf7nSe+OdEWX+wOjkBLF70vX9F+xf68 builder"; diff --git a/hosts/web02/default.nix b/hosts/web02/configuration.nix similarity index 58% rename from hosts/web02/default.nix rename to hosts/web02/configuration.nix index e646446e8..a149cd963 100644 --- a/hosts/web02/default.nix +++ b/hosts/web02/configuration.nix @@ -1,10 +1,15 @@ { inputs, ... }: { imports = [ + inputs.self.nixosModules.common ./gandi.nix inputs.self.nixosModules.monitoring inputs.self.nixosModules.nginx ]; + networking.hostName = "web02"; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.useDHCP = true; } diff --git a/packages/docs/default.nix b/packages/docs/default.nix new file mode 100644 index 000000000..278824344 --- /dev/null +++ b/packages/docs/default.nix @@ -0,0 +1,32 @@ +{ pkgs, inputs, ... }: + +pkgs.runCommand "docs" + { + buildInputs = [ pkgs.python3.pkgs.mkdocs-material ]; + files = pkgs.lib.fileset.toSource { + root = ../../.; + fileset = pkgs.lib.fileset.unions [ + ../../docs + ../../mkdocs.yml + ]; + }; + meta.platforms = [ "x86_64-linux" ]; + passthru.tests.linkcheck = pkgs.testers.lycheeLinkCheck rec { + extraConfig = { + exclude = [ + "https://fonts.gstatic.com" + "https://monitoring.nix-community.org/alertmanager" # 401 behind auth + ]; + include_mail = true; + include_verbatim = true; + }; + remap = { + "https://nix-community.org" = site; + }; + site = inputs.self.packages.${pkgs.system}.docs; + }; + } + '' + cd $files + mkdocs build --strict --site-dir $out + '' diff --git a/tasks.py b/tasks.py index 83f74bccd..f8cb1748d 100644 --- a/tasks.py +++ b/tasks.py @@ -108,7 +108,7 @@ def docs_linkcheck(c: Any) -> None: """ Run docs online linkchecker """ - c.run("nix run .#docs-linkcheck.online") + c.run("nix run .#docs.tests.linkcheck.online") def get_hosts(hosts: str) -> List[DeployHost]: diff --git a/terraform/shell.nix b/terraform/shell.nix deleted file mode 100644 index e3056891d..000000000 --- a/terraform/shell.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: -{ - devShells = { - terraform = - with pkgs; - mkShellNoCC { - packages = [ - (terraform.withPlugins (p: [ - p.cloudflare - p.external - p.hydra - p.null - p.sops - p.tfe - ])) - ]; - }; - }; -}