infra: steal from the best

(Mic92's cluster TUM's infra.)
2023-06-05 17:50:07 +02:00 · 2023-06-05 17:50:07 +02:00 · 107cc6e53f
commit 107cc6e53f
parent 41aead1a04
22 changed files with 951 additions and 0 deletions
--- a/configurations.nix
+++ b/configurations.nix
@ -0,0 +1,105 @@
+{ self, ... }:
+let
+  inherit
+    (self.inputs)
+    nixpkgs
+    home-manager
+    agenix
+    nur
+    colmena
+    flake-registry
+    nixos-hardware
+    nixpkgs-unstable
+    srvos
+    disko
+    ;
+  nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
+
+  colmenaModules = [
+    colmena.nixosModules.deploymentOptions
+  ];
+
+  commonModules = [
+    {
+      _module.args.self = self;
+      _module.args.inputs = self.inputs;
+      srvos.flake = self;
+    }
+    # only include admins here for monitoring/backup infrastructure
+    ./modules/users/admins.nix
+    ./modules/packages.nix
+    ./modules/nix-daemon.nix
+    ./modules/auto-upgrade.nix
+    ./modules/tor-ssh.nix
+    ./modules/hosts.nix
+    ./modules/network.nix
+    ./modules/zsh.nix
+
+
+    disko.nixosModules.disko
+    srvos.nixosModules.server
+
+    # srvos.nixosModules.mixins-telegraf
+    # srvos.nixosModules.mixins-terminfo
+
+    agenix.nixosModules.default
+    ({ pkgs
+     , config
+     , lib
+     , ...
+     }: let
+       sopsFile = ./. + "/hosts/${config.networking.hostName}.yml";
+    in {
+      nix.nixPath = [
+        "home-manager=${home-manager}"
+        "nixpkgs=${pkgs.path}"
+        "nur=${nur}"
+      ];
+      # TODO: share nixpkgs for each machine to speed up local evaluation.
+      #nixpkgs.pkgs = self.inputs.nixpkgs.legacyPackages.${system};
+
+      #users.withSops = builtins.pathExists sopsFile;
+      #sops.secrets = lib.mkIf (config.users.withSops) {
+      #  root-password-hash.neededForUsers = true;
+      #};
+      # sops.defaultSopsFile = lib.mkIf (builtins.pathExists sopsFile) sopsFile;
+
+      nix.extraOptions = ''
+        flake-registry = ${flake-registry}/flake-registry.json
+      '';
+
+      nix.registry = {
+        home-manager.flake = home-manager;
+        nixpkgs.flake = nixpkgs;
+        nur.flake = nur;
+      };
+      time.timeZone = "UTC";
+    })
+  ];
+in
+{
+  flake.nixosConfigurations = {
+    epyc = nixosSystem {
+      system = "x86_64-linux";
+      modules =
+        commonModules
+        ++ colmenaModules
+        ++ [
+          ./hosts/epyc.nix
+        ];
+      };
+    };
+
+  flake.colmena = {
+    meta.nixpkgs = import nixpkgs {
+      system = "x86_64-linux";
+    };
+    epyc = {
+      imports =
+        commonModules
+        ++ [
+          ./hosts/epyc.nix
+        ];
+      };
+  };
+}