fablab-nea/nix-gscheits
1
0
Fork 0
Code Issues 7 Pull requests 3 Projects Releases Packages Wiki Activity Actions

init

Browse source
This commit is contained in:
Simon Bruder 2021-07-18 10:08:26 +02:00 committed by jalr
commit 44311a2e72
12 changed files with 379 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
.editorconfig Normal file
View file

@ -0,0 +1,16 @@
root = true
[*]
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
[*.{json,md,nix,py,sh}]
indent_style = space
[*.{json,md,nix}]
indent_size = 2
[*.{py,sh}]
indent_size = 2

13
.envrc Normal file
View file

@ -0,0 +1,13 @@
# if the nix version from the environment does not support flakes, this adds
# nix unstable to the environment
if ! nix flake metadata >/dev/null; then
use_flake() {
watch_file flake.nix
watch_file flake.lock
[ -d "$(direnv_layout_dir)" ] || mkdir "$(direnv_layout_dir)"
eval "$(nix print-dev-env --profile "$(direnv_layout_dir)/flake-profile")"
}
use nix
fi
use flake

6
.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
# Nix
result*
.direnv
# automatically generated
.pre-commit-config.yaml

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &simon 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
creation_rules:
- path_regex: secrets\.yaml$
key_groups:
- pgp:
- *simon

1
README.md Normal file
View file

@ -0,0 +1 @@
# NixOS configurations of the FabLab Bad Windsheim

130
flake.lock generated Normal file
View file

@ -0,0 +1,130 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1623875721,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"krops": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1597485541,
"narHash": "sha256-+fqI9qh7zpC2WxinFZlaiDsbvMb/IJxFIiGfdA/xLps=",
"owner": "Mic92",
"repo": "krops",
"rev": "c3a1ffab03e8cfbb7ff532bdfa10b26b3dc76911",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "krops",
"type": "github"
}
},
"nix-pre-commit-hooks": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1624971177,
"narHash": "sha256-Amf/nBj1E77RmbSSmV+hg6YOpR+rddCbbVgo5C7BS0I=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "397f0713d007250a2c7a745e555fa16c5dc8cadb",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "master",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1625333638,
"narHash": "sha256-M6J9RN60XJyv6nUfDFCwnz5aVjhe8+GJnV8Q9VpdQQQ=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "41775780a0b6b32b3d32dcc32bb9bc6df809062d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1626489334,
"narHash": "sha256-WcQDF/JB3yWfO7E37M6rlUCKkqcMwG2UiWz+2Vsib9Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b2f87e0043aaf3f0f05cc983bd6aa80a616b8352",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-21.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"krops": "krops",
"nix-pre-commit-hooks": "nix-pre-commit-hooks",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1625936460,
"narHash": "sha256-U6xlITKrYuhlHWe+poACaz4GJl3ZVN1BSUqZe2gFg+g=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "ec2800174de5a7be8ec5b144819af2c7de77abe2",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

133
flake.nix Normal file
View file

@ -0,0 +1,133 @@
{
inputs = {
flake-utils.url = "github:numtide/flake-utils";
nix-pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix/master";
nix-pre-commit-hooks.inputs.flake-utils.follows = "flake-utils";
nix-pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05";
nixos-hardware.url = "github:nixos/nixos-hardware/master";
krops.url = "github:Mic92/krops";
krops.inputs.flake-utils.follows = "flake-utils";
krops.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{ self
, flake-utils
, krops
, nix-pre-commit-hooks
, nixpkgs
, ...
}@inputs: flake-utils.lib.eachDefaultSystem
(system:
let
pkgs = nixpkgs.legacyPackages.${system};
inherit (pkgs) lib;
in
rec {
checks = {
pre-commit-check = nix-pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
black.enable = true;
nixpkgs-fmt.enable = true;
shellcheck.enable = true;
};
};
};
devShell = pkgs.mkShell {
name = "fablab-nixos-config";
buildInputs = (with pkgs; [
black
nixpkgs-fmt
shellcheck
sops
ssh-to-pgp
]);
shellHook = ''
find ${./keys} -type f -print0 | xargs -0 ${pkgs.gnupg}/bin/gpg --quiet --import
'' + self.checks.${system}.pre-commit-check.shellHook;
};
apps = lib.mapAttrs
(name: program: { type = "app"; program = toString program; })
(flake-utils.lib.flattenTree {
deploy = lib.recurseIntoAttrs (lib.mapAttrs
(hostname: machine:
let
inherit (krops.packages.${system}) writeCommand;
inherit (krops) lib;
in
writeCommand "deploy-${hostname}" {
target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // {
extraOptions = [
# force allocation of tty to allow aborting with ^C and to show build progress
"-t"
];
};
source = lib.evalSource (lib.singleton {
config.file = {
path = toString ./.;
useChecksum = true;
};
});
command = targetPath: ''
nixos-rebuild switch --flake ${targetPath}/config -L --keep-going
'';
}
)
self.nixosConfigurations);
showKeyFingerprint = pkgs.writeShellScript "show-key-fingerprint" ''
${pkgs.gnupg}/bin/gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }'
'';
});
}) // {
overlay = import ./pkgs;
nixosConfigurations = nixpkgs.lib.mapAttrs
(hostname: { system
, extraModules ? [ ]
, targetHost ? hostname
}: nixpkgs.lib.nixosSystem rec {
inherit system;
modules = [
(./machines + "/${hostname}/configuration.nix")
./modules
{
_module.args.inputs = inputs;
}
# deployment settings
({ lib, ... }: {
options.deployment = {
targetHost = lib.mkOption {
type = lib.types.str;
readOnly = true;
internal = true;
};
};
config.deployment = {
inherit targetHost;
};
})
] ++ (with inputs; [
sops-nix.nixosModules.sops
]) ++ extraModules;
})
(import ./machines inputs);
};
}

52
keys/users/simon.asc Normal file
View file

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF/lCz0BEADKOij3IA1IIiZc9c8rgxTUtrn4W1R8ncgsnFuXIDGD35dBB9e0
wd5noQigoqts9N8ULHEV6J8AuBdl1IP2nAKAr6h3F+hrLjL5tZZCPpTN5fhxWguz
wt6aFZgcFwFmQfZHSInxO2XpcibyJAs5ZXW3cO+VYQdVxXLT6KOLKkqWCCGMlQSt
xNigzNbrjUcjrcGBcjNbFJs0P4BkVvD6+3xBerpT6zwAuFdBiUpZZk+XI1QCAuVF
6ld5A+x+pwvKoN/n040UAUAdLTne7oisNonLhSvZVrH2uH4dKkku/yi2glSkUwps
n+ffr0jD9VrdbxktcqQBE0WU2q7Eqe6EjSxURHI6uJ/wFh0QeYR8sT5mgPMt5O9T
T49Kz2uUdljuHW0eI37DJSUDcXWh0OtuENRFf7m0lvIIaaPpbPM4btS8j9lCFs9h
pJsQIQbNjV+UmIBvddDKGwcL+DHJFk0E2sqPYOwsebvbQLhVvPSPWWUVKrqMay9Y
Vd9KKy/KddESzM6c3TFmUbkEj1h4qWSZ0XX0vGL8LL68maaDHwO1nKuw/XfSpjAC
c+3wuqAgwFB+ihO/qWs8CB0z+wo+7NK9OUUVVucu2duUUjNknf6+v6fPedtziapp
SHVQQKWYvozxVa7XU+dnrU3ZUHzIrv6Fr6yTdGy6fw7pE3yPFIwbw9vsowARAQAB
tB9TaW1vbiBCcnVkZXIgPHNpbW9uQHNicnVkZXIuZGU+iQJSBBMBCgA8FiEER+dV
ngN6NWUtu/iqjTyC+fMJ+OwFAl/lCz0CGwMFCQeEzgAECwkIBwQVCgkIBRYCAwEA
Ah4BAheAAAoJEI08gvnzCfjsYFoP+weWMfiJ3mMeBeZBBcgp9NZTjrJoc2tKn/9s
RL4PL/3lwLRSEu6JS4LauAD6fW1d5QnNnUe4nIcvTO6RvJ7R/lDWg1KL+pdCfYtk
FiIesUkp+eW5Gqw5m6Bt1a9UjXdtHJuVGKQ/XjxC2914Ps6nhp5mY+NUm5zwZCBK
qbjiPjD17TeTCThEui3kwl0sgBhNX/eCPpJZtw3u7vzxpN24+sX8Ogo9r4nRtHKv
64vVggiT1Iu9JXm9KYlySFDZed9iVbgM2wKpylw1I0+F4VS8Jw/RDiIW61exKxAe
VuxPzbIGeJ0R8u0ZcvTiRbXr7op9barUDCQFn2K2oHXd8uCMUULinlO2pPYyshGh
znnZcZIvawqtWnImNnyTvKYe5Il9w2fmm6SzwRmcMvHBZ60eJC/PmnhpRcpBxyiG
mAWgFmmgMhc81wcPZFD0Mp91twMDHRchgfmBBlNdqMBt9nNJ2Mm7o52mVX/daMG4
VCqLdvbW9mWkyQVjfBq30XabanzN8RST63LlZEwArQqFpH8OifNMHI22fW2xGvPq
09k6SLA9qbobGFw+OGKIaGHiVbFq5aeTkqHr0sgL8QBHUJWv+SE0q49GfDDvA4JE
iDsLW6RJuNFGTaBq/NzN3A7iT8tTcdClYc7MSQxsEyTpuU+BlC9ewNC4cV/PyJ8l
13yeMkdZuQINBF/lCz0BEADs+rV9/tDQ6hyJlgMEKA34LjV4OEBdpwnRS51juXYt
nJiRC22Ljs6FY3NivOQPUNJR4yLU7/FGCGgyXlsLEyMIqH5Lldq1iaTMY8FHSdc4
e+BM4QYCiaYT05Jqeydorq0fZe0nIXobK7RqB4dG543JNzrttotQ94qpx/cFUy6i
ADxp216IyDFh0q10TKao/GB2gwkbOlRNuLYXXUMDON9i8VL0Yh7p0KhZuOl2vREm
9/IQDJJHFv4CbSTmdQ0de+k8rVgyiW05SdYq3vrqRmNuI9fbGTf3vw8bHljq1SiH
VoapbNJ8CnQCRzrsaX+pOlJwFVUUjxco7iyCHKFobfx+3ju5kwc+i/58nDiSkxMV
DPqfjFXnN+72EihfHiw56k1zIRhF9D9b8eq6aqGOIgTtjRujQUR9Rn5BJRZ87/pR
nlZsS3wE3nQxOo7fXKv9FU7TyEy6gu1LuK53dUk5xLlu4zMoIP8mc/mZchXqsksi
JSWPFDeXh9HLFhKyzintRxdXNp5xV5XaXsMlFkNiTBLUHLbU8Ln9tiLcuJZ29y3b
ynLtVo+GN4+G5b+koIoZ9065qSJ0coBPMUa6o7go2e1/oil+xKmtM3UHS+mMNa+4
elSqSRdpv3Xgo5lLNP+e60FpN155/93Hq33UMvh8rS9KVaQgp0c1unP99ewY84ra
9QARAQABiQI8BBgBCgAmFiEER+dVngN6NWUtu/iqjTyC+fMJ+OwFAl/lCz0CGwwF
CQeEzgAACgkQjTyC+fMJ+OzfUBAAkVNY0chFGvzWHOxEKNJY9rW5EQrayrKPNhjr
3j9xHoD+1AO7Yinqgd8Ribw88l1+2lVQGHIpIQ2ZPDz/XGND5FvP5PrW71FcUJ/z
AKaEnYP4iZ1jgnjp280bJ2iHBMmHc5cs/7OwTCs1uos1kWhjLGA9M12OWDWN9iqB
+UJo5W8hs9c5LpYp7ByThQp+g0m3E/ZWSbfZqi0BqWX/X6QC1MMXYS1lZcg6qttF
rs6d9hquNHZO7PkI73Ph89DWdxMIirmmn4Iwv88w3jW1KJXiGJbp0N2yooZFtsq+
Yd5SHexET9rtU49BfeggEcWuDWJCGvPqdqCfAH6lKe9ddXwQx/R4f+Ffib8WYA6k
49HA55U6WfPs74yfbR09mh79kDV2uQgtkaHFJyuVuO4e3oyUoqe3hQdqOMR2lCAR
NSc7j5JdR9LxkUDqjUT8ipjzsTxwgPHaO0QkUjugs2v1TpivsDSRooI7NzWFTxbk
MkUX5BGUnPnEivBiB3n++1o5kZp1jk3OAi8cqVkosOMjduWei8f6yKpQ4ZKg9cH7
ovqpDS9R6CDrACDPNJSTBn2VyOdjGVc4FrhGsXp3FAe5prt1b9psvYTTuXrZZJZP
dI1cLPI0Knyymf56gVMGCjp+x1+w7ef0ylGLPtFEuy/6iqWR3H5htZDQo3AgOVgd
R7VFGCA=
=7eg7
-----END PGP PUBLIC KEY BLOCK-----

5
machines/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }@inputs:
let
hardware = inputs.nixos-hardware.nixosModules;
in
{ }

4
modules/default.nix Normal file
View file

@ -0,0 +1,4 @@
{
imports = [
];
}

1
pkgs/default.nix Normal file
View file

@ -0,0 +1 @@
final: prev: { }

11
shell.nix Normal file
View file

@ -0,0 +1,11 @@
{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell {
name = "fablab-nixUnstable-shell";
nativeBuildInputs = with pkgs; [
(pkgs.writeShellScriptBin "nix" ''
exec -a nix ${pkgs.nixUnstable}/bin/nix --experimental-features "nix-command flakes" "$@"
'')
];
}