pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Switch to lix and update the arr stack

Browse source
This commit is contained in:
pazpi 2024-08-27 22:00:18 +02:00
parent e860e4a9bd
commit 34f11ee2fb
No known key found for this signature in database
GPG key ID: 0942571C4B9966BE
6 changed files with 249 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

115
flake.lock generated
View file

@ -99,6 +99,39 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -141,13 +174,48 @@
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1723510904,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1724067415,
"narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=",
"lastModified": 1724575805,
"narHash": "sha256-OB/kEL3GAhUZmUfkbPfsPhKs0pRqJKs0EEBiLfyKZw8=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2",
"rev": "9fc19be21f0807d6be092d70bf0b1de0c00ac895",
"type": "github"
},
"original": {
@ -159,11 +227,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"lastModified": 1724531977,
"narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32",
"type": "github"
},
"original": {
@ -173,30 +241,14 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1724224976,
"narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"colmena": "colmena",
"home-manager": "home-manager_2",
"lix-module": "lix-module",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
"nixpkgs": "nixpkgs"
}
},
"stable": {
@ -229,6 +281,21 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

123
flake.nix
View file

@ -1,14 +1,22 @@
{
# Source of inspiration:
# - https://github.com/BonusPlay/sysconf/blob/master/flake.nix
# - https://github.com/NixOS/infra/blob/master/build/flake.nix
description = "Pazpi's systems";
inputs = {
# NixOS related inputs
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
@ -29,110 +37,61 @@
{
self,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
lix-module,
agenix,
colmena,
home-manager,
...
}@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
myModule = {
imports = [ ./modules ];
};
proxmoxModule = {
imports = [
"${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
./modules/virtualisation/proxmox.nix
];
};
lib = nixpkgs.lib;
in
{
# used with: `nix fmt`
formatter.${system} = pkgs.nixfmt-rfc-style;
nixosConfigurations.deadbeef = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
};
modules = [
myModule
./hosts/deadbeef
];
};
nixosConfigurations.arr = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
};
modules = [
myModule
proxmoxModule
./hosts/arr
];
};
nixosConfigurations = (import ./hosts inputs);
colmena =
lib.recursiveUpdate
(builtins.mapAttrs (k: v: { imports = v._module.args.modules; }) self.nixosConfigurations)
{
meta = {
description = "pazpi.top infrastructure";
nixpkgs = import nixpkgs { inherit system; };
nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [ ];
};
}
// builtins.mapAttrs (name: value: {
nixpkgs.system = value.config.nixpkgs.system;
imports = value._module.args.modules;
nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;
nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs) self.nixosConfigurations;
};
defaults = {
imports = [ ./modules ];
deployment.targetUser = "pazpi";
};
arr = {
deployment = {
targetHost = "${name}.nixos.org";
targetHost = "192.168.1.189";
targetUser = lib.mkForce "root";
tags = [
"lxc"
"bacco"
];
};
};
}) self.nixosConfigurations;
# colmena = {
# meta = {
# nixpkgs = pkgs;
# specialArgs = {
# inherit inputs;
# };
# };
deadbeef.deployment = {
allowLocalDeployment = true;
targetHost = null;
tags = [ "local" ];
};
# defaults = {
# imports = [
# "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
# ./modules
# ./modules/virtualisation/proxmox.nix
# ];
# };
# # childnixos = {
# # deployment = {
# # targetHost = "10.233.244.63";
# # targetPort = 22;
# # targetUser = "root";
# # };
# # imports = [ ./lxc-nix/configuration.nix ];
# # };
# arr = {
# deployment = {
# targetHost = "192.168.1.189";
# targetPort = 22;
# targetUser = "pazpi";
# };
# time.timeZone = "Europe/Rome";
# imports = [ ./hosts/arr ];
# };
# };
};
devShells.${system}.default = pkgs.mkShell {
buildInputs = with pkgs; [

36
hosts/default.nix
View file

@ -1,23 +1,39 @@
{ nixpkgs
, home-manager
, nixos-hardware
, agenix
, ...
{
nixpkgs,
nixos-hardware,
agenix,
home-manager,
lix-module,
...
}:
let
agenixOverlay = final: prev: {
agenix = agenix.packages.${prev.system}.default;
};
pkgs = system: import nixpkgs {
agenixOverlay = final: prev: { agenix = agenix.packages.${prev.system}.default; };
pkgs =
system:
import nixpkgs {
inherit system;
overlays = [ agenixOverlay ];
config.allowUnfree = true;
};
myModule = {
imports = [
lix-module.nixosModules.default
../modules
];
};
proxmoxModule = {
imports = [
"${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
../modules/virtualisation/proxmox.nix
];
};
in
{
deadbeef = nixpkgs.lib.nixosSystem {
pkgs = pkgs "x86_64-linux";
modules = [
myModule
./deadbeef
nixos-hardware.nixosModules.dell-xps-15-9560
home-manager.nixosModules.home-manager
@ -31,6 +47,8 @@ in
arr = nixpkgs.lib.nixosSystem {
pkgs = pkgs "x86_64-linux";
modules = [
myModule
proxmoxModule
./arr
agenix.nixosModules.default
];

74
modules/services/download-pod.nix
View file

@ -1,25 +1,66 @@
{
config,
pkgs,
lib,
...
{ config
, pkgs
, lib
, ...
}:
with lib;
let
cfg = config.my.services.download-pod;
containers = {
webserver = {
jackett = {
enable = true;
image = "nginx";
image = "linuxserver/jackett";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"aaa:/config"
"bbb:/data"
"jackett_config:/config"
"jackett_data:/data"
];
};
postgres = {
radarr = {
enable = true;
image = "linuxserver/radarr";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"radarr_config:/config"
"radarr_data:/data"
];
};
sabnzbd = {
enable = false;
image = "postgres:13";
image = "linuxserver/sabnzbd";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"sabnzbd_config:/config"
"sabnzbd_data:/data"
];
};
sonarr = {
enable = false;
image = "linuxserver/sonarr";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"sonarr_config:/config"
"sonarr_data:/data"
];
};
prowlarr = {
enable = true;
image = "linuxserver/prowlarr";
autoStart = true;
# extraOptions = [ "--pod=download" ];
volumes = [ "prowlarr_config:/config" ];
};
};
@ -60,11 +101,14 @@ in
config = lib.mkIf cfg.enable {
my.virtualisation.podmanPods = {
mywebapp = {
name = "mywebapp";
download = {
name = "download";
ports = [
"9090:80"
"9443:443"
"7878:7878" # : Radarr
# "8080:8080" # : Sabnzbd
"8989:8989" # : Sonarr
"9117:9117" # : Jackett
"9696:9696" # : Prowlarr
];
containers = enabledContainers containers;
};

2
modules/utils/commons.nix
View file

@ -37,7 +37,5 @@ in
};
};
nixpkgs.config.allowUnfree = true;
};
}

31
modules/utils/server-node-users.nix
View file

@ -1,11 +1,27 @@
{
lib,
config,
pkgs,
...
{ lib
, config
, pkgs
, ...
}:
let
cfg = config.my.utils.serverNodeUsers;
gitlabUsername = "pazpi";
sshKeys =
let
localKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
# Add more local keys as needed
];
gitlabKeys = pkgs.lib.splitString "\n" (
builtins.readFile (
pkgs.fetchurl {
url = "https://gitlab.com/${gitlabUsername}.keys";
sha256 = "tHC4DBRO8mXBLFBqGiZlgyY5Pzpl4AMeURCni6H7IjI=";
}
)
);
in
localKeys ++ gitlabKeys;
in
{
options.my.utils.serverNodeUsers = {
@ -24,6 +40,7 @@ in
users.root = {
hashedPassword = "!";
openssh.authorizedKeys.keys = sshKeys;
};
users.pazpi = {
@ -31,9 +48,7 @@ in
hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
shell = pkgs.bash;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
];
openssh.authorizedKeys.keys = sshKeys;
};
};