init
This commit is contained in:
commit
c02ee1c083
|
@ -0,0 +1,577 @@
|
|||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696775529,
|
||||
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"arion": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts",
|
||||
"haskell-flake": "haskell-flake",
|
||||
"hercules-ci-effects": "hercules-ci-effects",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1692787336,
|
||||
"narHash": "sha256-WabgeYsUiMRbpb1bCT3oY6GJEciZQIf3tYD8RQAUf2c=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "arion",
|
||||
"rev": "28902d348807c494115177595f812a3e54cc913b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "arion",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"zettoitArs",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1699548976,
|
||||
"narHash": "sha256-xnpxms0koM8mQpxIup9JnT0F7GrKdvv0QvtxvRuOYR4=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "6849911446e18e520970cc6b7a691e64ee90d649",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"zettoitBin",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1699548976,
|
||||
"narHash": "sha256-xnpxms0koM8mQpxIup9JnT0F7GrKdvv0QvtxvRuOYR4=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "6849911446e18e520970cc6b7a691e64ee90d649",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1673295039,
|
||||
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698921442,
|
||||
"narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "660180bbbeae7d60dad5a92b30858306945fd427",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"arion",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1675933616,
|
||||
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_2": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688466019,
|
||||
"narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "flake-parts",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"flake-parts_3": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"arion",
|
||||
"hercules-ci-effects",
|
||||
"hercules-ci-agent",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688466019,
|
||||
"narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"haskell-flake": {
|
||||
"locked": {
|
||||
"lastModified": 1675296942,
|
||||
"narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
|
||||
"owner": "srid",
|
||||
"repo": "haskell-flake",
|
||||
"rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "srid",
|
||||
"ref": "0.1.0",
|
||||
"repo": "haskell-flake",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"haskell-flake_2": {
|
||||
"locked": {
|
||||
"lastModified": 1684780604,
|
||||
"narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=",
|
||||
"owner": "srid",
|
||||
"repo": "haskell-flake",
|
||||
"rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "srid",
|
||||
"ref": "0.3.0",
|
||||
"repo": "haskell-flake",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"hercules-ci-agent": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_3",
|
||||
"haskell-flake": "haskell-flake_2",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688568579,
|
||||
"narHash": "sha256-ON0M56wtY/TIIGPkXDlJboAmuYwc73Hi8X9iJGtxOhM=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "hercules-ci-agent",
|
||||
"rev": "367dd8cd649b57009a6502e878005a1e54ad78c5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "hercules-ci-agent",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"hercules-ci-effects": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_2",
|
||||
"hercules-ci-agent": "hercules-ci-agent",
|
||||
"nixpkgs": [
|
||||
"arion",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689397210,
|
||||
"narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "hercules-ci-effects",
|
||||
"rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "hercules-ci-effects",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682203081,
|
||||
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1677676435,
|
||||
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"dir": "lib",
|
||||
"lastModified": 1688049487,
|
||||
"narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"dir": "lib",
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1700390070,
|
||||
"narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1688322751,
|
||||
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0fbe93c5a7cac99f90b60bdf5f149383daaa615f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1700678569,
|
||||
"narHash": "sha256-2Ki+2UvOidxEb3xB4ADqlbPQ2BZOF4uZMR094O8or2I=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8f1180704ac35baded1a74164365ac7cdfba6f38",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"arion": "arion",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"zettoitArs": "zettoitArs",
|
||||
"zettoitBin": "zettoitBin"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"zettoitArs",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"zettoitArs",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1699582387,
|
||||
"narHash": "sha256-sPmUXPDl+cEi+zFtM5lnAs7dWOdRn0ptZ4a/qHwvNDk=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "41f7b0618052430d3a050e8f937030d00a2fcced",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rust-overlay_2": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"zettoitBin",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"zettoitBin",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1699582387,
|
||||
"narHash": "sha256-sPmUXPDl+cEi+zFtM5lnAs7dWOdRn0ptZ4a/qHwvNDk=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "41f7b0618052430d3a050e8f937030d00a2fcced",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"zettoitArs": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700765650,
|
||||
"narHash": "sha256-eTc/9des4m8IywqKnuW24NvC0+HaBVhKkwBboxRZFTE=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "defa769dd297e8f4e2afc526fa2dfc1c9ccc8f8c",
|
||||
"revCount": 20,
|
||||
"type": "git",
|
||||
"url": "https://git2.zettoit.eu/zettoit/ars"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git2.zettoit.eu/zettoit/ars"
|
||||
}
|
||||
},
|
||||
"zettoitBin": {
|
||||
"inputs": {
|
||||
"crane": "crane_2",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1699628835,
|
||||
"narHash": "sha256-ox6YLqjCaaWvXC6R7UTtfVzrl0ssQYxzflT/nlmQpPg=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "04a6d296b586f62e7bc44e7e59b04973e0b1ab03",
|
||||
"revCount": 50,
|
||||
"type": "git",
|
||||
"url": "https://git2.zettoit.eu/zettoit/bin"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git2.zettoit.eu/zettoit/bin"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
|
@ -0,0 +1,69 @@
|
|||
{
|
||||
description = "obscuresecure.dev NixOS Infrastructure";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||
nixpkgs-unstable.url ="github:NixOS/nixpkgs/nixos-unstable";
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
zettoitBin = {
|
||||
url = "git+https://git2.zettoit.eu/zettoit/bin";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
zettoitArs = {
|
||||
url = "git+https://git2.zettoit.eu/zettoit/ars";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
arion = {
|
||||
url = "github:hercules-ci/arion";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
deploy-rs = {
|
||||
url = "github:serokell/deploy-rs";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, agenix, zettoitBin, zettoitArs, arion, deploy-rs }@inputs:
|
||||
let
|
||||
defaultSystem = module: nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = inputs;
|
||||
modules = [
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay ]; })
|
||||
agenix.nixosModules.default
|
||||
arion.nixosModules.arion
|
||||
module
|
||||
];
|
||||
};
|
||||
overlay = final: prev: {
|
||||
unstable = nixpkgs-unstable.legacyPackages.${prev.system};
|
||||
zettoitBin = zettoitBin.packages.${prev.system};
|
||||
zettoitArs = zettoitArs.packages.${prev.system};
|
||||
};
|
||||
|
||||
defaultDeploySystem = name: {
|
||||
"${name}" = {
|
||||
hostname = self.nixosConfigurations."${name}".config.networking.fqdn;
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."${name}";
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
"gitea" = defaultSystem(./hosts/de-dus01/gitea);
|
||||
"kanidm" = defaultSystem(./hosts/de-dus01/kanidm);
|
||||
};
|
||||
|
||||
|
||||
deploy = {
|
||||
sshOpts = [ "-J" "fw.de-dus01.zettoit.eu" ];
|
||||
nodes = defaultDeploySystem "gitea" //
|
||||
defaultDeploySystem "kanidm";
|
||||
};
|
||||
|
||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
||||
};
|
||||
}
|
|
@ -0,0 +1,95 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../../modules/common_vm.nix
|
||||
];
|
||||
|
||||
age.secrets = {
|
||||
smtpPassword = {
|
||||
file = ../../../secrets/de-dus01/gitea/smtp_password.age;
|
||||
owner = "git";
|
||||
group = "git";
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.loader.grub.useOSProber = true;
|
||||
|
||||
networking.hostName = "gitea";
|
||||
networking.firewall.allowedTCPPorts = [ 3000 ];
|
||||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
ensureDatabases = [ "gitea" ];
|
||||
ensureUsers = [{
|
||||
name = "git";
|
||||
ensurePermissions = {
|
||||
"gitea.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
user = "git";
|
||||
group = "git";
|
||||
package = pkgs.unstable.gitea;
|
||||
appName = "obscuresecure.dev git";
|
||||
lfs.enable = true;
|
||||
database = {
|
||||
type = "mysql";
|
||||
socket = "/var/run/mysqld/mysqld.sock";
|
||||
name = "gitea";
|
||||
user = "git";
|
||||
};
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "git.obscuresecure.dev";
|
||||
HTTP_ADDR = "::";
|
||||
ROOT_URL = "https://git.obscuresecure.dev/";
|
||||
DISABLE_SSH = false;
|
||||
SSH_PORT = 22;
|
||||
SSH_USER = "git";
|
||||
SSH_DOMAIN = "ssh.git.obscuresecure.dev";
|
||||
SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE = "{{.AppPath}} --config={{.CustomConf}} --work-path /tmp/gitea serv key-{{.Key.ID}}";
|
||||
};
|
||||
actions = {
|
||||
ENABLED = true;
|
||||
};
|
||||
#mailer = {
|
||||
# ENABLED = "true";
|
||||
# PROTOCOL = "smtps";
|
||||
# SMTP_ADDR = "mx1.zettoit.eu";
|
||||
# USER = "git@zettoit.eu";
|
||||
# FROM = "git@zettoit.eu";
|
||||
#};
|
||||
metrics = {
|
||||
ENABLED = "true";
|
||||
};
|
||||
};
|
||||
mailerPasswordFile = config.age.secrets.smtpPassword.path;
|
||||
};
|
||||
|
||||
users.users.git = {
|
||||
description = "Gitea Service";
|
||||
home = config.services.gitea.stateDir;
|
||||
useDefaultShell = true;
|
||||
group = "git";
|
||||
isSystemUser = true;
|
||||
uid = 992;
|
||||
};
|
||||
users.groups.git = {
|
||||
gid = 991;
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
}
|
|
@ -0,0 +1,31 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/03723df1-fb71-40d2-a983-435134d18d3e";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
|
@ -0,0 +1,102 @@
|
|||
{ config, lib, pkgs, ... }: let
|
||||
serverConfig = pkgs.writeText "server.toml" ''
|
||||
bindaddress = "[::]:8443"
|
||||
db_path = "/data/kanidm.db"
|
||||
tls_chain = "/data/chain.pem"
|
||||
tls_key = "/data/key.pem"
|
||||
domain = "idm.obscuresecure.dev"
|
||||
origin = "https://idm.obscuresecure.dev"
|
||||
trust_x_forward_for = true
|
||||
[online_backup]
|
||||
path = "/data/kanidm/backups/"
|
||||
schedule = "00 22 * * *"
|
||||
'';
|
||||
|
||||
in {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../../modules/common_vm.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.loader.grub.useOSProber = true;
|
||||
|
||||
networking.hostName = "kanidm";
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
certs = {
|
||||
"idm.obscuresecure.dev" = {
|
||||
email = "admin@zettoit.eu";
|
||||
listenHTTP = "[::1]:8080";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.traefik = {
|
||||
enable = true;
|
||||
staticConfigOptions = {
|
||||
entryPoints = {
|
||||
web.address = ":80";
|
||||
};
|
||||
};
|
||||
dynamicConfigOptions = {
|
||||
http = {
|
||||
routers = {
|
||||
acme = {
|
||||
rule = "PathPrefix(`/.well-known/acme-challenge`)";
|
||||
entryPoints = [ "web" ];
|
||||
service = "acme";
|
||||
};
|
||||
kanidm = {
|
||||
rule = "PathPrefix(`/`)";
|
||||
entryPoints = [ "web" ];
|
||||
middlewares = [ "redirect-to-https" ];
|
||||
service = "empty";
|
||||
};
|
||||
};
|
||||
middlewares.redirect-to-https.redirectScheme = {
|
||||
scheme = "https";
|
||||
permanent = true;
|
||||
};
|
||||
services = {
|
||||
empty.loadBalancer.servers = [];
|
||||
acme.loadBalancer.servers = [{
|
||||
url = "http://[::1]:8080";
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.arion = {
|
||||
backend = "docker";
|
||||
projects.kanidm.settings = {
|
||||
docker-compose.volumes = {
|
||||
kanidm = {};
|
||||
};
|
||||
services = {
|
||||
kanidm_server.service = {
|
||||
image = "kanidm/server:latest";
|
||||
volumes = [
|
||||
"${serverConfig}:/data/server.toml"
|
||||
"/var/lib/acme/idm.obscuresecure.dev/fullchain.pem:/data/chain.pem"
|
||||
"/var/lib/acme/idm.obscuresecure.dev/key.pem:/data/key.pem"
|
||||
"kanidm:/data"
|
||||
];
|
||||
ports = [ "443:8443" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
}
|
|
@ -0,0 +1,31 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/c1e9f5de-ae5d-4bc7-8f58-49bb55c159a7";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
};
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
users.users.paulz = {
|
||||
isNormalUser = true;
|
||||
description = "paulz";
|
||||
extraGroups = [ "wheel" ];
|
||||
packages = with pkgs; [];
|
||||
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3rKd/9/v8zKS7TOlGD476K85OMuPlW/wMbI6mdBiWS23DlplCV2wdfQvZNB4UHRwobMx2smkOaTfRIykdDPosaO9pvTKOQDOHGb+KeifG07YkkboekV473c1C1z66+Vui3/kqlKtbaQOePLp0uW2+9A9DInrNis1mgNbX87eKF8VHTwqwGgDfsjx16tembS7DknkzmRo3eZZCxVBruCY6ataobP/U+h5DK87Mb3gcP997ciUwhYo3jEO0IKxazHj33u7On2AAGFz2iFxxcOEtNA0wt0p22hZxDsFiX21GC9FWNqd3S4FrAd18CMtT4+qlTgeTPT+CyziSAtRxhpDf8snxp6XfgnF9g3pHS1w27oPHcBdVpyA9DyB9T0hb7m07O0CfHd5bRB40uhW3eQYAcBmqd89yqgsgC5nE6mWV1sL0TdE8Tqrjru6YGEr+njhRPeaPjhRUPHT+PEIACPBV4dyy0kIXSUlZ/P9IRIXvn8NSY06tnWqScA1Xb8QmzqpkkkWZ/e1vthcisxI45WGz/zzFfpcPvSqWjT/J3Z8JNDyOqazkjodkuFrc8H2DBDVoL5c5X6enF0bmZjaoKYJGkxLzYWx3ReAEE6VsiTxPLflI4N9eOh50oK5CIRc2ZB+d4z2y7g8EofwTCv9UNneDdlYqtj5yadVzw91Spw8nTQ==" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
{ ... }:
|
||||
{
|
||||
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./locale_german.nix
|
||||
./agenix.nix
|
||||
./nix.nix
|
||||
./access.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
domain = "de-dus01.obscuresecure.dev";
|
||||
enableIPv6 = true;
|
||||
tempAddresses = "disabled";
|
||||
firewall.enable = true;
|
||||
interfaces.ens18.ipv4.addresses = [];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
git
|
||||
];
|
||||
|
||||
services.qemuGuest.enable = true;
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
{ ... }:
|
||||
{
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "de_DE.UTF-8";
|
||||
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = "de_DE.UTF-8";
|
||||
LC_IDENTIFICATION = "de_DE.UTF-8";
|
||||
LC_MEASUREMENT = "de_DE.UTF-8";
|
||||
LC_MONETARY = "de_DE.UTF-8";
|
||||
LC_NAME = "de_DE.UTF-8";
|
||||
LC_NUMERIC = "de_DE.UTF-8";
|
||||
LC_PAPER = "de_DE.UTF-8";
|
||||
LC_TELEPHONE = "de_DE.UTF-8";
|
||||
LC_TIME = "de_DE.UTF-8";
|
||||
};
|
||||
|
||||
# Configure console keymap
|
||||
console.keyMap = "de";
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
nix = {
|
||||
package = pkgs.nix;
|
||||
settings = {
|
||||
trusted-users = [ "@wheel" ];
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
substituters = [
|
||||
"https://nix.cache.zettoit.eu"
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix.cache.zettoit.eu:Z1kmRPDMQYXCC8+jRL0eUtxPDcQQPXcdT734bS+8R8o="
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
};
|
||||
};
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 Wb9C2w PiO0unBfXeTCGbUgValc1FByGt+jxImChClgD1AhRlw
|
||||
fmsC1Z6EWolZqVp7VwXA3NlS1HWti/0evztWo3hHabw
|
||||
-> ssh-ed25519 61VxIQ zvOoc9E8ShR6XKFoYVDOcw/yR/UAO9Xla7/eTajYdlE
|
||||
XpaL60+rb5AyaHHCTOpZBJC7VwvtLn2XFyOKlpjWdWw
|
||||
-> eebzRCwy-grease
|
||||
DMrz0Nt62KtC2Kw/W4aBguZ2bUfz6Kn2i4MS63rcutL5eq9K2CHfUpUpb87OBcCT
|
||||
DXaUbKTxA3YJ256HkKxvQ5AdqXNrc7EsmoiG0P8Rjyep/GHcOmCUz3M7U+o
|
||||
--- UxiFEZMgqouAzGOTQ+ztNMsCLsg2raVFTJnlSXtt/xg
|
||||
Þ+QøD¿µkš«‘1êÊbM„Òš‡aI„Úí›ÑÆ*À‚˜ ⵡN{Œð>_0?“b”π™·ÐÆiè
|
|
@ -0,0 +1,11 @@
|
|||
let
|
||||
# users
|
||||
admins = [ paulz_paul-pc ];
|
||||
paulz_paul-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERQ8jN8J4LAVsjjIXClTGiFOv9YxBLx9LwWRkMKjD0D";
|
||||
|
||||
# hosts
|
||||
gitea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUvL3O6+G/qus05acinyfk3TX6Le+00bm9pQY1Qjby6";
|
||||
in
|
||||
{
|
||||
"de-dus01/gitea/smtp_password.age".publicKeys = admins ++ [ gitea ];
|
||||
}
|
Loading…
Reference in New Issue