felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2025-07-09 13:53:34 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: felixalb:1caa0cc7be80b94acd636eec387b9c46acb7fedb
Branches Tags
felixalb:main
felixalb:ooye
felixalb:grg-ip
felixalb:nom
felixalb:25.05
felixalb:add-skrott
felixalb:pvvvvv
felixalb:setup-git-mirroring-on-bicep
felixalb:new_nodes
felixalb:init-bakke
felixalb:gitea-show-license-in-list-view
felixalb:nix-topology
felixalb:gitea-robots-txt
felixalb:dagali-heimdal-openldap-sasl-stack
felixalb:gitea-navbar-get-started
felixalb:backup-databases
felixalb:openwebui
felixalb:setup-openvpn-tunnel
felixalb:gitea-gpg-signing
felixalb:sleipner-authorised-keys
felixalb:openstack-image-builder
felixalb:elysium
felixalb:smartd-notifs
felixalb:systemd-journald-remote
felixalb:skrot
felixalb:deploy-doorbell
felixalb:misc-gitea-fixes
felixalb:spotifyd
felixalb:remote
felixalb:setup-bikkje-login
felixalb:ozai-prod
felixalb:add-bluemap
felixalb:ozai
felixalb:setup-postfix-for-service-machines
felixalb:fix-gitea-ci-runner-network-issues
felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
felixalb:gitea-metrics
felixalb:misc1
felixalb:add-simple-saml-theme
felixalb:misc-extra-gitea-setup
felixalb:setup-kerberos
felixalb:setup-home-areas
felixalb:shark-kanidm
felixalb:prometheusexim
..
compare: felixalb:5e4ededab3a5336eaf6b5ce29f7a0cc650f47df7
Branches Tags
felixalb:main
felixalb:ooye
felixalb:grg-ip
felixalb:nom
felixalb:25.05
felixalb:add-skrott
felixalb:pvvvvv
felixalb:setup-git-mirroring-on-bicep
felixalb:new_nodes
felixalb:init-bakke
felixalb:gitea-show-license-in-list-view
felixalb:nix-topology
felixalb:gitea-robots-txt
felixalb:dagali-heimdal-openldap-sasl-stack
felixalb:gitea-navbar-get-started
felixalb:backup-databases
felixalb:openwebui
felixalb:setup-openvpn-tunnel
felixalb:gitea-gpg-signing
felixalb:sleipner-authorised-keys
felixalb:openstack-image-builder
felixalb:elysium
felixalb:smartd-notifs
felixalb:systemd-journald-remote
felixalb:skrot
felixalb:deploy-doorbell
felixalb:misc-gitea-fixes
felixalb:spotifyd
felixalb:remote
felixalb:setup-bikkje-login
felixalb:ozai-prod
felixalb:add-bluemap
felixalb:ozai
felixalb:setup-postfix-for-service-machines
felixalb:fix-gitea-ci-runner-network-issues
felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
felixalb:gitea-metrics
felixalb:misc1
felixalb:add-simple-saml-theme
felixalb:misc-extra-gitea-setup
felixalb:setup-kerberos
felixalb:setup-home-areas
felixalb:shark-kanidm
felixalb:prometheusexim

No commits in common. "1caa0cc7be80b94acd636eec387b9c46acb7fedb" and "5e4ededab3a5336eaf6b5ce29f7a0cc650f47df7" have entirely different histories.
1caa0cc7be ... 5e4ededab3

6 changed files with 41 additions and 92 deletions
Show Stats Expand all files Collapse all files

2
base/default.nix
View File

@ -7,7 +7,6 @@
./networking.nix ./networking.nix
./nix.nix ./nix.nix
./vm.nix
./services/acme.nix ./services/acme.nix
./services/uptimed.nix ./services/uptimed.nix
@ -78,3 +77,4 @@
# Trusted users on the nix builder machines # Trusted users on the nix builder machines
users.groups."nix-builder-users".name = "nix-builder-users"; users.groups."nix-builder-users".name = "nix-builder-users";
} }

21
base/services/auto-upgrade.nix
View File

@ -1,27 +1,16 @@
{ inputs, pkgs, lib, ... }: { inputs, pkgs, lib, ... }:
let
inputUrls = lib.mapAttrs (input: value: value.url) (import "${inputs.self}/flake.nix").inputs;
in
{ {
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git"; flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
flags = [ flags = [
"--refresh"
"--no-write-lock-file"
# --update-input is deprecated since nix 2.22, and removed in lix 2.90 # --update-input is deprecated since nix 2.22, and removed in lix 2.90
# as such we instead use --override-input combined with --refresh
# https://git.lix.systems/lix-project/lix/issues/400 # https://git.lix.systems/lix-project/lix/issues/400
] ++ (lib.pipe inputUrls [ "--refresh"
(lib.intersectAttrs { "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-24.11-small"
nixpkgs = { }; "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small"
nixpkgs-unstable = { }; "--no-write-lock-file"
}) ];
(lib.mapAttrsToList (input: url: ["--override-input" input url]))
lib.concatLists
]);
}; };
# workaround for https://github.com/NixOS/nix/issues/6895 # workaround for https://github.com/NixOS/nix/issues/6895

15
base/vm.nix
View File

@ -1,15 +0,0 @@
{ lib, ... }:
# This enables
# lib.mkIf (!config.virtualisation.isVmVariant) { ... }
{
options.virtualisation.isVmVariant = lib.mkOption {
description = "`true` if system is build with 'nixos-rebuild build-vm'";
type = lib.types.bool;
default = false;
};
config.virtualisation.vmVariant = {
virtualisation.isVmVariant = true;
};
}

34
flake.lock generated
View File

@ -139,28 +139,34 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748615477, "lastModified": 1745526780,
"narHash": "sha256-8sjG4sNIonQPK2olCGvq3/j1qtjwPaTOFU5nkz1gj2Q=", "narHash": "sha256-LXXYBmFPMQU2lTb6alKWfjgQs08BKn+txMNcgbu00hI=",
"rev": "97d3ce1ceb663a24184aac92b7e9e8f5452111c1", "owner": "NixOS",
"type": "tarball", "repo": "nixpkgs",
"url": "https://releases.nixos.org/nixos/24.11-small/nixos-24.11.718472.97d3ce1ceb66/nixexprs.tar.xz?rev=97d3ce1ceb663a24184aac92b7e9e8f5452111c1" "rev": "9204750b34cae1a8347ab4b5588115edfeebc6d7",
"type": "github"
}, },
"original": { "original": {
"type": "tarball", "owner": "NixOS",
"url": "https://nixos.org/channels/nixos-24.11-small/nixexprs.tar.xz" "ref": "nixos-24.11-small",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1748588304, "lastModified": 1745688173,
"narHash": "sha256-YCnUqO9k39p0oMIBndxYTbu8m0fOA/KVcq3IekXPy9c=", "narHash": "sha256-fgvG1O5JvSSjeQx+ea0DJ3GfMbLPVhAQta/DqQ2y6jc=",
"rev": "b8af95f4cf511c5f056b463c3a45d2b63c7cfb03", "owner": "NixOS",
"type": "tarball", "repo": "nixpkgs",
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre807945.b8af95f4cf51/nixexprs.tar.xz?rev=b8af95f4cf511c5f056b463c3a45d2b63c7cfb03" "rev": "6a2957c7978b189202e03721aab901c0a9dc1e1a",
"type": "github"
}, },
"original": { "original": {
"type": "tarball", "owner": "NixOS",
"url": "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz" "ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"pvv-calendar-bot": { "pvv-calendar-bot": {

4
flake.nix
View File

@ -2,8 +2,8 @@
description = "PVV System flake"; description = "PVV System flake";
inputs = { inputs = {
nixpkgs.url = "https://nixos.org/channels/nixos-24.11-small/nixexprs.tar.xz"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; # remember to also update the url in base/services/auto-upgrade.nix
nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";

57
justfile
View File

@ -1,56 +1,25 @@
set positional-arguments # makes variables accesible as $1 $2 $@
export GUM_FILTER_HEIGHT := "15" export GUM_FILTER_HEIGHT := "15"
nom := `if [[ -t 1 ]] && command -v nom >/dev/null; then echo nom; else echo nix; fi` nom := `if command -v nom >/dev/null; then echo nom; else echo nix; fi`
nix_eval_opts := "--log-format raw --option warn-dirty false"
@_default: @_default:
just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))" just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))"
check *_: check:
nix flake check --keep-going "$@" nix flake check --keep-going
build-machine machine=`just _a_machine` *_: build-machine machine=`just _a_machine`:
{{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel "${@:2}" {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel
run-vm machine=`just _a_machine` *_: run-vm machine=`just _a_machine`:
nixos-rebuild build-vm --flake .#{{ machine }} "${@:2}" nixos-rebuild build-vm --flake .#{{ machine }}
QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::8081-:443,hostfwd=tcp::2222-:22" ./result/bin/run-*-vm QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::8081-:443,hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
@update-inputs *_: @update-inputs:
@git reset flake.lock nix eval .#inputs --apply builtins.attrNames --json \
@git restore flake.lock | jq '.[]' -r \
nix eval {{nix_eval_opts}} --file flake.nix --apply 'x: builtins.attrNames x.inputs' --json \ | gum choose --no-limit --height=15 \
| { printf "%s\n" --commit-lock-file; jq '.[]' -r | grep -vxF "self" ||:; } \ | xargs -L 1 nix flake lock --update-input
| gum choose --no-limit --header "Choose extra arguments:" \
| tee >(xargs -d'\n' echo + nix flake update "$@" >&2) \
| xargs -d'\n' nix flake update "$@"
@repl $machine=`just _a_machine` *_:
set -v; nixos-rebuild --flake .#"$machine" repl "${@:2}"
@eval $machine=`just _a_machine` $attrpath="system.build.toplevel.outPath" *_:
set -v; nix eval {{nix_eval_opts}} ".#nixosConfigurations.\"$machine\".config.$attrpath" --show-trace "${@:3}"
@eval-vm $machine=`just _a_machine` $attrpath="system.build.toplevel.outPath" *_:
just eval "$machine" "virtualisation.vmVariant.$attrpath" "${@:3}"
# helpers
[no-exit-message]
_a_machine: _a_machine:
#!/usr/bin/env -S sh -euo pipefail nix eval .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r | gum filter
machines="$(
nix eval {{nix_eval_opts}} .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r
)"
[ -n "$machines" ] || { echo >&2 "ERROR: no machines found"; false; }
if [ -s .direnv/vars/last-machine.txt ]; then
machines="$(
grep <<<"$machines" -xF "$(cat .direnv/vars/last-machine.txt)" ||:
grep <<<"$machines" -xFv "$(cat .direnv/vars/last-machine.txt)" ||:
)"
fi
choice="$(gum filter <<<"$machines")"
mkdir -p .direnv/vars
cat <<<"$choice" >.direnv/vars/last-machine.txt
cat <<<"$choice"