kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

ditch nixinate

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-12-28 12:40:45 +01:00
parent c33cbe3817
commit 2d6294e44b
5 changed files with 92 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -14,4 +14,4 @@
> Deine Configs sind wunderschön <3 —[flxai](https://github.com/flxai/)
## To do
- [ ] get rid of `nixinate`
🦗

2
configs/sshd.nix
View File

@@ -8,7 +8,7 @@
services.openssh = {
enable = true;
ports = [ pkgs.lib.niveum.sshPort ];
ports = [ pkgs.lib.niveum.systems.${config.networking.hostName}.sshPort ];
settings = {
PasswordAuthentication = false;
X11Forwarding = true;

89
flake.lock generated
View File

@@ -885,24 +885,6 @@
"type": "github"
}
},
"nixinate_2": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1742737607,
"narHash": "sha256-rXR5zT+/ivE5JTi6m5tCvqN4obQPIT0mgmrBHkdjwEs=",
"owner": "matthewcroughan",
"repo": "nixinate",
"rev": "617b9bb5297147e35cbb24c93e2f30129f31bb9d",
"type": "github"
},
"original": {
"owner": "matthewcroughan",
"repo": "nixinate",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1693636127,
@@ -1000,22 +982,6 @@
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1659446231,
"narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
@@ -1031,7 +997,7 @@
"type": "github"
}
},
"nixpkgs_12": {
"nixpkgs_11": {
"locked": {
"lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@@ -1047,7 +1013,7 @@
"type": "github"
}
},
"nixpkgs_13": {
"nixpkgs_12": {
"locked": {
"lastModified": 1615532953,
"narHash": "sha256-SWpaGjrp/INzorEqMz3HLi6Uuk9I0KAn4YS8B4n3q5g=",
@@ -1122,22 +1088,6 @@
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dfd82985c273aac6eced03625f454b334daae2e8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1764983851,
"narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
@@ -1153,7 +1103,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_7": {
"locked": {
"lastModified": 1765186076,
"narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=",
@@ -1169,7 +1119,7 @@
"type": "github"
}
},
"nixpkgs_9": {
"nixpkgs_8": {
"locked": {
"lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@@ -1185,6 +1135,22 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nmd": {
"flake": false,
"locked": {
@@ -1251,7 +1217,7 @@
"nur_2": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1765367248,
@@ -1380,8 +1346,7 @@
"menstruation-backend": "menstruation-backend_2",
"menstruation-telegram": "menstruation-telegram_2",
"nix-index-database": "nix-index-database",
"nixinate": "nixinate_2",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_6",
"nixpkgs-old": "nixpkgs-old_2",
"nixpkgs-unstable": "nixpkgs-unstable_2",
"nur": "nur_2",
@@ -1443,7 +1408,7 @@
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": "nixpkgs_9"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1765593578,
@@ -1461,7 +1426,7 @@
},
"rust-overlay_3": {
"inputs": {
"nixpkgs": "nixpkgs_12"
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1765593578,
@@ -1534,7 +1499,7 @@
"inputs": {
"buildbot-nix": "buildbot-nix",
"nix-writers": "nix-writers",
"nixpkgs": "nixpkgs_10"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1763891069,
@@ -1696,7 +1661,7 @@
},
"telebots_2": {
"inputs": {
"nixpkgs": "nixpkgs_11"
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1765657917,
@@ -1927,7 +1892,7 @@
"wallpaper-generator_2": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_13"
"nixpkgs": "nixpkgs_12"
},
"locked": {
"lastModified": 1615819231,

94
flake.nix
View File

@@ -11,7 +11,6 @@
menstruation-backend.url = "github:kmein/menstruation.rs";
menstruation-telegram.url = "github:kmein/menstruation-telegram";
nix-index-database.url = "github:nix-community/nix-index-database";
nixinate.url = "github:matthewcroughan/nixinate";
nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
@@ -52,7 +51,6 @@
home-manager,
agenix,
retiolum,
nixinate,
coptic-dictionary,
menstruation-backend,
menstruation-telegram,
@@ -73,14 +71,13 @@
eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed;
in
{
apps = {
x86_64-linux =
apps = let localSystem = "x86_64-linux"; in {
${localSystem} =
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
pkgs = nixpkgs.legacyPackages.${localSystem};
lib = nixpkgs.lib;
in
lib.mergeAttrsList [
(nixinate.nixinate.x86_64-linux self)
{
mock-secrets = {
type = "app";
@@ -91,50 +88,57 @@
);
};
}
# the following error prevents remote building of ful: https://github.com/NixOS/nixpkgs/issues/177873
(builtins.listToAttrs (
map (
hostname:
let
targets = {
ful = "root@ful";
zaatar = "root@zaatar";
makanek = "root@makanek";
manakish = "root@manakish";
tahina = "root@tahina";
tabula = "root@tabula";
kabsa = "root@kabsa";
fatteh = "root@fatteh";
kibbeh = "root@kibbeh";
};
niveumSystems = import lib/systems.nix;
systemAddresses =
system:
lib.optionals (system ? "internalIp") [ system.internalIp ]
++ lib.optionals (system ? "externalIp") [ system.externalIp ]
++ lib.optionals (system ? "retiolum") [
system.retiolum.ipv6
system.retiolum.ipv4
]
++ lib.optionals (system ? "mycelium") [ system.mycelium.ipv6 ];
addresses = lib.listToAttrs (
map (name: {
inherit name;
value = systemAddresses (niveumSystems.${hostname});
}) (builtins.attrNames self.nixosConfigurations)
);
deployScript = pkgs.writers.writeBash "deploy-${hostname}" ''
# try to connect to any of the known addresses
targets=(
${lib.concatStringsSep " " (map (addr: "\"root@${addr}\"") addresses.${hostname})}
)
for target in "''${targets[@]}"; do
nc -z -w 2 "$(echo $target | cut -d'@' -f2)" ${
toString niveumSystems.${hostname}.sshPort
} && reachable_target=$target && break
done
if [ -z "$reachable_target" ]; then
echo "No reachable target found for ${hostname}" >&2
exit 1
fi
echo "Deploying to ${hostname} via $reachable_target"
export NIX_SSHOPTS='-p ${toString niveumSystems.${hostname}.sshPort}'
${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
--max-jobs 2 \
--log-format internal-json \
--flake .#${hostname} \
--target-host "$reachable_target" \
${lib.optionalString (localSystem != niveumSystems.${hostname}.system) "--build-host $reachable_target"} \
|& ${pkgs.nix-output-monitor}/bin/nom --json
'';
in
lib.attrsets.nameValuePair "deploy-${hostname}" {
type = "app";
program = toString (
pkgs.writers.writeDash "deploy-${hostname}" ''
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
--max-jobs 2 \
--log-format internal-json \
--flake .#${hostname} \
--target-host ${targets.${hostname}} 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
''
);
program = toString deployScript;
}
) (builtins.attrNames self.nixosConfigurations)
))
{
deploy-ful = {
type = "app";
program = toString (
pkgs.writers.writeDash "deploy-ful" ''
exec ${pkgs.nix}/bin/nix run .#nixinate.ful \
--log-format internal-json 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
''
);
};
}
];
};
@@ -342,15 +346,6 @@
retiolum.nixosModules.retiolum
nur.modules.nixos.default
{ nixpkgs.overlays = [ stockholm.overlays.default ]; }
{
_module.args.nixinate = {
host = "ful";
sshUser = "root";
buildOn = "remote";
substituteOnTarget = true;
hermetic = false;
};
}
];
};
zaatar = nixpkgs.lib.nixosSystem rec {
@@ -517,7 +512,6 @@
q
qrpaste
radio-news
radioStreams
random-zeno
rfc
scanned

19
lib/systems.nix
View File

@@ -1,3 +1,6 @@
let
sshPort = 22022;
in
{
kabsa = {
sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk";
@@ -7,6 +10,8 @@
ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d";
};
mycelium.ipv6 = "432:e30:d5d8:9311:e34b:6587:96ee:3fcb";
inherit sshPort;
system = "x86_64-linux";
};
manakish = {
sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB";
@@ -16,6 +21,8 @@
ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";
};
mycelium.ipv6 = "512:d3bd:3cd9:fcc8:ae34:81fa:385f:8c21";
inherit sshPort;
system = "x86_64-linux";
};
fatteh = {
sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y";
@@ -25,6 +32,8 @@
ipv4 = "10.243.2.77";
};
mycelium.ipv6 = "463:a0d4:daa3:aa8d:a9b1:744a:46a5:7a80";
inherit sshPort;
system = "x86_64-linux";
};
kibbeh = {
syncthingId = "HLQSG3D-WSKLA6S-MEYQ3EU-GDBGABE-PY53RQ6-SWQAP2I-Z5MVBVX-MYPJXAM";
@@ -36,6 +45,8 @@
ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4";
};
mycelium.ipv6 = "5bf:d60e:bebf:5163:f495:8787:880c:6d41";
inherit sshPort;
system = "aarch64-linux";
};
zaatar = {
retiolum = {
@@ -43,6 +54,8 @@
ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd";
};
mycelium.ipv6 = "5c5:49e0:7793:f017:59e1:1715:9e0e:3fc8";
inherit sshPort;
system = "x86_64-linux";
};
makanek = {
externalIp = "88.99.83.173";
@@ -51,6 +64,8 @@
ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
};
mycelium.ipv6 = "43f:ad4f:fa67:d9f7:8a56:713c:7418:164b";
inherit sshPort;
system = "x86_64-linux";
};
officejet = {
internalIp = "192.168.0.251";
@@ -63,11 +78,15 @@
ipv4 = "10.243.2.78";
ipv6 = "";
};
inherit sshPort;
system = "x86_64-linux";
};
tahina = {
retiolum = {
ipv4 = "10.243.2.74";
ipv6 = "42:0:3c46:2923:1c90:872:edd6:306";
};
inherit sshPort;
system = "x86_64-linux";
};
}