kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

ditch nixinate

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-12-28 12:40:45 +01:00
parent c33cbe3817
commit 2d6294e44b
5 changed files with 92 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -14,4 +14,4 @@
> Deine Configs sind wunderschön <3 —[flxai](https://github.com/flxai/) > Deine Configs sind wunderschön <3 —[flxai](https://github.com/flxai/)
## To do ## To do
- [ ] get rid of `nixinate` 🦗

2
configs/sshd.nix
View File

@@ -8,7 +8,7 @@
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ pkgs.lib.niveum.sshPort ]; ports = [ pkgs.lib.niveum.systems.${config.networking.hostName}.sshPort ];
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
X11Forwarding = true; X11Forwarding = true;

89
flake.lock generated
View File

@@ -885,24 +885,6 @@
"type": "github" "type": "github"
} }
}, },
"nixinate_2": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1742737607,
"narHash": "sha256-rXR5zT+/ivE5JTi6m5tCvqN4obQPIT0mgmrBHkdjwEs=",
"owner": "matthewcroughan",
"repo": "nixinate",
"rev": "617b9bb5297147e35cbb24c93e2f30129f31bb9d",
"type": "github"
},
"original": {
"owner": "matthewcroughan",
"repo": "nixinate",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1693636127, "lastModified": 1693636127,
@@ -1000,22 +982,6 @@
} }
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": {
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1659446231, "lastModified": 1659446231,
"narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=", "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
@@ -1031,7 +997,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_12": { "nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1744536153, "lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@@ -1047,7 +1013,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_13": { "nixpkgs_12": {
"locked": { "locked": {
"lastModified": 1615532953, "lastModified": 1615532953,
"narHash": "sha256-SWpaGjrp/INzorEqMz3HLi6Uuk9I0KAn4YS8B4n3q5g=", "narHash": "sha256-SWpaGjrp/INzorEqMz3HLi6Uuk9I0KAn4YS8B4n3q5g=",
@@ -1122,22 +1088,6 @@
} }
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dfd82985c273aac6eced03625f454b334daae2e8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1764983851, "lastModified": 1764983851,
"narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=", "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
@@ -1153,7 +1103,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1765186076, "lastModified": 1765186076,
"narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=",
@@ -1169,7 +1119,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1744536153, "lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@@ -1185,6 +1135,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": {
"locked": {
"lastModified": 1760878510,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nmd": { "nmd": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -1251,7 +1217,7 @@
"nur_2": { "nur_2": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1765367248, "lastModified": 1765367248,
@@ -1380,8 +1346,7 @@
"menstruation-backend": "menstruation-backend_2", "menstruation-backend": "menstruation-backend_2",
"menstruation-telegram": "menstruation-telegram_2", "menstruation-telegram": "menstruation-telegram_2",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixinate": "nixinate_2", "nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nixpkgs-old": "nixpkgs-old_2", "nixpkgs-old": "nixpkgs-old_2",
"nixpkgs-unstable": "nixpkgs-unstable_2", "nixpkgs-unstable": "nixpkgs-unstable_2",
"nur": "nur_2", "nur": "nur_2",
@@ -1443,7 +1408,7 @@
}, },
"rust-overlay_2": { "rust-overlay_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1765593578, "lastModified": 1765593578,
@@ -1461,7 +1426,7 @@
}, },
"rust-overlay_3": { "rust-overlay_3": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_12" "nixpkgs": "nixpkgs_11"
}, },
"locked": { "locked": {
"lastModified": 1765593578, "lastModified": 1765593578,
@@ -1534,7 +1499,7 @@
"inputs": { "inputs": {
"buildbot-nix": "buildbot-nix", "buildbot-nix": "buildbot-nix",
"nix-writers": "nix-writers", "nix-writers": "nix-writers",
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1763891069, "lastModified": 1763891069,
@@ -1696,7 +1661,7 @@
}, },
"telebots_2": { "telebots_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_11" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1765657917, "lastModified": 1765657917,
@@ -1927,7 +1892,7 @@
"wallpaper-generator_2": { "wallpaper-generator_2": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_13" "nixpkgs": "nixpkgs_12"
}, },
"locked": { "locked": {
"lastModified": 1615819231, "lastModified": 1615819231,

94
flake.nix
View File

@@ -11,7 +11,6 @@
menstruation-backend.url = "github:kmein/menstruation.rs"; menstruation-backend.url = "github:kmein/menstruation.rs";
menstruation-telegram.url = "github:kmein/menstruation-telegram"; menstruation-telegram.url = "github:kmein/menstruation-telegram";
nix-index-database.url = "github:nix-community/nix-index-database"; nix-index-database.url = "github:nix-community/nix-index-database";
nixinate.url = "github:matthewcroughan/nixinate";
nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0"; nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
@@ -52,7 +51,6 @@
home-manager, home-manager,
agenix, agenix,
retiolum, retiolum,
nixinate,
coptic-dictionary, coptic-dictionary,
menstruation-backend, menstruation-backend,
menstruation-telegram, menstruation-telegram,
@@ -73,14 +71,13 @@
eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed; eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed;
in in
{ {
apps = { apps = let localSystem = "x86_64-linux"; in {
x86_64-linux = ${localSystem} =
let let
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.${localSystem};
lib = nixpkgs.lib; lib = nixpkgs.lib;
in in
lib.mergeAttrsList [ lib.mergeAttrsList [
(nixinate.nixinate.x86_64-linux self)
{ {
mock-secrets = { mock-secrets = {
type = "app"; type = "app";
@@ -91,50 +88,57 @@
); );
}; };
} }
# the following error prevents remote building of ful: https://github.com/NixOS/nixpkgs/issues/177873
(builtins.listToAttrs ( (builtins.listToAttrs (
map ( map (
hostname: hostname:
let let
targets = { niveumSystems = import lib/systems.nix;
ful = "root@ful"; systemAddresses =
zaatar = "root@zaatar"; system:
makanek = "root@makanek"; lib.optionals (system ? "internalIp") [ system.internalIp ]
manakish = "root@manakish"; ++ lib.optionals (system ? "externalIp") [ system.externalIp ]
tahina = "root@tahina"; ++ lib.optionals (system ? "retiolum") [
tabula = "root@tabula"; system.retiolum.ipv6
kabsa = "root@kabsa"; system.retiolum.ipv4
fatteh = "root@fatteh"; ]
kibbeh = "root@kibbeh"; ++ lib.optionals (system ? "mycelium") [ system.mycelium.ipv6 ];
}; addresses = lib.listToAttrs (
in map (name: {
lib.attrsets.nameValuePair "deploy-${hostname}" { inherit name;
type = "app"; value = systemAddresses (niveumSystems.${hostname});
program = toString ( }) (builtins.attrNames self.nixosConfigurations)
pkgs.writers.writeDash "deploy-${hostname}" '' );
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \ deployScript = pkgs.writers.writeBash "deploy-${hostname}" ''
# try to connect to any of the known addresses
targets=(
${lib.concatStringsSep " " (map (addr: "\"root@${addr}\"") addresses.${hostname})}
)
for target in "''${targets[@]}"; do
nc -z -w 2 "$(echo $target | cut -d'@' -f2)" ${
toString niveumSystems.${hostname}.sshPort
} && reachable_target=$target && break
done
if [ -z "$reachable_target" ]; then
echo "No reachable target found for ${hostname}" >&2
exit 1
fi
echo "Deploying to ${hostname} via $reachable_target"
export NIX_SSHOPTS='-p ${toString niveumSystems.${hostname}.sshPort}'
${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
--max-jobs 2 \ --max-jobs 2 \
--log-format internal-json \ --log-format internal-json \
--flake .#${hostname} \ --flake .#${hostname} \
--target-host ${targets.${hostname}} 2>&1 \ --target-host "$reachable_target" \
| ${pkgs.nix-output-monitor}/bin/nom --json ${lib.optionalString (localSystem != niveumSystems.${hostname}.system) "--build-host $reachable_target"} \
'' |& ${pkgs.nix-output-monitor}/bin/nom --json
); '';
in
lib.attrsets.nameValuePair "deploy-${hostname}" {
type = "app";
program = toString deployScript;
} }
) (builtins.attrNames self.nixosConfigurations) ) (builtins.attrNames self.nixosConfigurations)
)) ))
{
deploy-ful = {
type = "app";
program = toString (
pkgs.writers.writeDash "deploy-ful" ''
exec ${pkgs.nix}/bin/nix run .#nixinate.ful \
--log-format internal-json 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
''
);
};
}
]; ];
}; };
@@ -342,15 +346,6 @@
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
nur.modules.nixos.default nur.modules.nixos.default
{ nixpkgs.overlays = [ stockholm.overlays.default ]; } { nixpkgs.overlays = [ stockholm.overlays.default ]; }
{
_module.args.nixinate = {
host = "ful";
sshUser = "root";
buildOn = "remote";
substituteOnTarget = true;
hermetic = false;
};
}
]; ];
}; };
zaatar = nixpkgs.lib.nixosSystem rec { zaatar = nixpkgs.lib.nixosSystem rec {
@@ -517,7 +512,6 @@
q q
qrpaste qrpaste
radio-news radio-news
radioStreams
random-zeno random-zeno
rfc rfc
scanned scanned

19
lib/systems.nix
View File

@@ -1,3 +1,6 @@
let
sshPort = 22022;
in
{ {
kabsa = { kabsa = {
sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk"; sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk";
@@ -7,6 +10,8 @@
ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d"; ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d";
}; };
mycelium.ipv6 = "432:e30:d5d8:9311:e34b:6587:96ee:3fcb"; mycelium.ipv6 = "432:e30:d5d8:9311:e34b:6587:96ee:3fcb";
inherit sshPort;
system = "x86_64-linux";
}; };
manakish = { manakish = {
sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB"; sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB";
@@ -16,6 +21,8 @@
ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27"; ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27";
}; };
mycelium.ipv6 = "512:d3bd:3cd9:fcc8:ae34:81fa:385f:8c21"; mycelium.ipv6 = "512:d3bd:3cd9:fcc8:ae34:81fa:385f:8c21";
inherit sshPort;
system = "x86_64-linux";
}; };
fatteh = { fatteh = {
sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y"; sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y";
@@ -25,6 +32,8 @@
ipv4 = "10.243.2.77"; ipv4 = "10.243.2.77";
}; };
mycelium.ipv6 = "463:a0d4:daa3:aa8d:a9b1:744a:46a5:7a80"; mycelium.ipv6 = "463:a0d4:daa3:aa8d:a9b1:744a:46a5:7a80";
inherit sshPort;
system = "x86_64-linux";
}; };
kibbeh = { kibbeh = {
syncthingId = "HLQSG3D-WSKLA6S-MEYQ3EU-GDBGABE-PY53RQ6-SWQAP2I-Z5MVBVX-MYPJXAM"; syncthingId = "HLQSG3D-WSKLA6S-MEYQ3EU-GDBGABE-PY53RQ6-SWQAP2I-Z5MVBVX-MYPJXAM";
@@ -36,6 +45,8 @@
ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4"; ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4";
}; };
mycelium.ipv6 = "5bf:d60e:bebf:5163:f495:8787:880c:6d41"; mycelium.ipv6 = "5bf:d60e:bebf:5163:f495:8787:880c:6d41";
inherit sshPort;
system = "aarch64-linux";
}; };
zaatar = { zaatar = {
retiolum = { retiolum = {
@@ -43,6 +54,8 @@
ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd"; ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd";
}; };
mycelium.ipv6 = "5c5:49e0:7793:f017:59e1:1715:9e0e:3fc8"; mycelium.ipv6 = "5c5:49e0:7793:f017:59e1:1715:9e0e:3fc8";
inherit sshPort;
system = "x86_64-linux";
}; };
makanek = { makanek = {
externalIp = "88.99.83.173"; externalIp = "88.99.83.173";
@@ -51,6 +64,8 @@
ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050"; ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050";
}; };
mycelium.ipv6 = "43f:ad4f:fa67:d9f7:8a56:713c:7418:164b"; mycelium.ipv6 = "43f:ad4f:fa67:d9f7:8a56:713c:7418:164b";
inherit sshPort;
system = "x86_64-linux";
}; };
officejet = { officejet = {
internalIp = "192.168.0.251"; internalIp = "192.168.0.251";
@@ -63,11 +78,15 @@
ipv4 = "10.243.2.78"; ipv4 = "10.243.2.78";
ipv6 = ""; ipv6 = "";
}; };
inherit sshPort;
system = "x86_64-linux";
}; };
tahina = { tahina = {
retiolum = { retiolum = {
ipv4 = "10.243.2.74"; ipv4 = "10.243.2.74";
ipv6 = "42:0:3c46:2923:1c90:872:edd6:306"; ipv6 = "42:0:3c46:2923:1c90:872:edd6:306";
}; };
inherit sshPort;
system = "x86_64-linux";
}; };
} }