From f16adeeabca1fbcca7b55f2ad7657478b75dd4e8 Mon Sep 17 00:00:00 2001 From: diamondburned Date: Fri, 8 Mar 2024 03:31:52 -0800 Subject: [PATCH 1/3] WIP --- flake.lock | 189 ++++++++++++++++++++++++++++ flake.nix | 98 +++++++++++++++ nix/packaging/poetry.nix | 8 +- nix/pkgutil.nix | 2 + packages/crying-counter/default.nix | 6 +- 5 files changed, 292 insertions(+), 11 deletions(-) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..6e37fd1 --- /dev/null +++ b/flake.lock @@ -0,0 +1,189 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gomod2nix": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705314449, + "narHash": "sha256-yfQQ67dLejP0FLK76LKHbkzcQqNIrux6MFe32MMFGNQ=", + "owner": "nix-community", + "repo": "gomod2nix", + "rev": "30e3c3a9ec4ac8453282ca7f67fca9e1da12c3e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "gomod2nix", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703863825, + "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-npm-buildpackage": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1686315622, + "narHash": "sha256-ccqZqY6wUFot0ewyNKQUrMR6IEliGza+pjKoSVMXIeM=", + "owner": "serokell", + "repo": "nix-npm-buildpackage", + "rev": "991a792bccd611842f6bc1aa99fe80380ad68d44", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "nix-npm-buildpackage", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1701263465, + "narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "50aa30a13c4ab5e7ba282da460a3e3d44e9d0eb3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "50aa30a13c4ab5e7ba282da460a3e3d44e9d0eb3", + "repo": "nixpkgs", + "type": "github" + } + }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1708589824, + "narHash": "sha256-2GOiFTkvs5MtVF65sC78KNVxQSmsxtk0WmV1wJ9V2ck=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "3c92540611f42d3fb2d0d084a6c694cd6544b609", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "gomod2nix": "gomod2nix", + "nix-npm-buildpackage": "nix-npm-buildpackage", + "nixpkgs": "nixpkgs", + "poetry2nix": "poetry2nix" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1708335038, + "narHash": "sha256-ETLZNFBVCabo7lJrpjD6cAbnE11eDOjaQnznmg/6hAE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "e504621290a1fd896631ddbc5e9c16f4366c9f65", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..2c3e38e --- /dev/null +++ b/flake.nix @@ -0,0 +1,98 @@ +{ + description = "Flake for acm-aws"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=50aa30a13c4ab5e7ba282da460a3e3d44e9d0eb3"; + + flake-utils.url = "github:numtide/flake-utils"; + + gomod2nix.url = "github:nix-community/gomod2nix"; + gomod2nix.inputs.nixpkgs.follows = "nixpkgs"; + gomod2nix.inputs.flake-utils.follows = "flake-utils"; + + poetry2nix.url = "github:nix-community/poetry2nix"; + poetry2nix.inputs.nixpkgs.follows = "nixpkgs"; + poetry2nix.inputs.flake-utils.follows = "flake-utils"; + + nix-npm-buildpackage.url = "github:serokell/nix-npm-buildpackage"; + nix-npm-buildpackage.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { + self, + nixpkgs, + flake-utils, + gomod2nix, + poetry2nix, + nix-npm-buildpackage, + }@inputs: + + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + overlays = self.overlays.${system}; + in + { + overlays = { + # Overlay for the build tools that our packages use. + buildTools = final: prev: { + # + # Build tools + # + inherit (gomod2nix.legacyPackages.${system}) + mkGoEnv buildGoApplication; + inherit (poetry2nix.lib.mkPoetry2Nix { pkgs = prev; }) + mkPoetryApplication; + inherit (nix-npm-buildpackage.legacyPackages.${system}) + buildNpmPackage + buildYarnPackage; + buildDenoPackage = final.callPackage ./nix/packaging/deno.nix { }; + buildJavaPackage = final.callPackage ./nix/packaging/java.nix { }; + buildGradlePackage = final.callPackage ./nix/packaging/gradle.nix { }; + buildPoetryPackage = final.callPackage ./nix/packaging/poetry.nix { }; + + # + # Miscellanous tools + # + nix-update = final.callPackage ./nix/nix-update.nix { }; + + # + # Miscellanous utility derivations + # + pkgutil = final.callPackage ./nix/pkgutil.nix { }; + sources = import ./nix/sources.nix { + inherit system; + pkgs = prev; + }; + }; + # Overlay adding our own packages. + default = final: prev: self.packages.${system}; + }; + + packages = import ./packages { + pkgs = nixpkgs.legacyPackages.${system}.extend (overlays.buildTools); + }; + + nixosConfigurations = { + cirno = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ({ ... }: { nixpkgs.overlays = [ overlays.default ]; }) + ./servers/base.nix + ./servers/cirno/configuration.nix + ]; + specialArgs = inputs // { inherit self; }; + }; + cs306 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ({ ... }: { nixpkgs.overlays = [ overlays.default ]; }) + ./servers/base.nix + ./servers/cs306/configuration.nix + ]; + specialArgs = inputs // { inherit self; }; + }; + }; + } + ); +} diff --git a/nix/packaging/poetry.nix b/nix/packaging/poetry.nix index 04512fc..5ba6a32 100644 --- a/nix/packaging/poetry.nix +++ b/nix/packaging/poetry.nix @@ -1,8 +1,4 @@ -{ poetry2nix, writeShellScriptBin, python3 }: - -let - pkgutil = import ; -in +{ pkgutil, mkPoetryApplication, writeShellScriptBin, python3 }: { name ? "${pname}-${version}", @@ -16,7 +12,7 @@ in }: let - poetryApplication = (poetry2nix.mkPoetryApplication { + poetryApplication = (mkPoetryApplication { inherit src python; pyproject = "${src}/pyproject.toml"; poetrylock = "${src}/poetry.lock"; diff --git a/nix/pkgutil.nix b/nix/pkgutil.nix index 2d631ca..e3ca88b 100644 --- a/nix/pkgutil.nix +++ b/nix/pkgutil.nix @@ -1,3 +1,5 @@ +{ pkgs }: + { version = src: if (src ? version && src.version != "") diff --git a/packages/crying-counter/default.nix b/packages/crying-counter/default.nix index aa99e1d..751f523 100644 --- a/packages/crying-counter/default.nix +++ b/packages/crying-counter/default.nix @@ -1,8 +1,4 @@ -{ buildPoetryPackage, git, runCommandLocal }: - -let - sources = import ; -in +{ buildPoetryPackage, git, runCommandLocal, sources }: buildPoetryPackage { pname = "crying-counter"; From 61db07ca4dfa0d03a0a3850cbbc01620a426a57d Mon Sep 17 00:00:00 2001 From: diamondburned Date: Wed, 17 Apr 2024 04:52:32 -0700 Subject: [PATCH 2/3] wip --- flake.nix | 20 ++------------------ packages/imports.nix | 8 ++------ servers/base.nix | 17 ++++++++++------- servers/cirno/configuration.nix | 4 ++-- servers/cirno/default.nix | 9 ++++----- servers/cirno/main.tf | 5 +++-- servers/cs306/configuration.nix | 11 +++-------- servers/cs306/default.nix | 9 ++++----- servers/cs306/main.tf | 5 +++-- 9 files changed, 33 insertions(+), 55 deletions(-) diff --git a/flake.nix b/flake.nix index 2c3e38e..273942e 100644 --- a/flake.nix +++ b/flake.nix @@ -74,24 +74,8 @@ }; nixosConfigurations = { - cirno = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ({ ... }: { nixpkgs.overlays = [ overlays.default ]; }) - ./servers/base.nix - ./servers/cirno/configuration.nix - ]; - specialArgs = inputs // { inherit self; }; - }; - cs306 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ({ ... }: { nixpkgs.overlays = [ overlays.default ]; }) - ./servers/base.nix - ./servers/cs306/configuration.nix - ]; - specialArgs = inputs // { inherit self; }; - }; + cirno = import ./servers/cirno inputs; + cs306 = import ./servers/cs306 inputs; }; } ); diff --git a/packages/imports.nix b/packages/imports.nix index 35e9988..39d46db 100644 --- a/packages/imports.nix +++ b/packages/imports.nix @@ -1,14 +1,10 @@ -{ config, pkgs, lib, ... }: +{ ... }: -let sources = import { }; - -in { +{ imports = [ ./caddy/caddy.nix ./sysmet/sysmet.nix ./dischord/service.nix ./christmasd/service.nix ]; - - nixpkgs.overlays = import ; } diff --git a/servers/base.nix b/servers/base.nix index ce8b1d7..4437d6b 100644 --- a/servers/base.nix +++ b/servers/base.nix @@ -1,11 +1,9 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, self, ... }: -let sources = import ../nix/sources.nix; - -in { +{ imports = [ - - + (self + "/packages/imports.nix") + (self + "/nix/modules") ]; services.journald = { @@ -41,5 +39,10 @@ in { ]; # Deploy ./static to all servers. - deployment.staticPaths = [ ../static ]; + deployment.staticPaths = [ (self + "/static") ]; + + # Add the flake's overlays to the system. + nixpkgs.overlays = [ + self.overlays.${pkgs.system}.default + ]; } diff --git a/servers/cirno/configuration.nix b/servers/cirno/configuration.nix index 49eabb3..5951233 100644 --- a/servers/cirno/configuration.nix +++ b/servers/cirno/configuration.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, self, ... }: { imports = [ (modulesPath + "/virtualisation/amazon-image.nix") - + (self + "/servers/base.nix") ./services.nix ./telemetry.nix ]; diff --git a/servers/cirno/default.nix b/servers/cirno/default.nix index 6d0be5f..922347f 100644 --- a/servers/cirno/default.nix +++ b/servers/cirno/default.nix @@ -1,8 +1,7 @@ -let - sources = import ; -in +{ nixpkgs, ... }@inputs: -import "${sources.nixpkgs}/nixos" { +nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - configuration = import ./configuration.nix; + modules = [ ./servers/cirno/configuration.nix ]; + specialArgs = inputs; } diff --git a/servers/cirno/main.tf b/servers/cirno/main.tf index f5f7122..b34601d 100644 --- a/servers/cirno/main.tf +++ b/servers/cirno/main.tf @@ -71,8 +71,9 @@ resource "aws_instance" "cirno" { } module "deployment" { - source = "git::https://github.com/diamondburned/terraform-nixos.git//deploy_nixos?ref=9d26ace355b2ed7d64a253b11ab12395a1395030" - nixos_config = "${path.module}" + source = "github.com/tweag/terraform-nixos//deploy_nixos?ref=646cacb12439ca477c05315a7bfd49e9832bc4e3" + nixos_config = "cirno" + flake = true target_host = var.host != null ? var.host : aws_instance.cirno.public_ip ssh_private_key_file = var.ssh_private_key_file ssh_agent = false diff --git a/servers/cs306/configuration.nix b/servers/cs306/configuration.nix index ee1ccb0..a1ea3b2 100644 --- a/servers/cs306/configuration.nix +++ b/servers/cs306/configuration.nix @@ -1,13 +1,8 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, self, ... }: { - imports = [ # Include the results of the hardware scan. - - # + imports = [ + (self + "/servers/base.nix") ./hardware-configuration.nix ./services.nix ./recovery.nix diff --git a/servers/cs306/default.nix b/servers/cs306/default.nix index 6d0be5f..fd9ddd9 100644 --- a/servers/cs306/default.nix +++ b/servers/cs306/default.nix @@ -1,8 +1,7 @@ -let - sources = import ; -in +{ nixpkgs, ... }@inputs: -import "${sources.nixpkgs}/nixos" { +nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - configuration = import ./configuration.nix; + modules = [ ./servers/cs306/configuration.nix ]; + specialArgs = inputs; } diff --git a/servers/cs306/main.tf b/servers/cs306/main.tf index 0b61a70..0559848 100644 --- a/servers/cs306/main.tf +++ b/servers/cs306/main.tf @@ -9,8 +9,9 @@ variable "host" { } module "deployment" { - source = "git::https://github.com/diamondburned/terraform-nixos.git//deploy_nixos?ref=9d26ace355b2ed7d64a253b11ab12395a1395030" - nixos_config = "${path.module}" + source = "github.com/tweag/terraform-nixos//deploy_nixos?ref=646cacb12439ca477c05315a7bfd49e9832bc4e3" + nixos_config = "cs306" + flake = true target_host = "${var.host}" ssh_private_key_file = var.ssh_private_key_file ssh_agent = false From 0fa065f886d39093c52eec2481ea367478aa27b7 Mon Sep 17 00:00:00 2001 From: diamondburned Date: Wed, 17 Apr 2024 05:14:58 -0700 Subject: [PATCH 3/3] wip --- default.nix | 28 ------------ flake.nix | 81 +++++++++++++++++++++++++++++++-- nix/sources.json | 13 ------ servers/cirno/default.nix | 7 --- servers/cirno/services.nix | 10 ++-- servers/cirno/telemetry.nix | 4 +- servers/cs306/caddy/default.nix | 4 +- servers/cs306/default.nix | 7 --- servers/cs306/services.nix | 24 ++++------ servers/cs306/telemetry.nix | 4 +- shell.nix | 32 ------------- 11 files changed, 96 insertions(+), 118 deletions(-) delete mode 100644 default.nix delete mode 100644 servers/cirno/default.nix delete mode 100644 servers/cs306/default.nix delete mode 100644 shell.nix diff --git a/default.nix b/default.nix deleted file mode 100644 index 721a7ac..0000000 --- a/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - nixpkgs ? (import ./nix/sources.nix).nixpkgs, - system ? builtins.currentSystem, -}: - -# TODO: migrate this to a Flake. The outputs are basically the same! - -let - pkgs = import nixpkgs { - system = system; - config.allowUnfree = true; - }; -in - -rec { - packages = import ./packages { - inherit pkgs; - }; - - nixosConfigurations = - with pkgs.lib; - with builtins; - let - serverDirs = filterAttrs (name: v: v == "directory") (readDir ./servers); - servers = mapAttrs (name: _: import (./servers + "/${name}")) serverDirs; - in - servers; -} diff --git a/flake.nix b/flake.nix index 273942e..114a5ba 100644 --- a/flake.nix +++ b/flake.nix @@ -29,10 +29,48 @@ flake-utils.lib.eachDefaultSystem (system: let - pkgs = nixpkgs.legacyPackages.${system}; overlays = self.overlays.${system}; in { + devShells = let + pkgs = import nixpkgs { + inherit system; + overlays = [ + overlays.buildTools + ]; + config = { + # Allow unfree packages for Terraform. + allowUnfree = true; + }; + }; + in + { + default = pkgs.mkShell { + name = "acm-aws-shell"; + + packages = with pkgs; [ + terraform + awscli2 + nix-update + jq + niv + git + git-crypt + openssl + yamllint + expect + shellcheck + ] ++ [ + # Fix Nix Flake's weird scoping issue. + pkgs.gomod2nix + ]; + + # Enforce purity by unsetting NIX_PATH. + # This messes up any code that uses Nix channels. + NIX_PATH = ""; + }; + }; + overlays = { # Overlay for the build tools that our packages use. buildTools = final: prev: { @@ -40,12 +78,15 @@ # Build tools # inherit (gomod2nix.legacyPackages.${system}) - mkGoEnv buildGoApplication; + mkGoEnv buildGoApplication gomod2nix; + inherit (poetry2nix.lib.mkPoetry2Nix { pkgs = prev; }) mkPoetryApplication; + inherit (nix-npm-buildpackage.legacyPackages.${system}) buildNpmPackage buildYarnPackage; + buildDenoPackage = final.callPackage ./nix/packaging/deno.nix { }; buildJavaPackage = final.callPackage ./nix/packaging/java.nix { }; buildGradlePackage = final.callPackage ./nix/packaging/gradle.nix { }; @@ -74,8 +115,40 @@ }; nixosConfigurations = { - cirno = import ./servers/cirno inputs; - cs306 = import ./servers/cs306 inputs; + cirno = self.lib.nixosSystem { + system = "x86_64-linux"; + configuration = ./servers/cirno/configuration.nix; + }; + cs306 = self.lib.nixosSystem { + system = "x86_64-linux"; + configuration = ./servers/cs306/configuration.nix; + }; + }; + + lib = { + # All nixosConfigurations should have this in their specialArgs. + nixosArgs = { system }: inputs // { + # Import Niv sources directly into the arguments for convenience. + sources = import ./nix/sources.nix { + inherit system; + pkgs = nixpkgs.legacyPackages.${system}; + }; + # TODO: migrate away from Nix store-based secrets. + # See https://github.com/acmcsufoss/acm-aws/issues/34. + secretsPath = secret: self + "/secrets/" + secret; + }; + + mkNixosSystem = { system, configurationFile }: + nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + ./servers/base.nix + configurationFile + ]; + specialArgs = self.lib.nixosArgs { + inherit system; + }; + }; }; } ); diff --git a/nix/sources.json b/nix/sources.json index 1671022..5c540ca 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -157,19 +157,6 @@ "url": "https://github.com/serokell/nix-npm-buildpackage/archive/200e47aabd2b55993561c47e8390c89bdeb18b8a.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, - "nixpkgs": { - "branch": "nixos-23.11", - "description": "Nix Packages collection", - "homepage": "", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b94a96839afcc56de3551aa7472b8d9a3e77e05d", - "sha256": "1j5vs24bgy2arl342lrh3znc1pdz68kcjp2rpgy3sccpd9sibqqn", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/b94a96839afcc56de3551aa7472b8d9a3e77e05d.tar.gz", - "url_template": "https://github.com///archive/.tar.gz", - "version": "nixos-unstable" - }, "nixpkgs_newer": { "branch": "nixpkgs-unstable", "description": "Nix Packages collection", diff --git a/servers/cirno/default.nix b/servers/cirno/default.nix deleted file mode 100644 index 922347f..0000000 --- a/servers/cirno/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ nixpkgs, ... }@inputs: - -nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ ./servers/cirno/configuration.nix ]; - specialArgs = inputs; -} diff --git a/servers/cirno/services.nix b/servers/cirno/services.nix index 9671aab..2d6df88 100644 --- a/servers/cirno/services.nix +++ b/servers/cirno/services.nix @@ -1,14 +1,10 @@ -{ config, lib, pkgs, ... }: - -let - sources = import ; -in +{ config, lib, pkgs, self, ... }: { services.diamondburned.caddy = { enable = true; configFile = ./Caddyfile; - environment = import ; + environment = import (self + "/secrets/caddy-env.nix"); }; systemd.services.acmregister = { @@ -16,7 +12,7 @@ in description = "ACM member registration Discord bot"; after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - environment = import ./secrets/acmregister-env.nix; + environment = import (self + "/secrets/acmregister-env.nix"); serviceConfig = { Type = "simple"; ExecStart = "${pkgs.acmregister}/bin/acmregister"; diff --git a/servers/cirno/telemetry.nix b/servers/cirno/telemetry.nix index 5e4a104..83e7013 100644 --- a/servers/cirno/telemetry.nix +++ b/servers/cirno/telemetry.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, self, ... }: { # Enable netdata, which is a lightweight alternative to Grafana. @@ -21,7 +21,7 @@ "stream.conf" = pkgs.writeText "stream.conf" '' [stream] enabled = yes - api key = ${builtins.readFile } + api key = ${builtins.readFile (self + "/secrets/netdata-key")} destination = cs306:19999 ''; }; diff --git a/servers/cs306/caddy/default.nix b/servers/cs306/caddy/default.nix index 4653d8c..5c71f06 100644 --- a/servers/cs306/caddy/default.nix +++ b/servers/cs306/caddy/default.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, secretsPath, ... }: let - environment = import ; + environment = import (secretsPath "caddy-env.nix"); preprocessedCaddyfile = pkgs.runCommandLocal "Caddyfile-preprocessed" {} '' cp ${./Caddyfile} $out diff --git a/servers/cs306/default.nix b/servers/cs306/default.nix deleted file mode 100644 index fd9ddd9..0000000 --- a/servers/cs306/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ nixpkgs, ... }@inputs: - -nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ ./servers/cs306/configuration.nix ]; - specialArgs = inputs; -} diff --git a/servers/cs306/services.nix b/servers/cs306/services.nix index 4183060..2d3562d 100644 --- a/servers/cs306/services.nix +++ b/servers/cs306/services.nix @@ -1,8 +1,4 @@ -{ config, lib, pkgs, ... }: - -let - sources = import ; -in +{ config, lib, pkgs, self, sources, ... }: { services.managed.enable = true; @@ -10,18 +6,18 @@ in services.managed.services = with lib; { triggers = { command = getExe pkgs.triggers; - environment = import ; + environment = import (self + "/secrets/triggers-env.nix"); }; pomo = { command = getExe pkgs.pomo; - environment = import ; + environment = import (self + "/secrets/pomo.nix"); serviceConfig.StartLimitInterval = "0"; # Permit unlimited restarts. }; acm-nixie = { command = getExe pkgs.acm-nixie; - environment = import ; + environment = import (self + "/secrets/acm-nixie-env.nix"); }; crying-counter = { @@ -40,14 +36,14 @@ in ${getExe pkgs.crying-counter} ''; - environment = import ; + environment = import (self + "/secrets/crying-counter-env.nix"); }; discord-conversation-summary-bot = { command = getExe pkgs.discord_conversation_summary_bot; workingDirectory = pkgs.writeTextDir "config.json" - (builtins.readFile ); + (builtins.readFile (self + "/secrets/discord_conversation_summary_bot.json")); }; discord-ical-srv = { @@ -55,7 +51,7 @@ in (getExe pkgs.discord-ical-srv) "-l" "unix:///run/discord-ical-srv/http.sock" ]; - environment = import ; + environment = import (self + "/secrets/discord-ical-srv-env.nix"); }; discord-ical-reminder = { @@ -64,7 +60,7 @@ in "-c" "${pkgs.writeText "discord-ical-reminder.json" - (builtins.toJSON (import ))}" + (builtins.toJSON (import (self + "/secrets/ical-reminders.nix")))}" ]; }; @@ -107,7 +103,7 @@ in systemd.services.sendlimiter = let extraArgs = []; - secrets = import ; + secrets = import (self + "/secrets/sendlimiter.nix"); args = lib.concatStringsSep " " (map lib.escapeShellArg (extraArgs ++ secrets.channelIDs)); @@ -129,6 +125,6 @@ in services.dischord = { enable = true; - config = builtins.readFile ; + config = builtins.readFile (self + "/secrets/dischord-config.toml"); }; } diff --git a/servers/cs306/telemetry.nix b/servers/cs306/telemetry.nix index 83df163..2b580bf 100644 --- a/servers/cs306/telemetry.nix +++ b/servers/cs306/telemetry.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, self, secretsPath, ... }: let tailnet = builtins.getEnv "TAILNET_NAME"; @@ -39,7 +39,7 @@ assert lib.assertMsg enabled = yes enable compression = yes - [${builtins.readFile }] + [${builtins.readFile (secretsPath "netdata-key")}] enabled = yes allow from = 100.* default memory mode = dbengine diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 6b91fa3..0000000 --- a/shell.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs ? import ./nix/nixpkgs.nix }: - -let - pkgssrc = (import ./nix/sources.nix).nixpkgs; -in - -pkgs.mkShell { - name = "acm-aws-shell"; - buildInputs = with pkgs; [ - terraform - awscli2 - # rnix-lsp - nix-update - jq - niv - git - git-crypt - openssl - yamllint - gomod2nix - expect - shellcheck - ]; - - shellHook = '' - set -o allexport - source .env - set +o allexport - - export NIX_PATH="$NIX_PATH:nixpkgs=${pkgssrc}:acm-aws=${builtins.toString ./.}"; - ''; -}