Begin Dendritic rewrite
This commit is contained in:
@@ -1,115 +1,112 @@
|
||||
{ config, lib, pkgs, nixpkgs, ... }: {
|
||||
{ ... }: {
|
||||
|
||||
imports = let
|
||||
dir = builtins.readDir ./.;
|
||||
in builtins.map (x: ./${x}) (builtins.filter
|
||||
(file: (dir.${file} == "directory"))
|
||||
(builtins.attrNames dir)
|
||||
);
|
||||
flake.nixosModules.default = { config, lib, pkgs, nixpkgs, ... }: {
|
||||
|
||||
options.sysconfig = with lib; {
|
||||
host = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
};
|
||||
graphical = mkOption {
|
||||
type = with types; bool;
|
||||
default = config.hardware.graphics.enable;
|
||||
};
|
||||
remoteBuildHost = mkOption {
|
||||
type = with types; bool;
|
||||
default = false;
|
||||
};
|
||||
remoteBuildClient = mkOption {
|
||||
type = with types; bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
networking.hostName = lib.mkDefault config.sysconfig.host;
|
||||
|
||||
nix = {
|
||||
nixPath = [ "nixpkgs=${nixpkgs}" ];
|
||||
channel.enable = false;
|
||||
settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
|
||||
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
|
||||
|
||||
substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
|
||||
trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
|
||||
trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
|
||||
options.sysconfig = with lib; {
|
||||
host = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
};
|
||||
graphical = mkOption {
|
||||
type = with types; bool;
|
||||
default = config.hardware.graphics.enable;
|
||||
};
|
||||
remoteBuildHost = mkOption {
|
||||
type = with types; bool;
|
||||
default = false;
|
||||
};
|
||||
remoteBuildClient = mkOption {
|
||||
type = with types; bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
|
||||
distributedBuilds = config.sysconfig.remoteBuildClient;
|
||||
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
|
||||
config = {
|
||||
|
||||
networking.hostName = lib.mkDefault config.sysconfig.host;
|
||||
|
||||
nix = {
|
||||
nixPath = [ "nixpkgs=${nixpkgs}" ];
|
||||
channel.enable = false;
|
||||
settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
|
||||
trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
|
||||
|
||||
substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
|
||||
trusted-substituters = lib.mkIf config.sysconfig.programs.hyprland.enable ["https://hyprland.cachix.org"];
|
||||
trusted-public-keys = lib.mkIf config.sysconfig.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
|
||||
};
|
||||
|
||||
distributedBuilds = config.sysconfig.remoteBuildClient;
|
||||
buildMachines = lib.mkIf config.sysconfig.remoteBuildClient [
|
||||
{
|
||||
hostName = "esotericbytes.com";
|
||||
sshUser = "remote-builder";
|
||||
sshKey = config.sops.secrets."remoteBuildKey".path;
|
||||
supportedFeatures = [
|
||||
"nixos-test"
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
"kvm"
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
"kvm"
|
||||
];
|
||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
];
|
||||
};
|
||||
|
||||
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
|
||||
isNormalUser = true;
|
||||
createHome = false;
|
||||
};
|
||||
users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
|
||||
isNormalUser = true;
|
||||
createHome = false;
|
||||
};
|
||||
|
||||
sops.secrets = let
|
||||
dir = builtins.readDir ../machines;
|
||||
in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs
|
||||
(builtins.map
|
||||
(y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; })
|
||||
(builtins.filter
|
||||
(x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient)
|
||||
(builtins.attrNames dir)
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
|
||||
content = builtins.concatStringsSep ''''\n'' (builtins.map
|
||||
(y: config.sops.placeholder.${y})
|
||||
(builtins.filter
|
||||
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
|
||||
(builtins.attrNames config.sops.secrets)
|
||||
sops.secrets = let
|
||||
dir = builtins.readDir ../machines;
|
||||
in lib.mkIf config.sysconfig.remoteBuildHost (builtins.listToAttrs
|
||||
(builtins.map
|
||||
(y: { name = "remoteBuildClientKeys/${y}"; value = { sopsFile = ./secrets.yaml; }; })
|
||||
(builtins.filter
|
||||
(x: dir.${x} == "directory" && (import ../machines/${x} { config = {}; inputs = {}; inherit lib pkgs; }).config.sysconfig.remoteBuildClient)
|
||||
(builtins.attrNames dir)
|
||||
)
|
||||
)
|
||||
);
|
||||
path = "/etc/ssh/authorized_keys.d/remote-builder";
|
||||
owner = "remote-builder";
|
||||
};
|
||||
|
||||
sops = {
|
||||
age.keyFile = "/var/lib/sops/age/keys.txt";
|
||||
defaultSopsFormat = "yaml";
|
||||
};
|
||||
|
||||
time.timeZone = lib.mkDefault "America/Chicago";
|
||||
sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
|
||||
content = builtins.concatStringsSep ''''\n'' (builtins.map
|
||||
(y: config.sops.placeholder.${y})
|
||||
(builtins.filter
|
||||
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
|
||||
(builtins.attrNames config.sops.secrets)
|
||||
)
|
||||
);
|
||||
path = "/etc/ssh/authorized_keys.d/remote-builder";
|
||||
owner = "remote-builder";
|
||||
};
|
||||
|
||||
i18n = lib.mkDefault {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
sops = {
|
||||
age.keyFile = "/var/lib/sops/age/keys.txt";
|
||||
defaultSopsFormat = "yaml";
|
||||
};
|
||||
|
||||
extraLocaleSettings = {
|
||||
LC_ADDRESS = "en_US.UTF-8";
|
||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||
LC_MEASUREMENT = "en_US.UTF-8";
|
||||
LC_MONETARY = "en_US.UTF-8";
|
||||
LC_NAME = "en_US.UTF-8";
|
||||
LC_NUMERIC = "en_US.UTF-8";
|
||||
LC_PAPER = "en_US.UTF-8";
|
||||
LC_TELEPHONE = "en_US.UTF-8";
|
||||
LC_TIME = "en_US.UTF-8";
|
||||
time.timeZone = lib.mkDefault "America/Chicago";
|
||||
|
||||
i18n = lib.mkDefault {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
|
||||
extraLocaleSettings = {
|
||||
LC_ADDRESS = "en_US.UTF-8";
|
||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||
LC_MEASUREMENT = "en_US.UTF-8";
|
||||
LC_MONETARY = "en_US.UTF-8";
|
||||
LC_NAME = "en_US.UTF-8";
|
||||
LC_NUMERIC = "en_US.UTF-8";
|
||||
LC_PAPER = "en_US.UTF-8";
|
||||
LC_TELEPHONE = "en_US.UTF-8";
|
||||
LC_TIME = "en_US.UTF-8";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user