Torjus Håkestad
60c04a2052
When one host fetches the latest flake revision, it publishes to NATS and all other hosts receive the update immediately. This reduces redundant nix flake metadata calls across the fleet. - Add nkeys to devshell for key generation - Add nixos-exporter user to NATS HOMELAB account - Add Vault secret for NKey storage - Configure all hosts to use NATS for revision sharing - Update nixos-exporter input to version with NATS support Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
229 lines
5.9 KiB
Nix
229 lines
5.9 KiB
Nix
{
|
|
description = "Homelab v5 Nixos Server Configurations";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
|
|
|
alerttonotify = {
|
|
url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
nixos-exporter = {
|
|
url = "git+https://git.t-juice.club/torjus/nixos-exporter";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
homelab-deploy = {
|
|
url = "git+https://git.t-juice.club/torjus/homelab-deploy?ref=master";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs,
|
|
nixpkgs-unstable,
|
|
alerttonotify,
|
|
nixos-exporter,
|
|
homelab-deploy,
|
|
...
|
|
}@inputs:
|
|
let
|
|
system = "x86_64-linux";
|
|
overlay-unstable = final: prev: {
|
|
unstable = import nixpkgs-unstable {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
};
|
|
commonOverlays = [
|
|
overlay-unstable
|
|
alerttonotify.overlays.default
|
|
];
|
|
# Common modules applied to all hosts
|
|
commonModules = [
|
|
(
|
|
{ config, pkgs, ... }:
|
|
{
|
|
nixpkgs.overlays = commonOverlays;
|
|
system.configurationRevision = self.rev or self.dirtyRev or "dirty";
|
|
}
|
|
)
|
|
nixos-exporter.nixosModules.default
|
|
homelab-deploy.nixosModules.default
|
|
./modules/homelab
|
|
];
|
|
allSystems = [
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
"x86_64-darwin"
|
|
"aarch64-darwin"
|
|
];
|
|
forAllSystems =
|
|
f: nixpkgs.lib.genAttrs allSystems (system: f { pkgs = import nixpkgs { inherit system; }; });
|
|
in
|
|
{
|
|
nixosConfigurations = {
|
|
ha1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ha1
|
|
];
|
|
};
|
|
template2 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/template2
|
|
];
|
|
};
|
|
http-proxy = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/http-proxy
|
|
];
|
|
};
|
|
monitoring01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/monitoring01
|
|
];
|
|
};
|
|
jelly01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/jelly01
|
|
];
|
|
};
|
|
nix-cache01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/nix-cache01
|
|
];
|
|
};
|
|
nats1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/nats1
|
|
];
|
|
};
|
|
vault01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/vault01
|
|
];
|
|
};
|
|
testvm01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm01
|
|
];
|
|
};
|
|
testvm02 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm02
|
|
];
|
|
};
|
|
testvm03 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm03
|
|
];
|
|
};
|
|
ns2 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ns2
|
|
];
|
|
};
|
|
ns1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ns1
|
|
];
|
|
};
|
|
kanidm01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/kanidm01
|
|
];
|
|
};
|
|
monitoring02 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/monitoring02
|
|
];
|
|
};
|
|
};
|
|
packages = forAllSystems (
|
|
{ pkgs }:
|
|
{
|
|
create-host = pkgs.callPackage ./scripts/create-host { };
|
|
vault-fetch = pkgs.callPackage ./scripts/vault-fetch { };
|
|
}
|
|
);
|
|
devShells = forAllSystems (
|
|
{ pkgs }:
|
|
{
|
|
default = pkgs.mkShell {
|
|
packages = [
|
|
pkgs.ansible
|
|
pkgs.opentofu
|
|
pkgs.openbao
|
|
pkgs.kanidm_1_8
|
|
pkgs.nkeys
|
|
(pkgs.callPackage ./scripts/create-host { })
|
|
homelab-deploy.packages.${pkgs.system}.default
|
|
];
|
|
};
|
|
}
|
|
);
|
|
};
|
|
}
|