Torjus Håkestad
ca0e3fd629
Some checks failed
Run nix flake check / flake-check (push) Failing after 1s
- New test-tier VM at 10.69.13.23 with role=auth - Kanidm 1.8 server with HTTPS (443) and LDAPS (636) - ACME certificate from internal CA (auth.home.2rjus.net) - Provisioned groups: admins, users, ssh-users - Provisioned user: torjus - Daily backups at 22:00 (7 versions) - Prometheus monitoring scrape target Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
218 lines
5.6 KiB
Nix
218 lines
5.6 KiB
Nix
{
|
|
description = "Homelab v5 Nixos Server Configurations";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
|
|
|
alerttonotify = {
|
|
url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
nixos-exporter = {
|
|
url = "git+https://git.t-juice.club/torjus/nixos-exporter";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
homelab-deploy = {
|
|
url = "git+https://git.t-juice.club/torjus/homelab-deploy?ref=master";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs,
|
|
nixpkgs-unstable,
|
|
alerttonotify,
|
|
nixos-exporter,
|
|
homelab-deploy,
|
|
...
|
|
}@inputs:
|
|
let
|
|
system = "x86_64-linux";
|
|
overlay-unstable = final: prev: {
|
|
unstable = import nixpkgs-unstable {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
};
|
|
commonOverlays = [
|
|
overlay-unstable
|
|
alerttonotify.overlays.default
|
|
];
|
|
# Common modules applied to all hosts
|
|
commonModules = [
|
|
(
|
|
{ config, pkgs, ... }:
|
|
{
|
|
nixpkgs.overlays = commonOverlays;
|
|
system.configurationRevision = self.rev or self.dirtyRev or "dirty";
|
|
}
|
|
)
|
|
nixos-exporter.nixosModules.default
|
|
homelab-deploy.nixosModules.default
|
|
./modules/homelab
|
|
];
|
|
allSystems = [
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
"x86_64-darwin"
|
|
"aarch64-darwin"
|
|
];
|
|
forAllSystems =
|
|
f: nixpkgs.lib.genAttrs allSystems (system: f { pkgs = import nixpkgs { inherit system; }; });
|
|
in
|
|
{
|
|
nixosConfigurations = {
|
|
ha1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ha1
|
|
];
|
|
};
|
|
template2 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/template2
|
|
];
|
|
};
|
|
http-proxy = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/http-proxy
|
|
];
|
|
};
|
|
monitoring01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/monitoring01
|
|
];
|
|
};
|
|
jelly01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/jelly01
|
|
];
|
|
};
|
|
nix-cache01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/nix-cache01
|
|
];
|
|
};
|
|
nats1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/nats1
|
|
];
|
|
};
|
|
vault01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/vault01
|
|
];
|
|
};
|
|
testvm01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm01
|
|
];
|
|
};
|
|
testvm02 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm02
|
|
];
|
|
};
|
|
testvm03 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm03
|
|
];
|
|
};
|
|
ns2 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ns2
|
|
];
|
|
};
|
|
ns1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ns1
|
|
];
|
|
};
|
|
kanidm01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/kanidm01
|
|
];
|
|
};
|
|
};
|
|
packages = forAllSystems (
|
|
{ pkgs }:
|
|
{
|
|
create-host = pkgs.callPackage ./scripts/create-host { };
|
|
vault-fetch = pkgs.callPackage ./scripts/vault-fetch { };
|
|
}
|
|
);
|
|
devShells = forAllSystems (
|
|
{ pkgs }:
|
|
{
|
|
default = pkgs.mkShell {
|
|
packages = [
|
|
pkgs.ansible
|
|
pkgs.opentofu
|
|
pkgs.openbao
|
|
(pkgs.callPackage ./scripts/create-host { })
|
|
homelab-deploy.packages.${pkgs.system}.default
|
|
];
|
|
};
|
|
}
|
|
);
|
|
};
|
|
}
|