Torjus Håkestad
b2b6ab4799
Configure Garage object storage on garage01 with S3 API, Vault secrets for RPC secret and admin token, and Caddy reverse proxy for HTTPS access at s3.home.2rjus.net via internal ACME CA. Includes flake entry, VM definition, and Vault policy for the host. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
239 lines
6.1 KiB
Nix
239 lines
6.1 KiB
Nix
{
|
|
description = "Homelab v5 Nixos Server Configurations";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
|
|
nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
|
|
|
alerttonotify = {
|
|
url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
nixos-exporter = {
|
|
url = "git+https://git.t-juice.club/torjus/nixos-exporter";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
homelab-deploy = {
|
|
url = "git+https://git.t-juice.club/torjus/homelab-deploy?ref=master";
|
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs,
|
|
nixpkgs-unstable,
|
|
alerttonotify,
|
|
nixos-exporter,
|
|
homelab-deploy,
|
|
...
|
|
}@inputs:
|
|
let
|
|
system = "x86_64-linux";
|
|
overlay-unstable = final: prev: {
|
|
unstable = import nixpkgs-unstable {
|
|
inherit system;
|
|
config.allowUnfree = true;
|
|
};
|
|
};
|
|
commonOverlays = [
|
|
overlay-unstable
|
|
alerttonotify.overlays.default
|
|
];
|
|
# Common modules applied to all hosts
|
|
commonModules = [
|
|
(
|
|
{ config, pkgs, ... }:
|
|
{
|
|
nixpkgs.overlays = commonOverlays;
|
|
system.configurationRevision = self.rev or self.dirtyRev or "dirty";
|
|
}
|
|
)
|
|
nixos-exporter.nixosModules.default
|
|
homelab-deploy.nixosModules.default
|
|
./modules/homelab
|
|
];
|
|
allSystems = [
|
|
"x86_64-linux"
|
|
"aarch64-linux"
|
|
"x86_64-darwin"
|
|
"aarch64-darwin"
|
|
];
|
|
forAllSystems =
|
|
f: nixpkgs.lib.genAttrs allSystems (system: f { pkgs = import nixpkgs { inherit system; }; });
|
|
in
|
|
{
|
|
nixosConfigurations = {
|
|
ha1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ha1
|
|
];
|
|
};
|
|
template2 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/template2
|
|
];
|
|
};
|
|
http-proxy = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/http-proxy
|
|
];
|
|
};
|
|
monitoring01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/monitoring01
|
|
];
|
|
};
|
|
jelly01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/jelly01
|
|
];
|
|
};
|
|
nats1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/nats1
|
|
];
|
|
};
|
|
vault01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/vault01
|
|
];
|
|
};
|
|
testvm01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm01
|
|
];
|
|
};
|
|
testvm02 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm02
|
|
];
|
|
};
|
|
testvm03 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/testvm03
|
|
];
|
|
};
|
|
ns2 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ns2
|
|
];
|
|
};
|
|
ns1 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/ns1
|
|
];
|
|
};
|
|
kanidm01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/kanidm01
|
|
];
|
|
};
|
|
monitoring02 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/monitoring02
|
|
];
|
|
};
|
|
nix-cache02 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/nix-cache02
|
|
];
|
|
};
|
|
garage01 = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = {
|
|
inherit inputs self;
|
|
};
|
|
modules = commonModules ++ [
|
|
./hosts/garage01
|
|
];
|
|
};
|
|
};
|
|
packages = forAllSystems (
|
|
{ pkgs }:
|
|
{
|
|
create-host = pkgs.callPackage ./scripts/create-host { };
|
|
vault-fetch = pkgs.callPackage ./scripts/vault-fetch { };
|
|
}
|
|
);
|
|
devShells = forAllSystems (
|
|
{ pkgs }:
|
|
{
|
|
default = pkgs.mkShell {
|
|
packages = [
|
|
pkgs.ansible
|
|
pkgs.opentofu
|
|
pkgs.openbao
|
|
pkgs.kanidm_1_8
|
|
pkgs.nkeys
|
|
(pkgs.callPackage ./scripts/create-host { })
|
|
homelab-deploy.packages.${pkgs.system}.default
|
|
];
|
|
ANSIBLE_CONFIG = "./ansible/ansible.cfg";
|
|
};
|
|
}
|
|
);
|
|
};
|
|
}
|