sbc-deploys/flake.nix

{
  description = "A very basic flake";

  inputs = {
    deploy-rs = {
      url = "github:serokell/deploy-rs";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    image-builder.url = "git+https://git.asonix.dog/asonix/nixos-aarch64-images";
    nixpkgs.url = "github:nixos/nixpkgs/master";
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, deploy-rs, image-builder, nixpkgs, sops-nix }:
    let
      sharedModule = import ./modules/shared;
      btrbkModule = import ./modules/btrbk;
      dockerModule = import ./modules/docker;
      subvolumesModule = import ./modules/subvolumes;
      k3sModule = import ./modules/k3s;

      makeConfig = { hostname, extraModules ? [ ] }:
        with image-builder.packages.aarch64-linux.modules;
        nixpkgs.lib.nixosSystem {
          system = "aarch64-linux";
          modules = [
            sops-nix.nixosModules.sops
            sharedModule
            userModule
            {
              networking.hostName = hostname;
            }
          ] ++ extraModules;
        };

      makeK3sConfig = { hostname, serverIp ? null }:
        with image-builder.packages.aarch64-linux.modules;
        makeConfig {
          inherit hostname;

          extraModules = [
            soquartz-blade
            (if serverIp == null
            then
              k3sModule.server
            else
              k3sModule.agent {
                inherit serverIp;
              })
            {
              services.lvm.enable = true;

              fileSystems = {
                "/var/lib/rancher" = {
                  device = "/dev/nvme0n1p1";
                  fsType = "ext4";
                  options = [ "defaults" "rw" ];
                };
              };
            }
          ];
        };

      makeNextcloudConfig = { hostname, primaryIp ? null }:
        with image-builder.packages.aarch64-linux.modules;
        let
          device = "/dev/mapper/cryptdrive1";
          mountDir = "/btrfs/hdd";
          subvolumes = [
            "@nc-config"
            "@nc-data"
            "@postgres"
            "@redis"
            "@gitea"
            "@gitea-conf"
            "@pihole"
            "@papermc"
            "@docker-cfg"
            "@garage"
            "@garage-config"
          ];
        in
        makeConfig {
          inherit hostname;

          extraModules = [
            rockPro64v2
            dockerModule
            (btrbkModule {
              inherit mountDir primaryIp subvolumes;
            })
            (if primaryIp == null then
              (subvolumesModule {
                inherit device subvolumes;
              }) else { })
            ({ config, ... }: {
              sops.secrets.nextcloudKeyFile = {
                format = "binary";
                sopsFile = ./secrets/nextcloudKeyFile.bin;
              };

              environment.etc.crypttab = {
                enable = true;
                text = ''
                  cryptdrive1 /dev/sda1 ${config.sops.secrets.nextcloudKeyFile.path} luks
                  cryptdrive2 /dev/sdb1 ${config.sops.secrets.nextcloudKeyFile.path} luks
                  cryptdrive3 /dev/sdc1 ${config.sops.secrets.nextcloudKeyFile.path} luks
                '';
              };

              fileSystems."${mountDir}" = {
                inherit device;
                fsType = "btrfs";
                options = [ "defaults" "compress=zstd" "rw" ];
              };
            })
          ];
        };

      makePostgresConfig = { hostname, keyFile, primaryIp ? null }:
        with image-builder.packages.aarch64-linux.modules;
        let
          device = "/dev/mapper/cryptdrive1";
          mountDir = "/btrfs/ssd";
          subvolumes = [
            "@postgres"
            "@postgres-cfg"
          ];
        in
        makeConfig {
          inherit hostname;

          extraModules = [
            rock64
            dockerModule
            (btrbkModule {
              inherit mountDir primaryIp subvolumes;
            })
            (if primaryIp == null then
              (subvolumesModule {
                inherit device subvolumes;
              }) else { })
            ({ config, ... }:
              let
                keyFilePath = config.sops.secrets."${keyFile}".path;
              in
              {
                sops.secrets.${keyFile} = {
                  format = "binary";
                  sopsFile = ./secrets/${keyFile}.bin;
                };

                environment.etc.crypttab = {
                  enable = true;
                  text = ''
                    cryptdrive1 /dev/sda1 ${keyFilePath} luks
                  '';
                };

                fileSystems."${mountDir}" = {
                  inherit device;
                  fsType = "btrfs";
                  options = [ "defaults" "compress=zstd" "rw" ];
                };
              })
          ];
        };

      deployer = { hostname, configuration }: {
        hostname = hostname;
        profiles.system = {
          sshUser = "asonix";
          user = "root";
          magicRollback = false;
          sshOpts = [
            "-i"
            "/home/asonix/.ssh/kube-rsa"
            "-t"
          ];
          path = deploy-rs.lib.aarch64-linux.activate.nixos configuration;
        };
      };
    in
    {
      nixosConfigurations = {
        nextcloud1 = makeNextcloudConfig {
          hostname = "nextcloud1";
          # primaryIp = "192.168.20.28";
        };

        nextcloud2 = makeNextcloudConfig {
          hostname = "nextcloud2";
          primaryIp = "192.168.20.21";
        };

        redtail1 = makePostgresConfig {
          hostname = "redtail1";
          keyFile = "redtailKeyFile";
          primaryIp = "192.168.20.24";
        };

        redtail2 = makePostgresConfig {
          hostname = "redtail2";
          keyFile = "redtailKeyFile";
          # primaryIp = "192.168.20.23";
        };

        whitestorm1 = makePostgresConfig {
          hostname = "whitestorm1";
          keyFile = "whitestormKeyFile";
          # primaryIp = "192.168.20.11";
        };

        whitestorm2 = makePostgresConfig {
          hostname = "whitestorm2";
          keyFile = "whitestormKeyFile";
          primaryIp = "192.168.20.26";
        };

        k3s1 = makeK3sConfig {
          hostname = "k3s1";
        };

        k3s2 = makeK3sConfig {
          hostname = "k3s2";
          serverIp = "192.168.20.120";
        };
      };

      deploy.nodes.nextcloud2 = deployer {
        hostname = "192.168.20.28";
        configuration = self.nixosConfigurations.nextcloud2;
      };

      deploy.nodes.k3s1 = deployer {
        hostname = "192.168.20.120";
        configuration = self.nixosConfigurations.k3s1;
      };
    };
}
Initial flake 2023-01-25 01:58:10 +00:00			`{`
			`description = "A very basic flake";`

			`inputs = {`
Add secrets 2023-01-26 03:26:30 +00:00			`deploy-rs = {`
			`url = "github:serokell/deploy-rs";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Initial flake 2023-01-25 01:58:10 +00:00			`image-builder.url = "git+https://git.asonix.dog/asonix/nixos-aarch64-images";`
Add secrets 2023-01-26 03:26:30 +00:00			`nixpkgs.url = "github:nixos/nixpkgs/master";`
			`sops-nix = {`
			`url = "github:Mic92/sops-nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Initial flake 2023-01-25 01:58:10 +00:00			`};`

Add secrets 2023-01-26 03:26:30 +00:00			`outputs = { self, deploy-rs, image-builder, nixpkgs, sops-nix }:`
Start configuring btrbk for nextcloud2 TODO: - cron to run btrbk hourly - format and mount drives 2023-01-25 04:23:29 +00:00			`let`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`sharedModule = import ./modules/shared;`
			`btrbkModule = import ./modules/btrbk;`
			`dockerModule = import ./modules/docker;`
			`subvolumesModule = import ./modules/subvolumes;`
			`k3sModule = import ./modules/k3s;`
Add secrets 2023-01-26 03:26:30 +00:00
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`makeConfig = { hostname, extraModules ? [ ] }:`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`with image-builder.packages.aarch64-linux.modules;`
			`nixpkgs.lib.nixosSystem {`
			`system = "aarch64-linux";`
			`modules = [`
			`sops-nix.nixosModules.sops`
			`sharedModule`
			`userModule`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`{`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`networking.hostName = hostname;`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`}`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`] ++ extraModules;`
			`};`
Add mounts for nextcloud hosts 2023-01-26 06:57:59 +00:00
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`makeK3sConfig = { hostname, serverIp ? null }:`
			`with image-builder.packages.aarch64-linux.modules;`
			`makeConfig {`
			`inherit hostname;`

			`extraModules = [`
			`soquartz-blade`
			`(if serverIp == null`
			`then`
			`k3sModule.server`
			`else`
			`k3sModule.agent {`
			`inherit serverIp;`
			`})`
			`{`
			`services.lvm.enable = true;`

			`fileSystems = {`
			`"/var/lib/rancher" = {`
			`device = "/dev/nvme0n1p1";`
			`fsType = "ext4";`
			`options = [ "defaults" "rw" ];`
			`};`
			`};`
			`}`
			`];`
			`};`

Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`makeNextcloudConfig = { hostname, primaryIp ? null }:`
			`with image-builder.packages.aarch64-linux.modules;`
			`let`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`device = "/dev/mapper/cryptdrive1";`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`mountDir = "/btrfs/hdd";`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`subvolumes = [`
			`"@nc-config"`
			`"@nc-data"`
			`"@postgres"`
			`"@redis"`
			`"@gitea"`
			`"@gitea-conf"`
			`"@pihole"`
			`"@papermc"`
			`"@docker-cfg"`
			`"@garage"`
			`"@garage-config"`
			`];`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`in`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`makeConfig {`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`inherit hostname;`
Add mounts for nextcloud hosts 2023-01-26 06:57:59 +00:00
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`extraModules = [`
			`rockPro64v2`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`dockerModule`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`(btrbkModule {`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`inherit mountDir primaryIp subvolumes;`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`})`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`(if primaryIp == null then`
			`(subvolumesModule {`
			`inherit device subvolumes;`
			`}) else { })`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`({ config, ... }: {`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`sops.secrets.nextcloudKeyFile = {`
			`format = "binary";`
			`sopsFile = ./secrets/nextcloudKeyFile.bin;`
			`};`

Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`environment.etc.crypttab = {`
			`enable = true;`
			`text = ''`
			`cryptdrive1 /dev/sda1 ${config.sops.secrets.nextcloudKeyFile.path} luks`
			`cryptdrive2 /dev/sdb1 ${config.sops.secrets.nextcloudKeyFile.path} luks`
			`cryptdrive3 /dev/sdc1 ${config.sops.secrets.nextcloudKeyFile.path} luks`
			`'';`
			`};`

			`fileSystems."${mountDir}" = {`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`inherit device;`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`fsType = "btrfs";`
			`options = [ "defaults" "compress=zstd" "rw" ];`
			`};`
			`})`
			`];`
			`};`

			`makePostgresConfig = { hostname, keyFile, primaryIp ? null }:`
			`with image-builder.packages.aarch64-linux.modules;`
			`let`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`device = "/dev/mapper/cryptdrive1";`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`mountDir = "/btrfs/ssd";`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`subvolumes = [`
			`"@postgres"`
			`"@postgres-cfg"`
			`];`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`in`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`makeConfig {`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`inherit hostname;`

			`extraModules = [`
			`rock64`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`dockerModule`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`(btrbkModule {`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`inherit mountDir primaryIp subvolumes;`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`})`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`(if primaryIp == null then`
			`(subvolumesModule {`
			`inherit device subvolumes;`
			`}) else { })`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`({ config, ... }:`
			`let`
			`keyFilePath = config.sops.secrets."${keyFile}".path;`
			`in`
			`{`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`sops.secrets.${keyFile} = {`
			`format = "binary";`
			`sopsFile = ./secrets/${keyFile}.bin;`
			`};`

Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`environment.etc.crypttab = {`
			`enable = true;`
			`text = ''`
			`cryptdrive1 /dev/sda1 ${keyFilePath} luks`
			`'';`
			`};`

			`fileSystems."${mountDir}" = {`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00			`inherit device;`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`fsType = "btrfs";`
			`options = [ "defaults" "compress=zstd" "rw" ];`
			`};`
			`})`
			`];`
			`};`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00
			`deployer = { hostname, configuration }: {`
			`hostname = hostname;`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`profiles.system = {`
Add secrets 2023-01-26 03:26:30 +00:00			`sshUser = "asonix";`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`user = "root";`
Add secrets 2023-01-26 03:26:30 +00:00			`magicRollback = false;`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`sshOpts = [`
			`"-i"`
Add secrets 2023-01-26 03:26:30 +00:00			`"/home/asonix/.ssh/kube-rsa"`
			`"-t"`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`];`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`path = deploy-rs.lib.aarch64-linux.activate.nixos configuration;`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`};`
Initial flake 2023-01-25 01:58:10 +00:00			`};`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`in`
			`{`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`nixosConfigurations = {`
Add mounts for nextcloud hosts 2023-01-26 06:57:59 +00:00			`nextcloud1 = makeNextcloudConfig {`
Add other node configurations 2023-01-25 05:08:04 +00:00			`hostname = "nextcloud1";`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`# primaryIp = "192.168.20.28";`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`};`

Add mounts for nextcloud hosts 2023-01-26 06:57:59 +00:00			`nextcloud2 = makeNextcloudConfig {`
Add other node configurations 2023-01-25 05:08:04 +00:00			`hostname = "nextcloud2";`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`primaryIp = "192.168.20.21";`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`};`

Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`redtail1 = makePostgresConfig {`
Add other node configurations 2023-01-25 05:08:04 +00:00			`hostname = "redtail1";`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`keyFile = "redtailKeyFile";`
			`primaryIp = "192.168.20.24";`
Add other node configurations 2023-01-25 05:08:04 +00:00			`};`

Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`redtail2 = makePostgresConfig {`
Add other node configurations 2023-01-25 05:08:04 +00:00			`hostname = "redtail2";`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`keyFile = "redtailKeyFile";`
			`# primaryIp = "192.168.20.23";`
Add other node configurations 2023-01-25 05:08:04 +00:00			`};`

Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`whitestorm1 = makePostgresConfig {`
Add other node configurations 2023-01-25 05:08:04 +00:00			`hostname = "whitestorm1";`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`keyFile = "whitestormKeyFile";`
			`# primaryIp = "192.168.20.11";`
Add other node configurations 2023-01-25 05:08:04 +00:00			`};`

Fix build issues 2023-01-26 18:22:12 +00:00			`whitestorm2 = makePostgresConfig {`
Add other node configurations 2023-01-25 05:08:04 +00:00			`hostname = "whitestorm2";`
Refactor btrbk out of makeDockerConfig, simplify btrbk config, add makePostgresConfig 2023-01-26 18:02:00 +00:00			`keyFile = "whitestormKeyFile";`
			`primaryIp = "192.168.20.26";`
Add other node configurations 2023-01-25 05:08:04 +00:00			`};`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00
			`k3s1 = makeK3sConfig {`
			`hostname = "k3s1";`
			`};`

			`k3s2 = makeK3sConfig {`
			`hostname = "k3s2";`
			`serverIp = "192.168.20.120";`
			`};`
Add other node configurations 2023-01-25 05:08:04 +00:00			`};`

Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`deploy.nodes.nextcloud2 = deployer {`
			`hostname = "192.168.20.28";`
			`configuration = self.nixosConfigurations.nextcloud2;`
			`};`
Split specific applications into modules, add k3s 2023-01-27 00:08:51 +00:00
			`deploy.nodes.k3s1 = deployer {`
			`hostname = "192.168.20.120";`
			`configuration = self.nixosConfigurations.k3s1;`
			`};`
Initial flake 2023-01-25 01:58:10 +00:00			`};`
			`}`