{ description = "A very basic flake"; inputs = { deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; }; image-builder.url = "git+https://git.asonix.dog/asonix/nixos-aarch64-images"; nixpkgs.url = "github:nixos/nixpkgs/master"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; }; outputs = { self, deploy-rs, image-builder, nixpkgs, sops-nix }: let sharedModule = import ./modules/shared; btrbkModule = import ./modules/btrbk; dockerModule = import ./modules/docker; subvolumesModule = import ./modules/subvolumes; k3sModule = import ./modules/k3s; makeConfig = { hostname, extraModules ? [ ] }: with image-builder.packages.aarch64-linux.modules; nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ sops-nix.nixosModules.sops sharedModule userModule { networking.hostName = hostname; } ] ++ extraModules; }; makeK3sConfig = { hostname, serverIp ? null }: with image-builder.packages.aarch64-linux.modules; let device = "/dev/mapper/cryptdrive1"; mountDir = "/btrfs/nvme"; subvolumes = [ "@var" "@var-lib" "@var-lib-rancher" "@var-log" ]; in makeConfig { inherit hostname; extraModules = [ soquartz-blade (btrbkModule { inherit mountDir subvolumes; }) (if serverIp == null then k3sModule.server else k3sModule.agent { inherit serverIp; }) ({ config, ... }: { services.lvm.enable = true; sops.secrets.k3sKeyFile = { format = "binary"; sopsFile = ./secrets/k3sKeyFile.bin; }; environment.etc.crypttab = { enable = true; text = '' cryptdrive1 /dev/nvme0n1p1 ${config.sops.secrets.k3sKeyFile.path} luks cryptdrive2 /dev/nvme0n1p2 ${config.sops.secrets.k3sKeyFile.path} luks ''; }; fileSystems = { "${mountDir}" = { inherit device; fsType = "btrfs"; options = [ "defaults" "rw" "compress=zstd" ]; }; "/var" = { inherit device; fsType = "btrfs"; options = [ "defaults" "rw" "compress=zstd" "subvol=@var" ]; }; "/var/lib" = { inherit device; fsType = "btrfs"; options = [ "defaults" "rw" "compress=zstd" "subvol=@var-lib" ]; }; "/var/lib/rancher" = { inherit device; fsType = "btrfs"; options = [ "defaults" "rw" "compress=zstd" "subvol=@var-lib-rancher" ]; }; "/var/log" = { inherit device; fsType = "btrfs"; options = [ "defaults" "rw" "compress=zstd" "subvol=@var-log" ]; }; }; }) ]; }; makeNextcloudConfig = { hostname, primaryIp ? null }: with image-builder.packages.aarch64-linux.modules; let device = "/dev/mapper/cryptdrive1"; mountDir = "/btrfs/hdd"; subvolumes = [ "@nc-config" "@nc-data" "@postgres" "@redis" "@gitea" "@gitea-conf" "@pihole" "@papermc" "@docker-cfg" "@garage" "@garage-config" ]; in makeConfig { inherit hostname; extraModules = [ rockPro64v2 dockerModule (btrbkModule { inherit mountDir primaryIp subvolumes; }) (if primaryIp == null then (subvolumesModule { inherit device subvolumes; }) else { }) ({ config, ... }: { sops.secrets.nextcloudKeyFile = { format = "binary"; sopsFile = ./secrets/nextcloudKeyFile.bin; }; environment.etc.crypttab = { enable = true; text = '' cryptdrive1 /dev/sda1 ${config.sops.secrets.nextcloudKeyFile.path} luks cryptdrive2 /dev/sdb1 ${config.sops.secrets.nextcloudKeyFile.path} luks cryptdrive3 /dev/sdc1 ${config.sops.secrets.nextcloudKeyFile.path} luks ''; }; fileSystems."${mountDir}" = { inherit device; fsType = "btrfs"; options = [ "defaults" "compress=zstd" "rw" ]; }; }) ]; }; makePostgresConfig = { hostname, keyFile, primaryIp ? null }: with image-builder.packages.aarch64-linux.modules; let device = "/dev/mapper/cryptdrive1"; mountDir = "/btrfs/ssd"; subvolumes = [ "@postgres" "@postgres-cfg" ]; in makeConfig { inherit hostname; extraModules = [ rock64 dockerModule (btrbkModule { inherit mountDir primaryIp subvolumes; }) (if primaryIp == null then (subvolumesModule { inherit device subvolumes; }) else { }) ({ config, ... }: let keyFilePath = config.sops.secrets."${keyFile}".path; in { sops.secrets.${keyFile} = { format = "binary"; sopsFile = ./secrets/${keyFile}.bin; }; environment.etc.crypttab = { enable = true; text = '' cryptdrive1 /dev/sda1 ${keyFilePath} luks ''; }; fileSystems."${mountDir}" = { inherit device; fsType = "btrfs"; options = [ "defaults" "compress=zstd" "rw" ]; }; }) ]; }; deployer = { hostname, configuration }: { hostname = hostname; profiles.system = { sshUser = "asonix"; user = "root"; magicRollback = false; sshOpts = [ "-i" "/home/asonix/.ssh/kube-rsa" "-t" ]; path = deploy-rs.lib.aarch64-linux.activate.nixos configuration; }; }; in { nixosConfigurations = { nextcloud1 = makeNextcloudConfig { hostname = "nextcloud1"; # primaryIp = "192.168.20.28"; }; nextcloud2 = makeNextcloudConfig { hostname = "nextcloud2"; primaryIp = "192.168.20.21"; }; redtail1 = makePostgresConfig { hostname = "redtail1"; keyFile = "redtailKeyFile"; primaryIp = "192.168.20.24"; }; redtail2 = makePostgresConfig { hostname = "redtail2"; keyFile = "redtailKeyFile"; # primaryIp = "192.168.20.23"; }; whitestorm1 = makePostgresConfig { hostname = "whitestorm1"; keyFile = "whitestormKeyFile"; # primaryIp = "192.168.20.11"; }; whitestorm2 = makePostgresConfig { hostname = "whitestorm2"; keyFile = "whitestormKeyFile"; primaryIp = "192.168.20.26"; }; k3s1 = makeK3sConfig { hostname = "k3s1"; }; k3s2 = makeK3sConfig { hostname = "k3s2"; serverIp = "192.168.20.120"; }; }; deploy.nodes.nextcloud2 = deployer { hostname = "192.168.20.28"; configuration = self.nixosConfigurations.nextcloud2; }; deploy.nodes.k3s1 = deployer { hostname = "192.168.20.120"; configuration = self.nixosConfigurations.k3s1; }; }; }