kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: interoperate [deploy-rs, colmena]

Browse source
This commit is contained in:
Kat Inskip 2025-10-13 04:25:45 -07:00
parent 0fef01bfe6
commit f108a20f26
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
15 changed files with 235 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

38
colmena.nix Normal file
View file

@ -0,0 +1,38 @@
{
inputs,
systems,
lib,
...
}: rec {
colmenaHive = inputs.colmena.lib.makeHive colmena;
colmena = let
inherit (lib.attrsets) mapAttrs filterAttrs;
colmenaBase = {
meta = {
description = "Kat's Infrastructure";
nodeSpecialArgs = mapAttrs (_k: v: v._module.specialArgs) systems.nixosConfigurations;
nodeNixpkgs = mapAttrs (_k: v: v.config.pkgs) systems.systems;
nixpkgs = import inputs.nixpkgs {
# this upsets me deeply.
system = "x86_64-linux";
overlays = [];
};
};
};
colmenaHosts = mapAttrs (_k: v: {
config,
lib,
...
}: let
inherit (lib.modules) mkDefault;
in {
imports = v.config.modules;
deployment =
{
targetPort = mkDefault (builtins.head config.services.openssh.ports);
}
// v.config.colmena;
}) (filterAttrs (_k: v: v.config.folder == "nixos") systems.systems);
in
colmenaBase // colmenaHosts;
}

4
common/nix.nix
View file

@ -17,8 +17,8 @@ in {
package = pkgs.lixPackageSets.stable.lix; package = pkgs.lixPackageSets.stable.lix;
settings = { settings = {
experimental-features = list.optional (versionAtLeast config.nix.package.version "2.4") "nix-command flakes"; experimental-features = list.optional (versionAtLeast config.nix.package.version "2.4") "nix-command flakes";
substituters = ["https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-gaming.cachix.org" "https://nix-community.cachix.org"]; substituters = ["https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-gaming.cachix.org" "https://nix-community.cachix.org" "https://colmena.cachix.org"];
trusted-public-keys = ["arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="]; trusted-public-keys = ["arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="];
auto-optimise-store = true; auto-optimise-store = true;
trusted-users = ["root" "@wheel"]; trusted-users = ["root" "@wheel"];
}; };

129
flake.lock generated
View file

@ -201,6 +201,28 @@
"type": "github" "type": "github"
} }
}, },
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions_2",
"nixpkgs": "nixpkgs_3",
"stable": "stable"
},
"locked": {
"lastModified": 1755272288,
"narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1731098351, "lastModified": 1731098351,
@ -334,6 +356,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1733328505,
@ -383,17 +421,12 @@
} }
}, },
"flake-utils": { "flake-utils": {
"inputs": {
"systems": [
"systems"
]
},
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1659877975,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -422,6 +455,26 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakelib": { "flakelib": {
"inputs": { "inputs": {
"fl-config": "fl-config", "fl-config": "fl-config",
@ -1017,7 +1070,7 @@
"flake-parts": [ "flake-parts": [
"flake-parts" "flake-parts"
], ],
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1759801625, "lastModified": 1759801625,
@ -1056,6 +1109,27 @@
"type": "github" "type": "github"
} }
}, },
"nix-github-actions_2": {
"inputs": {
"nixpkgs": [
"colmena",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1239,6 +1313,22 @@
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1750134718,
"narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1759536663, "lastModified": 1759536663,
"narHash": "sha256-hhM8SUI6kQMei5TImFdNQy9EDT8g2hAD161DUtbfAy0=", "narHash": "sha256-hhM8SUI6kQMei5TImFdNQy9EDT8g2hAD161DUtbfAy0=",
@ -1436,12 +1526,13 @@
"chaotic": "chaotic", "chaotic": "chaotic",
"ci": "ci", "ci": "ci",
"clipboard-sync": "clipboard-sync", "clipboard-sync": "clipboard-sync",
"colmena": "colmena",
"darwin": "darwin", "darwin": "darwin",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"empty": "empty", "empty": "empty",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"flake-utils-plus": "flake-utils-plus", "flake-utils-plus": "flake-utils-plus",
"flakelib": "flakelib", "flakelib": "flakelib",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
@ -1655,6 +1746,22 @@
"type": "github" "type": "github"
} }
}, },
"stable": {
"locked": {
"lastModified": 1750133334,
"narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "36ab78dab7da2e4e27911007033713bab534187b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"std": { "std": {
"inputs": { "inputs": {
"nix-std": [ "nix-std": [

1
flake.nix
View file

@ -224,6 +224,7 @@
utils.follows = "flake-utils"; utils.follows = "flake-utils";
}; };
}; };
colmena.url = "github:zhaofengli/colmena";
# self-explanatory # self-explanatory
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";

44
modules/system/colmena.nix Normal file
View file

@ -0,0 +1,44 @@
{
name,
config,
lib,
inputs,
...
}: let
inherit (lib.modules) mkIf mkOptionDefault mkDefault;
in {
options = let
inherit (lib.types) nullOr;
inherit (lib.options) mkOption;
in {
colmena = mkOption {
type = nullOr inputs.arcexprs.lib.json.types.attrs;
};
};
config = {
colmena = {
targetHost = mkDefault config.deploy.hostname;
targetUser = mkDefault config.deploy.sshUser;
tags = mkOptionDefault [
"all"
];
};
deploy = let
nixos = config.built;
in {
sshUser = mkOptionDefault "deploy";
user = mkOptionDefault "root";
sshOpts = mkIf (config.type == "NixOS") (
mkOptionDefault ["-p" "${builtins.toString (builtins.head nixos.config.services.openssh.ports)}"]
);
autoRollback = mkOptionDefault true;
magicRollback = mkOptionDefault true;
fastConnection = mkOptionDefault false;
hostname = mkOptionDefault "${name}.devices.inskip.me";
profiles.system = {
user = "root";
path = inputs.deploy-rs.lib.${config.system}.activate.nixos inputs.self.nixosConfigurations.${name};
};
};
};
}

5
modules/system/host.nix
View file

@ -47,6 +47,10 @@ in {
type = attrs; type = attrs;
internal = true; internal = true;
}; };
pkgs = mkOption {
type = unspecified;
internal = true;
};
builder = mkOption { builder = mkOption {
type = unspecified; type = unspecified;
internal = true; internal = true;
@ -148,6 +152,7 @@ in {
inherit (config) system modules specialArgs; inherit (config) system modules specialArgs;
}) })
config.builder); config.builder);
pkgs = pkgs.${config.system};
specialArgs = { specialArgs = {
inherit name inputs std tree; inherit name inputs std tree;
systemType = config.folder; systemType = config.folder;

2
outputs.nix
View file

@ -6,6 +6,7 @@
systems = import ./systems {inherit inputs tree lib std pkgs;}; systems = import ./systems {inherit inputs tree lib std pkgs;};
shells = import ./shells {inherit inputs tree lib std pkgs checks;}; shells = import ./shells {inherit inputs tree lib std pkgs checks;};
inherit (import ./pkgs.nix {inherit inputs tree overlay;}) pkgs; inherit (import ./pkgs.nix {inherit inputs tree overlay;}) pkgs;
colmena = import ./colmena.nix {inherit inputs systems lib;};
formatting = import ./formatting.nix {inherit inputs pkgs;}; formatting = import ./formatting.nix {inherit inputs pkgs;};
inherit (std) set; inherit (std) set;
forAllSystems = lib.genAttrs inputs.flake-utils.lib.defaultSystems; forAllSystems = lib.genAttrs inputs.flake-utils.lib.defaultSystems;
@ -37,6 +38,7 @@ in
legacyPackages = pkgs; legacyPackages = pkgs;
#packages = set.merge [pkgs wrappers.packages]; #packages = set.merge [pkgs wrappers.packages];
inherit (formatting) formatter; inherit (formatting) formatter;
inherit (colmena) colmenaHive colmena;
} }
// systems // systems
// shells // shells

5
overlays.nix
View file

@ -13,7 +13,12 @@
colmena colmena
; ;
}) })
inputs.colmena.overlays.default
inputs.ida-pro-overlay.overlays.default inputs.ida-pro-overlay.overlays.default
# To get this not to garbage collect, make sure to create a gcroot by manually
# building the package with an output (anywhere you want, really). You can't
# then delete that output, however, or rename or move it. So place it somewhere
# you're ok with it being.
(final: prev: { (final: prev: {
ida-pro-kat = prev.callPackage final.ida-pro { ida-pro-kat = prev.callPackage final.ida-pro {
runfile = final.requireFile { runfile = final.requireFile {

1
shells/repo.nix
View file

@ -8,6 +8,7 @@ with pkgs; let
git-hooks = systemless-git-hooks pkgs.system; git-hooks = systemless-git-hooks pkgs.system;
repoShell = mkShell { repoShell = mkShell {
nativeBuildInputs = [ nativeBuildInputs = [
colmena
opentofu opentofu
nf-build-system nf-build-system
nf-update nf-update

6
systems/daiyousei.nix
View file

@ -52,8 +52,12 @@ _: let
}; };
in { in {
arch = "aarch64"; arch = "aarch64";
deploy.hostname = "daiyousei.inskip.me";
type = "NixOS"; type = "NixOS";
deploy.hostname = "daiyousei.inskip.me";
colmena.tags = [
"server"
"oci"
];
modules = [ modules = [
hostConfig hostConfig
]; ];

3
systems/goliath.nix
View file

@ -250,6 +250,9 @@ _: let
in { in {
arch = "x86_64"; arch = "x86_64";
type = "NixOS"; type = "NixOS";
colmena.tags = [
"personal"
];
ci.enable = false; # Closure too large ci.enable = false; # Closure too large
modules = [ modules = [
hostConfig hostConfig

3
systems/koishi.nix
View file

@ -166,6 +166,9 @@ _: let
in { in {
arch = "x86_64"; arch = "x86_64";
deploy.hostname = "10.1.1.171"; deploy.hostname = "10.1.1.171";
colmena.tags = [
"personal"
];
ci.enable = false; # Closure too large ci.enable = false; # Closure too large
type = "NixOS"; type = "NixOS";
modules = [ modules = [

4
systems/mai.nix
View file

@ -22,6 +22,10 @@ _: let
in { in {
arch = "x86_64"; arch = "x86_64";
type = "NixOS"; type = "NixOS";
colmena.tags = [
"server"
"oci"
];
modules = [ modules = [
hostConfig hostConfig
]; ];

4
systems/mei.nix
View file

@ -20,6 +20,10 @@ _: let
in { in {
arch = "x86_64"; arch = "x86_64";
type = "NixOS"; type = "NixOS";
colmena.tags = [
"server"
"oci"
];
modules = [ modules = [
hostConfig hostConfig
]; ];

108
systems/renko.nix
View file

@ -1,108 +0,0 @@
_: let
hostConfig = {
lib,
pkgs,
inputs,
...
}: let
inherit (lib.modules) mkDefault mkForce;
in {
imports = [
"${inputs.nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
];
nix.extraOptions = "extra-platforms = x86_64-linux i686-linux";
networking = {
nftables.enable = mkForce false;
firewall.enable = mkForce false;
useDHCP = false;
interfaces.eth0.useDHCP = true;
};
nixpkgs.hostPlatform = mkDefault "aarch64-linux";
boot.kernelPackages = pkgs.linuxPackages_6_3;
environment.systemPackages = with pkgs; [
awscli2
kubectl
];
system.stateVersion = "22.11";
security.sudo.extraRules = [
{
users = ["kat"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
# add OrbStack CLI tools to PATH
environment.shellInit = ''
. /opt/orbstack-guest/etc/profile-early
# add your customizations here
. /opt/orbstack-guest/etc/profile-late
export PATH="/opt/homebrew/opt/ruby/bin:$PATH"
export LDFLAGS="-L/opt/homebrew/opt/ruby/lib"
export CPPFLAGS="-I/opt/homebrew/opt/ruby/include"
'';
# faster DHCP - OrbStack uses SLAAC exclusively
networking.dhcpcd.extraConfig = ''
noarp
noipv6
'';
# disable sshd
services.openssh.enable = true;
# systemd
systemd.services = {
"systemd-oomd".serviceConfig.WatchdogSec = 0;
"systemd-resolved".serviceConfig.WatchdogSec = 0;
"systemd-userdbd".serviceConfig.WatchdogSec = 0;
"systemd-udevd".serviceConfig.WatchdogSec = 0;
"systemd-timesyncd".serviceConfig.WatchdogSec = 0;
"systemd-timedated".serviceConfig.WatchdogSec = 0;
"systemd-portabled".serviceConfig.WatchdogSec = 0;
"systemd-nspawn@".serviceConfig.WatchdogSec = 0;
"systemd-networkd".serviceConfig.WatchdogSec = 0;
"systemd-machined".serviceConfig.WatchdogSec = 0;
"systemd-localed".serviceConfig.WatchdogSec = 0;
"systemd-logind".serviceConfig.WatchdogSec = 0;
"systemd-journald@".serviceConfig.WatchdogSec = 0;
"systemd-journald".serviceConfig.WatchdogSec = 0;
"systemd-journal-remote".serviceConfig.WatchdogSec = 0;
"systemd-journal-upload".serviceConfig.WatchdogSec = 0;
"systemd-importd".serviceConfig.WatchdogSec = 0;
"systemd-hostnamed".serviceConfig.WatchdogSec = 0;
"systemd-homed".serviceConfig.WatchdogSec = 0;
};
# package installation: not needed
# ssh config
programs.ssh.extraConfig = ''
Include /opt/orbstack-guest/etc/ssh_config
'';
# extra certificates
security.pki.certificateFiles = [
"/opt/orbstack-guest/run/extra-certs.crt"
];
};
in {
arch = "aarch64";
type = "NixOS";
modules = [
hostConfig
];
}