diff options
| author | sefidel <contact@sefidel.net> | 2023-03-29 20:54:19 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2023-04-03 18:32:29 +0900 |
| commit | ce06f43476863da90dc60dcee606d2b6c5a89a8e (patch) | |
| tree | 5d14946330cb09ff0ebd97bee59407fccee4d860 | |
| download | infra-ce06f43476863da90dc60dcee606d2b6c5a89a8e.zip | |
project: initial commit
77 files changed, 4835 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f3790b5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +result +*.qcow2 +**/**/.DS_Store @@ -0,0 +1,17 @@ +ISC License +=================================== + +Copyright (c) 2023, sefidel <sef@exotic.sh> + +Permission to use, copy, modify, and/or distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright notice +and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..ae1411b --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +exotic->infra +============= + +Infrastructure configurations for exotic.sh + +This is still WIP: [TODO](TODO.md) + +Systems +------- + +`cobalt` - Main server @@ -0,0 +1,16 @@ +# infra->todo + +* BEFORE-RELEASE: send mjolnir patch upstream + +* move dendrite and matrix-\* modules to modules/matrix/[..] +* Ensure functionality on polylith setup + 1. Mirror userdb (mirror ldap, or migrate to pgsql+libnss-pgsql) +* Add a 'ctl' command to let users control their info +* move scripts to ./script +* use same option name for 'hostName', 'domain', etc (perhaps use `fqdn`?) +* don't blindly enable TLS, make `tls.enable, tls.acmeHost` for all modules +* set `hostName` default to `config.networking.hostName` +* DNS server should also be hosted here +* ^ subdomains should be replaced to `*` + +* prometheus dashboard diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..afcdc08 --- /dev/null +++ b/default.nix @@ -0,0 +1,10 @@ +{ inputs, lib, ... }: +with lib; +with lib.my; +{ + imports = [ + inputs.impermanence.nixosModules.impermanence + ] ++ mapModulesRec' (toString ./modules) import; + + networking.useDHCP = mkDefault false; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..6b86b8b --- /dev/null +++ b/flake.lock @@ -0,0 +1,253 @@ +{ + "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "impermanence": { + "locked": { + "lastModified": 1675359654, + "narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat", + "nixpkgs": [ + "unstable" + ], + "nixpkgs-22_11": "nixpkgs-22_11", + "utils": "utils" + }, + "locked": { + "lastModified": 1671738303, + "narHash": "sha256-PRgqtaWf2kMSYqVmcnmhTh+UsC0RmvXRTr+EOw5VZUA=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "6d0d9fb966cc565a3df74d3b686f924c7615118c", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1673606088, + "narHash": "sha256-wdYD41UwNwPhTdMaG0AIe7fE1bAdyHe6bB4HLUqUvck=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "37b97ae3dd714de9a17923d004a2c5b5543dfa6d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-2111": { + "locked": { + "lastModified": 1659446231, + "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1679748960, + "narHash": "sha256-BP8XcYHyj1NxQi04RpyNW8e7KiXSoI+Fy1tXIK2GfdA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "da26ae9f6ce2c9ab380c0f394488892616fc5a6a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "impermanence": "impermanence", + "nixos-mailserver": "nixos-mailserver", + "nixpkgs-2111": "nixpkgs-2111", + "sefidel-web": "sefidel-web", + "sops-nix": "sops-nix", + "unstable": "unstable", + "unstable-small": "unstable-small" + } + }, + "sefidel-web": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1680013210, + "narHash": "sha256-892xzeELa85wJxOro40fVK4zmqbj7ZWJW54cECW7IYg=", + "ref": "refs/heads/main", + "rev": "ac0028999700416577f9a353530a89bd896cbc0d", + "revCount": 3, + "type": "git", + "url": "https://git.exotic.sh/pub/sefidel/sefidel-web" + }, + "original": { + "type": "git", + "url": "https://git.exotic.sh/pub/sefidel/sefidel-web" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "unstable" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1679993313, + "narHash": "sha256-pfZ/BxJDTifnQBMXg60OhwpJvg96LHvEXGtpHeGcWLM=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "5b26523e28989a7f56953b695184070c06335814", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "unstable": { + "locked": { + "lastModified": 1679944645, + "narHash": "sha256-e5Qyoe11UZjVfgRfwNoSU57ZeKuEmjYb77B9IVW7L/M=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4bb072f0a8b267613c127684e099a70e1f6ff106", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "unstable-small": { + "locked": { + "lastModified": 1680024716, + "narHash": "sha256-f9824KWmxVBI4WLI7o6tDFfj+dW+qj6uQKo0ZRsbaZQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "49079a134fd3d3ac25d5ae1f5516f37770f19138", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..40bd39d --- /dev/null +++ b/flake.nix @@ -0,0 +1,44 @@ +{ + description = "exotic.sh system flake"; + + inputs = { + unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2111.url = "github:nixos/nixpkgs/nixos-21.11"; + + impermanence.url = "github:nix-community/impermanence"; + + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "unstable"; + + nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + nixos-mailserver.inputs.nixpkgs.follows = "unstable"; + + sefidel-web.url = "git+https://git.exotic.sh/pub/sefidel/sefidel-web"; + }; + + outputs = { self, unstable, ... } @ inputs: + let + inherit (lib.my) mapModulesRec mapSystems; + + system = "x86_64-linux"; + + pkgs = import unstable { inherit system; }; + + lib = unstable.lib.extend + (self: super: { my = import ./lib { inherit pkgs inputs; lib = self; }; }); + in + { + lib = lib.my; + + nixosModules = mapModulesRec ./modules import; + + colmena = { + meta = { + nixpkgs = import unstable { inherit system; overlays = [ (import ./overlays) ]; }; + specialArgs = { inherit lib inputs system; }; + }; + } + // mapSystems ./systems { }; + }; +} diff --git a/lib/README.md b/lib/README.md new file mode 100644 index 0000000..21ca023 --- /dev/null +++ b/lib/README.md @@ -0,0 +1,13 @@ +infra->lib +========== + +Attribution +----------- + +Most of the 'moving parts' of this is largely copied/modified from: + +- [hlissner/dotfiles][hlissner]: 2023-Feb, MIT (C) Henrik Lissner +- [NobbZ/nixos-config][nobbz]: 2022, MIT (C) Nobert Melzer + +[hlissner]: https://github.com/hlissner/dotfiles +[nobbz]: https://github.com/NobbZ/nixos-config diff --git a/lib/attrs.nix b/lib/attrs.nix new file mode 100644 index 0000000..0f8ebd1 --- /dev/null +++ b/lib/attrs.nix @@ -0,0 +1,26 @@ +{ lib, ... }: + +with builtins; +with lib; +rec { + # attrsToList + attrsToList = attrs: + mapAttrsToList (name: value: { inherit name value; }) attrs; + + # mapFilterAttrs :: + # (name -> value -> bool) + # (name -> value -> { name = any; value = any; }) + # attrs + mapFilterAttrs = pred: f: attrs: filterAttrs pred (mapAttrs' f attrs); + + # Generate an attribute set by mapping a function over a list of values. + genAttrs' = values: f: listToAttrs (map f values); + + # anyAttrs :: (name -> value -> bool) attrs + anyAttrs = pred: attrs: + any (attr: pred attr.name attr.value) (attrsToList attrs); + + # countAttrs :: (name -> value -> bool) attrs + countAttrs = pred: attrs: + count (attr: pred attr.name attr.value) (attrsToList attrs); +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..a275c09 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,18 @@ +{ inputs, lib, pkgs, ... }: + +let + inherit (lib) makeExtensible attrValues foldr; + inherit (modules) mapModules; + + modules = import ./modules.nix { + inherit lib; + self.attrs = import ./attrs.nix { inherit lib; self = { }; }; + }; + + mylib = makeExtensible (self: + with self; mapModules ./. + (file: import file { inherit self lib pkgs inputs; })); +in +mylib.extend + (self: super: + foldr (a: b: a // b) { } (attrValues super)) diff --git a/lib/misc.nix b/lib/misc.nix new file mode 100644 index 0000000..484d0d5 --- /dev/null +++ b/lib/misc.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +rec { + # ifd3f/infra + wrapFile = name: path: + (pkgs.runCommand name { inherit path; } '' + cp -r "$path" "$out" + ''); +} diff --git a/lib/modules.nix b/lib/modules.nix new file mode 100644 index 0000000..ef7c289 --- /dev/null +++ b/lib/modules.nix @@ -0,0 +1,54 @@ +{ self, lib, ... }: + +let + inherit (builtins) attrValues readDir pathExists concatLists; + inherit (lib) id mapAttrsToList filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix; + inherit (self.attrs) mapFilterAttrs; +in +rec { + mapModules = dir: fn: + mapFilterAttrs + (n: v: + v != null && + !(hasPrefix "_" n)) + (n: v: + let path = "${toString dir}/${n}"; in + if v == "directory" && pathExists "${path}/default.nix" + then nameValuePair n (fn path) + else if v == "regular" && + n != "default.nix" && + hasSuffix ".nix" n + then nameValuePair (removeSuffix ".nix" n) (fn path) + else nameValuePair "" null) + (readDir dir); + + mapModules' = dir: fn: + attrValues (mapModules dir fn); + + mapModulesRec = dir: fn: + mapFilterAttrs + (n: v: + v != null && + !(hasPrefix "_" n)) + (n: v: + let path = "${toString dir}/${n}"; in + if v == "directory" + then nameValuePair n (mapModulesRec path fn) + else if v == "regular" && n != "default.nix" && hasSuffix ".nix" n + then nameValuePair (removeSuffix ".nix" n) (fn path) + else nameValuePair "" null) + (readDir dir); + + mapModulesRec' = dir: fn: + let + dirs = + mapAttrsToList + (k: _: "${dir}/${k}") + (filterAttrs + (n: v: v == "directory" && !(hasPrefix "_" n)) + (readDir dir)); + files = attrValues (mapModules dir id); + paths = files ++ concatLists (map (d: mapModulesRec' d id) dirs); + in + map fn paths; +} diff --git a/lib/system.nix b/lib/system.nix new file mode 100644 index 0000000..8fc4dce --- /dev/null +++ b/lib/system.nix @@ -0,0 +1,22 @@ +{ self, inputs, lib, pkgs, ... }: + +with lib; +with lib.my; +{ + mkSystem = path: attrs @ { ... }: { + imports = [ + { + networking.hostName = mkDefault + (removeSuffix ".nix" (baseNameOf path)); + system.configurationRevision = self.rev or "dirty"; + } + ../. # /default.nix + (import path) + ]; + }; + + mapSystems = dir: attrs @ { system ? system, ... }: + mapModules dir + (hostPath: mkSystem hostPath attrs); +} + diff --git a/modules/README.md b/modules/README.md new file mode 100644 index 0000000..25031dc --- /dev/null +++ b/modules/README.md @@ -0,0 +1,9 @@ +infra->modules +============== + +This is all the modules used to configure our systems based on its purposes. |