reorg

nixos/.gitignore

@@ -1,2 +1 @@
-result
+result
-copy-keys

nixos/conf

@@ -1,53 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-cd "$( dirname "${BASH_SOURCE[0]}" )"
-export NIX_PATH=
-host=$1
-COPY_USER=yorick
-get_target_host() {
-    TARGET_HOST=$(nix eval --raw -f vpn.nix ips.$host)
-    TARGET_HOST=$(ssh $TARGET_HOST ip --json r get 1.1.1.1 | jq -r '.[0].prefsrc')
-}
-peek() {
-    echo $ "$@" > /dev/stderr
-    command "$@"
-}
-nix() {
-    peek nix --extra-experimental-features "nix-command flakes" "$@"
-}
-nix-build() {
-    peek nix-build "$@"
-}
-case $2 in
-    ssh)
-        get_target_host
-        peek ssh root@"$TARGET_HOST"
-        ;;
-    build)
-        nix build -f servers.nix "$host" --show-trace
-        ;; 
-    copy)
-        get_target_host
-        nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
-        ;; 
-    test)
-        get_target_host
-        outPath=$(nix-build servers.nix -A "$host")
-        nix copy -f servers.nix "$host" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
-        peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration test
-        ;; 
-    boot)
-        get_target_host
-        outPath=$(nix-build servers.nix -A "$host")
-        nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
-        peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
-        peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration boot
-        ;;
-    switch)
-        get_target_host
-        outPath=$(nix-build servers.nix -A "$host")
-        nix copy "$outPath" --show-trace --to "ssh://$COPY_USER@$TARGET_HOST"
-        peek ssh root@"$TARGET_HOST" nix-env -p "/nix/var/nix/profiles/system" --set "$outPath"
-        peek ssh root@"$TARGET_HOST" $outPath/bin/switch-to-configuration switch
-        ;;
-esac

nixos/machines/blackadder/3950x.nix

@@ -1,11 +1,12 @@
 { config, pkgs, lib, inputs, ... }:
 {
   imports = [
-    ./.
     ./3950x-hardware-config.nix
     inputs.nixos-hardware.nixosModules.common-cpu-amd
   ];
 
+  hardware.enableRedistributableFirmware = true;
+
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.supportedFilesystems = [ "zfs" ];

nixos/machines/blackadder/default.nix

@@ -1,5 +1,5 @@
 { config, pkgs, lib, ... }: {
-  imports = [ ../physical/3950x.nix ../roles/workstation.nix ];
+  imports = [ ./3950x.nix ../../roles/workstation.nix ];
 
   system.stateVersion = "19.09";
 

nixos/machines/frumar/default.nix

@@ -1,9 +1,8 @@
 { config, pkgs, lib, ... }: {
   imports = [
-    ../physical/fractal.nix
+    ./fractal.nix
-    ../roles/server.nix
+    ../../roles/server.nix
-    ../roles/homeserver.nix
+    ../../roles/homeserver.nix
-    ../services/torrent-wg.nix
   ];
 
   system.stateVersion = "15.09";
@@ -169,9 +168,9 @@
     };
   };
   age.secrets = {
-    grafana.file = ../../secrets/grafana.env.age;
+    grafana.file = ../../../secrets/grafana.env.age;
     transip-key = {
-      file = ../../secrets/transip-key.age;
+      file = ../../../secrets/transip-key.age;
       mode = "770";
       owner = "nginx";
       group = "nginx";

nixos/machines/frumar/fractal.nix

@@ -1,6 +1,7 @@
 { config, lib, pkgs, inputs, ... }:
 {
-  imports = [ ./. inputs.nixos-hardware.nixosModules.common-cpu-intel ];
+  imports = [ inputs.nixos-hardware.nixosModules.common-cpu-intel ];
+  hardware.enableRedistributableFirmware = true;
 
   boot.initrd.availableKernelModules =
     [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];

nixos/machines/jarvis/default.nix

@@ -1,5 +1,5 @@
 { config, pkgs, lib, ... }: {
-  imports = [ ../physical/xps9360.nix ../roles/workstation.nix ];
+  imports = [ ./xps9360.nix ../../roles/workstation.nix ];
 
   system.stateVersion = "17.09";
 

nixos/machines/pennyworth/default.nix

@@ -12,14 +12,13 @@ let
       proxyWebsockets = true;
     };
   };
-  vpn = import ../vpn.nix;
+  vpn = import ../../vpn.nix;
 in {
   imports = [
-    ../physical/hetznercloud.nix
+    ./hetznercloud.nix
-    ../roles/server.nix
+    ../../roles/server.nix
-    ../modules/muflax-blog.nix
+    ../../services/backup.nix
-    ../services/backup.nix
+    ../../services/email.nix
-    ../services/email.nix
   ];
 
   system.stateVersion = "19.03";
@@ -44,7 +43,7 @@ in {
     };
   };
 
-  age.secrets.muflax.file = ../../secrets/http.muflax.age;
+  age.secrets.muflax.file = ../../../secrets/http.muflax.age;
   services.muflax-blog = {
     enable = true;
     web-server = { port = 9001; };
@@ -101,7 +100,6 @@ in {
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   environment.noXlibs = true;
   users.users.yorick.packages = with pkgs; [
-    python2
     sshfs-fuse
     weechat
     ripgrep

nixos/machines/pennyworth/hetznercloud.nix

@@ -1,5 +1,5 @@
 { config, lib, pkgs, modulesPath, ... }:
-let ipconf = (import ../secrets.nix).ipconf.${config.networking.hostName};
+let ipconf = (import ../../secrets.nix).ipconf.${config.networking.hostName};
 in {
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 

nixos/machines/smithers/default.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 
 {
-  imports = [ ../physical/x11.nix ../roles/workstation.nix ];
+  imports = [ ./x11.nix ../../roles/workstation.nix ];
 
   yorick.lumi-vpn.enable = lib.mkForce false;
   yorick.lumi-cache.enable = lib.mkForce false;

nixos/machines/smithers/x11.nix

@@ -1,11 +1,12 @@
 { config, pkgs, lib, inputs, ... }:
 {
   imports = [
-    ./.
     inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1
     ./x11-hardware-config.nix
   ];
 
+  hardware.enableRedistributableFirmware = true;
+
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.zfs.requestEncryptionCredentials = true;

nixos/machines/zazu/default.nix

@@ -3,9 +3,9 @@
 
 {
   imports = [ # Include the results of the hardware scan.
-    ../physical/apu2c4.nix
+    ./apu2c4.nix
     #<yori-nix/roles/homeserver.nix>
-    ../roles
+    ../../roles
     inputs.nixos-hardware.nixosModules.pcengines-apu
     "${modulesPath}/profiles/minimal.nix"
   ];

nixos/overlay.nix

@@ -18,6 +18,6 @@ in pkgs: super: {
         };
       in c.config.system.build // c;
     machine = pkgs.lib.genAttrs names
-      (name: nixos [ ./roles (./logical + "/${name}.nix") ] { inherit name; });
+      (name: nixos [ ./roles (./machines + "/${name}/default.nix") ] { inherit name; });
   };
 }

nixos/roles/default.nix

@@ -11,6 +11,7 @@ in {
     ../modules/nginx.nix
     ../modules/lumi-cache.nix
     ../modules/lumi-vpn.nix
+    ../modules/muflax-blog.nix
     ../services
   ];
 

nixos/roles/homeserver.nix

@@ -1,9 +1,7 @@
 { lib, ... }: {
   users.users.lars = {
     isNormalUser = true;
-    openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [
+    openssh.authorizedKeys.keys = with (import ../sshkeys.nix); lars;
-      lars
-    ];
   };
   services.avahi = {
     enable = true;

nixos/servers.nix

@@ -1 +0,0 @@
-builtins.mapAttrs (n: a: a.toplevel) ((import ../.).yorick.machine) 

nixos/services/default.nix

@@ -1 +1,4 @@
-{ imports = [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ]; }
+{
+  imports =
+    [ ./git.nix ./muflax-church.nix ./pub.nix ./website.nix ./torrent-wg.nix ];
+}

nixos/services/torrent-wg.nix

@@ -6,7 +6,7 @@ in {
     name = mkOption { type = types.str; };
     namespace = mkOption { type = types.str; };
   };
-  config = {
+  config = lib.mkIf cfg.enable {
     age.secrets.wg-torrent.file = ../../secrets/wg.${cfg.name}.age;
     networking.wireguard.interfaces.${cfg.name} = {
       # curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'