SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 18:59:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add external host support

Browse source
This commit is contained in:
SebastianStork 2026-02-08 20:55:46 +01:00
parent f93908d157
commit 28e704ceff
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
11 changed files with 31 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

24
flake-parts/hosts.nix
View file

@ -6,21 +6,31 @@
}: }:
let let
mkHost = mkHost =
hostName: hostDir:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs self; }; specialArgs = { inherit inputs self; };
modules = modules =
(lib.singleton { networking = { inherit hostName; }; }) (lib.singleton { networking.hostName = lib.baseNameOf hostDir; })
++ ( ++ (
"${self}/hosts/${hostName}" hostDir
|> builtins.readDir |> builtins.readDir
|> lib.attrNames |> lib.attrNames
|> lib.filter (file: file |> lib.hasSuffix ".nix") |> lib.filter (lib.hasSuffix ".nix")
|> lib.map (file: "${self}/hosts/${hostName}/${file}") |> lib.map (file: "${hostDir}/${file}")
); );
}; };
mkHosts =
baseDir:
baseDir
|> builtins.readDir
|> lib.filterAttrs (_: type: type == "directory")
|> lib.mapAttrs (hostName: _: mkHost "${baseDir}/${hostName}");
in in
{ {
flake.nixosConfigurations = flake = {
"${self}/hosts" |> self.lib.listDirectoryNames |> self.lib.genAttrs mkHost; nixosConfigurations = mkHosts "${self}/hosts";
externalConfigurations = mkHosts "${self}/external-hosts";
allHosts = self.nixosConfigurations // self.externalConfigurations;
};
} }

4
flake-parts/sops-config.nix
View file

@ -18,14 +18,14 @@
}; };
hostCreationRules = hostCreationRules =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.map (host: host.config.custom.sops) |> lib.map (host: host.config.custom.sops)
|> lib.filter (sops: sops.enable) |> lib.filter (sops: sops.enable)
|> lib.map mkCreationRule; |> lib.map mkCreationRule;
userCreationRules = userCreationRules =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
|> lib.map (host: host.config.home-manager.users.seb.custom.sops) |> lib.map (host: host.config.home-manager.users.seb.custom.sops)

2
justfile
View file

@ -16,7 +16,7 @@ repair:
nix-store --verify --check-contents --repair nix-store --verify --check-contents --repair
repl host='$(hostname)': repl host='$(hostname)':
nix repl .#nixosConfigurations.{{ host }} nix repl .#allHosts.{{ host }}
[group('rebuild')] [group('rebuild')]
rebuild mode: rebuild mode:

2
modules/system/networking/default.nix
View file

@ -18,7 +18,7 @@ in
nodes = lib.mkOption { nodes = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = default =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.map (host: host.config.custom.networking) |> lib.map (host: host.config.custom.networking)
|> lib.map ( |> lib.map (

2
modules/system/networking/overlay.nix
View file

@ -57,7 +57,7 @@ in
dnsServers = lib.mkOption { dnsServers = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = default =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.custom.services.dns.enable) |> lib.filter (host: host.config.custom.services.dns.enable)
|> lib.map (host: host.config.custom.networking.overlay.address); |> lib.map (host: host.config.custom.networking.overlay.address);

2
modules/system/services/dns.nix
View file

@ -27,7 +27,7 @@ in
netCfg.nodes netCfg.nodes
|> lib.map (node: "\"${node.hostName}.${node.overlay.domain}. A ${node.overlay.address}\""); |> lib.map (node: "\"${node.hostName}.${node.overlay.domain}. A ${node.overlay.address}\"");
serviceRecords = serviceRecords =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.concatMap ( |> lib.concatMap (
host: host:

2
modules/system/services/sshd.nix
View file

@ -41,7 +41,7 @@ in
}; };
users.users.seb.openssh.authorizedKeys.keyFiles = users.users.seb.openssh.authorizedKeys.keyFiles =
self.nixosConfigurations self.allHosts
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.networking.hostName != netCfg.hostName) |> lib.filter (host: host.config.networking.hostName != netCfg.hostName)
|> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.filter (host: host.config |> lib.hasAttr "home-manager")

2
modules/system/services/syncthing.nix
View file

@ -87,7 +87,7 @@ in
settings = settings =
let let
hosts = hosts =
self.nixosConfigurations self.allHosts
|> lib.filterAttrs (_: host: host.config.networking.hostName != config.networking.hostName) |> lib.filterAttrs (_: host: host.config.networking.hostName != config.networking.hostName)
|> lib.filterAttrs (_: host: host.config.custom.services.syncthing.enable); |> lib.filterAttrs (_: host: host.config.custom.services.syncthing.enable);
in in

2
modules/system/web-services/gatus.nix
View file

@ -173,7 +173,7 @@ in
web-services.gatus.endpoints = web-services.gatus.endpoints =
let let
defaultEndpoints = defaultEndpoints =
self.nixosConfigurations self.allHosts
|> lib.mapAttrs ( |> lib.mapAttrs (
_: host: _: host:
host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain) host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain)

2
scripts/nebula/recert-all-hosts.nix
View file

@ -9,7 +9,7 @@ pkgs.writeShellApplication {
]; ];
text = '' text = ''
hosts="$(nix eval .#nixosConfigurations --apply 'builtins.attrNames' --json | jq -r '.[]')" hosts="$(nix eval .#allHosts --apply 'builtins.attrNames' --json | jq -r '.[]')"
if ! declare -px BW_SESSION >/dev/null 2>&1; then if ! declare -px BW_SESSION >/dev/null 2>&1; then
BW_SESSION="$(bw unlock --raw || bw login --raw)" BW_SESSION="$(bw unlock --raw || bw login --raw)"

8
scripts/nebula/recert-host.nix
View file

@ -14,11 +14,11 @@ pkgs.writeShellApplication {
fi fi
host="$1" host="$1"
address="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.networking.overlay.cidr")" address="$(nix eval --raw ".#allHosts.$host.config.custom.networking.overlay.cidr")"
groups="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')" groups="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.groups" --apply 'builtins.concatStringsSep ","')"
ca_cert='modules/system/services/nebula/ca.crt' ca_cert='modules/system/services/nebula/ca.crt'
host_pub="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.publicKeyPath")" host_pub="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.publicKeyPath")"
host_cert="$(nix eval --raw ".#nixosConfigurations.$host.config.custom.services.nebula.certificatePath")" host_cert="$(nix eval --raw ".#allHosts.$host.config.custom.services.nebula.certificatePath")"
host_cert="''${host_cert#*-source/}" host_cert="''${host_cert#*-source/}"
if [[ $# -eq 2 ]]; then if [[ $# -eq 2 ]]; then