let src = import ./npins; disko = (import src.disko { inherit (nixpkgsDefault) lib; }); diskConfig = import ./disks/ext4.nix { # FIXME mauvaise version… inherit (nixpkgsDefault) lib; }; mkSpecialArgs = nixpkgs: { network = import ./network { inherit (nixpkgs) lib; }; }; nixpkgsDefault = import src.nixpkgs { config.permittedInsecurePackages = [ "olm-3.2.16" ]; }; nixpkgs2411 = import src."nixpkgs-24.11" { }; nodeNixpkgs = { # FIXME discourse est cassé en unstable pendragon = nixpkgs2411; }; in { meta = { nixpkgs = nixpkgsDefault; nodeNixpkgs = nodeNixpkgs; specialArgs = mkSpecialArgs nixpkgsDefault; nodeSpecialArgs = builtins.mapAttrs (_: mkSpecialArgs) nodeNixpkgs; }; # FIXME nixpkgs.config.permittedInsecurePackage = [ "olm-3.2.16" ]; defaults = { name, pkgs, lib, ... }: { imports = [ ./profiles/sysadmin.nix ./profiles/infra.nix ./profiles/backups.nix ./profiles/prometheus-node-exporter.nix #./profiles/ldap.nix "${src.agenix}/modules/age.nix" ]; deployment.targetHost = "${name}.federez.net"; networking.hostName = name; security.acme.defaults.email = "monitoring@federez.net"; security.acme.acceptTerms = true; systemd.network.enable = true; networking.useDHCP = false; services.openssh.enable = true; networking.nftables.enable = true; infra.enable = true; backups.enable = true; # Enable system diffs. system.activationScripts.system-diff = { supportsDryActivation = true; # safe: only outputs to stdout text = '' if [ -e /run/current-system ]; then PATH=$PATH:${pkgs.nix}/bin ${pkgs.nvd}/bin/nvd diff /run/current-system $systemConfig fi ''; }; # Mot de passe classique qu'on trouvera dans le "trousseau" legacy. users.users.root.initialHashedPassword = "$y$j9T$RoSZj8ezgR7cI8Le6xqwW/$0BI6G1Nqy/G0g0sNhQhyEedqoHsEyMFVjQgc3TPqE.4"; system.stateVersion = "24.05"; time.timeZone = "Europe/Paris"; }; vogon = { pkgs, ... }: { deployment.tags = [ "hypervisor" ]; networking.hostId = "1751e2a7"; imports = [ ./profiles/vogon.nix ./profiles/incus.nix ]; }; estragon = { pkgs, ... }: { deployment.tags = [ "matrix" ]; glucagon.networking = { nibble = 227; wan-mac = "BC:24:11:5C:A4:5A"; }; imports = [ (disko.config diskConfig) ./profiles/vm.nix ./profiles/glucagon.nix ./profiles/matrix-server.nix ./profiles/element.nix ./profiles/telegram-bot.nix ./profiles/irc-bot.nix ]; system.build.diskoScript = disko.diskoScript diskConfig pkgs; }; wagon = { pkgs, ... }: { deployment.tags = [ "vaultwarden" "pass" "passwords" ]; glucagon.networking = { nibble = 228; wan-mac = "BC:24:11:EA:6C:0B"; }; imports = [ (disko.config diskConfig) ./profiles/vm.nix ./profiles/glucagon.nix ./profiles/vaultwarden.nix ]; system.build.diskoScript = disko.diskoScript diskConfig pkgs; }; lagon = { pkgs, ... }: { deployment.tags = [ "keycloak" "wayf" ]; glucagon.networking = { nibble = 229; wan-mac = "BC:24:11:7F:19:60"; }; imports = [ (disko.config diskConfig) ./profiles/vm.nix ./profiles/glucagon.nix ./profiles/wayf.nix ]; system.build.diskoScript = disko.diskoScript diskConfig pkgs; }; aragon = { pkgs, ... }: { deployment.tags = [ "gitlab" ]; glucagon.networking = { nibble = 231; wan-mac = "BC:24:11:E3:12:4A"; }; imports = [ (disko.config diskConfig) ./profiles/vm.nix ./profiles/glucagon.nix ./profiles/gitlab.nix ]; system.build.diskoScript = disko.diskoScript diskConfig pkgs; }; pendragon = { pkgs, ... }: { deployment.tags = [ "discourse" ]; glucagon.networking = { nibble = 233; wan-mac = "BC:24:11:C2:AA:47"; }; imports = [ (disko.config diskConfig) ./profiles/vm.nix ./profiles/glucagon.nix ./profiles/discourse.nix ]; system.build.diskoScript = disko.diskoScript diskConfig pkgs; }; perdrigon = { pkgs, ... }: { deployment.tags = [ "indico" ]; glucagon.networking = { nibble = 234; wan-mac = "BC:24:11:04:9B:51"; }; imports = [ (disko.config diskConfig) ./profiles/vm.nix ./profiles/glucagon.nix ./profiles/indico.nix ]; }; martagon = { pkgs, ... }: { deployment.tags = [ "victoria" "grafana" ]; glucagon.networking = { nibble = 236; wan-mac = "BC:24:11:7A:F6:2F"; }; imports = [ (disko.config diskConfig) ./profiles/vm.nix ./profiles/glucagon.nix ./profiles/monitoring ./profiles/grafana.nix ]; system.build.diskoScript = disko.diskoScript diskConfig pkgs; }; }