0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

less microvm boilerplate

Browse source
This commit is contained in:
Grigory Shipunov 2025-02-02 23:18:19 +00:00 committed by Grisha Shipunov
parent 9842b2df1a
commit 9ebfe0c59b
3 changed files with 92 additions and 134 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

197
flake.nix
View file

@ -60,116 +60,95 @@
}:
{
nixosConfigurations = {
toaster = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen3
lix-module.nixosModules.default
./hosts/toaster
./modules/basic-tools
./modules/binary-caches.nix
./modules/devtools.nix
./modules/gnome.nix
./modules/gnupg.nix
./modules/radio.nix
./modules/science.nix
./modules/tlp.nix
./modules/virtualization.nix
./hosts/toaster/secure-boot.nix
./modules/chromium.nix
./modules/mail
./modules/wg
nixosConfigurations =
let
microvm-list = [
"auth"
"immich"
"miniflux"
"radicale"
];
microvms = builtins.listToAttrs (
map (vm: {
name = vm;
value = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
microvm.nixosModules.microvm
./hosts/${vm}
./modules/server
./modules/wg
];
};
}) microvm-list
);
in
microvms
// {
toaster = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen3
lix-module.nixosModules.default
./hosts/toaster
./modules/basic-tools
./modules/binary-caches.nix
./modules/devtools.nix
./modules/gnome.nix
./modules/gnupg.nix
./modules/radio.nix
./modules/science.nix
./modules/tlp.nix
./modules/virtualization.nix
./hosts/toaster/secure-boot.nix
./modules/chromium.nix
./modules/mail
./modules/wg
];
};
cloud = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
lix-module.nixosModules.default
./hosts/cloud
./modules/basic-tools
./modules/server
./modules/binary-caches.nix
./modules/wg
];
};
minime = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
microvm.nixosModules.host
lix-module.nixosModules.default
./hosts/minime
./modules/basic-tools
./modules/server
./modules/binary-caches.nix
./modules/wg
{
config.microvm.autostart = microvm-list;
}
];
};
};
cloud = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
lix-module.nixosModules.default
./hosts/cloud
./modules/basic-tools
./modules/server
./modules/binary-caches.nix
./modules/wg
];
};
minime = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
microvm.nixosModules.host
lix-module.nixosModules.default
./hosts/minime
./modules/basic-tools
./modules/server
./modules/binary-caches.nix
./modules/wg
];
};
auth = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
microvm.nixosModules.microvm
authentik-nix.nixosModules.default
./hosts/auth
./modules/server
./modules/wg
];
};
immich = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
microvm.nixosModules.microvm
./hosts/immich
./modules/server
./modules/wg
];
};
miniflux = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
microvm.nixosModules.microvm
./hosts/miniflux
./modules/server
./modules/wg
];
};
radicale = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
sops-nix.nixosModules.sops
microvm.nixosModules.microvm
./hosts/radicale
./modules/server
./modules/wg
];
};
};
};
}

5
hosts/auth/authentik.nix
View file

@ -1,5 +1,8 @@
{ config, ... }:
{ config, inputs, ... }:
{
imports = [
inputs.authentik-nix.nixosModules.default
];
sops.secrets."authentik/env" = { };
services.authentik = {
enable = true;

24
hosts/minime/uvm.nix
View file

@ -1,24 +0,0 @@
{ inputs, ... }:
{
microvm.stateDir = "/var/lib/microvms";
microvm.autostart = [
"auth"
"radicale"
"immich"
"miniflux"
];
microvm.vms = {
auth = {
flake = inputs.self;
updateFlake = "github:gshipunov/nix-config/master";
};
radicale = {
flake = inputs.self;
updateFlake = "github:gshipunov/nix-config/master";
};
immich = {
flake = inputs.self;
updateFlake = "github:gshipunov/nix-config/master";
};
};
}