ops/nixos: switch to more standard NixOS module system

Sorry tazjin.
This commit is contained in:
Luke Granger-Brown 2020-05-03 18:44:11 +01:00
parent 9a250f78df
commit f9b63a858f
5 changed files with 21 additions and 29 deletions

View file

@ -3,4 +3,5 @@ ops/secrets/
syntax: glob syntax: glob
*.sw? *.sw?
*.pyc *.pyc
*.orig
*~ *~

View file

@ -1,10 +1,9 @@
{ depot, lib, pkgs, ... }@args: { depot, lib, pkgs, ... }@args:
let let
inherit (builtins) foldl' mapAttrs; inherit (builtins) foldl' mapAttrs;
systemFor = configs: systemFor = config:
(depot.third_party.nixos { (depot.third_party.nixos {
configuration = lib.fix configuration = config;
(config: foldl' lib.recursiveUpdate { } (map (c: c config) configs));
}).system; }).system;
systems = [ "porcorosso" "ixvm-fra01" "marukuru" ]; systems = [ "porcorosso" "ixvm-fra01" "marukuru" ];
rebuilder = system: rebuilder = system:
@ -21,5 +20,5 @@ let
systemCfgs = lib.genAttrs systems systemCfgs = lib.genAttrs systems
(name: import (./. + "/${name}") (args // { rebuilder = rebuilder name; })); (name: import (./. + "/${name}") (args // { rebuilder = rebuilder name; }));
mapAttrValues = (f: set: mapAttrs (name: f) set); mapAttrValues = (f: set: mapAttrs (name: f) set);
systemDrvs = mapAttrValues (systemCfg: systemFor [ systemCfg ]) systemCfgs; systemDrvs = mapAttrValues (systemCfg: systemFor systemCfg) systemCfgs;
in systemDrvs in systemDrvs

View file

@ -1,8 +1,8 @@
{ depot, lib, pkgs, rebuilder, ... }: { depot, lib, pkgs, rebuilder, ... }:
config: { config, ... }:
let let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
in lib.fix (self: { in {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"ata_piix" "ata_piix"
"vmw_pvscsi" "vmw_pvscsi"
@ -134,4 +134,4 @@ in lib.fix (self: {
boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel"; boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel";
system.stateVersion = "20.03"; system.stateVersion = "20.03";
}) }

View file

@ -1,8 +1,9 @@
{ depot, lib, pkgs, rebuilder, ... }: { depot, lib, pkgs, rebuilder, ... }:
config: { config, ... }:
let let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
in lib.fix (self: { myPhp = pkgs.php.withExtensions ({ enabled, all }: enabled ++ [ all.apcu all.mailparse ]);
in {
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ]; imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.kernelModules = [ "tcp_bbr" ]; boot.kernelModules = [ "tcp_bbr" ];
boot.kernel.sysctl = { boot.kernel.sysctl = {
@ -20,8 +21,6 @@ in lib.fix (self: {
nix.maxJobs = lib.mkDefault 2; nix.maxJobs = lib.mkDefault 2;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
nixpkgs.config = { allowUnfree = true; };
nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ];
# Use GRUB2. # Use GRUB2.
@ -68,17 +67,12 @@ in lib.fix (self: {
vim vim
mercurial mercurial
gitAndTools.gitFull gitAndTools.gitFull
php phpPackages.mailparse
nodejs nodejs
rxvt_unicode.terminfo rxvt_unicode.terminfo
rebuilder rebuilder
]; ];
environment.etc."php.d/mailparse.ini".text = ''
extension=${pkgs.phpPackages.mailparse}/lib/php/extensions/mailparse.so
'';
environment.etc."php.d/cache.ini".text = '' environment.etc."php.d/cache.ini".text = ''
zend_extension=${pkgs.php}/lib/php/extensions/opcache.so zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
opcache.validate_timestamps=0 opcache.validate_timestamps=0
opcache.enable_cli=1 opcache.enable_cli=1
@ -267,14 +261,13 @@ in lib.fix (self: {
services.phpfpm.phpOptions = '' services.phpfpm.phpOptions = ''
zend_extension=${pkgs.php}/lib/php/extensions/opcache.so zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
extension=${pkgs.phpPackages.mailparse}/lib/php/extensions/mailparse.so
opcache.validate_timestamps=0 opcache.validate_timestamps=0
opcache.enable_cli=1 opcache.enable_cli=1
''; '';
services.phpfpm.pools.phabricator = { services.phpfpm.pools.phabricator = {
user = "phabricator"; user = "phabricator";
phpPackage = myPhp;
settings = { settings = {
"listen.owner" = config.services.nginx.user; "listen.owner" = config.services.nginx.user;
"pm" = "dynamic"; "pm" = "dynamic";
@ -298,12 +291,12 @@ in lib.fix (self: {
services.mysql = { services.mysql = {
enable = true; enable = true;
package = pkgs.mariadb; package = pkgs.mariadb;
extraOptions = '' settings.mysqld = {
max_allowed_packet = 128M max_allowed_packet = "128M";
sql_mode = STRICT_ALL_TABLES sql_mode = "STRICT_ALL_TABLES";
innodb_buffer_pool_size = 1600M innodb_buffer_pool_size = "1600M";
local_infile = 0 local_infile = "0";
''; };
}; };
services.postfix = { services.postfix = {
@ -338,4 +331,4 @@ in lib.fix (self: {
boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel"; boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel";
system.stateVersion = "20.03"; system.stateVersion = "20.03";
}) }

View file

@ -1,5 +1,5 @@
{ depot, lib, pkgs, rebuilder, ... }: { depot, lib, pkgs, rebuilder, ... }:
config: { config, ... }:
let let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
nvidia-offload-profile = '' nvidia-offload-profile = ''
@ -12,7 +12,7 @@ let
(nvidia-offload-profile + '' (nvidia-offload-profile + ''
exec -a "$0" "$@" exec -a "$0" "$@"
''); '');
in lib.fix (self: { in {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
"ahci" "ahci"
@ -221,5 +221,4 @@ in lib.fix (self: {
# servers. You should change this only after NixOS release notes say you # servers. You should change this only after NixOS release notes say you
# should. # should.
system.stateVersion = "19.09"; # Did you read the comment? system.stateVersion = "19.09"; # Did you read the comment?
}
})