From 6a2ca6239851906b5a301630d46a136e71ddbfdb Mon Sep 17 00:00:00 2001 From: Xavier Lagraula Date: Sun, 10 May 2026 20:02:16 +0200 Subject: [PATCH] refactor: separate framework from production environment - Create nixos-infra-framework repo with reusable modules, lib, pkgs, overlays, scripts, and a sample environment - Restructure private repo: move hosts/, network/, secrets/, users/ into environments/production/ - Update all host configs to import from framework repo via fetchGit - Update deploy.sh with --environment flag (default: production) - Create hypervisor inventory records (Proxmox, non-NixOS) - Add environment entry point: environments/production/configuration.nix - Remove duplicated technical components (now in framework repo) --- nixos-infra/README.md | 44 ++++++- nixos-infra/configuration.nix | 0 .../environments/production/configuration.nix | 18 +++ .../production}/hosts/README.md | 0 .../production}/hosts/servers/README.md | 0 .../hosts/servers/dns01/configuration.nix | 17 ++- .../hosts/servers/dns02/configuration.nix | 15 ++- .../hosts/servers/git01/configuration.nix | 15 ++- .../hosts/servers/hyper01/configuration.nix | 19 +++ .../hosts/servers/hyper02/configuration.nix | 19 +++ .../hosts/servers/pass01/configuration.nix | 15 ++- .../hosts/servers/rp01/configuration.nix | 13 +- .../workstations/PC-FRIDA/configuration.nix | 8 ++ .../hosts/workstations/gaia/configuration.nix | 8 ++ .../workstations/sting/configuration.nix | 8 ++ .../production}/network/README.md | 0 .../production}/network/default.nix | 0 .../production}/network/hosts.nix | 0 .../production}/network/subnets.nix | 0 .../production}/network/vlans.nix | 0 .../production}/secrets/.gitignore | 0 .../production}/secrets/pubkeys/.gitkeep | 0 .../production}/users/README.md | 0 .../production/users/frida/configuration.nix | 11 ++ .../production/users/guest/configuration.nix | 10 ++ .../production/users/root/configuration.nix | 11 ++ .../production/users/xavier/configuration.nix | 11 ++ .../hosts/servers/hyper01/configuration.nix | 3 - .../hosts/servers/hyper02/configuration.nix | 3 - .../workstations/PC-FRIDA/configuration.nix | 0 .../hosts/workstations/gaia/configuration.nix | 0 .../workstations/sting/configuration.nix | 0 nixos-infra/lib/README.md | 4 - nixos-infra/modules/README.md | 2 - .../machine-types/hypervisor/default.nix | 4 - .../modules/machine-types/lxc/default.nix | 48 -------- .../modules/machine-types/vm/default.nix | 4 - .../machine-types/workstation/default.nix | 4 - nixos-infra/modules/secrets/default.nix | 22 ---- nixos-infra/modules/services/dns/default.nix | 116 ------------------ nixos-infra/modules/services/dns/options.nix | 79 ------------ .../modules/services/git-forge/default.nix | 90 -------------- .../services/password-manager/default.nix | 90 -------------- .../services/reverse-proxy/default.nix | 56 --------- nixos-infra/modules/user-profiles/admin.nix | 0 nixos-infra/modules/user-profiles/cam.nix | 0 nixos-infra/modules/user-profiles/dev.nix | 0 nixos-infra/modules/user-profiles/guest.nix | 0 .../modules/user-profiles/standard.nix | 0 nixos-infra/overlays/README.md | 4 - nixos-infra/overlays/custom-pkgs.nix | 4 - nixos-infra/pkgs/README.md | 4 - nixos-infra/pkgs/default.nix | 8 -- nixos-infra/pkgs/nixpkgs.json | 5 - nixos-infra/scripts/1 | 22 ---- nixos-infra/scripts/deploy.sh | 33 ++--- nixos-infra/users/frida/configuration.nix | 0 nixos-infra/users/guest/configuration.nix | 0 nixos-infra/users/root/configuration.nix | 0 nixos-infra/users/xavier/configuration.nix | 0 60 files changed, 238 insertions(+), 609 deletions(-) delete mode 100644 nixos-infra/configuration.nix create mode 100644 nixos-infra/environments/production/configuration.nix rename nixos-infra/{ => environments/production}/hosts/README.md (100%) rename nixos-infra/{ => environments/production}/hosts/servers/README.md (100%) rename nixos-infra/{ => environments/production}/hosts/servers/dns01/configuration.nix (60%) rename nixos-infra/{ => environments/production}/hosts/servers/dns02/configuration.nix (65%) rename nixos-infra/{ => environments/production}/hosts/servers/git01/configuration.nix (58%) create mode 100644 nixos-infra/environments/production/hosts/servers/hyper01/configuration.nix create mode 100644 nixos-infra/environments/production/hosts/servers/hyper02/configuration.nix rename nixos-infra/{ => environments/production}/hosts/servers/pass01/configuration.nix (65%) rename nixos-infra/{ => environments/production}/hosts/servers/rp01/configuration.nix (63%) create mode 100644 nixos-infra/environments/production/hosts/workstations/PC-FRIDA/configuration.nix create mode 100644 nixos-infra/environments/production/hosts/workstations/gaia/configuration.nix create mode 100644 nixos-infra/environments/production/hosts/workstations/sting/configuration.nix rename nixos-infra/{ => environments/production}/network/README.md (100%) rename nixos-infra/{ => environments/production}/network/default.nix (100%) rename nixos-infra/{ => environments/production}/network/hosts.nix (100%) rename nixos-infra/{ => environments/production}/network/subnets.nix (100%) rename nixos-infra/{ => environments/production}/network/vlans.nix (100%) rename nixos-infra/{ => environments/production}/secrets/.gitignore (100%) rename nixos-infra/{ => environments/production}/secrets/pubkeys/.gitkeep (100%) rename nixos-infra/{ => environments/production}/users/README.md (100%) create mode 100644 nixos-infra/environments/production/users/frida/configuration.nix create mode 100644 nixos-infra/environments/production/users/guest/configuration.nix create mode 100644 nixos-infra/environments/production/users/root/configuration.nix create mode 100644 nixos-infra/environments/production/users/xavier/configuration.nix delete mode 100644 nixos-infra/hosts/servers/hyper01/configuration.nix delete mode 100644 nixos-infra/hosts/servers/hyper02/configuration.nix delete mode 100644 nixos-infra/hosts/workstations/PC-FRIDA/configuration.nix delete mode 100644 nixos-infra/hosts/workstations/gaia/configuration.nix delete mode 100644 nixos-infra/hosts/workstations/sting/configuration.nix delete mode 100644 nixos-infra/lib/README.md delete mode 100644 nixos-infra/modules/README.md delete mode 100644 nixos-infra/modules/machine-types/hypervisor/default.nix delete mode 100644 nixos-infra/modules/machine-types/lxc/default.nix delete mode 100644 nixos-infra/modules/machine-types/vm/default.nix delete mode 100644 nixos-infra/modules/machine-types/workstation/default.nix delete mode 100644 nixos-infra/modules/secrets/default.nix delete mode 100644 nixos-infra/modules/services/dns/default.nix delete mode 100644 nixos-infra/modules/services/dns/options.nix delete mode 100644 nixos-infra/modules/services/git-forge/default.nix delete mode 100644 nixos-infra/modules/services/password-manager/default.nix delete mode 100644 nixos-infra/modules/services/reverse-proxy/default.nix delete mode 100644 nixos-infra/modules/user-profiles/admin.nix delete mode 100644 nixos-infra/modules/user-profiles/cam.nix delete mode 100644 nixos-infra/modules/user-profiles/dev.nix delete mode 100644 nixos-infra/modules/user-profiles/guest.nix delete mode 100644 nixos-infra/modules/user-profiles/standard.nix delete mode 100644 nixos-infra/overlays/README.md delete mode 100644 nixos-infra/overlays/custom-pkgs.nix delete mode 100644 nixos-infra/pkgs/README.md delete mode 100644 nixos-infra/pkgs/default.nix delete mode 100644 nixos-infra/pkgs/nixpkgs.json delete mode 100644 nixos-infra/scripts/1 delete mode 100644 nixos-infra/users/frida/configuration.nix delete mode 100644 nixos-infra/users/guest/configuration.nix delete mode 100644 nixos-infra/users/root/configuration.nix delete mode 100644 nixos-infra/users/xavier/configuration.nix diff --git a/nixos-infra/README.md b/nixos-infra/README.md index dd7f505..ee6084f 100644 --- a/nixos-infra/README.md +++ b/nixos-infra/README.md @@ -1,5 +1,41 @@ -# nixos-infra +# nixos-infra — Private environments -Central infrastructure-as-code repository for the NixOS fleet (servers and -workstations). Reproductible deployments via NixOS, agenix for secrets, -Proxmox for hypervision. See `../README.md` for an overview. \ No newline at end of file +This repository contains **environment-specific declarations** (hosts, network +layout, secrets, users) for the NixOS fleet. Reusable technical components +(modules, lib, pkgs, scripts) live in the **public framework repository**: + + → `nixos-infra-framework` (ssh://git@gitea.prod.lagraula.fr:2222/xavier/nixos-infra-framework.git) + +## Structure + +``` +nixos-infra/ +├── environments/ +│ └── production/ # Production infrastructure +│ ├── configuration.nix # Environment entry point +│ ├── hosts/ +│ │ ├── servers/ # Server configurations (LXC, hypervisors) +│ │ └── workstations/ # Workstation configurations +│ ├── network/ # VLANs, subnets, host IPs +│ ├── secrets/ # agenix-encrypted secrets +│ └── users/ # User configurations +├── scripts/ # Environment-specific script wrappers +└── README.md +``` + +## Adding a New Environment + + 1. Create `environments//` with the same sub-structure as `production/`. + 2. Set up its own `network/`, `secrets/`, and `users/`. + 3. Deploy with: + ``` + deploy.sh --environment + ``` + +## Deployment + +``` +deploy.sh --environment production +``` + +See the framework repo for the deploy script and reusable modules. \ No newline at end of file diff --git a/nixos-infra/configuration.nix b/nixos-infra/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/environments/production/configuration.nix b/nixos-infra/environments/production/configuration.nix new file mode 100644 index 0000000..86f7976 --- /dev/null +++ b/nixos-infra/environments/production/configuration.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + +let + frameworkRev = "c53d997d075236f6d8c2a8e9db0238e46391735a"; + framework = builtins.fetchGit { + url = "ssh://git@gitea.prod.lagraula.fr:2222/xavier/nixos-infra-framework.git"; + rev = frameworkRev; + }; +in { + imports = [ + # Import the framework utilities + (framework + "/lib") + (framework + "/overlays/custom-pkgs.nix") + ]; + + # Production environment-wide settings + system.stateVersion = "25.11"; +} \ No newline at end of file diff --git a/nixos-infra/hosts/README.md b/nixos-infra/environments/production/hosts/README.md similarity index 100% rename from nixos-infra/hosts/README.md rename to nixos-infra/environments/production/hosts/README.md diff --git a/nixos-infra/hosts/servers/README.md b/nixos-infra/environments/production/hosts/servers/README.md similarity index 100% rename from nixos-infra/hosts/servers/README.md rename to nixos-infra/environments/production/hosts/servers/README.md diff --git a/nixos-infra/hosts/servers/dns01/configuration.nix b/nixos-infra/environments/production/hosts/servers/dns01/configuration.nix similarity index 60% rename from nixos-infra/hosts/servers/dns01/configuration.nix rename to nixos-infra/environments/production/hosts/servers/dns01/configuration.nix index 79e647c..b4b5787 100644 --- a/nixos-infra/hosts/servers/dns01/configuration.nix +++ b/nixos-infra/environments/production/hosts/servers/dns01/configuration.nix @@ -1,11 +1,19 @@ { config, pkgs, lib, ... }: -{ +let + # Pin to a specific commit of the framework repo for reproducibility. + # Update this hash when you want to pull in new framework changes. + frameworkRev = "c53d997d075236f6d8c2a8e9db0238e46391735a"; + framework = builtins.fetchGit { + url = "ssh://git@gitea.prod.lagraula.fr:2222/xavier/nixos-infra-framework.git"; + rev = frameworkRev; + }; +in { imports = [ # Module for LXC containers - ../../../modules/machine-types/lxc + (framework + "/modules/machine-types/lxc") # Technitium DNS Server service module - ../../../modules/services/dns/default.nix + (framework + "/modules/services/dns/default.nix") ]; # Explicitly enable LXC machine type @@ -13,6 +21,7 @@ # Host identity (IP address 10.40.128.10/16 assigned via DHCP reservation) networking.hostName = "dns01"; + networking.domain = "prod.lagraula.fr"; networking.useDHCP = true; # Technitium DNS Server — primary DNS server @@ -25,4 +34,4 @@ allowZoneTransfer = [ "10.40.128.11" ]; # Allow secondary to dns02 listenAddresses = [ "10.40.128.10" "127.0.0.1" "::1" ]; }; -} +} \ No newline at end of file diff --git a/nixos-infra/hosts/servers/dns02/configuration.nix b/nixos-infra/environments/production/hosts/servers/dns02/configuration.nix similarity index 65% rename from nixos-infra/hosts/servers/dns02/configuration.nix rename to nixos-infra/environments/production/hosts/servers/dns02/configuration.nix index 37cf5e1..29775de 100644 --- a/nixos-infra/hosts/servers/dns02/configuration.nix +++ b/nixos-infra/environments/production/hosts/servers/dns02/configuration.nix @@ -1,11 +1,17 @@ { config, pkgs, lib, ... }: -{ +let + frameworkRev = "c53d997d075236f6d8c2a8e9db0238e46391735a"; + framework = builtins.fetchGit { + url = "ssh://git@gitea.prod.lagraula.fr:2222/xavier/nixos-infra-framework.git"; + rev = frameworkRev; + }; +in { imports = [ # Module for LXC containers - ../../../modules/machine-types/lxc + (framework + "/modules/machine-types/lxc") # Technitium DNS Server service module - ../../../modules/services/dns/default.nix + (framework + "/modules/services/dns/default.nix") ]; # Explicitly enable LXC machine type @@ -13,6 +19,7 @@ # Host identity (IP address 10.40.128.11/16 assigned via DHCP reservation) networking.hostName = "dns02"; + networking.domain = "prod.lagraula.fr"; networking.useDHCP = true; # Technitium DNS Server — secondary (replica) DNS server @@ -24,4 +31,4 @@ # adminPasswordFile = config.age.secrets.dns-admin-password.path; listenAddresses = [ "10.40.128.11" "127.0.0.1" "::1" ]; }; -} +} \ No newline at end of file diff --git a/nixos-infra/hosts/servers/git01/configuration.nix b/nixos-infra/environments/production/hosts/servers/git01/configuration.nix similarity index 58% rename from nixos-infra/hosts/servers/git01/configuration.nix rename to nixos-infra/environments/production/hosts/servers/git01/configuration.nix index 970c32b..01ef2ce 100644 --- a/nixos-infra/hosts/servers/git01/configuration.nix +++ b/nixos-infra/environments/production/hosts/servers/git01/configuration.nix @@ -1,11 +1,17 @@ { config, pkgs, lib, ... }: -{ +let + frameworkRev = "c53d997d075236f6d8c2a8e9db0238e46391735a"; + framework = builtins.fetchGit { + url = "ssh://git@gitea.prod.lagraula.fr:2222/xavier/nixos-infra-framework.git"; + rev = frameworkRev; + }; +in { imports = [ # Module for LXC containers - ../../../modules/machine-types/lxc + (framework + "/modules/machine-types/lxc") # Module for the git forge service (Forgejo) - ../../../modules/services/git-forge/default.nix + (framework + "/modules/services/git-forge/default.nix") ]; # Explicitly enable LXC machine type @@ -13,6 +19,7 @@ # Host identity (IP address 10.40.128.20/16 assigned via DHCP reservation) networking.hostName = "git01"; + networking.domain = "prod.lagraula.fr"; networking.useDHCP = true; # Forgejo — self-hosted git forge @@ -23,4 +30,4 @@ httpPort = 3000; databaseType = "sqlite3"; }; -} +} \ No newline at end of file diff --git a/nixos-infra/environments/production/hosts/servers/hyper01/configuration.nix b/nixos-infra/environments/production/hosts/servers/hyper01/configuration.nix new file mode 100644 index 0000000..917dce2 --- /dev/null +++ b/nixos-infra/environments/production/hosts/servers/hyper01/configuration.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, ... }: + +{ + # ╔══════════════════════════════════════════════════════════╗ + # ║ This machine runs Proxmox VE (not NixOS). ║ + # ║ This configuration serves as an inventory record ║ + # ║ documenting the machine's role and network settings. ║ + # ╚══════════════════════════════════════════════════════════╝ + + networking.hostName = "hyper01"; + networking.hostId = "deadbeef01"; # Unique 8-char hex identifier + + # Hypervisor management network + # Proxmox management interface: 10.10.128.10/16 + # SSH: root@10.10.128.10:22 + # Proxmox web UI: https://10.10.128.10:8006 + + system.stateVersion = "25.11"; +} \ No newline at end of file diff --git a/nixos-infra/environments/production/hosts/servers/hyper02/configuration.nix b/nixos-infra/environments/production/hosts/servers/hyper02/configuration.nix new file mode 100644 index 0000000..bce108f --- /dev/null +++ b/nixos-infra/environments/production/hosts/servers/hyper02/configuration.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, ... }: + +{ + # ╔══════════════════════════════════════════════════════════╗ + # ║ This machine runs Proxmox VE (not NixOS). ║ + # ║ This configuration serves as an inventory record ║ + # ║ documenting the machine's role and network settings. ║ + # ╚══════════════════════════════════════════════════════════╝ + + networking.hostName = "hyper02"; + networking.hostId = "deadbeef02"; # Unique 8-char hex identifier + + # Hypervisor management network + # Proxmox management interface: 10.10.128.11/16 + # SSH: root@10.10.128.11:22 + # Proxmox web UI: https://10.10.128.11:8006 + + system.stateVersion = "25.11"; +} \ No newline at end of file diff --git a/nixos-infra/hosts/servers/pass01/configuration.nix b/nixos-infra/environments/production/hosts/servers/pass01/configuration.nix similarity index 65% rename from nixos-infra/hosts/servers/pass01/configuration.nix rename to nixos-infra/environments/production/hosts/servers/pass01/configuration.nix index b46285d..12cbb34 100644 --- a/nixos-infra/hosts/servers/pass01/configuration.nix +++ b/nixos-infra/environments/production/hosts/servers/pass01/configuration.nix @@ -1,11 +1,17 @@ { config, pkgs, lib, ... }: -{ +let + frameworkRev = "c53d997d075236f6d8c2a8e9db0238e46391735a"; + framework = builtins.fetchGit { + url = "ssh://git@gitea.prod.lagraula.fr:2222/xavier/nixos-infra-framework.git"; + rev = frameworkRev; + }; +in { imports = [ # Module for LXC containers - ../../../modules/machine-types/lxc + (framework + "/modules/machine-types/lxc") # Module for password manager service (Vaultwarden) - ../../../modules/services/password-manager/default.nix + (framework + "/modules/services/password-manager/default.nix") ]; # Explicitly enable LXC machine type @@ -13,6 +19,7 @@ # Host identity (IP address 10.40.128.30/16 assigned via DHCP reservation) networking.hostName = "pass01"; + networking.domain = "prod.lagraula.fr"; networking.useDHCP = true; # Vaultwarden — Bitwarden-compatible password manager @@ -25,4 +32,4 @@ # Uncomment and configure with agenix secret: # adminTokenFile = config.age.secrets.vaultwarden-admin-token.path; }; -} +} \ No newline at end of file diff --git a/nixos-infra/hosts/servers/rp01/configuration.nix b/nixos-infra/environments/production/hosts/servers/rp01/configuration.nix similarity index 63% rename from nixos-infra/hosts/servers/rp01/configuration.nix rename to nixos-infra/environments/production/hosts/servers/rp01/configuration.nix index 4992905..a691891 100644 --- a/nixos-infra/hosts/servers/rp01/configuration.nix +++ b/nixos-infra/environments/production/hosts/servers/rp01/configuration.nix @@ -1,15 +1,22 @@ { config, pkgs, lib, ... }: -{ +let + frameworkRev = "c53d997d075236f6d8c2a8e9db0238e46391735a"; + framework = builtins.fetchGit { + url = "ssh://git@gitea.prod.lagraula.fr:2222/xavier/nixos-infra-framework.git"; + rev = frameworkRev; + }; +in { imports = [ # Module for LXC containers - ../../../modules/machine-types/lxc + (framework + "/modules/machine-types/lxc") # Module for the reverse proxy - ../../../modules/services/reverse-proxy/default.nix + (framework + "/modules/services/reverse-proxy/default.nix") ]; # Host identity (IP address assigned via DHCP reservation) networking.hostName = "rp01"; + networking.domain = "prod.lagraula.fr"; networking.useDHCP = true; # Services to expose via the reverse proxy diff --git a/nixos-infra/environments/production/hosts/workstations/PC-FRIDA/configuration.nix b/nixos-infra/environments/production/hosts/workstations/PC-FRIDA/configuration.nix new file mode 100644 index 0000000..8b45e52 --- /dev/null +++ b/nixos-infra/environments/production/hosts/workstations/PC-FRIDA/configuration.nix @@ -0,0 +1,8 @@ +{ config, pkgs, lib, ... }: + +{ + # Workstation configuration for PC-FRIDA + # TODO: Fill in workstation-specific settings + networking.hostName = "PC-FRIDA"; + networking.domain = "prod.lagraula.fr"; +} \ No newline at end of file diff --git a/nixos-infra/environments/production/hosts/workstations/gaia/configuration.nix b/nixos-infra/environments/production/hosts/workstations/gaia/configuration.nix new file mode 100644 index 0000000..fc30829 --- /dev/null +++ b/nixos-infra/environments/production/hosts/workstations/gaia/configuration.nix @@ -0,0 +1,8 @@ +{ config, pkgs, lib, ... }: + +{ + # Workstation configuration for gaia + # TODO: Fill in workstation-specific settings + networking.hostName = "gaia"; + networking.domain = "prod.lagraula.fr"; +} \ No newline at end of file diff --git a/nixos-infra/environments/production/hosts/workstations/sting/configuration.nix b/nixos-infra/environments/production/hosts/workstations/sting/configuration.nix new file mode 100644 index 0000000..f2ec935 --- /dev/null +++ b/nixos-infra/environments/production/hosts/workstations/sting/configuration.nix @@ -0,0 +1,8 @@ +{ config, pkgs, lib, ... }: + +{ + # Workstation configuration for sting + # TODO: Fill in workstation-specific settings + networking.hostName = "sting"; + networking.domain = "prod.lagraula.fr"; +} \ No newline at end of file diff --git a/nixos-infra/network/README.md b/nixos-infra/environments/production/network/README.md similarity index 100% rename from nixos-infra/network/README.md rename to nixos-infra/environments/production/network/README.md diff --git a/nixos-infra/network/default.nix b/nixos-infra/environments/production/network/default.nix similarity index 100% rename from nixos-infra/network/default.nix rename to nixos-infra/environments/production/network/default.nix diff --git a/nixos-infra/network/hosts.nix b/nixos-infra/environments/production/network/hosts.nix similarity index 100% rename from nixos-infra/network/hosts.nix rename to nixos-infra/environments/production/network/hosts.nix diff --git a/nixos-infra/network/subnets.nix b/nixos-infra/environments/production/network/subnets.nix similarity index 100% rename from nixos-infra/network/subnets.nix rename to nixos-infra/environments/production/network/subnets.nix diff --git a/nixos-infra/network/vlans.nix b/nixos-infra/environments/production/network/vlans.nix similarity index 100% rename from nixos-infra/network/vlans.nix rename to nixos-infra/environments/production/network/vlans.nix diff --git a/nixos-infra/secrets/.gitignore b/nixos-infra/environments/production/secrets/.gitignore similarity index 100% rename from nixos-infra/secrets/.gitignore rename to nixos-infra/environments/production/secrets/.gitignore diff --git a/nixos-infra/secrets/pubkeys/.gitkeep b/nixos-infra/environments/production/secrets/pubkeys/.gitkeep similarity index 100% rename from nixos-infra/secrets/pubkeys/.gitkeep rename to nixos-infra/environments/production/secrets/pubkeys/.gitkeep diff --git a/nixos-infra/users/README.md b/nixos-infra/environments/production/users/README.md similarity index 100% rename from nixos-infra/users/README.md rename to nixos-infra/environments/production/users/README.md diff --git a/nixos-infra/environments/production/users/frida/configuration.nix b/nixos-infra/environments/production/users/frida/configuration.nix new file mode 100644 index 0000000..36e0a96 --- /dev/null +++ b/nixos-infra/environments/production/users/frida/configuration.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: + +{ + # User configuration for frida + # TODO: Fill in user-specific settings + users.users.frida = { + isNormalUser = true; + description = "Frida"; + extraGroups = [ "wheel" ]; + }; +} \ No newline at end of file diff --git a/nixos-infra/environments/production/users/guest/configuration.nix b/nixos-infra/environments/production/users/guest/configuration.nix new file mode 100644 index 0000000..5fb02c6 --- /dev/null +++ b/nixos-infra/environments/production/users/guest/configuration.nix @@ -0,0 +1,10 @@ +{ config, pkgs, lib, ... }: + +{ + # User configuration for guest + # TODO: Fill in user-specific settings + users.users.guest = { + isNormalUser = true; + description = "Guest"; + }; +} \ No newline at end of file diff --git a/nixos-infra/environments/production/users/root/configuration.nix b/nixos-infra/environments/production/users/root/configuration.nix new file mode 100644 index 0000000..4c8dd19 --- /dev/null +++ b/nixos-infra/environments/production/users/root/configuration.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: + +{ + # User configuration for root + # TODO: Fill in root-specific settings + users.root = { + openssh.authorizedKeys.keys = [ + # Add SSH public keys for root access + ]; + }; +} \ No newline at end of file diff --git a/nixos-infra/environments/production/users/xavier/configuration.nix b/nixos-infra/environments/production/users/xavier/configuration.nix new file mode 100644 index 0000000..361d8c7 --- /dev/null +++ b/nixos-infra/environments/production/users/xavier/configuration.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: + +{ + # User configuration for xavier + # TODO: Fill in user-specific settings + users.users.xavier = { + isNormalUser = true; + description = "Xavier"; + extraGroups = [ "wheel" ]; + }; +} \ No newline at end of file diff --git a/nixos-infra/hosts/servers/hyper01/configuration.nix b/nixos-infra/hosts/servers/hyper01/configuration.nix deleted file mode 100644 index 0226d0a..0000000 --- a/nixos-infra/hosts/servers/hyper01/configuration.nix +++ /dev/null @@ -1,3 +0,0 @@ -# Do not modify!! -# Proxmox hypervisor on NixOS is not mature enough. -# Hypervisor are here for future reference only. \ No newline at end of file diff --git a/nixos-infra/hosts/servers/hyper02/configuration.nix b/nixos-infra/hosts/servers/hyper02/configuration.nix deleted file mode 100644 index 0226d0a..0000000 --- a/nixos-infra/hosts/servers/hyper02/configuration.nix +++ /dev/null @@ -1,3 +0,0 @@ -# Do not modify!! -# Proxmox hypervisor on NixOS is not mature enough. -# Hypervisor are here for future reference only. \ No newline at end of file diff --git a/nixos-infra/hosts/workstations/PC-FRIDA/configuration.nix b/nixos-infra/hosts/workstations/PC-FRIDA/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/hosts/workstations/gaia/configuration.nix b/nixos-infra/hosts/workstations/gaia/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/hosts/workstations/sting/configuration.nix b/nixos-infra/hosts/workstations/sting/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/lib/README.md b/nixos-infra/lib/README.md deleted file mode 100644 index 14e6f14..0000000 --- a/nixos-infra/lib/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Lib -Custom Nix utility functions and helpers. -Used across the configuration to factorize code. -Simplifies data and string manipulation. \ No newline at end of file diff --git a/nixos-infra/modules/README.md b/nixos-infra/modules/README.md deleted file mode 100644 index b001121..0000000 --- a/nixos-infra/modules/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# Modules -Reusable NixOS modules for the infrastructure. diff --git a/nixos-infra/modules/machine-types/hypervisor/default.nix b/nixos-infra/modules/machine-types/hypervisor/default.nix deleted file mode 100644 index 3e579ec..0000000 --- a/nixos-infra/modules/machine-types/hypervisor/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - # TODO: Add hypervisor-specific configuration -} \ No newline at end of file diff --git a/nixos-infra/modules/machine-types/lxc/default.nix b/nixos-infra/modules/machine-types/lxc/default.nix deleted file mode 100644 index cb6076e..0000000 --- a/nixos-infra/modules/machine-types/lxc/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, modulesPath, pkgs, lib, ... }: -{ - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; - nix.settings = { sandbox = false; }; - proxmoxLXC = { - manageNetwork = false; - privileged = true; - }; - - # Enable LXC specific options - options.lxc = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Enable LXC machine type"; - }; - }; - - services.fstrim.enable = false; # Let Proxmox host handle fstrim - - # Cache DNS lookups to improve performance - services.resolved = { - extraConfig = '' - Cache=true - CacheFromLocalhost=true - ''; - }; - - # Default configuration for a LXC container - config = lib.mkIf config.lxc.enable { - # Disabling useless services - services.avahi.daemon.enable = false; # TODO : review the need for avahi in a container - services.bluetooth.enable = false; - services.printing.enable = false; - - # Optimzing for conainters - boot.kernelModules = [ ]; # TODO : review the disabling of all kernelModules in a container - powerManagement.enable = false; - - # Limiter les ressources si nécessaire - # TODO : review the need to limit ZFS pools in the LXC container configuration, in my ZFSless context - boot.zfs.extraPools = [ ]; - - }; - - system.stateVersion = "25.11"; - -} \ No newline at end of file diff --git a/nixos-infra/modules/machine-types/vm/default.nix b/nixos-infra/modules/machine-types/vm/default.nix deleted file mode 100644 index d8c8687..0000000 --- a/nixos-infra/modules/machine-types/vm/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - # TODO: Add VM-specific configuration -} \ No newline at end of file diff --git a/nixos-infra/modules/machine-types/workstation/default.nix b/nixos-infra/modules/machine-types/workstation/default.nix deleted file mode 100644 index 726ba3f..0000000 --- a/nixos-infra/modules/machine-types/workstation/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - # TODO: Add workstation-specific configuration -} \ No newline at end of file diff --git a/nixos-infra/modules/secrets/default.nix b/nixos-infra/modules/secrets/default.nix deleted file mode 100644 index f12a23a..0000000 --- a/nixos-infra/modules/secrets/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - options.secrets = { - enable = lib.mkEnableOption "agenix secret management"; - - identity = lib.mkOption { - type = lib.types.path; - default = "/etc/ssh/ssh_host_ed25519_key"; - description = "Path to the SSH host private key used for age decryption."; - }; - }; - - config = lib.mkIf config.secrets.enable { - age = { - identityPaths = [ config.secrets.identity ]; - secrets = { }; - }; - - environment.systemPackages = with pkgs; [ agenix ]; - }; -} \ No newline at end of file diff --git a/nixos-infra/modules/services/dns/default.nix b/nixos-infra/modules/services/dns/default.nix deleted file mode 100644 index 1014050..0000000 --- a/nixos-infra/modules/services/dns/default.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.dns; - dnsPkg = if cfg.package != null then cfg.package else pkgs.technitium-dns-server; - - # Build the config.json for Technitium DNS Server. - # The server reads this file on startup from its config directory. - configJson = { - WebServicePort = cfg.webPort; - DNSListenerPort = cfg.dnsPort; - Recursion = cfg.recursion; - Forwarders = cfg.forwarders; - Log = false; - CachePrefetch = false; - AllowTtlOverride = true; - } // lib.optionalAttrs (cfg.adminPasswordFile != null) { - # Password hash will be set by the activation script on first run - # using the value from adminPasswordFile. - } // lib.optionalAttrs (cfg.listenAddresses != [ ]) { - ListenAddresses = cfg.listenAddresses; - } // lib.optionalAttrs (cfg.allowZoneTransfer != [ ]) { - AllowZoneTransfer = cfg.allowZoneTransfer; - } // cfg.extraConfig; - - configFile = pkgs.writeText "technitium-dns-config.json" - (builtins.toJSON configJson); -in - -{ - imports = [ - ./options.nix - ]; - - config = lib.mkIf cfg.enable { - - environment.systemPackages = [ dnsPkg ]; - - # Create the config directory and deploy initial config.json - systemd.tmpfiles.rules = [ - "d ${cfg.configDir} 0750 dns dns - -" - ]; - - systemd.services.technitium-dns-server = { - description = "Technitium DNS Server"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - wants = [ "network-online.target" ]; - - # Generate a password hash if adminPasswordFile is provided. - # The server is stopped on first run if no password hash exists, - # so we pre-seed the config with the hashed password. - preStart = '' - if [ -f "${cfg.configDir}/config.json" ]; then - # Config already exists, do not overwrite - true - else - install -m 0640 ${configFile} ${cfg.configDir}/config.json - ${lib.optionalString (cfg.adminPasswordFile != null) '' - if [ -f "${cfg.adminPasswordFile}" ]; then - # .NET-compatible SHA256 hash of the password - PASSWORD=$(cat "${cfg.adminPasswordFile}" | tr -d '\n') - HASH=$(echo -n "$PASSWORD" | ${pkgs.openssl}/bin/openssl dgst -sha256 -hex | cut -d' ' -f2) - ${pkgs.jq}/bin/jq \ - ".AdminPassword = \"$HASH\" | .Pbkdf2Iterations = 600000" \ - ${cfg.configDir}/config.json > ${cfg.configDir}/config.json.tmp - mv ${cfg.configDir}/config.json.tmp ${cfg.configDir}/config.json - fi - ''} - fi - ''; - - serviceConfig = { - Type = "simple"; - ExecStart = "${dnsPkg}/bin/technitium-dns-server ${cfg.configDir}"; - User = "dns"; - Group = "dns"; - Restart = "on-failure"; - RestartSec = "5s"; - LimitNOFILE = 1048576; - # Protect the system - ProtectSystem = "full"; - ProtectHome = true; - PrivateTmp = true; - NoNewPrivileges = true; - ReadWritePaths = [ cfg.configDir ]; - }; - }; - - # Create the dns system user and group - users.users.dns = { - description = "Technitium DNS Server daemon user"; - group = "dns"; - isSystemUser = true; - home = cfg.configDir; - createHome = true; - }; - - users.groups.dns = { }; - - # Open firewall ports for DNS (UDP/TCP 53) and optionally the web interface - networking.firewall = lib.mkMerge [ - { - allowedTCPPorts = [ cfg.dnsPort ]; - allowedUDPPorts = [ cfg.dnsPort ]; - } - # Allow web admin access only if listenAddresses restricts it to localhost - (lib.mkIf (cfg.listenAddresses == [ ] || builtins.elem "127.0.0.1" cfg.listenAddresses) { - allowedTCPPorts = [ cfg.webPort ]; - }) - ]; - - # Ensure DNS resolution is available locally before starting - networking.nameservers = lib.mkAfter [ "127.0.0.1" ]; - }; -} \ No newline at end of file diff --git a/nixos-infra/modules/services/dns/options.nix b/nixos-infra/modules/services/dns/options.nix deleted file mode 100644 index 8d57cc2..0000000 --- a/nixos-infra/modules/services/dns/options.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, lib, ... }: - -let - inherit (lib) types mkOption; -in - -{ - options.services.dns = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable the Technitium DNS Server"; - }; - - package = mkOption { - type = types.package; - default = null; - description = "Technitium DNS Server package to use. Defaults to pkgs.technitium-dns-server."; - }; - - webPort = mkOption { - type = types.port; - default = 5380; - description = "HTTP port for the Technitium web administration interface"; - }; - - dnsPort = mkOption { - type = types.port; - default = 53; - description = "DNS server port (both TCP and UDP)"; - }; - - recursion = mkOption { - type = types.enum [ "AllowOnlyForPrivateNetworks" "AllowAll" "DenyAll" ]; - default = "AllowOnlyForPrivateNetworks"; - description = "Recursion policy for DNS queries"; - }; - - forwarders = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "Upstream DNS forwarders (e.g. [ \"1.1.1.1\" \"8.8.8.8\" ]). Empty means use root hints"; - }; - - configDir = mkOption { - type = types.str; - default = "/etc/dns"; - description = "Directory for persistent Technitium DNS configuration and zone data"; - }; - - adminPasswordFile = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Path to a file containing the admin password for the web interface. - If not set, the default credentials (admin/admin) are used. - Use agenix or sops-nix to provide this file securely. - ''; - }; - - listenAddresses = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "IP addresses to listen on. Empty means listen on all interfaces"; - }; - - allowZoneTransfer = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "IP addresses or subnets allowed to request zone transfers (AXFR/IXFR)"; - }; - - extraConfig = mkOption { - type = types.attrsOf types.anything; - default = { }; - description = "Additional Technitium DNS configuration options as an attribute set"; - }; - }; -} \ No newline at end of file diff --git a/nixos-infra/modules/services/git-forge/default.nix b/nixos-infra/modules/services/git-forge/default.nix deleted file mode 100644 index 7e4e4cd..0000000 --- a/nixos-infra/modules/services/git-forge/default.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.git-forge; - inherit (lib) mkIf mkOption types; -in - -{ - options.services.git-forge = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable the git forge service (Forgejo)"; - }; - - domain = mkOption { - type = types.str; - default = "git.lagraula.fr"; - description = "Domain name for the Forgejo instance"; - }; - - sshPort = mkOption { - type = types.port; - default = 2222; - description = "SSH port for Git operations (avoid conflict with host SSH on 22)"; - }; - - httpPort = mkOption { - type = types.port; - default = 3000; - description = "HTTP port for the Forgejo web interface"; - }; - - dataDir = mkOption { - type = types.str; - default = "/var/lib/forgejo"; - description = "Data directory for Forgejo repositories and database"; - }; - - databaseType = mkOption { - type = types.enum [ "sqlite3" "postgres" "mysql" ]; - default = "sqlite3"; - description = "Database backend type"; - }; - - settings = mkOption { - type = types.attrsOf types.anything; - default = { }; - description = "Additional Forgejo settings (merged into services.forgejo.settings)"; - }; - }; - - config = mkIf cfg.enable { - # Use the built-in NixOS forgejo module - services.forgejo = { - enable = true; - package = pkgs.forgejo; - settings = lib.recursiveUpdate { - server = { - DOMAIN = cfg.domain; - HTTP_PORT = cfg.httpPort; - HTTP_ADDR = "0.0.0.0"; - ROOT_URL = "https://${cfg.domain}"; - SSH_PORT = cfg.sshPort; - SSH_LISTEN_PORT = cfg.sshPort; - }; - service = { - DISABLE_REGISTRATION = false; - }; - "repository".ROOT = "${cfg.dataDir}/repos"; - } (lib.mapAttrs (section: values: lib.mapAttrs (key: value: lib.mkDefault value) values) cfg.settings); - - database = { - type = cfg.databaseType; - }; - - dump = { - type = "tar.zst"; - }; - - # LXC container specifics - use the existing forgejo user - stateDir = cfg.dataDir; - }; - - # Open firewall ports for HTTP and SSH (git protocol) - networking.firewall = lib.mkIf config.services.forgejo.enable { - allowedTCPPorts = [ cfg.httpPort cfg.sshPort ]; - }; - }; -} \ No newline at end of file diff --git a/nixos-infra/modules/services/password-manager/default.nix b/nixos-infra/modules/services/password-manager/default.nix deleted file mode 100644 index 3cf690f..0000000 --- a/nixos-infra/modules/services/password-manager/default.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.services.password-manager; - inherit (lib) mkIf mkOption types; -in - -{ - options.services.password-manager = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable the password manager service (Vaultwarden)"; - }; - - domain = mkOption { - type = types.str; - default = "pass.lagraula.fr"; - description = "Domain name for the Vaultwarden instance"; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = "HTTP port for the Vaultwarden web interface"; - }; - - dataDir = mkOption { - type = types.str; - default = "/var/lib/vaultwarden"; - description = "Data directory for Vaultwarden persistent state"; - }; - - dbBackend = mkOption { - type = types.enum [ "sqlite" "mysql" "postgresql" ]; - default = "sqlite"; - description = "Database backend type"; - }; - - adminTokenFile = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Path to a file containing the admin token for the /admin panel. - Use agenix or sops-nix to provide this file securely. - ''; - }; - - signupsAllowed = mkOption { - type = types.bool; - default = true; - description = "Allow new user registration"; - }; - - extraConfig = mkOption { - type = types.attrsOf (types.nullOr (types.oneOf [ types.bool types.str types.int types.port ])); - default = { }; - description = "Additional Vaultwarden config options as attribute set (mapped to env vars)"; - }; - }; - - config = mkIf cfg.enable { - # Use the built-in NixOS vaultwarden module - services.vaultwarden = { - enable = true; - package = pkgs.vaultwarden; - webVaultPackage = pkgs.vaultwarden-webvault; - inherit (cfg) dbBackend; - config = { - DOMAIN = "https://${cfg.domain}"; - PORT = cfg.port; - SIGNUPS_ALLOWED = cfg.signupsAllowed; - } // (lib.mapAttrs (name: value: - if value == true then "true" - else if value == false then "false" - else toString value - ) cfg.extraConfig); - } // lib.optionalAttrs (cfg.adminTokenFile != null) { - environmentFile = cfg.adminTokenFile; - config = { - ADMIN_TOKEN = null; # Will be read from environmentFile - }; - }; - - # Open firewall port - networking.firewall = mkIf config.services.vaultwarden.enable { - allowedTCPPorts = [ cfg.port ]; - }; - }; -} \ No newline at end of file diff --git a/nixos-infra/modules/services/reverse-proxy/default.nix b/nixos-infra/modules/services/reverse-proxy/default.nix deleted file mode 100644 index 2786b41..0000000 --- a/nixos-infra/modules/services/reverse-proxy/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - # Récupère la liste des services depuis la configuration - publicServices = config.services.reverse-proxy.publicServices or []; -in -{ - # Options pour le module reverse-proxy - options.services.reverse-proxy = { - publicServices = lib.mkOption { - type = lib.types.listOf (lib.types.submodule { - options = { - host = lib.mkOption { type = lib.types.str; }; - internalHost = lib.mkOption { type = lib.types.str; }; - port = lib.mkOption { type = lib.types.int; default = 80; }; - }; - }); - default = []; - description = "Liste des services à exposer via le reverse proxy"; - }; - }; - - # Configuration de Caddy - config = lib.mkIf (config.services.reverse-proxy.publicServices or []) != [] { - services.caddy = { - enable = true; - virtualHosts = map (service: { - host = "${service.host}.lagraula.fr"; - reverseProxy = "http://${service.internalHost}.lagraula.fr:${toString service.port}"; - tls = { - email = config.services.caddy.email or "xavier@lagraula.fr"; - }; - }) (config.services.reverse-proxy.publicServices or []); - - # Configuration globale pour Caddy - extraConfig = '' - { - # Rate limiting global (optionnel) - rate_limit { - requests 100 - burst 200 - interval 1m - } - # Logging - log { - output file /var/log/caddy/access.log - } - } - ''; - }; - - # Ouvrir les ports firewall pour HTTP/HTTPS - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = []; - }; -} \ No newline at end of file diff --git a/nixos-infra/modules/user-profiles/admin.nix b/nixos-infra/modules/user-profiles/admin.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/modules/user-profiles/cam.nix b/nixos-infra/modules/user-profiles/cam.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/modules/user-profiles/dev.nix b/nixos-infra/modules/user-profiles/dev.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/modules/user-profiles/guest.nix b/nixos-infra/modules/user-profiles/guest.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/modules/user-profiles/standard.nix b/nixos-infra/modules/user-profiles/standard.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/overlays/README.md b/nixos-infra/overlays/README.md deleted file mode 100644 index bd78723..0000000 --- a/nixos-infra/overlays/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Overlays -Custom modifications and extensions to Nixpkgs. -Applies patches or version overrides to existing packages. -Applied globally across the infrastructure. \ No newline at end of file diff --git a/nixos-infra/overlays/custom-pkgs.nix b/nixos-infra/overlays/custom-pkgs.nix deleted file mode 100644 index 974bce8..0000000 --- a/nixos-infra/overlays/custom-pkgs.nix +++ /dev/null @@ -1,4 +0,0 @@ -self: super: { - # Custom packages and overrides for nixos-infra - # agenix is already available in nixpkgs — no custom overlay needed. -} \ No newline at end of file diff --git a/nixos-infra/pkgs/README.md b/nixos-infra/pkgs/README.md deleted file mode 100644 index 3e6f505..0000000 --- a/nixos-infra/pkgs/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Packages -Custom software packages not found in upstream Nixpkgs. -Contains project-specific derivations (default.nix). -Can be referenced via overlays or directly by hosts. \ No newline at end of file diff --git a/nixos-infra/pkgs/default.nix b/nixos-infra/pkgs/default.nix deleted file mode 100644 index eac1464..0000000 --- a/nixos-infra/pkgs/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -let - spec = builtins.fromJSON (builtins.readFile ./nixpkgs.json); -in -import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/${spec.rev}.tar.gz"; - sha256 = spec.sha256; -}) {} -# TODO: add a nixos-infra module \ No newline at end of file diff --git a/nixos-infra/pkgs/nixpkgs.json b/nixos-infra/pkgs/nixpkgs.json deleted file mode 100644 index 2e98baa..0000000 --- a/nixos-infra/pkgs/nixpkgs.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "url": "https://github.com/NixOS/nixpkgs/archive/755f5aa91337890c432639c60b6064bb7fe67769.tar.gz", - "rev": "755f5aa91337890c432639c60b6064bb7fe67769", - "sha256": "1lmn8dicfwmsfdaiw18xjjys78bal6yjy3a41j02my7kw0wlb76a" -} diff --git a/nixos-infra/scripts/1 b/nixos-infra/scripts/1 deleted file mode 100644 index 58efb82..0000000 --- a/nixos-infra/scripts/1 +++ /dev/null @@ -1,22 +0,0 @@ -bridge= -cmode= -cores= -domain= -dry_run=false -help=false -ip= -memory= -password= -pve_host= -pve_password= -pve_port= -pve_ssh_key= -pve_user= -rootfs_size= -ssh_public_keys= -swap= -tags= -template= -unprivileged= -vlan= -short_name='2' diff --git a/nixos-infra/scripts/deploy.sh b/nixos-infra/scripts/deploy.sh index a654c79..8af528c 100644 --- a/nixos-infra/scripts/deploy.sh +++ b/nixos-infra/scripts/deploy.sh @@ -2,9 +2,10 @@ set -euo pipefail # --- Default values (can be overridden by environment variables) --- -REPO_URL="${REPO_URL:-https://gitea.lagraula.fr/xavier/nixos-infra.git}" +REPO_URL="${REPO_URL:-ssh://git@gitea.prod.lagraula.fr:2222/xavier/nixos-infra.git}" REPO_DIR="${REPO_DIR:-/etc/nixos-infra}" BRANCH="${BRANCH:-main}" +ENVIRONMENT="${ENVIRONMENT:-production}" DRY_RUN="${DRY_RUN:-false}" # --- Usage --- @@ -22,11 +23,13 @@ Options: [default: ${REPO_DIR}] -b, --branch BRANCH Git branch to deploy [default: ${BRANCH}] + -e, --environment ENV Environment name (production, dev, staging, etc.) + [default: ${ENVIRONMENT}] -n, --dry-run Simulate deployment without making changes. -h, --help Show this help message. Environment variables: - REPO_URL, REPO_DIR, BRANCH, DRY_RUN (same as options above). + REPO_URL, REPO_DIR, BRANCH, ENVIRONMENT, DRY_RUN (same as options above). EOF exit 0 } @@ -34,11 +37,12 @@ EOF # --- Parse arguments --- while [[ $# -gt 0 ]]; do case "$1" in - -u|--repo-url) REPO_URL="$2"; shift 2 ;; - -d|--repo-dir) REPO_DIR="$2"; shift 2 ;; - -b|--branch) BRANCH="$2"; shift 2 ;; - -n|--dry-run) DRY_RUN="true"; shift ;; - -h|--help) usage ;; + -u|--repo-url) REPO_URL="$2"; shift 2 ;; + -d|--repo-dir) REPO_DIR="$2"; shift 2 ;; + -b|--branch) BRANCH="$2"; shift 2 ;; + -e|--environment) ENVIRONMENT="$2"; shift 2 ;; + -n|--dry-run) DRY_RUN="true"; shift ;; + -h|--help) usage ;; *) echo "❌ Unknown option: $1" >&2; usage ;; esac done @@ -56,8 +60,9 @@ if [ "$DRY_RUN" = "true" ]; then echo " - Repository URL: $REPO_URL" echo " - Repository dir: $REPO_DIR" echo " - Branch: $BRANCH" + echo " - Environment: $ENVIRONMENT" echo " - Hostname: $HOSTNAME" - echo " - Expected config: $REPO_DIR/hosts/servers/$HOSTNAME/configuration.nix" + echo " - Expected config: $REPO_DIR/environments/$ENVIRONMENT/hosts/servers/$HOSTNAME/configuration.nix" echo "" echo " Would execute:" echo " git clone --branch $BRANCH $REPO_URL $REPO_DIR" @@ -79,21 +84,21 @@ else fi # --- Find the configuration for this machine --- -CONFIG_PATH="$REPO_DIR/hosts/servers/$HOSTNAME/configuration.nix" +CONFIG_PATH="$REPO_DIR/environments/$ENVIRONMENT/hosts/servers/$HOSTNAME/configuration.nix" if [ ! -f "$CONFIG_PATH" ]; then - CONFIG_PATH="$REPO_DIR/hosts/workstations/$HOSTNAME/configuration.nix" + CONFIG_PATH="$REPO_DIR/environments/$ENVIRONMENT/hosts/workstations/$HOSTNAME/configuration.nix" fi if [ ! -f "$CONFIG_PATH" ]; then - echo "❌ Error : No configuration found for $HOSTNAME in $REPO_DIR" >&2 + echo "❌ Error : No configuration found for $HOSTNAME in environment '$ENVIRONMENT'" >&2 echo " Checked paths :" >&2 - echo " - $REPO_DIR/hosts/servers/$HOSTNAME/configuration.nix" >&2 - echo " - $REPO_DIR/hosts/workstations/$HOSTNAME/configuration.nix" >&2 + echo " - $REPO_DIR/environments/$ENVIRONMENT/hosts/servers/$HOSTNAME/configuration.nix" >&2 + echo " - $REPO_DIR/environments/$ENVIRONMENT/hosts/workstations/$HOSTNAME/configuration.nix" >&2 exit 1 fi # --- Apply the configuration --- -echo "🚀 Deploying the configuration for $HOSTNAME..." +echo "🚀 Deploying the configuration for $HOSTNAME (environment: $ENVIRONMENT)..." nixos-rebuild switch -I nixos-config="$CONFIG_PATH" echo "✅ Deployment was successful !" \ No newline at end of file diff --git a/nixos-infra/users/frida/configuration.nix b/nixos-infra/users/frida/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/users/guest/configuration.nix b/nixos-infra/users/guest/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/users/root/configuration.nix b/nixos-infra/users/root/configuration.nix deleted file mode 100644 index e69de29..0000000 diff --git a/nixos-infra/users/xavier/configuration.nix b/nixos-infra/users/xavier/configuration.nix deleted file mode 100644 index e69de29..0000000