fix: nix config optimizations
This commit is contained in:
parent
3e48221fbf
commit
de236e371e
8 changed files with 39 additions and 57 deletions
35
flake.nix
35
flake.nix
|
|
@ -13,54 +13,51 @@
|
||||||
|
|
||||||
outputs = { self, nixpkgs, disko, agenix, ... }:
|
outputs = { self, nixpkgs, disko, agenix, ... }:
|
||||||
let
|
let
|
||||||
pkgs = import nixpkgs { system = "x86_64-linux"; };
|
# Shared module list for both nixosConfigurations and colmena
|
||||||
|
hostModules = name: system: [
|
||||||
# Helper to build a NixOS host config from hosts/<name>/
|
|
||||||
mkHost = name: system: nixpkgs.lib.nixosSystem {
|
|
||||||
modules = [
|
|
||||||
{ nixpkgs.hostPlatform = system; }
|
{ nixpkgs.hostPlatform = system; }
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
./modules/common.nix
|
./modules/common.nix
|
||||||
./hosts/${name}
|
./hosts/${name}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
mkHost = name: system: nixpkgs.lib.nixosSystem {
|
||||||
|
modules = hostModules name system;
|
||||||
};
|
};
|
||||||
|
|
||||||
hosts = {
|
hosts = {
|
||||||
telefonmann = { system = "x86_64-linux"; };
|
telefonmann = { system = "x86_64-linux"; targetHost = "telefonmann"; };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systems = nixpkgs.lib.unique (nixpkgs.lib.mapAttrsToList (_: cfg: cfg.system) hosts);
|
||||||
in {
|
in {
|
||||||
# nixosConfigurations is used by nixos-anywhere for initial install
|
# nixosConfigurations is used by nixos-anywhere for initial install
|
||||||
nixosConfigurations = nixpkgs.lib.mapAttrs
|
nixosConfigurations = nixpkgs.lib.mapAttrs
|
||||||
(name: cfg: mkHost name cfg.system)
|
(name: cfg: mkHost name cfg.system)
|
||||||
hosts;
|
hosts;
|
||||||
|
|
||||||
devShells.x86_64-linux.default = pkgs.mkShell {
|
devShells = nixpkgs.lib.genAttrs systems (system:
|
||||||
|
let pkgs = import nixpkgs { inherit system; }; in {
|
||||||
|
default = pkgs.mkShell {
|
||||||
packages = [
|
packages = [
|
||||||
pkgs.colmena
|
pkgs.colmena
|
||||||
agenix.packages.x86_64-linux.default
|
agenix.packages.${system}.default
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
});
|
||||||
|
|
||||||
# colmena hive for ongoing deployments
|
# colmena hive for ongoing deployments
|
||||||
colmena = {
|
colmena = {
|
||||||
meta = {
|
meta = {
|
||||||
nixpkgs = pkgs;
|
nixpkgs = import nixpkgs { system = (nixpkgs.lib.head systems); };
|
||||||
specialArgs = { inherit disko; };
|
|
||||||
};
|
};
|
||||||
} // nixpkgs.lib.mapAttrs (name: cfg: {
|
} // nixpkgs.lib.mapAttrs (name: cfg: {
|
||||||
deployment = {
|
deployment = {
|
||||||
# Set targetHost per host in hosts/<name>/default.nix or override here
|
targetHost = cfg.targetHost;
|
||||||
# targetHost = "telefonmann.example.com";
|
|
||||||
targetUser = "root";
|
targetUser = "root";
|
||||||
};
|
};
|
||||||
imports = [
|
imports = hostModules name cfg.system;
|
||||||
{ nixpkgs.hostPlatform = cfg.system; }
|
|
||||||
disko.nixosModules.disko
|
|
||||||
agenix.nixosModules.default
|
|
||||||
./modules/common.nix
|
|
||||||
./hosts/${name}
|
|
||||||
];
|
|
||||||
}) hosts;
|
}) hosts;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,6 @@
|
||||||
imports = [
|
imports = [
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
./disko.nix
|
./disko.nix
|
||||||
../../modules/vm-guest.nix
|
|
||||||
../../modules/voip
|
../../modules/voip
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -153,8 +152,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
deployment.targetHost = "telefonmann";
|
|
||||||
|
|
||||||
# Age-encrypted secrets (decrypted on the host at activation time).
|
# Age-encrypted secrets (decrypted on the host at activation time).
|
||||||
age.secrets =
|
age.secrets =
|
||||||
let asteriskSecret = file: { inherit file; owner = "asterisk"; group = "voip-keys"; mode = "0640"; };
|
let asteriskSecret = file: { inherit file; owner = "asterisk"; group = "voip-keys"; mode = "0640"; };
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,9 @@
|
||||||
{ modulesPath, ... }: {
|
{ ... }: {
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
services.qemuGuest.enable = true;
|
||||||
|
boot.loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
boot.initrd.availableKernelModules = [
|
boot.initrd.availableKernelModules = [
|
||||||
"virtio_pci"
|
"virtio_pci"
|
||||||
"virtio_scsi" # use "virtio_blk" instead if disk is /dev/vda
|
"virtio_scsi" # use "virtio_blk" instead if disk is /dev/vda
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, ... }: {
|
{ ... }: {
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
|
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
{ ... }: {
|
|
||||||
services.qemuGuest.enable = true;
|
|
||||||
boot.loader = {
|
|
||||||
systemd-boot.enable = true;
|
|
||||||
efi.canTouchEfiVariables = true;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
@ -172,7 +172,8 @@ let
|
||||||
context = internal
|
context = internal
|
||||||
transport = transport-tcp
|
transport = transport-tcp
|
||||||
disallow = all
|
disallow = all
|
||||||
${lib.concatMapStrings (c: "allow = ${c}\n ") cfg.codecs.hardwarePhones}direct_media = no
|
${lib.concatMapStrings (c: "allow = ${c}\n ") cfg.codecs.hardwarePhones}
|
||||||
|
direct_media = no
|
||||||
trust_id_inbound = yes
|
trust_id_inbound = yes
|
||||||
send_pai = yes
|
send_pai = yes
|
||||||
|
|
||||||
|
|
@ -181,7 +182,8 @@ let
|
||||||
context = internal
|
context = internal
|
||||||
transport = transport-tcp
|
transport = transport-tcp
|
||||||
disallow = all
|
disallow = all
|
||||||
${lib.concatMapStrings (c: "allow = ${c}\n ") cfg.codecs.softClients}direct_media = no
|
${lib.concatMapStrings (c: "allow = ${c}\n ") cfg.codecs.softClients}
|
||||||
|
direct_media = no
|
||||||
send_pai = yes
|
send_pai = yes
|
||||||
|
|
||||||
[auth-userpass](!)
|
[auth-userpass](!)
|
||||||
|
|
@ -245,7 +247,6 @@ let
|
||||||
type = endpoint
|
type = endpoint
|
||||||
context = from-external
|
context = from-external
|
||||||
transport = transport-${t.transport}
|
transport = transport-${t.transport}
|
||||||
disallow = all
|
|
||||||
outbound_auth = trunk-${name}-auth
|
outbound_auth = trunk-${name}-auth
|
||||||
aors = trunk-${name}-aor
|
aors = trunk-${name}-aor
|
||||||
trust_id_inbound = yes
|
trust_id_inbound = yes
|
||||||
|
|
|
||||||
|
|
@ -57,6 +57,10 @@ let
|
||||||
greetingDirs = import ./greetings.nix { inherit lib pkgs cfg; };
|
greetingDirs = import ./greetings.nix { inherit lib pkgs cfg; };
|
||||||
intercomEntries = import ./intercom.nix { inherit lib cfg models allPhones; };
|
intercomEntries = import ./intercom.nix { inherit lib cfg models allPhones; };
|
||||||
confFiles = import ./asterisk.nix { inherit lib cfg models allPhones intercomEntries mohDirs greetingDirs; };
|
confFiles = import ./asterisk.nix { inherit lib cfg models allPhones intercomEntries mohDirs greetingDirs; };
|
||||||
|
directory = import ./directory.nix { inherit lib pkgs cfg allPhones intercomEntries; };
|
||||||
|
backgroundEntries = import ./backgrounds.nix { inherit lib pkgs cfg models allPhones; };
|
||||||
|
provisioningRoot = import ./provisioning.nix { inherit lib pkgs cfg models allPhones backgroundEntries; };
|
||||||
|
diagram = import ./diagram.nix { inherit lib pkgs cfg models allPhones intercomEntries; };
|
||||||
|
|
||||||
# True when any *File option is set — Asterisk's execincludes=yes is required in that case.
|
# True when any *File option is set — Asterisk's execincludes=yes is required in that case.
|
||||||
hasRuntimeSecrets =
|
hasRuntimeSecrets =
|
||||||
|
|
@ -81,11 +85,6 @@ let
|
||||||
ngx.header.content_type = "text/html; charset=utf-8"
|
ngx.header.content_type = "text/html; charset=utf-8"
|
||||||
ngx.print(html)
|
ngx.print(html)
|
||||||
'';
|
'';
|
||||||
directory = import ./directory.nix { inherit lib pkgs cfg allPhones intercomEntries; };
|
|
||||||
backgroundEntries = import ./backgrounds.nix { inherit lib pkgs cfg models allPhones; };
|
|
||||||
provisioningRoot = import ./provisioning.nix { inherit lib pkgs cfg models allPhones backgroundEntries; };
|
|
||||||
diagram = import ./diagram.nix { inherit lib pkgs cfg models allPhones intercomEntries; };
|
|
||||||
|
|
||||||
# Shared option set for a physical phone device.
|
# Shared option set for a physical phone device.
|
||||||
# isPersonPhone = true → no extension/displayName fields (inherited from person)
|
# isPersonPhone = true → no extension/displayName fields (inherited from person)
|
||||||
# isPersonPhone = false → includes extension and displayName
|
# isPersonPhone = false → includes extension and displayName
|
||||||
|
|
|
||||||
|
|
@ -68,16 +68,8 @@ let
|
||||||
</CiscoIPPhoneDirectory>
|
</CiscoIPPhoneDirectory>
|
||||||
'';
|
'';
|
||||||
|
|
||||||
voicemailMenuXml = ''
|
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<CiscoIPPhoneExecute>
|
|
||||||
<ExecuteItem Priority="0" URL="Dial:*97"/>
|
|
||||||
</CiscoIPPhoneExecute>
|
|
||||||
'';
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
menuFile = pkgs.writeText "directory.xml" menuXml;
|
menuFile = pkgs.writeText "directory.xml" menuXml;
|
||||||
listFile = pkgs.writeText "directory-list.xml" listXml;
|
listFile = pkgs.writeText "directory-list.xml" listXml;
|
||||||
intercomFile = pkgs.writeText "intercom.xml" intercomXml;
|
intercomFile = pkgs.writeText "intercom.xml" intercomXml;
|
||||||
voicemailFile = pkgs.writeText "voicemail.xml" voicemailMenuXml;
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue