feat: setup arkheon

2025-07-01 15:27:18 +02:00 · 2024-09-02 16:42:35 +02:00 · 2024-09-02 16:42:35 +02:00 · bc31afe86a
commit bc31afe86a
parent 9c4bf3af61
11 changed files with 94 additions and 10 deletions
--- a/deps/sources.json
+++ b/deps/sources.json
@ -12,6 +12,18 @@
      "url": "https://github.com/ryantm/agenix/archive/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41.tar.gz",
      "hash": "1x8nd8hvsq6mvzig122vprwigsr3z2skanig65haqswn7z7amsvg"
    },
+    "arkheon": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "raitobezarius",
+        "repo": "arkheon"
+      },
+      "branch": "main",
+      "revision": "113724a1a206905e68319676f73d095fcc043a42",
+      "url": "https://github.com/raitobezarius/arkheon/archive/113724a1a206905e68319676f73d095fcc043a42.tar.gz",
+      "hash": "0yh8g020d7z67iqpg7xywk4dxxa64dxa1igd45nb8w653c82w6gq"
+    },
    "buildbot-nix": {
      "type": "Git",
      "repository": {
--- a/lib/mkmachine.nix
+++ b/lib/mkmachine.nix
@ -38,6 +38,7 @@ import "${nixpkgs}/nixos/lib/eval-config.nix" {
    (import "${inputs.impermanence}/nixos.nix")
    (import inputs.lanzaboote).nixosModules.lanzaboote
    (import inputs.lila).nixosModules.hash-collection
+    (import "${inputs.arkheon}/module.nix")
    {
      home-manager.useGlobalPkgs = true;
      nixpkgs.system = system;
--- a/machines/akhaten/default.nix
+++ b/machines/akhaten/default.nix
@ -1,4 +1,4 @@
-{ inputs, ... }:
+{ inputs, profiles, ... }:
 {
  imports = [
    ./hardware.nix
@ -16,10 +16,9 @@
      public.ipv6 = "2001:0bc8:3d24::45";
      vpn.ipv4 = "100.100.45.33";
    };
+    profiles = with profiles; [ server ];
  };

-  deployment.tags = [ "server" ];
-
  disko = import ./disko.nix;

  environment.persistence."/persistent" = {
--- a/machines/core-data/default.nix
+++ b/machines/core-data/default.nix
@ -16,7 +16,10 @@
    arch = "x86_64-linux";
    nixpkgs_version = inputs.nixpkgs;
    hm_version = inputs.home-manager;
-    profiles = with profiles; [ vm-simple-network ];
+    profiles = with profiles; [
+      vm-simple-network
+      server
+    ];
    ips = {
      public.ipv4 = "82.67.34.230";
      local.ipv4 = "192.168.0.66";
--- a/machines/core-security/default.nix
+++ b/machines/core-security/default.nix
@ -17,7 +17,10 @@
    arch = "x86_64-linux";
    nixpkgs_version = inputs.nixpkgs;
    hm_version = inputs.home-manager;
-    profiles = with profiles; [ vm-simple-network ];
+    profiles = with profiles; [
+      vm-simple-network
+      server
+    ];
    ips = {
      public.ipv4 = "82.67.34.230";
      local.ipv4 = "192.168.0.175";
--- a/machines/gustave/default.nix
+++ b/machines/gustave/default.nix
@ -15,7 +15,10 @@
    arch = "x86_64-linux";
    nixpkgs_version = inputs.nixpkgs;
    hm_version = inputs.home-manager;
-    profiles = with profiles; [ vm-simple-network ];
+    profiles = with profiles; [
+      vm-simple-network
+      server
+    ];
    ips = {
      public.ipv4 = "82.67.34.230";
      local.ipv4 = "192.168.0.90";
@ -118,7 +121,10 @@

  fileSystems."/srv".neededForBoot = true;

-  environment.systemPackages = [ pkgs.tailscale ];
+  environment.systemPackages = [
+    pkgs.tailscale
+    pkgs.bottom
+  ];

  services.tailscale.enable = true;

--- a/machines/lambda/arkheon.nix
+++ b/machines/lambda/arkheon.nix
@ -0,0 +1,32 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+
+{
+  age.secrets."arkheon-env".file = ../../secrets/arkheon-env.age;
+
+  nixpkgs.overlays = [ (import (inputs.arkheon.outPath + "/overlay.nix")) ];
+
+  services.arkheon = {
+    enable = true;
+
+    pythonEnv = pkgs.python3.withPackages (ps: [
+      ps.arkheon
+      ps.daphne
+      ps.psycopg2
+    ]);
+
+    domain = "arkheon.luj.fr";
+
+    nginx = {
+      enableACME = true;
+      forceSSL = true;
+    };
+
+    envFile = config.age.secrets."arkheon-env".path;
+
+  };
+}
--- a/machines/lambda/default.nix
+++ b/machines/lambda/default.nix
@ -1,15 +1,22 @@
-{ pkgs, inputs, ... }:
+{
+  pkgs,
+  inputs,
+  profiles,
+  ...
+}:

 {
  imports = [
    ./hardware.nix
    ./home-julien.nix
+    ./arkheon.nix
  ];

  machine.meta = {
    arch = "aarch64-linux";
    nixpkgs_version = inputs.nixpkgs;
    hm_version = inputs.home-manager;
+    profiles = with profiles; [ server ];
    ips = {
      public.ipv4 = "141.145.197.219";
      vpn.ipv4 = "100.100.45.13";
--- a/machines/nuage/default.nix
+++ b/machines/nuage/default.nix
@ -16,7 +16,10 @@
    arch = "x86_64-linux";
    nixpkgs_version = inputs.nixpkgs;
    hm_version = inputs.home-manager;
-    profiles = with profiles; [ vm-simple-network ];
+    profiles = with profiles; [
+      vm-simple-network
+      server
+    ];
    ips = {
      public.ipv4 = "82.67.34.230";
      local.ipv4 = "192.168.0.101";
--- a/machines/tower/default.nix
+++ b/machines/tower/default.nix
@ -16,7 +16,10 @@
    arch = "x86_64-linux";
    nixpkgs_version = inputs.nixpkgs;
    hm_version = inputs.home-manager;
-    profiles = with profiles; [ vm-simple-network ];
+    profiles = with profiles; [
+      vm-simple-network
+      server
+    ];
    ips = {
      public.ipv4 = "82.67.34.230";
      local.ipv4 = "192.168.0.103";
--- a/profiles/server.nix
+++ b/profiles/server.nix
@ -0,0 +1,15 @@
+{ config, ... }:
+{
+  deployment.tags = [ "server" ];
+
+  # Enable arkheon
+  age.secrets."arkheon-token".file = ../secrets/arkheon-token.age;
+  services.arkheon.record = {
+    enable = true;
+
+    tokenFile = config.age.secrets."arkheon-token".path;
+
+    url = "https://arkheon.luj.fr";
+  };
+
+}