Hermes
aa4a3f5b7c
Add rollback-sentinel NixOS module that: - Deploys sentinel-check.sh (inline) and nixos-rollback.sh (from file) as system packages - Runs a boot-time systemd oneshot service after multi-user.target with configurable delay — checks Tier-1 services, triggers rollback on failure - Runs a post-rebuild service via activation script after every nixos-rebuild switch - Exposes options for tier1Services, tier2Services, tier3InfoServices, bootDelay, rollbackMode (set-default/rollback-now/dry-run), and enablePostRebuild Module wired into flake.nix for lazyworkhorse and enabled in configuration.nix with standard Tier-1/2 service lists and 120s delay.
88 lines
2.9 KiB
Nix
88 lines
2.9 KiB
Nix
{
|
|
description = "Gortium infra flake";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
|
agenix = {
|
|
url = "github:ryantm/agenix";
|
|
inputs.darwin.follows = "";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
lix = {
|
|
url = "git+https://git.lix.systems/lix-project/lix?ref=main";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
self.submodules = true;
|
|
};
|
|
|
|
outputs = { self, nixpkgs, agenix, lix, ... }@inputs:
|
|
let
|
|
system = "x86_64-linux";
|
|
keys = import ./lib/keys.nix;
|
|
paths = {
|
|
flake = "/home/gortium/infra";
|
|
identities = [
|
|
"/home/gortium/.ssh/gortium_ssh_key"
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
"/root/.age/bootstrap.key" ];
|
|
};
|
|
overlays = [ agenix.overlays.default ];
|
|
pkgs = import nixpkgs {
|
|
inherit system overlays;
|
|
config.allowUnfree = true;
|
|
config.permittedInsecurePackages = [
|
|
"openclaw-2026.3.12"
|
|
];
|
|
};
|
|
|
|
devShell = import ./shells/nix_dev.nix {
|
|
inherit pkgs system agenix;
|
|
};
|
|
in
|
|
{
|
|
nixosConfigurations = {
|
|
lazyworkhorse = nixpkgs.lib.nixosSystem {
|
|
specialArgs = { inherit system self keys paths inputs; };
|
|
modules = [
|
|
{
|
|
nixpkgs.overlays = overlays;
|
|
nixpkgs.config.allowUnfree = true;
|
|
nixpkgs.config.rocmSupport = true;
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
"openclaw-2026.3.12"
|
|
];
|
|
nix.package = lix.packages.${system}.default;
|
|
}
|
|
agenix.nixosModules.default
|
|
./hosts/lazyworkhorse/configuration.nix
|
|
./hosts/lazyworkhorse/hardware-configuration.nix
|
|
./modules/nixos/filesystem/hoardingcow-mount.nix
|
|
./modules/nixos/services/docker_manager.nix
|
|
./modules/nixos/services/open_code_server.nix
|
|
./modules/nixos/services/ollama_init_custom_models.nix
|
|
./modules/nixos/services/openclaw_node.nix
|
|
./modules/nixos/services/rollback-sentinel.nix
|
|
./modules/nixos/security/ai-worker-restricted.nix
|
|
./users/gortium.nix
|
|
./users/ai-worker.nix
|
|
];
|
|
};
|
|
|
|
cyt-pi = nixpkgs.lib.nixosSystem {
|
|
specialArgs = { inherit self keys paths inputs; };
|
|
modules = [
|
|
{
|
|
nixpkgs.overlays = overlays;
|
|
nixpkgs.config.allowUnfree = true;
|
|
nixpkgs.hostPlatform = "aarch64-linux";
|
|
nix.package = lix.packages."aarch64-linux".default;
|
|
}
|
|
./hosts/cyt-pi/configuration.nix
|
|
./hosts/cyt-pi/hardware-configuration.nix
|
|
];
|
|
};
|
|
};
|
|
devShells.${system}.default = devShell;
|
|
};
|
|
}
|