NixOS · Oct 23, 2019
diff --git a/bastion/flake.lock b/bastion/flake.lock
diff --git a/bastion/flake.nix b/bastion/flake.nix
@@ -0,0 +1,14 @@
+{
+  edition = 201909;
+
+  inputs.nixpkgs.uri = "nixpkgs/release-19.09";
+  #inputs.nixops.uri = "/home/deploy/src/nixops";
+
+  outputs = { self, nixpkgs, nix, nixops }: {
+
+    nixopsConfigurations.default =
+      { inherit nixpkgs; }
+      // import ./network.nix { inherit self nix nixops; };
+
+  };
+}
diff --git a/bastion/network.nix b/bastion/network.nix
@@ -1,3 +1,5 @@
+{ self, nix, nixops }:
+
 let
   region = "eu-west-1";
   zone = "eu-west-1a";
@@ -42,7 +44,7 @@ in
             protocol = "udp";
           }
         ] ++
-        (with import ../ip-addresses.nix;
+        (with import /home/deploy/src/nixos-org-configurations/ip-addresses.nix; # FIXME
         map
           (ip: { toPort = 22; fromPort = 22; sourceIp = "${ip}/32"; })
           [ eelcoHome
@@ -122,6 +124,11 @@ in
           ../modules/hydra-mirror.nix
         ];
 
+      nixpkgs.overlays =
+        [ nix.overlay
+          nixops.overlay
+        ];
+
       users.extraUsers.tarball-mirror.openssh.authorizedKeys.keys = [ sshKeys.eelco ];
 
       users.extraUsers.deploy =
@@ -144,6 +151,11 @@ in
       #nix.gc.automatic = true;
       nix.gc.dates = "daily";
 
+      nix.extraOptions =
+        ''
+          experimental-features = nix-command flakes ca-references
+        '';
+
       # Temporary hack until we have proper users/roles.
       services.openssh.extraConfig =
         ''

diff --git a/delft/datadog.nix b/delft/datadog.nix
@@ -1,4 +1,4 @@
 {
   services.dd-agent.enable = true;
-  services.dd-agent.api_key = builtins.readFile ./datadog.secret;
+  services.dd-agent.api_key = builtins.readFile /home/deploy/src/nixos-org-configurations/delft/datadog.secret;
 }
diff --git a/delft/flake.lock b/delft/flake.lock
diff --git a/delft/flake.nix b/delft/flake.nix
@@ -0,0 +1,13 @@
+{
+  edition = 201909;
+
+  inputs.nixpkgs.uri = "nixpkgs/release-19.09";
+
+  outputs = { self, nixpkgs, hydra }: {
+
+    nixopsConfigurations.default =
+      { inherit nixpkgs; }
+      // import ./network.nix { inherit self nixpkgs hydra; };
+
+  };
+}
diff --git a/delft/hydra.nix b/delft/hydra.nix
@@ -3,16 +3,10 @@
 with lib;
 
 let
-  hydraSrc = ../../hydra;
-  hydra = (import (hydraSrc + "/release.nix") { nixpkgs = pkgs.path; }).build.x86_64-linux;
   narCache = "/var/cache/hydra/nar-cache";
 in
 
 {
-  imports =
-    [ (hydraSrc + "/hydra-module.nix")
-    ];
-
   users.extraUsers.hydra.openssh.authorizedKeys.keys =
     with import ../ssh-keys.nix; [ eelco rob ];
   users.extraUsers.hydra-www.openssh.authorizedKeys.keys =
@@ -21,7 +15,6 @@ in
     with import ../ssh-keys.nix; [ eelco rob ];
 
   services.hydra-dev.enable = true;
-  services.hydra-dev.package = hydra;
   services.hydra-dev.logo = ./hydra-logo.png;
   services.hydra-dev.hydraURL = "https://hydra.nixos.org";
   services.hydra-dev.notificationSender = "edolstra@gmail.com";
@@ -38,12 +31,6 @@ in
       server_store_uri = https://cache.nixos.org?local-nar-cache=${narCache}
       binary_cache_public_uri = https://cache.nixos.org
 
-      #<hipchat>
-      #  jobs = (hydra|nixops):.*:.*
-      #  room = 182482
-      #  token = ${builtins.readFile ./hipchat-lb-token}
-      #</hipchat>
-
       <Plugin::Session>
         cache_size = 32m
       </Plugin::Session>
@@ -62,7 +49,7 @@ in
 
       evaluator_initial_heap_size = ${let gb = 20; in toString (gb * 1024 * 1024 * 1024)}
 
-      max_concurrent_evals = 2
+      max_concurrent_evals = 1
     '';
 
   systemd.tmpfiles.rules =

diff --git a/delft/network.nix b/delft/network.nix
@@ -1,3 +1,5 @@
+flakes:
+
 let
   makeMac = { ip, extra }: {
     deployment = {
@@ -39,9 +41,21 @@ in {
   lucifer = { deployment.targetHost = "lucifer.ewi.tudelft.nl"; imports = [ ./lucifer.nix ]; };
   wendy = { deployment.targetHost = "wendy.ewi.tudelft.nl"; imports = [ ./wendy.nix ]; };
   ike = { deployment.targetHost = "ike.ewi.tudelft.nl"; imports = [ ./build-machines-dell-r815.nix ]; };
-  chef = import ./chef.nix;
+
+  chef = {
+    system.configurationRevision = flakes.self.rev;
+    imports = [./chef.nix ];
+  };
+
   eris = import ./eris.nix;
-  ceres = import ./ceres.nix;
+
+  ceres = {
+    system.configurationRevision = flakes.self.rev;
+    imports =
+      [ ./ceres.nix
+        flakes.hydra.nixosModules.hydra
+      ];
+  };
 
   mac1 = makeMac {
     ip = "10.254.2.1";

diff --git a/delft/packet-importer.nix b/delft/packet-importer.nix
@@ -4,7 +4,7 @@ let
 in
 {
   deployment.keys."hydra-packet-import.json" = {
-    keyFile = ../hydra-packet-import.json;
+    keyFile = /home/deploy/src/nixos-org-configurations/hydra-packet-import.json;
     user = "hydra-packet";
   };
 

diff --git a/modules/hydra-mirror.nix b/modules/hydra-mirror.nix
@@ -20,7 +20,7 @@ let
       "nixpkgs-18.09-darwin" = "nixpkgs/nixpkgs-18.09-darwin/darwin-tested";
   };
 
-  channelScripts = import <nixos-channel-scripts> { inherit pkgs; };
+  channelScripts = import /home/deploy/src/nixos-channel-scripts { inherit pkgs; }; # FIXME
   orderLib = import ../lib/service-order.nix { inherit lib; };
 
   makeUpdateChannel = channelName: mainJob: