NixOS
Refactor Core / Non Critical infra to increase code sharing
Once Core is ported out of nixops and into colmena/flakes + sops-nix, we should start merging as much as we can between the two configs back together.
Things include:
- Common NixOS configuration modules (e.g. access management, monitoring, ...)
- Secrets management (only one sops config)
- Putting everything into one flake.
Blocked on #324.
Will this not create more friction to contribution to non-critical infra, if changes can potentially have impacts on core-infra and as such have to be reviewed more strictly?
Maybe, but does that change anything as long as core-infra and non-critical-infra share anything? Unless we split those into two repositories, it's not like we're going to give non-critical-infra maintainers write access to the repo anyway, so in any case a core-infra maintainer will need to merge the PR.
We could also use e.g. CODEOWNERS to specifically flag changes to stuff in core-infra or shared modules - it would help specifically flag this, but I don't even really think this is necessary. It would be nice to have regardless...
I think non-critical-infra-driven changes to common stuff should be rare anyway - uniformity should matter less to maintainers who care about just one part of the infra, but as someone who has to care about core-infra and to some extent non-critical-infra (as fallback) I think uniformity is important and desirable.
Thoughts?