WORKING NFS, and adding informis

fudo-nixos

@@ -1 +1 @@
-Subproject commit 3d5d7e389eceb5613b314bf084eed6667f0fa8f9
+Subproject commit 409f341fbb5141af4500255af8dc498c9de42d1b

informis/flake.nix

@@ -0,0 +1,92 @@
+let
+  description = "Informis NixOps network.";
+  domain = "informis.land";
+  site = "informis";
+
+in {
+  description = "Definition of the Informis NixOps network.";
+
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-21.05";
+
+    fudo-home = {
+      url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    fudo-secrets.url = "path:/state/secrets";
+
+    fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
+
+    fudo-nixos = {
+      url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
+      # Don't import it as a flake
+      flake = false;
+    };
+  };
+
+  outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
+    build-timestamp = self.sourceInfo.lastModified;
+
+    hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; };
+
+    hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
+      hostOpts.nixos-system && hostOpts.site == site)
+      (hostlib.base-host-config (fudo-nixos + /config/hosts));
+
+    network-hosts =
+      (import (fudo-nixos + /config/networks/${domain}.nix)).hosts;
+
+    pkgs-for = system: import nixpkgs {
+      inherit system;
+      config = {
+        allowUnfree = true;
+        permittedInsecurePackages = [
+n          "openssh-with-gssapi-8.4p1"
+        ];
+      };
+      overlays = [
+        (import (fudo-pkgs + "/overlay.nix"))
+        (import (fudo-nixos + "/lib/overlay.nix"))
+      ];
+    };
+
+    initialize-host = import (fudo-nixos + /initialize.nix);
+
+  in {
+    nixopsConfigurations.default = {
+      inherit nixpkgs;
+
+      network = {
+        description = description;
+        enableRollback = true;
+      };
+    } // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let
+      system = hostOpts.arch;
+      profile = hostOpts.profile;
+    in { config, pkgs, lib, ... }: {
+      imports = [
+        fudo-home.nixosModule
+        fudo-secrets.nixosModule
+        (initialize-host {
+          inherit hostname build-timestamp site domain profile;
+        })
+      ];
+
+      nixpkgs.pkgs = pkgs-for system;
+
+      deployment = with lib; {
+        targetHost = network-hosts.${hostname}.ipv4-address;
+
+        keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys)
+               then
+                 mapAttrs (secret: secret-file: {
+                   keyFile = secret-file;
+                   user = "root";
+                   permissions = "0400";
+                 }) config.fudo.secrets.files.host-filesystem-keys.${hostname}
+               else {};
+      };
+    }) hosts);
+  };
+}

seattle/flake.lock

@@ -243,7 +243,7 @@
     "fudo-nixos": {
       "flake": false,
       "locked": {
-        "narHash": "sha256-CjAIAldxjdR7mmPLhUWqQwjMLYI81fFHhE8tlfw3hGc=",
+        "narHash": "sha256-rZspm5MJjkiXONo7L9lsJqB2QZXoo/Wqs9+lODUkia8=",
         "path": "/state/nixops/fudo-nixos",
         "type": "path"
       },
@@ -277,7 +277,7 @@
         "ssh-keypairs": "ssh-keypairs"
       },
       "locked": {
-        "narHash": "sha256-m1PDoHAJ+FSB38iM2hE43w5mEKz4KyFzar5pgjrowAc=",
+        "narHash": "sha256-TOBI3TVEHR97j7/Rf41P4QCpbL9XamHkHQHi3BhBdi4=",
         "path": "/state/secrets",
         "type": "path"
       },
@@ -311,7 +311,7 @@
     "host-keytabs": {
       "flake": false,
       "locked": {
-        "narHash": "sha256-yvGgY3mgzaGjYBNHr0m4Lg2rxrB0+CRlzWdJ2A06MeM=",
+        "narHash": "sha256-QBfphmEdsPyzOSQxi1p+fZkpLXxXrWNQv1v5tnW0F+4=",
         "path": "./kerberos/host-keytabs",
         "type": "path"
       },