From 6dc2119493f352859663c964a44195a6b459e258 Mon Sep 17 00:00:00 2001 From: niten Date: Tue, 19 Oct 2021 09:17:02 -0700 Subject: [PATCH] WORKING NFS, and adding informis --- fudo-nixos | 2 +- informis/flake.nix | 92 ++++++++++++++++++++++++++++++++++++++++++++++ seattle/flake.lock | 6 +-- 3 files changed, 96 insertions(+), 4 deletions(-) create mode 100644 informis/flake.nix diff --git a/fudo-nixos b/fudo-nixos index 3d5d7e3..409f341 160000 --- a/fudo-nixos +++ b/fudo-nixos @@ -1 +1 @@ -Subproject commit 3d5d7e389eceb5613b314bf084eed6667f0fa8f9 +Subproject commit 409f341fbb5141af4500255af8dc498c9de42d1b diff --git a/informis/flake.nix b/informis/flake.nix new file mode 100644 index 0000000..6727607 --- /dev/null +++ b/informis/flake.nix @@ -0,0 +1,92 @@ +let + description = "Informis NixOps network."; + domain = "informis.land"; + site = "informis"; + +in { + description = "Definition of the Informis NixOps network."; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-21.05"; + + fudo-home = { + url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + fudo-secrets.url = "path:/state/secrets"; + + fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git"; + + fudo-nixos = { + url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; + # Don't import it as a flake + flake = false; + }; + }; + + outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let + build-timestamp = self.sourceInfo.lastModified; + + hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; }; + + hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts: + hostOpts.nixos-system && hostOpts.site == site) + (hostlib.base-host-config (fudo-nixos + /config/hosts)); + + network-hosts = + (import (fudo-nixos + /config/networks/${domain}.nix)).hosts; + + pkgs-for = system: import nixpkgs { + inherit system; + config = { + allowUnfree = true; + permittedInsecurePackages = [ +n "openssh-with-gssapi-8.4p1" + ]; + }; + overlays = [ + (import (fudo-pkgs + "/overlay.nix")) + (import (fudo-nixos + "/lib/overlay.nix")) + ]; + }; + + initialize-host = import (fudo-nixos + /initialize.nix); + + in { + nixopsConfigurations.default = { + inherit nixpkgs; + + network = { + description = description; + enableRollback = true; + }; + } // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let + system = hostOpts.arch; + profile = hostOpts.profile; + in { config, pkgs, lib, ... }: { + imports = [ + fudo-home.nixosModule + fudo-secrets.nixosModule + (initialize-host { + inherit hostname build-timestamp site domain profile; + }) + ]; + + nixpkgs.pkgs = pkgs-for system; + + deployment = with lib; { + targetHost = network-hosts.${hostname}.ipv4-address; + + keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys) + then + mapAttrs (secret: secret-file: { + keyFile = secret-file; + user = "root"; + permissions = "0400"; + }) config.fudo.secrets.files.host-filesystem-keys.${hostname} + else {}; + }; + }) hosts); + }; +} diff --git a/seattle/flake.lock b/seattle/flake.lock index db29a2d..9c57585 100644 --- a/seattle/flake.lock +++ b/seattle/flake.lock @@ -243,7 +243,7 @@ "fudo-nixos": { "flake": false, "locked": { - "narHash": "sha256-CjAIAldxjdR7mmPLhUWqQwjMLYI81fFHhE8tlfw3hGc=", + "narHash": "sha256-rZspm5MJjkiXONo7L9lsJqB2QZXoo/Wqs9+lODUkia8=", "path": "/state/nixops/fudo-nixos", "type": "path" }, @@ -277,7 +277,7 @@ "ssh-keypairs": "ssh-keypairs" }, "locked": { - "narHash": "sha256-m1PDoHAJ+FSB38iM2hE43w5mEKz4KyFzar5pgjrowAc=", + "narHash": "sha256-TOBI3TVEHR97j7/Rf41P4QCpbL9XamHkHQHi3BhBdi4=", "path": "/state/secrets", "type": "path" }, @@ -311,7 +311,7 @@ "host-keytabs": { "flake": false, "locked": { - "narHash": "sha256-yvGgY3mgzaGjYBNHr0m4Lg2rxrB0+CRlzWdJ2A06MeM=", + "narHash": "sha256-QBfphmEdsPyzOSQxi1p+fZkpLXxXrWNQv1v5tnW0F+4=", "path": "./kerberos/host-keytabs", "type": "path" },