diff --git a/common/deployment-config.nix b/common/deployment-config.nix new file mode 100644 index 0000000..c57bf85 --- /dev/null +++ b/common/deployment-config.nix @@ -0,0 +1,31 @@ +{ build-timestamp, networks, pkgs-for }: + +hostname: hostOpts: + +{ config, lib, ... }: + +with lib; +{ + config = { + instance = { + inherit build-timestamp; + }; + + nixpkgs.pkgs = pkgs-for hostOpts.arch; + + deployment = let + domain = hostOpts.domain; + host-ip = networks.${domain}.hosts.${hostname}.ipv4-address; + fs-keys = config.fudo.secrets.files.host-filesystem-keys; + keys = if (hasAttr hostname fs-keys) then + mapAttrs (secret: secret-file: { + keyFile = secret-file; + user = "root"; + permissions = "0400"; + }) fs-keys.${hostname} else {}; + in { + inherit keys; + targetHost = host-ip; + }; + }; +} diff --git a/common/deployment.nix b/common/deployment.nix index da2dcc6..398a612 100644 --- a/common/deployment.nix +++ b/common/deployment.nix @@ -1,22 +1,18 @@ -{ hostnames, description, ... }: +{ deployment-hosts, description, ... }: -{ self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: +{ self, nixpkgs, fudo-nixos, fudo-secrets, ... }: with nixpkgs.lib; let build-timestamp = self.sourceInfo.lastModified; - helpers = import ./helpers.nix { lib = nixpkgs.lib; }; + # helpers = import ./helpers.nix { lib = nixpkgs.lib; }; - networks = with nixpkgs.lib; let - network-files = helpers.nix-files (fudo-nixos + /config/networks); - networks = map helpers.strip-ext network-files; - in genAttrs networks - (network: import (fudo-nixos + /config/networks/${network}.nix)); + # syslib = import (fudo-nixos + /lib/system.nix) { lib = nixpkgs.lib; }; - hosts = with nixpkgs.lib; let - in genAttrs hostnames - (hostname: import (fudo-nixos + /config/hosts/${host}.nix)); + # networks = syslib.networks (fudo-nixos + /config/networks); + + # deployment-hosts = getAttrs hostnames fudo-nixos.fudoHosts; pkgs-for = system: import nixpkgs { inherit system; @@ -32,38 +28,22 @@ let }; }; + host-config = let + networks = fudo-nixos.fudoNetworks; + in import ./deployment-config.nix { + inherit build-timestamp networks pkgs-for; + }; + in { - nixopsConfigurations.default = { - inherit nixpkgs; + inherit nixpkgs; - network = { - inherit description; - enableRollback = true; - }; - } // (genAttrs hostnames (hostname: let - host-cfg = hosts.${hostname} - pkgs = pkgs-for host-cfg.arch; - domain = host-cfg.domain; - network-hosts = config.fudo.networks.${network}.hosts; - host-filesystem-keys = config.fudo.secrets.files.host-filesystem-keys; - in {config, ... }: { - nixpkgs.pkgs = pkgs; - - imports = [ - fudo-home.nixModule - fudo-secrets.nixModule - fudo-nixos.nixosConfigurations.${hostname} - ]; - - deployment = { - targetHost = network-hosts.${hostname}.ipv4-address; - - keys = mkIf (hasAttr hostname host-filesystem-keys) - (mapAttrs (secret: secret-file: { - keyFile = secret-file; - user = "root"; - permissions = "0400"; - }) host-filesystem-keys.${hostname}); - }; - })); -} + network = { + inherit description; + enableRollback = true; + }; +} // mapAttrs (hostname: hostOpts: { + imports = [ + (host-config hostname hostOpts) + fudo-nixos.nixosConfigurations.${hostname} + ]; +}) deployment-hosts diff --git a/deployments/seattle/flake.lock b/deployments/seattle/flake.lock index 45ac387..4826586 100644 --- a/deployments/seattle/flake.lock +++ b/deployments/seattle/flake.lock @@ -125,59 +125,6 @@ "type": "github" } }, - "doom-emacs_3": { - "inputs": { - "doom-emacs": "doom-emacs_4", - "doom-snippets": "doom-snippets_2", - "emacs-overlay": "emacs-overlay_2", - "emacs-so-long": "emacs-so-long_2", - "evil-markdown": "evil-markdown_2", - "evil-org-mode": "evil-org-mode_2", - "evil-quick-diff": "evil-quick-diff_2", - "explain-pause-mode": "explain-pause-mode_2", - "flake-utils": "flake-utils_2", - "nix-straight": "nix-straight_2", - "nixpkgs": "nixpkgs_2", - "nose": "nose_2", - "ob-racket": "ob-racket_2", - "org": "org_2", - "org-contrib": "org-contrib_2", - "org-yt": "org-yt_2", - "php-extras": "php-extras_2", - "revealjs": "revealjs_2", - "rotate-text": "rotate-text_2" - }, - "locked": { - "lastModified": 1627398156, - "narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=", - "owner": "vlaci", - "repo": "nix-doom-emacs", - "rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff", - "type": "github" - }, - "original": { - "owner": "vlaci", - "repo": "nix-doom-emacs", - "type": "github" - } - }, - "doom-emacs_4": { - "flake": false, - "locked": { - "lastModified": 1626604817, - "narHash": "sha256-z+dvjB02cHU+VQ5EMkzqSdX817PZar9AkmmfK27q0vo=", - "owner": "hlissner", - "repo": "doom-emacs", - "rev": "46732c0adaef147144418f9f284ca6b1183ab96f", - "type": "github" - }, - "original": { - "owner": "hlissner", - "ref": "develop", - "repo": "doom-emacs", - "type": "github" - } - }, "doom-snippets": { "flake": false, "locked": { @@ -194,22 +141,6 @@ "type": "github" } }, - "doom-snippets_2": { - "flake": false, - "locked": { - "lastModified": 1625547004, - "narHash": "sha256-V+ytAjB4ZZ+5dJJAu1OY7SbnqrokX5PVBWs0AsgQ8Vs=", - "owner": "hlissner", - "repo": "doom-snippets", - "rev": "5c0eb5bd70f035cefb981c2ce64f4367498bdda6", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "doom-snippets", - "type": "github" - } - }, "emacs-overlay": { "flake": false, "locked": { @@ -226,22 +157,6 @@ "type": "github" } }, - "emacs-overlay_2": { - "flake": false, - "locked": { - "lastModified": 1626972035, - "narHash": "sha256-YhBtnKmLDYiEzP5ZEMEQMg6oMP5EV+ToCkku7ZYfL+A=", - "owner": "nix-community", - "repo": "emacs-overlay", - "rev": "be04b45efb35db58e6ac6aa86b84f850c85b5dfe", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "emacs-overlay", - "type": "github" - } - }, "emacs-so-long": { "flake": false, "locked": { @@ -258,22 +173,6 @@ "type": "github" } }, - "emacs-so-long_2": { - "flake": false, - "locked": { - "lastModified": 1575031854, - "narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=", - "owner": "hlissner", - "repo": "emacs-so-long", - "rev": "ed666b0716f60e8988c455804de24b55919e71ca", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "emacs-so-long", - "type": "github" - } - }, "evil-markdown": { "flake": false, "locked": { @@ -290,22 +189,6 @@ "type": "github" } }, - "evil-markdown_2": { - "flake": false, - "locked": { - "lastModified": 1626852210, - "narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=", - "owner": "Somelauw", - "repo": "evil-markdown", - "rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477", - "type": "github" - }, - "original": { - "owner": "Somelauw", - "repo": "evil-markdown", - "type": "github" - } - }, "evil-org-mode": { "flake": false, "locked": { @@ -322,22 +205,6 @@ "type": "github" } }, - "evil-org-mode_2": { - "flake": false, - "locked": { - "lastModified": 1607203864, - "narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=", - "owner": "hlissner", - "repo": "evil-org-mode", - "rev": "a9706da260c45b98601bcd72b1d2c0a24a017700", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "evil-org-mode", - "type": "github" - } - }, "evil-quick-diff": { "flake": false, "locked": { @@ -354,22 +221,6 @@ "type": "github" } }, - "evil-quick-diff_2": { - "flake": false, - "locked": { - "lastModified": 1575189609, - "narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=", - "owner": "rgrinberg", - "repo": "evil-quick-diff", - "rev": "69c883720b30a892c63bc89f49d4f0e8b8028908", - "type": "github" - }, - "original": { - "owner": "rgrinberg", - "repo": "evil-quick-diff", - "type": "github" - } - }, "explain-pause-mode": { "flake": false, "locked": { @@ -386,22 +237,6 @@ "type": "github" } }, - "explain-pause-mode_2": { - "flake": false, - "locked": { - "lastModified": 1595842060, - "narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=", - "owner": "lastquestion", - "repo": "explain-pause-mode", - "rev": "2356c8c3639cbeeb9751744dbe737267849b4b51", - "type": "github" - }, - "original": { - "owner": "lastquestion", - "repo": "explain-pause-mode", - "type": "github" - } - }, "filesystem-keys": { "flake": false, "locked": { @@ -441,51 +276,12 @@ "type": "github" } }, - "flake-utils_2": { - "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "fudo-home": { "inputs": { "doom-emacs": "doom-emacs", "home-manager": "home-manager", "niten-doom-config": "niten-doom-config", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1637022553, - "narHash": "sha256-1YL/i6g/lQyd8y47ljwC9YuUa9LUP+xvq1Jg3jOd4bU=", - "ref": "flake", - "rev": "887a14bfa910a333af188962b6f77878eced368b", - "revCount": 47, - "type": "git", - "url": "https://git.fudo.org/niten/nix-home.git" - }, - "original": { - "ref": "flake", - "type": "git", - "url": "https://git.fudo.org/niten/nix-home.git" - } - }, - "fudo-home_2": { - "inputs": { - "doom-emacs": "doom-emacs_3", - "home-manager": "home-manager_2", - "niten-doom-config": "niten-doom-config_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "narHash": "sha256-TpFI+nD+c9JXhKKDBgIHJhIfveTScBD6gotTPt8tvg4=", @@ -499,7 +295,7 @@ }, "fudo-nixos": { "inputs": { - "fudo-home": "fudo-home_2", + "fudo-home": "fudo-home", "fudo-pkgs": "fudo-pkgs", "fudo-secrets": "fudo-secrets", "nixpkgs": [ @@ -507,18 +303,13 @@ ] }, "locked": { - "lastModified": 1637257901, - "narHash": "sha256-TjQM8Dm4Jn7dJlKV/zt+5UK46lO5vzX7EHfqtHIu/P8=", - "ref": "nixops-flake", - "rev": "4168027ac234de6f8c2cc29c888b44c2897cef58", - "revCount": 377, - "type": "git", - "url": "ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git" + "narHash": "sha256-B2M99aciJcFkAfyNk5c0KXMc3wtfUxDZuBM8xeaYzes=", + "path": "/state/nixops/fudo-nixos", + "type": "path" }, "original": { - "ref": "nixops-flake", - "type": "git", - "url": "ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git" + "path": "/state/nixops/fudo-nixos", + "type": "path" } }, "fudo-pkgs": { @@ -532,21 +323,6 @@ "type": "path" } }, - "fudo-pkgs_2": { - "locked": { - "lastModified": 1637050187, - "narHash": "sha256-E1Xz7MLL/ZZZcxVd/7VycBC0N/zFz+OjIHx2h0ki+Fo=", - "ref": "master", - "rev": "4dc41229084416562eb12d02c84020fb3800d96b", - "revCount": 17, - "type": "git", - "url": "https://git.fudo.org/fudo-public/fudo-pkgs.git" - }, - "original": { - "type": "git", - "url": "https://git.fudo.org/fudo-public/fudo-pkgs.git" - } - }, "fudo-secrets": { "inputs": { "build-keypairs": "build-keypairs", @@ -592,28 +368,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "fudo-home", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1633291410, - "narHash": "sha256-IxUzCGwj+s2Rn/+u0NtY36ix5I8MopMOO8Ip59PnBlw=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "382505714d10c6791a96712e0554587c75c5bf8b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-21.05", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "fudo-nixos", @@ -661,22 +415,6 @@ } }, "niten-doom-config": { - "flake": false, - "locked": { - "lastModified": 1628274414, - "narHash": "sha256-EIGqjTHcYnjVXceY1tpjaYxNmORh8NNiL2FVWCI5sBo=", - "ref": "master", - "rev": "0ab1532c856ccdb6ce46c5948054279f439eb1f2", - "revCount": 34, - "type": "git", - "url": "https://git.fudo.org/niten/doom-emacs.git" - }, - "original": { - "type": "git", - "url": "https://git.fudo.org/niten/doom-emacs.git" - } - }, - "niten-doom-config_2": { "flake": false, "locked": { "lastModified": 1633712607, @@ -709,23 +447,6 @@ "type": "github" } }, - "nix-straight_2": { - "flake": false, - "locked": { - "lastModified": 1621543597, - "narHash": "sha256-E/m2Hrw2og//CfOCOWe2yapYC01Tqhozn4YMPYJsC3o=", - "owner": "vlaci", - "repo": "nix-straight.el", - "rev": "8e84d04f10b2298de856b2b8b9a0d13abc91b5ca", - "type": "github" - }, - "original": { - "owner": "vlaci", - "ref": "v2.2.0", - "repo": "nix-straight.el", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1626852498, @@ -742,21 +463,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1626852498, - "narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixpkgs-unstable", - "type": "indirect" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1636944046, "narHash": "sha256-74KLDsiWSBsYXKj/ql9EGbw1TbIJRE7clFkhl30HV/c=", @@ -771,13 +477,13 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { - "lastModified": 1636944046, - "narHash": "sha256-74KLDsiWSBsYXKj/ql9EGbw1TbIJRE7clFkhl30HV/c=", + "lastModified": 1637316267, + "narHash": "sha256-hfAA/0W3tycKKOSwP7Xt6FXLG9h/FgCu45wdGubHtV0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46251a79f752ae1d46ef733e8e9760b6d3429da4", + "rev": "24528474d2b3370f2f23879a557ae2cc92a5d50b", "type": "github" }, "original": { @@ -802,22 +508,6 @@ "type": "github" } }, - "nose_2": { - "flake": false, - "locked": { - "lastModified": 1400604510, - "narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=", - "owner": "emacsattic", - "repo": "nose", - "rev": "f8528297519eba911696c4e68fa88892de9a7b72", - "type": "github" - }, - "original": { - "owner": "emacsattic", - "repo": "nose", - "type": "github" - } - }, "ob-racket": { "flake": false, "locked": { @@ -834,22 +524,6 @@ "type": "github" } }, - "ob-racket_2": { - "flake": false, - "locked": { - "lastModified": 1584656173, - "narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=", - "owner": "xchrishawk", - "repo": "ob-racket", - "rev": "83457ec9e1e96a29fd2086ed19432b9d75787673", - "type": "github" - }, - "original": { - "owner": "xchrishawk", - "repo": "ob-racket", - "type": "github" - } - }, "org": { "flake": false, "locked": { @@ -882,22 +556,6 @@ "url": "https://git.sr.ht/~bzg/org-contrib" } }, - "org-contrib_2": { - "flake": false, - "locked": { - "lastModified": 1623339452, - "narHash": "sha256-E3pioqkmAKQm5N7YsgJZil0/ozkdRE7//tE9FGbrluM=", - "ref": "master", - "rev": "fc81309cf6756607a836f93049a9393c2967c4e0", - "revCount": 2599, - "type": "git", - "url": "https://git.sr.ht/~bzg/org-contrib" - }, - "original": { - "type": "git", - "url": "https://git.sr.ht/~bzg/org-contrib" - } - }, "org-yt": { "flake": false, "locked": { @@ -914,38 +572,6 @@ "type": "github" } }, - "org-yt_2": { - "flake": false, - "locked": { - "lastModified": 1527381913, - "narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=", - "owner": "TobiasZawada", - "repo": "org-yt", - "rev": "40cc1ac76d741055cbefa13860d9f070a7ade001", - "type": "github" - }, - "original": { - "owner": "TobiasZawada", - "repo": "org-yt", - "type": "github" - } - }, - "org_2": { - "flake": false, - "locked": { - "lastModified": 1627155762, - "narHash": "sha256-XS1eA6P0ePabdrnUNe5lN19EA9dfK615gMGObr9wfBQ=", - "owner": "emacs-straight", - "repo": "org-mode", - "rev": "c9dfed48a607c7f6524f1c6480f09cf61a5d6237", - "type": "github" - }, - "original": { - "owner": "emacs-straight", - "repo": "org-mode", - "type": "github" - } - }, "php-extras": { "flake": false, "locked": { @@ -962,22 +588,6 @@ "type": "github" } }, - "php-extras_2": { - "flake": false, - "locked": { - "lastModified": 1573312690, - "narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=", - "owner": "arnested", - "repo": "php-extras", - "rev": "d410c5af663c30c01d461ac476d1cbfbacb49367", - "type": "github" - }, - "original": { - "owner": "arnested", - "repo": "php-extras", - "type": "github" - } - }, "realm-master-keys": { "flake": false, "locked": { @@ -1018,29 +628,11 @@ "type": "github" } }, - "revealjs_2": { - "flake": false, - "locked": { - "lastModified": 1625811744, - "narHash": "sha256-Y67nVqcovn2PbHXmWOFWMq10Qz2ZIRyyWEO6qsZLbIM=", - "owner": "hakimel", - "repo": "reveal.js", - "rev": "b18f12d964ef80bd9ffb061aae48ff4c15fb43ad", - "type": "github" - }, - "original": { - "owner": "hakimel", - "repo": "reveal.js", - "type": "github" - } - }, "root": { "inputs": { - "fudo-home": "fudo-home", "fudo-nixos": "fudo-nixos", - "fudo-pkgs": "fudo-pkgs_2", "fudo-secrets": "fudo-secrets_2", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" } }, "rotate-text": { @@ -1059,22 +651,6 @@ "type": "github" } }, - "rotate-text_2": { - "flake": false, - "locked": { - "lastModified": 1322962747, - "narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=", - "owner": "debug-ito", - "repo": "rotate-text.el", - "rev": "48f193697db996855aee1ad2bc99b38c6646fe76", - "type": "github" - }, - "original": { - "owner": "debug-ito", - "repo": "rotate-text.el", - "type": "github" - } - }, "service-keytabs": { "flake": false, "locked": { diff --git a/deployments/seattle/flake.nix b/deployments/seattle/flake.nix index 5d2899f..bc56956 100644 --- a/deployments/seattle/flake.nix +++ b/deployments/seattle/flake.nix @@ -4,32 +4,26 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-21.05"; - fudo-home = { - url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - fudo-secrets.url = "path:/state/secrets"; - fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git"; - fudo-nixos = { - url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; + url = "path:/state/nixops/fudo-nixos"; + # url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs: let - deployment = import ../../common/deployment.nix { - description = "Seattle NixOps network"; - hostnames = with nixpkgs.lib; let - domain = "sea.fudo.org"; - deployment-hosts = filterAttrs + outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs: with nixpkgs.lib; + let + deployment = import ../../common/deployment.nix { + description = "Seattle NixOps network"; + deployment-hosts = let + domain = "sea.fudo.org"; + in filterAttrs (hostname: hostOpts: hostOpts.domain == domain) fudo-nixos.fudoHosts; - in mapAttrsToList - (hostname: hostOpts: fudo-nixos.nixosConfigurations.${hostname}) - deployment-hosts; + }; + in { + nixopsConfigurations.default = (deployment inputs); }; - in (deployment inputs); }