fudosys
/
nixops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added deployment-config.nix for import

This commit is contained in:
niten 2021-11-19 13:51:02 -08:00
parent 83881682e1
commit 8889d7919c
4 changed files with 79 additions and 498 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
common/deployment-config.nix Normal file
View File

@ -0,0 +1,31 @@
{ build-timestamp, networks, pkgs-for }:
hostname: hostOpts:
{ config, lib, ... }:
with lib;
{
config = {
instance = {
inherit build-timestamp;
};
nixpkgs.pkgs = pkgs-for hostOpts.arch;
deployment = let
domain = hostOpts.domain;
host-ip = networks.${domain}.hosts.${hostname}.ipv4-address;
fs-keys = config.fudo.secrets.files.host-filesystem-keys;
keys = if (hasAttr hostname fs-keys) then
mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) fs-keys.${hostname} else {};
in {
inherit keys;
targetHost = host-ip;
};
};
}

68
common/deployment.nix
View File

@ -1,22 +1,18 @@
{ hostnames, description, ... }:
{ deployment-hosts, description, ... }:
{ self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }:
{ self, nixpkgs, fudo-nixos, fudo-secrets, ... }:
with nixpkgs.lib;
let
build-timestamp = self.sourceInfo.lastModified;
helpers = import ./helpers.nix { lib = nixpkgs.lib; };
# helpers = import ./helpers.nix { lib = nixpkgs.lib; };
networks = with nixpkgs.lib; let
network-files = helpers.nix-files (fudo-nixos + /config/networks);
networks = map helpers.strip-ext network-files;
in genAttrs networks
(network: import (fudo-nixos + /config/networks/${network}.nix));
# syslib = import (fudo-nixos + /lib/system.nix) { lib = nixpkgs.lib; };
hosts = with nixpkgs.lib; let
in genAttrs hostnames
(hostname: import (fudo-nixos + /config/hosts/${host}.nix));
# networks = syslib.networks (fudo-nixos + /config/networks);
# deployment-hosts = getAttrs hostnames fudo-nixos.fudoHosts;
pkgs-for = system: import nixpkgs {
inherit system;
@ -32,38 +28,22 @@ let
};
};
host-config = let
networks = fudo-nixos.fudoNetworks;
in import ./deployment-config.nix {
inherit build-timestamp networks pkgs-for;
};
in {
nixopsConfigurations.default = {
inherit nixpkgs;
inherit nixpkgs;
network = {
inherit description;
enableRollback = true;
};
} // (genAttrs hostnames (hostname: let
host-cfg = hosts.${hostname}
pkgs = pkgs-for host-cfg.arch;
domain = host-cfg.domain;
network-hosts = config.fudo.networks.${network}.hosts;
host-filesystem-keys = config.fudo.secrets.files.host-filesystem-keys;
in {config, ... }: {
nixpkgs.pkgs = pkgs;
imports = [
fudo-home.nixModule
fudo-secrets.nixModule
fudo-nixos.nixosConfigurations.${hostname}
];
deployment = {
targetHost = network-hosts.${hostname}.ipv4-address;
keys = mkIf (hasAttr hostname host-filesystem-keys)
(mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) host-filesystem-keys.${hostname});
};
}));
}
network = {
inherit description;
enableRollback = true;
};
} // mapAttrs (hostname: hostOpts: {
imports = [
(host-config hostname hostOpts)
fudo-nixos.nixosConfigurations.${hostname}
];
}) deployment-hosts

448
deployments/seattle/flake.lock
View File

@ -125,59 +125,6 @@
"type": "github"
}
},
"doom-emacs_3": {
"inputs": {
"doom-emacs": "doom-emacs_4",
"doom-snippets": "doom-snippets_2",
"emacs-overlay": "emacs-overlay_2",
"emacs-so-long": "emacs-so-long_2",
"evil-markdown": "evil-markdown_2",
"evil-org-mode": "evil-org-mode_2",
"evil-quick-diff": "evil-quick-diff_2",
"explain-pause-mode": "explain-pause-mode_2",
"flake-utils": "flake-utils_2",
"nix-straight": "nix-straight_2",
"nixpkgs": "nixpkgs_2",
"nose": "nose_2",
"ob-racket": "ob-racket_2",
"org": "org_2",
"org-contrib": "org-contrib_2",
"org-yt": "org-yt_2",
"php-extras": "php-extras_2",
"revealjs": "revealjs_2",
"rotate-text": "rotate-text_2"
},
"locked": {
"lastModified": 1627398156,
"narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=",
"owner": "vlaci",
"repo": "nix-doom-emacs",
"rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff",
"type": "github"
},
"original": {
"owner": "vlaci",
"repo": "nix-doom-emacs",
"type": "github"
}
},
"doom-emacs_4": {
"flake": false,
"locked": {
"lastModified": 1626604817,
"narHash": "sha256-z+dvjB02cHU+VQ5EMkzqSdX817PZar9AkmmfK27q0vo=",
"owner": "hlissner",
"repo": "doom-emacs",
"rev": "46732c0adaef147144418f9f284ca6b1183ab96f",
"type": "github"
},
"original": {
"owner": "hlissner",
"ref": "develop",
"repo": "doom-emacs",
"type": "github"
}
},
"doom-snippets": {
"flake": false,
"locked": {
@ -194,22 +141,6 @@
"type": "github"
}
},
"doom-snippets_2": {
"flake": false,
"locked": {
"lastModified": 1625547004,
"narHash": "sha256-V+ytAjB4ZZ+5dJJAu1OY7SbnqrokX5PVBWs0AsgQ8Vs=",
"owner": "hlissner",
"repo": "doom-snippets",
"rev": "5c0eb5bd70f035cefb981c2ce64f4367498bdda6",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "doom-snippets",
"type": "github"
}
},
"emacs-overlay": {
"flake": false,
"locked": {
@ -226,22 +157,6 @@
"type": "github"
}
},
"emacs-overlay_2": {
"flake": false,
"locked": {
"lastModified": 1626972035,
"narHash": "sha256-YhBtnKmLDYiEzP5ZEMEQMg6oMP5EV+ToCkku7ZYfL+A=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "be04b45efb35db58e6ac6aa86b84f850c85b5dfe",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"emacs-so-long": {
"flake": false,
"locked": {
@ -258,22 +173,6 @@
"type": "github"
}
},
"emacs-so-long_2": {
"flake": false,
"locked": {
"lastModified": 1575031854,
"narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=",
"owner": "hlissner",
"repo": "emacs-so-long",
"rev": "ed666b0716f60e8988c455804de24b55919e71ca",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "emacs-so-long",
"type": "github"
}
},
"evil-markdown": {
"flake": false,
"locked": {
@ -290,22 +189,6 @@
"type": "github"
}
},
"evil-markdown_2": {
"flake": false,
"locked": {
"lastModified": 1626852210,
"narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=",
"owner": "Somelauw",
"repo": "evil-markdown",
"rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477",
"type": "github"
},
"original": {
"owner": "Somelauw",
"repo": "evil-markdown",
"type": "github"
}
},
"evil-org-mode": {
"flake": false,
"locked": {
@ -322,22 +205,6 @@
"type": "github"
}
},
"evil-org-mode_2": {
"flake": false,
"locked": {
"lastModified": 1607203864,
"narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=",
"owner": "hlissner",
"repo": "evil-org-mode",
"rev": "a9706da260c45b98601bcd72b1d2c0a24a017700",
"type": "github"
},
"original": {
"owner": "hlissner",
"repo": "evil-org-mode",
"type": "github"
}
},
"evil-quick-diff": {
"flake": false,
"locked": {
@ -354,22 +221,6 @@
"type": "github"
}
},
"evil-quick-diff_2": {
"flake": false,
"locked": {
"lastModified": 1575189609,
"narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=",
"owner": "rgrinberg",
"repo": "evil-quick-diff",
"rev": "69c883720b30a892c63bc89f49d4f0e8b8028908",
"type": "github"
},
"original": {
"owner": "rgrinberg",
"repo": "evil-quick-diff",
"type": "github"
}
},
"explain-pause-mode": {
"flake": false,
"locked": {
@ -386,22 +237,6 @@
"type": "github"
}
},
"explain-pause-mode_2": {
"flake": false,
"locked": {
"lastModified": 1595842060,
"narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=",
"owner": "lastquestion",
"repo": "explain-pause-mode",
"rev": "2356c8c3639cbeeb9751744dbe737267849b4b51",
"type": "github"
},
"original": {
"owner": "lastquestion",
"repo": "explain-pause-mode",
"type": "github"
}
},
"filesystem-keys": {
"flake": false,
"locked": {
@ -441,51 +276,12 @@
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1623875721,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fudo-home": {
"inputs": {
"doom-emacs": "doom-emacs",
"home-manager": "home-manager",
"niten-doom-config": "niten-doom-config",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1637022553,
"narHash": "sha256-1YL/i6g/lQyd8y47ljwC9YuUa9LUP+xvq1Jg3jOd4bU=",
"ref": "flake",
"rev": "887a14bfa910a333af188962b6f77878eced368b",
"revCount": 47,
"type": "git",
"url": "https://git.fudo.org/niten/nix-home.git"
},
"original": {
"ref": "flake",
"type": "git",
"url": "https://git.fudo.org/niten/nix-home.git"
}
},
"fudo-home_2": {
"inputs": {
"doom-emacs": "doom-emacs_3",
"home-manager": "home-manager_2",
"niten-doom-config": "niten-doom-config_2",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"narHash": "sha256-TpFI+nD+c9JXhKKDBgIHJhIfveTScBD6gotTPt8tvg4=",
@ -499,7 +295,7 @@
},
"fudo-nixos": {
"inputs": {
"fudo-home": "fudo-home_2",
"fudo-home": "fudo-home",
"fudo-pkgs": "fudo-pkgs",
"fudo-secrets": "fudo-secrets",
"nixpkgs": [
@ -507,18 +303,13 @@
]
},
"locked": {
"lastModified": 1637257901,
"narHash": "sha256-TjQM8Dm4Jn7dJlKV/zt+5UK46lO5vzX7EHfqtHIu/P8=",
"ref": "nixops-flake",
"rev": "4168027ac234de6f8c2cc29c888b44c2897cef58",
"revCount": 377,
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git"
"narHash": "sha256-B2M99aciJcFkAfyNk5c0KXMc3wtfUxDZuBM8xeaYzes=",
"path": "/state/nixops/fudo-nixos",
"type": "path"
},
"original": {
"ref": "nixops-flake",
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git"
"path": "/state/nixops/fudo-nixos",
"type": "path"
}
},
"fudo-pkgs": {
@ -532,21 +323,6 @@
"type": "path"
}
},
"fudo-pkgs_2": {
"locked": {
"lastModified": 1637050187,
"narHash": "sha256-E1Xz7MLL/ZZZcxVd/7VycBC0N/zFz+OjIHx2h0ki+Fo=",
"ref": "master",
"rev": "4dc41229084416562eb12d02c84020fb3800d96b",
"revCount": 17,
"type": "git",
"url": "https://git.fudo.org/fudo-public/fudo-pkgs.git"
},
"original": {
"type": "git",
"url": "https://git.fudo.org/fudo-public/fudo-pkgs.git"
}
},
"fudo-secrets": {
"inputs": {
"build-keypairs": "build-keypairs",
@ -592,28 +368,6 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"fudo-home",
"nixpkgs"
]
},
"locked": {
"lastModified": 1633291410,
"narHash": "sha256-IxUzCGwj+s2Rn/+u0NtY36ix5I8MopMOO8Ip59PnBlw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "382505714d10c6791a96712e0554587c75c5bf8b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-21.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"fudo-nixos",
@ -661,22 +415,6 @@
}
},
"niten-doom-config": {
"flake": false,
"locked": {
"lastModified": 1628274414,
"narHash": "sha256-EIGqjTHcYnjVXceY1tpjaYxNmORh8NNiL2FVWCI5sBo=",
"ref": "master",
"rev": "0ab1532c856ccdb6ce46c5948054279f439eb1f2",
"revCount": 34,
"type": "git",
"url": "https://git.fudo.org/niten/doom-emacs.git"
},
"original": {
"type": "git",
"url": "https://git.fudo.org/niten/doom-emacs.git"
}
},
"niten-doom-config_2": {
"flake": false,
"locked": {
"lastModified": 1633712607,
@ -709,23 +447,6 @@
"type": "github"
}
},
"nix-straight_2": {
"flake": false,
"locked": {
"lastModified": 1621543597,
"narHash": "sha256-E/m2Hrw2og//CfOCOWe2yapYC01Tqhozn4YMPYJsC3o=",
"owner": "vlaci",
"repo": "nix-straight.el",
"rev": "8e84d04f10b2298de856b2b8b9a0d13abc91b5ca",
"type": "github"
},
"original": {
"owner": "vlaci",
"ref": "v2.2.0",
"repo": "nix-straight.el",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1626852498,
@ -742,21 +463,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1626852498,
"narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixpkgs-unstable",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1636944046,
"narHash": "sha256-74KLDsiWSBsYXKj/ql9EGbw1TbIJRE7clFkhl30HV/c=",
@ -771,13 +477,13 @@
"type": "indirect"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1636944046,
"narHash": "sha256-74KLDsiWSBsYXKj/ql9EGbw1TbIJRE7clFkhl30HV/c=",
"lastModified": 1637316267,
"narHash": "sha256-hfAA/0W3tycKKOSwP7Xt6FXLG9h/FgCu45wdGubHtV0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "46251a79f752ae1d46ef733e8e9760b6d3429da4",
"rev": "24528474d2b3370f2f23879a557ae2cc92a5d50b",
"type": "github"
},
"original": {
@ -802,22 +508,6 @@
"type": "github"
}
},
"nose_2": {
"flake": false,
"locked": {
"lastModified": 1400604510,
"narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=",
"owner": "emacsattic",
"repo": "nose",
"rev": "f8528297519eba911696c4e68fa88892de9a7b72",
"type": "github"
},
"original": {
"owner": "emacsattic",
"repo": "nose",
"type": "github"
}
},
"ob-racket": {
"flake": false,
"locked": {
@ -834,22 +524,6 @@
"type": "github"
}
},
"ob-racket_2": {
"flake": false,
"locked": {
"lastModified": 1584656173,
"narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=",
"owner": "xchrishawk",
"repo": "ob-racket",
"rev": "83457ec9e1e96a29fd2086ed19432b9d75787673",
"type": "github"
},
"original": {
"owner": "xchrishawk",
"repo": "ob-racket",
"type": "github"
}
},
"org": {
"flake": false,
"locked": {
@ -882,22 +556,6 @@
"url": "https://git.sr.ht/~bzg/org-contrib"
}
},
"org-contrib_2": {
"flake": false,
"locked": {
"lastModified": 1623339452,
"narHash": "sha256-E3pioqkmAKQm5N7YsgJZil0/ozkdRE7//tE9FGbrluM=",
"ref": "master",
"rev": "fc81309cf6756607a836f93049a9393c2967c4e0",
"revCount": 2599,
"type": "git",
"url": "https://git.sr.ht/~bzg/org-contrib"
},
"original": {
"type": "git",
"url": "https://git.sr.ht/~bzg/org-contrib"
}
},
"org-yt": {
"flake": false,
"locked": {
@ -914,38 +572,6 @@
"type": "github"
}
},
"org-yt_2": {
"flake": false,
"locked": {
"lastModified": 1527381913,
"narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=",
"owner": "TobiasZawada",
"repo": "org-yt",
"rev": "40cc1ac76d741055cbefa13860d9f070a7ade001",
"type": "github"
},
"original": {
"owner": "TobiasZawada",
"repo": "org-yt",
"type": "github"
}
},
"org_2": {
"flake": false,
"locked": {
"lastModified": 1627155762,
"narHash": "sha256-XS1eA6P0ePabdrnUNe5lN19EA9dfK615gMGObr9wfBQ=",
"owner": "emacs-straight",
"repo": "org-mode",
"rev": "c9dfed48a607c7f6524f1c6480f09cf61a5d6237",
"type": "github"
},
"original": {
"owner": "emacs-straight",
"repo": "org-mode",
"type": "github"
}
},
"php-extras": {
"flake": false,
"locked": {
@ -962,22 +588,6 @@
"type": "github"
}
},
"php-extras_2": {
"flake": false,
"locked": {
"lastModified": 1573312690,
"narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=",
"owner": "arnested",
"repo": "php-extras",
"rev": "d410c5af663c30c01d461ac476d1cbfbacb49367",
"type": "github"
},
"original": {
"owner": "arnested",
"repo": "php-extras",
"type": "github"
}
},
"realm-master-keys": {
"flake": false,
"locked": {
@ -1018,29 +628,11 @@
"type": "github"
}
},
"revealjs_2": {
"flake": false,
"locked": {
"lastModified": 1625811744,
"narHash": "sha256-Y67nVqcovn2PbHXmWOFWMq10Qz2ZIRyyWEO6qsZLbIM=",
"owner": "hakimel",
"repo": "reveal.js",
"rev": "b18f12d964ef80bd9ffb061aae48ff4c15fb43ad",
"type": "github"
},
"original": {
"owner": "hakimel",
"repo": "reveal.js",
"type": "github"
}
},
"root": {
"inputs": {
"fudo-home": "fudo-home",
"fudo-nixos": "fudo-nixos",
"fudo-pkgs": "fudo-pkgs_2",
"fudo-secrets": "fudo-secrets_2",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_3"
}
},
"rotate-text": {
@ -1059,22 +651,6 @@
"type": "github"
}
},
"rotate-text_2": {
"flake": false,
"locked": {
"lastModified": 1322962747,
"narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=",
"owner": "debug-ito",
"repo": "rotate-text.el",
"rev": "48f193697db996855aee1ad2bc99b38c6646fe76",
"type": "github"
},
"original": {
"owner": "debug-ito",
"repo": "rotate-text.el",
"type": "github"
}
},
"service-keytabs": {
"flake": false,
"locked": {

30
deployments/seattle/flake.nix
View File

@ -4,32 +4,26 @@
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-home = {
url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-secrets.url = "path:/state/secrets";
fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-nixos = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
url = "path:/state/nixops/fudo-nixos";
# url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs: let
deployment = import ../../common/deployment.nix {
description = "Seattle NixOps network";
hostnames = with nixpkgs.lib; let
domain = "sea.fudo.org";
deployment-hosts = filterAttrs
outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs: with nixpkgs.lib;
let
deployment = import ../../common/deployment.nix {
description = "Seattle NixOps network";
deployment-hosts = let
domain = "sea.fudo.org";
in filterAttrs
(hostname: hostOpts: hostOpts.domain == domain)
fudo-nixos.fudoHosts;
in mapAttrsToList
(hostname: hostOpts: fudo-nixos.nixosConfigurations.${hostname})
deployment-hosts;
};
in {
nixopsConfigurations.default = (deployment inputs);
};
in (deployment inputs);
}