From d8322b2d10bcf102403cb7edc6791f5cfc6576f2 Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 18 Nov 2021 11:49:04 -0800 Subject: [PATCH] Move to using flake nixos config --- common/deployment.nix | 69 ++++++++++++ common/helpers.nix | 27 +++++ common/inputs.nix | 19 ++++ .../joes-datacenter-0}/flake.lock | 0 .../joes-datacenter-0}/flake.nix | 0 {portage => deployments/portage}/flake.lock | 0 {portage => deployments/portage}/flake.nix | 22 +--- {seattle => deployments/seattle}/flake.lock | 0 deployments/seattle/flake.nix | 18 +++ fudo-home | 1 - fudo-nixos | 1 - fudo-pkgs | 1 - seattle/flake.nix | 105 ------------------ 13 files changed, 134 insertions(+), 129 deletions(-) create mode 100644 common/deployment.nix create mode 100644 common/helpers.nix create mode 100644 common/inputs.nix rename {joes-datacenter-0 => deployments/joes-datacenter-0}/flake.lock (100%) rename {joes-datacenter-0 => deployments/joes-datacenter-0}/flake.nix (100%) rename {portage => deployments/portage}/flake.lock (100%) rename {portage => deployments/portage}/flake.nix (79%) rename {seattle => deployments/seattle}/flake.lock (100%) create mode 100644 deployments/seattle/flake.nix delete mode 160000 fudo-home delete mode 160000 fudo-nixos delete mode 160000 fudo-pkgs delete mode 100644 seattle/flake.nix diff --git a/common/deployment.nix b/common/deployment.nix new file mode 100644 index 0000000..da2dcc6 --- /dev/null +++ b/common/deployment.nix @@ -0,0 +1,69 @@ +{ hostnames, description, ... }: + +{ self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: +with nixpkgs.lib; +let + + build-timestamp = self.sourceInfo.lastModified; + + helpers = import ./helpers.nix { lib = nixpkgs.lib; }; + + networks = with nixpkgs.lib; let + network-files = helpers.nix-files (fudo-nixos + /config/networks); + networks = map helpers.strip-ext network-files; + in genAttrs networks + (network: import (fudo-nixos + /config/networks/${network}.nix)); + + hosts = with nixpkgs.lib; let + in genAttrs hostnames + (hostname: import (fudo-nixos + /config/hosts/${host}.nix)); + + pkgs-for = system: import nixpkgs { + inherit system; + config = { + allowUnfree = true; + permittedInsecurePackages = [ + "openssh-with-gssapi-8.4p1" + ]; + overlays = [ + (import (fudo-pkgs + /overlay.nix)) + (import (fudo-nixos + /lib/overlay.nix)) + ]; + }; + }; + +in { + nixopsConfigurations.default = { + inherit nixpkgs; + + network = { + inherit description; + enableRollback = true; + }; + } // (genAttrs hostnames (hostname: let + host-cfg = hosts.${hostname} + pkgs = pkgs-for host-cfg.arch; + domain = host-cfg.domain; + network-hosts = config.fudo.networks.${network}.hosts; + host-filesystem-keys = config.fudo.secrets.files.host-filesystem-keys; + in {config, ... }: { + nixpkgs.pkgs = pkgs; + + imports = [ + fudo-home.nixModule + fudo-secrets.nixModule + fudo-nixos.nixosConfigurations.${hostname} + ]; + + deployment = { + targetHost = network-hosts.${hostname}.ipv4-address; + + keys = mkIf (hasAttr hostname host-filesystem-keys) + (mapAttrs (secret: secret-file: { + keyFile = secret-file; + user = "root"; + permissions = "0400"; + }) host-filesystem-keys.${hostname}); + }; + })); +} diff --git a/common/helpers.nix b/common/helpers.nix new file mode 100644 index 0000000..4daf4d4 --- /dev/null +++ b/common/helpers.nix @@ -0,0 +1,27 @@ +{ lib, ... }: + +with lib; +let + regular-files = path: let + is-regular-file = filename: type: type == "regular" || type == "link"; + in attrNames (filterAttrs is-regular-file (builtins.readDir path)); + + nix-files = path: let + is-nix-file = filename: (builtins.match "^(.+)\.nix$" filename) != null; + in + map + (file: path + "/${file}") + (filter is-nix-file (regular-files path)); + + strip-ext = filename: head (builtins.match "^(.+)[.]nix$" filename); + + basename-to-map = path: + listToAttrs + (map + (file: + nameValuePair (strip-ext file) + (import (path + "${file}"))) + (nix-files path)); +in { + inherit regular-files nix-files strip-ext basename-to-map; +} diff --git a/common/inputs.nix b/common/inputs.nix new file mode 100644 index 0000000..d049e6b --- /dev/null +++ b/common/inputs.nix @@ -0,0 +1,19 @@ +{ nixos-version, ... }: + +{ + nixpkgs.url = "nixpkgs/nixos-${nixos-version}"; + + fudo-home = { + url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + fudo-secrets.url = "path:/state/secrets"; + + fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git"; + + fudo-nixos = { + url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; +} diff --git a/joes-datacenter-0/flake.lock b/deployments/joes-datacenter-0/flake.lock similarity index 100% rename from joes-datacenter-0/flake.lock rename to deployments/joes-datacenter-0/flake.lock diff --git a/joes-datacenter-0/flake.nix b/deployments/joes-datacenter-0/flake.nix similarity index 100% rename from joes-datacenter-0/flake.nix rename to deployments/joes-datacenter-0/flake.nix diff --git a/portage/flake.lock b/deployments/portage/flake.lock similarity index 100% rename from portage/flake.lock rename to deployments/portage/flake.lock diff --git a/portage/flake.nix b/deployments/portage/flake.nix similarity index 79% rename from portage/flake.nix rename to deployments/portage/flake.nix index 239927a..7356949 100644 --- a/portage/flake.nix +++ b/deployments/portage/flake.nix @@ -1,27 +1,7 @@ { description = "Definition of the Portage NixOps network."; - inputs = { - nixpkgs.url = "nixpkgs/nixos-21.05"; - - fudo-home = { - url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - fudo-secrets.url = "path:/state/secrets"; - - # fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git"; - - fudo-pkgs.url = "path:/state/nixops/fudo-pkgs"; - - fudo-nixos = { - url = "path:/state/nixops/fudo-nixos"; - # url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; - # Don't import it as a flake - flake = false; - }; - }; + inputs = import ../../common/inputs.nix { nixos-version = "21.05"; }; outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let domain = "fudo.org"; diff --git a/seattle/flake.lock b/deployments/seattle/flake.lock similarity index 100% rename from seattle/flake.lock rename to deployments/seattle/flake.lock diff --git a/deployments/seattle/flake.nix b/deployments/seattle/flake.nix new file mode 100644 index 0000000..07a3d0b --- /dev/null +++ b/deployments/seattle/flake.nix @@ -0,0 +1,18 @@ +{ + description = "Definition of the Seattle NixOps network."; + + inputs = import ../../common/inputs.nix; + + outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs: + import ../../common/deployment.nix { + description = "Seattle NixOps network"; + hostnames = with nixpkgs.lib; let + domain = "sea.fudo.org"; + deployment-hosts = filterAttrs + (hostname: hostOpts: hostOpts.domain == domain) + fudo-nixos.fudoHosts; + in mapAttrsToList + (hostname: hostOpts: fudo-nixos.nixosConfigurations.${hostname}) + deployment-hosts; + }; +} diff --git a/fudo-home b/fudo-home deleted file mode 160000 index 7d7f95b..0000000 --- a/fudo-home +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 7d7f95b1c229ceed825559f1f94ee6f676b429a6 diff --git a/fudo-nixos b/fudo-nixos deleted file mode 160000 index 79b05be..0000000 --- a/fudo-nixos +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 79b05be7d33b2dccb1a6967d86b52d1c2e9e5e3b diff --git a/fudo-pkgs b/fudo-pkgs deleted file mode 160000 index b1af37f..0000000 --- a/fudo-pkgs +++ /dev/null @@ -1 +0,0 @@ -Subproject commit b1af37ff1e6366469d0292e59514acf4f76c088d diff --git a/seattle/flake.nix b/seattle/flake.nix deleted file mode 100644 index 2eb6247..0000000 --- a/seattle/flake.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ - description = "Definition of the Seattle NixOps network."; - - inputs = { - nixpkgs.url = "nixpkgs/nixos-21.05"; - - fudo-home = { - url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - fudo-secrets.url = "path:/state/secrets"; - - #fudo-pkgs.url = "path:/state/nixops/fudo-pkgs"; - - fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git"; - - fudo-nixos = { - url = "path:/state/nixops/fudo-nixos"; - # url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; - # Don't import it as a flake - flake = false; - }; - }; - - outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let - domain = "sea.fudo.org"; - site = "seattle"; - - build-timestamp = self.sourceInfo.lastModified; - - hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; }; - - hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts: - hostOpts.nixos-system && hostOpts.site == site) - (hostlib.base-host-config (fudo-nixos + /config/hosts)); - - network-hosts = (import (fudo-nixos + /config/networks/${domain}.nix)).hosts; - - pkgs-for = system: import nixpkgs { - inherit system; - config = { - allowUnfree = true; - permittedInsecurePackages = [ - "openssh-with-gssapi-8.4p1" - ]; - }; - overlays = [ - (import (fudo-pkgs + "/overlay.nix")) - (import (fudo-nixos + "/lib/overlay.nix")) - ]; - }; - - initialize-host = import (fudo-nixos + /initialize.nix); - - in { - nixopsConfigurations.default = { - inherit nixpkgs; - - network = { - description = "Seattle NixOps network."; - enableRollback = true; - }; - } // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let - system = hostOpts.arch; - profile = hostOpts.profile; - in { config, ... }: let - pkgs = pkgs-for system; - lib = pkgs.lib; - build-seed = builtins.readFile config.fudo.secrets.files.build-seed; - in { - imports = [ - fudo-home.nixosModule - fudo-secrets.nixosModule - (initialize-host { - inherit - lib - pkgs - hostname - build-timestamp - build-seed - site - domain - profile; - }) - ]; - - nixpkgs.pkgs = pkgs-for system; - nixpkgs.lib = (pkgs-for system).lib; - - deployment = with lib; { - targetHost = network-hosts.${hostname}.ipv4-address; - - keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys) - then - mapAttrs (secret: secret-file: { - keyFile = secret-file; - user = "root"; - permissions = "0400"; - }) config.fudo.secrets.files.host-filesystem-keys.${hostname} - else {}; - }; - }) hosts); - }; -}