fudosys
/
nixops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move to using flake nixos config

This commit is contained in:
niten 2021-11-18 11:49:04 -08:00
parent 381d2710e3
commit d8322b2d10
13 changed files with 134 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
common/deployment.nix Normal file
View File

@ -0,0 +1,69 @@
{ hostnames, description, ... }:
{ self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }:
with nixpkgs.lib;
let
build-timestamp = self.sourceInfo.lastModified;
helpers = import ./helpers.nix { lib = nixpkgs.lib; };
networks = with nixpkgs.lib; let
network-files = helpers.nix-files (fudo-nixos + /config/networks);
networks = map helpers.strip-ext network-files;
in genAttrs networks
(network: import (fudo-nixos + /config/networks/${network}.nix));
hosts = with nixpkgs.lib; let
in genAttrs hostnames
(hostname: import (fudo-nixos + /config/hosts/${host}.nix));
pkgs-for = system: import nixpkgs {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
overlays = [
(import (fudo-pkgs + /overlay.nix))
(import (fudo-nixos + /lib/overlay.nix))
];
};
};
in {
nixopsConfigurations.default = {
inherit nixpkgs;
network = {
inherit description;
enableRollback = true;
};
} // (genAttrs hostnames (hostname: let
host-cfg = hosts.${hostname}
pkgs = pkgs-for host-cfg.arch;
domain = host-cfg.domain;
network-hosts = config.fudo.networks.${network}.hosts;
host-filesystem-keys = config.fudo.secrets.files.host-filesystem-keys;
in {config, ... }: {
nixpkgs.pkgs = pkgs;
imports = [
fudo-home.nixModule
fudo-secrets.nixModule
fudo-nixos.nixosConfigurations.${hostname}
];
deployment = {
targetHost = network-hosts.${hostname}.ipv4-address;
keys = mkIf (hasAttr hostname host-filesystem-keys)
(mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) host-filesystem-keys.${hostname});
};
}));
}

27
common/helpers.nix Normal file
View File

@ -0,0 +1,27 @@
{ lib, ... }:
with lib;
let
regular-files = path: let
is-regular-file = filename: type: type == "regular" || type == "link";
in attrNames (filterAttrs is-regular-file (builtins.readDir path));
nix-files = path: let
is-nix-file = filename: (builtins.match "^(.+)\.nix$" filename) != null;
in
map
(file: path + "/${file}")
(filter is-nix-file (regular-files path));
strip-ext = filename: head (builtins.match "^(.+)[.]nix$" filename);
basename-to-map = path:
listToAttrs
(map
(file:
nameValuePair (strip-ext file)
(import (path + "${file}")))
(nix-files path));
in {
inherit regular-files nix-files strip-ext basename-to-map;
}

19
common/inputs.nix Normal file
View File

@ -0,0 +1,19 @@
{ nixos-version, ... }:
{
nixpkgs.url = "nixpkgs/nixos-${nixos-version}";
fudo-home = {
url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-secrets.url = "path:/state/secrets";
fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-nixos = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
}

0
joes-datacenter-0/flake.lock → deployments/joes-datacenter-0/flake.lock
View File

0
joes-datacenter-0/flake.nix → deployments/joes-datacenter-0/flake.nix
View File

0
portage/flake.lock → deployments/portage/flake.lock
View File

22
portage/flake.nix → deployments/portage/flake.nix
View File

@ -1,27 +1,7 @@
{ {
description = "Definition of the Portage NixOps network."; description = "Definition of the Portage NixOps network.";
inputs = { inputs = import ../../common/inputs.nix { nixos-version = "21.05"; };
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-home = {
url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-secrets.url = "path:/state/secrets";
# fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-pkgs.url = "path:/state/nixops/fudo-pkgs";
fudo-nixos = {
url = "path:/state/nixops/fudo-nixos";
# url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
# Don't import it as a flake
flake = false;
};
};
outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
domain = "fudo.org"; domain = "fudo.org";

0
seattle/flake.lock → deployments/seattle/flake.lock
View File

18
deployments/seattle/flake.nix Normal file
View File

@ -0,0 +1,18 @@
{
description = "Definition of the Seattle NixOps network.";
inputs = import ../../common/inputs.nix;
outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs:
import ../../common/deployment.nix {
description = "Seattle NixOps network";
hostnames = with nixpkgs.lib; let
domain = "sea.fudo.org";
deployment-hosts = filterAttrs
(hostname: hostOpts: hostOpts.domain == domain)
fudo-nixos.fudoHosts;
in mapAttrsToList
(hostname: hostOpts: fudo-nixos.nixosConfigurations.${hostname})
deployment-hosts;
};
}

1
fudo-home

@ -1 +0,0 @@
Subproject commit 7d7f95b1c229ceed825559f1f94ee6f676b429a6

1
fudo-nixos

@ -1 +0,0 @@
Subproject commit 79b05be7d33b2dccb1a6967d86b52d1c2e9e5e3b

1
fudo-pkgs

@ -1 +0,0 @@
Subproject commit b1af37ff1e6366469d0292e59514acf4f76c088d

105
seattle/flake.nix
View File

@ -1,105 +0,0 @@
{
description = "Definition of the Seattle NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-home = {
url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-secrets.url = "path:/state/secrets";
#fudo-pkgs.url = "path:/state/nixops/fudo-pkgs";
fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-nixos = {
url = "path:/state/nixops/fudo-nixos";
# url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
# Don't import it as a flake
flake = false;
};
};
outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
domain = "sea.fudo.org";
site = "seattle";
build-timestamp = self.sourceInfo.lastModified;
hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; };
hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
hostOpts.nixos-system && hostOpts.site == site)
(hostlib.base-host-config (fudo-nixos + /config/hosts));
network-hosts = (import (fudo-nixos + /config/networks/${domain}.nix)).hosts;
pkgs-for = system: import nixpkgs {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import (fudo-pkgs + "/overlay.nix"))
(import (fudo-nixos + "/lib/overlay.nix"))
];
};
initialize-host = import (fudo-nixos + /initialize.nix);
in {
nixopsConfigurations.default = {
inherit nixpkgs;
network = {
description = "Seattle NixOps network.";
enableRollback = true;
};
} // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let
system = hostOpts.arch;
profile = hostOpts.profile;
in { config, ... }: let
pkgs = pkgs-for system;
lib = pkgs.lib;
build-seed = builtins.readFile config.fudo.secrets.files.build-seed;
in {
imports = [
fudo-home.nixosModule
fudo-secrets.nixosModule
(initialize-host {
inherit
lib
pkgs
hostname
build-timestamp
build-seed
site
domain
profile;
})
];
nixpkgs.pkgs = pkgs-for system;
nixpkgs.lib = (pkgs-for system).lib;
deployment = with lib; {
targetHost = network-hosts.${hostname}.ipv4-address;
keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys)
then
mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) config.fudo.secrets.files.host-filesystem-keys.${hostname}
else {};
};
}) hosts);
};
}