fudosys
/
nixops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: fudosys:master
Branches Tags
fudosys:master
fudosys:flakey
...
pull from: fudosys:flakey
Branches Tags
fudosys:flakey
fudosys:master

11 Commits
master ... flakey

Author SHA1 Message Date
niten 05afaaacb8 Updates to Fudo network 2021-11-29 22:47:42 -08:00
niten b689a64a1e Added deployment definitions. 2021-11-29 22:08:44 -08:00
niten daa724a0eb Move back to a 'deployments' folder 2021-11-29 17:24:01 -08:00
niten 6780fa76cd Transitioning back to a deployment/ dir 2021-11-29 17:15:48 -08:00
niten c345daa524 Shuffling lots of stuff around 2021-11-29 16:40:16 -08:00
niten a71867ce94 Seems like I'm really close... 2021-11-28 10:11:39 -08:00
niten 88f25b5f47 Sigh. Still trying. 2021-11-19 22:30:51 -08:00
niten 8889d7919c Added deployment-config.nix for import 2021-11-19 13:51:02 -08:00
niten 83881682e1 Ugh, inputs must be explicit, can't be shared 2021-11-18 11:57:38 -08:00
niten cf6150c173 Surely I can call a function... 2021-11-18 11:52:14 -08:00
niten d8322b2d10 Move to using flake nixos config 2021-11-18 11:49:04 -08:00
14 changed files with 1200 additions and 507 deletions
Show Stats Expand all files Collapse all files

35
common/deployment.nix Normal file
View File

@ -0,0 +1,35 @@
{ inputs, deployment-hosts, description, enable-rollback ? true, ... }:
with inputs.nixpkgs.lib; let
network-config = {
nixpkgs = inputs.nixpkgs;
network = {
inherit description;
enableRollback = enable-rollback;
};
};
host-config = hostname: inputs.fudo-nixos.nixopsHostConfigurations.${hostname};
host-ip = hostname: domain: let
zone-hosts = inputs.fudo-entities.entities.zones.${domain}.hosts;
in zone-hosts.${hostname}.ipv4-address;
host-uber-secrets = hostname: { config, ... }: let
uber-secrets = config.fudo.secrets.files.host-filesystem-keys;
in {
config.deployment.keys = mkIf (hasAttr hostname uber-secrets)
(mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) uber-secrets.${hostname});
};
in network-config // (mapAttrs (hostname: hostOpts: {
imports = [
(host-config hostname)
(host-uber-secrets hostname)
];
deployment.targetHost = host-ip hostname hostOpts.domain;
}) deployment-hosts)

407
seattle/flake.lock → deployments/fudo/flake.lock
View File

@ -1,26 +1,74 @@
{
"nodes": {
"backplane-passwords": {
"flake": false,
"locked": {
"narHash": "sha256-Bf5sVg4oSg6uCKMJl21btfBH4NQI/Wz4SU9j130Shyg=",
"path": "./backplane-passwords",
"type": "path"
},
"original": {
"path": "./backplane-passwords",
"type": "path"
}
},
"build-keypairs": {
"flake": false,
"locked": {
"narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=",
"path": "./build-keypairs",
"path": "/state/secrets/build-keypairs",
"type": "path"
},
"original": {
"path": "./build-keypairs",
"path": "/state/secrets/build-keypairs",
"type": "path"
}
},
"build-keypairs_2": {
"flake": false,
"locked": {
"narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=",
"path": "/state/secrets/build-keypairs",
"type": "path"
},
"original": {
"path": "/state/secrets/build-keypairs",
"type": "path"
}
},
"build-seed": {
"flake": false,
"locked": {
"narHash": "sha256-6rzGK/itD/RBRoNGw1L2wLV1IcVbn2b0V49ay1J9z7k=",
"path": "/state/secrets/build.seed",
"type": "path"
},
"original": {
"path": "/state/secrets/build.seed",
"type": "path"
}
},
"build-seed_2": {
"flake": false,
"locked": {
"narHash": "sha256-6rzGK/itD/RBRoNGw1L2wLV1IcVbn2b0V49ay1J9z7k=",
"path": "/state/secrets/build.seed",
"type": "path"
},
"original": {
"path": "/state/secrets/build.seed",
"type": "path"
}
},
"dnssec-keys": {
"flake": false,
"locked": {
"narHash": "sha256-KGZFtyc7Sd5mGjLxnM+R/XnCtOwyZ4IuOMcblIjlCnM=",
"path": "/state/secrets/dnssec-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/dnssec-keys",
"type": "path"
}
},
"dnssec-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-KGZFtyc7Sd5mGjLxnM+R/XnCtOwyZ4IuOMcblIjlCnM=",
"path": "/state/secrets/dnssec-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/dnssec-keys",
"type": "path"
}
},
@ -34,7 +82,7 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_3",
"nix-straight": "nix-straight",
"nixpkgs": "nixpkgs",
"nose": "nose",
@ -193,15 +241,57 @@
"flake": false,
"locked": {
"narHash": "sha256-K2wdsA4vcNTaLR9A9qxB+aMaeANL0LXOwBWvUm63lX0=",
"path": "./filesystem-keys",
"path": "/state/secrets/filesystem-keys",
"type": "path"
},
"original": {
"path": "./filesystem-keys",
"path": "/state/secrets/filesystem-keys",
"type": "path"
}
},
"filesystem-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-K2wdsA4vcNTaLR9A9qxB+aMaeANL0LXOwBWvUm63lX0=",
"path": "/state/secrets/filesystem-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/filesystem-keys",
"type": "path"
}
},
"flake-utils": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1623875721,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
@ -216,69 +306,176 @@
"type": "github"
}
},
"fudo-entities": {
"inputs": {
"flake-utils": "flake-utils",
"fudo-lib": "fudo-lib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1638137290,
"narHash": "sha256-8Kjzn0jr4arVDDaOQUtT7VFd1ir1SB1X1xp1OoLZduo=",
"ref": "master",
"rev": "45cb2ae34407530496a30c6121cad976bd186fc5",
"revCount": 8,
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git"
},
"original": {
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git"
}
},
"fudo-entities_2": {
"inputs": {
"flake-utils": "flake-utils_2",
"fudo-lib": "fudo-lib_2",
"nixpkgs": [
"fudo-nixos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1638137290,
"narHash": "sha256-8Kjzn0jr4arVDDaOQUtT7VFd1ir1SB1X1xp1OoLZduo=",
"ref": "master",
"rev": "45cb2ae34407530496a30c6121cad976bd186fc5",
"revCount": 8,
"type": "git",
"url": "https://git.fudo.org/nix/fudo-entities.git"
},
"original": {
"type": "git",
"url": "https://git.fudo.org/nix/fudo-entities.git"
}
},
"fudo-home": {
"inputs": {
"doom-emacs": "doom-emacs",
"home-manager": "home-manager",
"niten-doom-config": "niten-doom-config",
"nixpkgs": [
"fudo-nixos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1635528550,
"narHash": "sha256-q+ZMD+VmZHz9TazccHQvEdttdxWgKtm5ldDt+w4jpFU=",
"ref": "flake",
"rev": "7d7f95b1c229ceed825559f1f94ee6f676b429a6",
"revCount": 38,
"type": "git",
"url": "https://git.fudo.org/niten/nix-home.git"
"narHash": "sha256-NCvYqgBq3HCqBx+EO1grdiflR9tthm9bUIasB4XtI4U=",
"path": "/state/nixops/fudo-home",
"type": "path"
},
"original": {
"ref": "flake",
"type": "git",
"url": "https://git.fudo.org/niten/nix-home.git"
"path": "/state/nixops/fudo-home",
"type": "path"
}
},
"fudo-lib": {
"locked": {
"narHash": "sha256-r8qffvJPWbBJmN32thMIxjdmY9X5VCc3TuyQyFAIdks=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-lib_2": {
"locked": {
"narHash": "sha256-r8qffvJPWbBJmN32thMIxjdmY9X5VCc3TuyQyFAIdks=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-lib_3": {
"locked": {
"narHash": "sha256-O2CsIArXcPyiBtDbAiFNU2IvIBTqEljrwDJkGF0STbw=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-nixos": {
"flake": false,
"inputs": {
"fudo-entities": "fudo-entities_2",
"fudo-home": "fudo-home",
"fudo-lib": "fudo-lib_3",
"fudo-pkgs": "fudo-pkgs",
"fudo-secrets": "fudo-secrets",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"narHash": "sha256-QYhuo67dvvLdy8RD3gGWCzBG4azEZTuY8vLICu1N32s=",
"path": "/state/nixops/fudo-nixos",
"type": "path"
"lastModified": 1638251788,
"narHash": "sha256-JzsjH4L25cXv/mpm/JK7z34hUKDrXVWP2HMbY6FRnv0=",
"ref": "master",
"rev": "a1d4e2aeb4006b778e31caec0407173af9ca8fa6",
"revCount": 390,
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git"
},
"original": {
"path": "/state/nixops/fudo-nixos",
"type": "path"
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git"
}
},
"fudo-pkgs": {
"locked": {
"lastModified": 1633732024,
"narHash": "sha256-H1xthHmjvczP+qYQnoLmZjqagHEk5LVsv/0zDlmZoAc=",
"ref": "master",
"rev": "160807215cf9158605b072c54a9b682522d62989",
"revCount": 10,
"type": "git",
"url": "https://git.fudo.org/fudo-public/fudo-pkgs.git"
"narHash": "sha256-XwEs/VkqJp1mNwYUeBUqCPrW6GUEwAxbXMVOy7bF2P8=",
"path": "/state/nixops/fudo-pkgs",
"type": "path"
},
"original": {
"type": "git",
"url": "https://git.fudo.org/fudo-public/fudo-pkgs.git"
"path": "/state/nixops/fudo-pkgs",
"type": "path"
}
},
"fudo-secrets": {
"inputs": {
"backplane-passwords": "backplane-passwords",
"build-keypairs": "build-keypairs",
"build-seed": "build-seed",
"dnssec-keys": "dnssec-keys",
"filesystem-keys": "filesystem-keys",
"host-keytabs": "host-keytabs",
"realm-master-keys": "realm-master-keys",
"service-keytabs": "service-keytabs",
"service-passwords": "service-passwords",
"ssh-keypairs": "ssh-keypairs"
},
"locked": {
"narHash": "sha256-0L3GFcBuGWbPyz5GUj9jX+ENtPx/U2rcMzO3yCDSq1M=",
"narHash": "sha256-Q89s52d8KAMIbxh7aBoUwUTFAbgUBE5IaAIwd267k20=",
"path": "/state/secrets",
"type": "path"
},
"original": {
"path": "/state/secrets",
"type": "path"
}
},
"fudo-secrets_2": {
"inputs": {
"build-keypairs": "build-keypairs_2",
"build-seed": "build-seed_2",
"dnssec-keys": "dnssec-keys_2",
"filesystem-keys": "filesystem-keys_2",
"host-keytabs": "host-keytabs_2",
"realm-master-keys": "realm-master-keys_2",
"service-keytabs": "service-keytabs_2",
"service-passwords": "service-passwords_2",
"ssh-keypairs": "ssh-keypairs_2"
},
"locked": {
"narHash": "sha256-Q89s52d8KAMIbxh7aBoUwUTFAbgUBE5IaAIwd267k20=",
"path": "/state/secrets",
"type": "path"
},
@ -290,16 +487,17 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"fudo-nixos",
"fudo-home",
"nixpkgs"
]
},
"locked": {
"lastModified": 1633291410,
"narHash": "sha256-IxUzCGwj+s2Rn/+u0NtY36ix5I8MopMOO8Ip59PnBlw=",
"lastModified": 1637019201,
"narHash": "sha256-lq4gz51fx4m5FXfx1SCB444aEBeaYtLMVm3P18Wi9ls=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "382505714d10c6791a96712e0554587c75c5bf8b",
"rev": "bcf03fa16a1f06b8a0abb27bf49afa8d6fffe8f1",
"type": "github"
},
"original": {
@ -312,23 +510,35 @@
"host-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-+4bPq8vQIaBsMXXcuw41yLTxe6e/Yy80NlCdrabEPCM=",
"path": "./kerberos/host-keytabs",
"narHash": "sha256-LzDfB9ubACWyQzjXzsPH6eNoESmSVcMFFb3V025Xgow=",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
},
"original": {
"path": "./kerberos/host-keytabs",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
}
},
"host-keytabs_2": {
"flake": false,
"locked": {
"narHash": "sha256-LzDfB9ubACWyQzjXzsPH6eNoESmSVcMFFb3V025Xgow=",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
}
},
"niten-doom-config": {
"flake": false,
"locked": {
"lastModified": 1628274414,
"narHash": "sha256-EIGqjTHcYnjVXceY1tpjaYxNmORh8NNiL2FVWCI5sBo=",
"lastModified": 1633712607,
"narHash": "sha256-6PAw7Xvoj4JROeTqK1nhT2zv7bPpiQlm9t7H5HQ0f2k=",
"ref": "master",
"rev": "0ab1532c856ccdb6ce46c5948054279f439eb1f2",
"revCount": 34,
"rev": "0a4f8ce4121ba3d64d29b0d52733c08febfb83d8",
"revCount": 35,
"type": "git",
"url": "https://git.fudo.org/niten/doom-emacs.git"
},
@ -371,11 +581,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1635456205,
"narHash": "sha256-CLZxFvwec8BhFlB5tkIq08UBDNNrijOY780UF6ubJXc=",
"lastModified": 1638196344,
"narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "66d6ec6ed2ddc77d08cf677cc8230db39f051793",
"rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f",
"type": "github"
},
"original": {
@ -480,6 +690,30 @@
"type": "github"
}
},
"realm-master-keys": {
"flake": false,
"locked": {
"narHash": "sha256-5hDmPweE6lshRKA+AKRgJv7VwWxHsYekwMT32uAUKJU=",
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
}
},
"realm-master-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-5hDmPweE6lshRKA+AKRgJv7VwWxHsYekwMT32uAUKJU=",
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
}
},
"revealjs": {
"flake": false,
"locked": {
@ -498,10 +732,9 @@
},
"root": {
"inputs": {
"fudo-home": "fudo-home",
"fudo-entities": "fudo-entities",
"fudo-nixos": "fudo-nixos",
"fudo-pkgs": "fudo-pkgs",
"fudo-secrets": "fudo-secrets",
"fudo-secrets": "fudo-secrets_2",
"nixpkgs": "nixpkgs_2"
}
},
@ -524,36 +757,72 @@
"service-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-F2npNGjUglGumazLFj9qQABGradbwCnKYZn8BEGweJc=",
"path": "./kerberos/service-keytabs",
"narHash": "sha256-9lw22Gh1IDX+MtXMLi+o3XbjvqEhOiZQG9FiG/xz/U0=",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
},
"original": {
"path": "./kerberos/service-keytabs",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
}
},
"service-keytabs_2": {
"flake": false,
"locked": {
"narHash": "sha256-9lw22Gh1IDX+MtXMLi+o3XbjvqEhOiZQG9FiG/xz/U0=",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
}
},
"service-passwords": {
"flake": false,
"locked": {
"narHash": "sha256-QF809kxBsyAfshBlm3GLUFaxk5KbU8cIn8v/gY9C9c8=",
"path": "./service-passwords",
"narHash": "sha256-4xEJlPU+KeBtQuFqRlB1bzJMXUQ6a+DT2v3OptaHyTg=",
"path": "/state/secrets/service-passwords",
"type": "path"
},
"original": {
"path": "./service-passwords",
"path": "/state/secrets/service-passwords",
"type": "path"
}
},
"service-passwords_2": {
"flake": false,
"locked": {
"narHash": "sha256-4xEJlPU+KeBtQuFqRlB1bzJMXUQ6a+DT2v3OptaHyTg=",
"path": "/state/secrets/service-passwords",
"type": "path"
},
"original": {
"path": "/state/secrets/service-passwords",
"type": "path"
}
},
"ssh-keypairs": {
"flake": false,
"locked": {
"narHash": "sha256-HE2nCM6p8hhoLu7JFOaVimzC3XIZfgCT4WHgnp+wqm0=",
"path": "./ssh-keypairs",
"narHash": "sha256-TlRfaYFuJxLUCarxZ1XYnW8PruKyYO5RErVGo5hTgo4=",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
},
"original": {
"path": "./ssh-keypairs",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
}
},
"ssh-keypairs_2": {
"flake": false,
"locked": {
"narHash": "sha256-TlRfaYFuJxLUCarxZ1XYnW8PruKyYO5RErVGo5hTgo4=",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
},
"original": {
"path": "/state/secrets/ssh-keypairs",
"type": "path"
}
}

40
deployments/fudo/flake.nix Normal file
View File

@ -0,0 +1,40 @@
{
description = "Fudo NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-secrets.url = "path:/state/secrets";
fudo-nixos = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-entities = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets } @ inputs:
with nixpkgs.lib; {
nixopsConfigurations.default = let
description = "Fudo NixOps Network";
fudo-site = site:
site == "nuttyclub" || site == "worldstream";
deployment-hosts = filterAttrs
(hostname: hostOpts:
hostOpts.nixos-system &&
(fudo-site hostOpts.site))
fudo-entities.entities.hosts;
deployment-config-generator =
import ../../common/deployment.nix;
in deployment-config-generator {
inherit inputs deployment-hosts description;
};
};
}

399
portage/flake.lock → deployments/informis/flake.lock
View File

@ -1,26 +1,74 @@
{
"nodes": {
"backplane": {
"flake": false,
"locked": {
"narHash": "sha256-q159nkiuwtQcfecm7SVpy6lG1eWc5ZqeGhnEAIY6J5w=",
"path": "./backplane",
"type": "path"
},
"original": {
"path": "./backplane",
"type": "path"
}
},
"build-keypairs": {
"flake": false,
"locked": {
"narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=",
"path": "./build-keypairs",
"path": "/state/secrets/build-keypairs",
"type": "path"
},
"original": {
"path": "./build-keypairs",
"path": "/state/secrets/build-keypairs",
"type": "path"
}
},
"build-keypairs_2": {
"flake": false,
"locked": {
"narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=",
"path": "/state/secrets/build-keypairs",
"type": "path"
},
"original": {
"path": "/state/secrets/build-keypairs",
"type": "path"
}
},
"build-seed": {
"flake": false,
"locked": {
"narHash": "sha256-6rzGK/itD/RBRoNGw1L2wLV1IcVbn2b0V49ay1J9z7k=",
"path": "/state/secrets/build.seed",
"type": "path"
},
"original": {
"path": "/state/secrets/build.seed",
"type": "path"
}
},
"build-seed_2": {
"flake": false,
"locked": {
"narHash": "sha256-6rzGK/itD/RBRoNGw1L2wLV1IcVbn2b0V49ay1J9z7k=",
"path": "/state/secrets/build.seed",
"type": "path"
},
"original": {
"path": "/state/secrets/build.seed",
"type": "path"
}
},
"dnssec-keys": {
"flake": false,
"locked": {
"narHash": "sha256-KGZFtyc7Sd5mGjLxnM+R/XnCtOwyZ4IuOMcblIjlCnM=",
"path": "/state/secrets/dnssec-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/dnssec-keys",
"type": "path"
}
},
"dnssec-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-KGZFtyc7Sd5mGjLxnM+R/XnCtOwyZ4IuOMcblIjlCnM=",
"path": "/state/secrets/dnssec-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/dnssec-keys",
"type": "path"
}
},
@ -34,7 +82,7 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_3",
"nix-straight": "nix-straight",
"nixpkgs": "nixpkgs",
"nose": "nose",
@ -193,15 +241,57 @@
"flake": false,
"locked": {
"narHash": "sha256-K2wdsA4vcNTaLR9A9qxB+aMaeANL0LXOwBWvUm63lX0=",
"path": "./filesystem-keys",
"path": "/state/secrets/filesystem-keys",
"type": "path"
},
"original": {
"path": "./filesystem-keys",
"path": "/state/secrets/filesystem-keys",
"type": "path"
}
},
"filesystem-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-K2wdsA4vcNTaLR9A9qxB+aMaeANL0LXOwBWvUm63lX0=",
"path": "/state/secrets/filesystem-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/filesystem-keys",
"type": "path"
}
},
"flake-utils": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1623875721,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
@ -216,45 +306,128 @@
"type": "github"
}
},
"fudo-entities": {
"inputs": {
"flake-utils": "flake-utils",
"fudo-lib": "fudo-lib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1638137290,
"narHash": "sha256-8Kjzn0jr4arVDDaOQUtT7VFd1ir1SB1X1xp1OoLZduo=",
"ref": "master",
"rev": "45cb2ae34407530496a30c6121cad976bd186fc5",
"revCount": 8,
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git"
},
"original": {
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git"
}
},
"fudo-entities_2": {
"inputs": {
"flake-utils": "flake-utils_2",
"fudo-lib": "fudo-lib_2",
"nixpkgs": [
"fudo-nixos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1638137290,
"narHash": "sha256-8Kjzn0jr4arVDDaOQUtT7VFd1ir1SB1X1xp1OoLZduo=",
"ref": "master",
"rev": "45cb2ae34407530496a30c6121cad976bd186fc5",
"revCount": 8,
"type": "git",
"url": "https://git.fudo.org/nix/fudo-entities.git"
},
"original": {
"type": "git",
"url": "https://git.fudo.org/nix/fudo-entities.git"
}
},
"fudo-home": {
"inputs": {
"doom-emacs": "doom-emacs",
"home-manager": "home-manager",
"niten-doom-config": "niten-doom-config",
"nixpkgs": [
"fudo-nixos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1635528550,
"narHash": "sha256-q+ZMD+VmZHz9TazccHQvEdttdxWgKtm5ldDt+w4jpFU=",
"ref": "flake",
"rev": "7d7f95b1c229ceed825559f1f94ee6f676b429a6",
"revCount": 38,
"type": "git",
"url": "https://git.fudo.org/niten/nix-home.git"
},
"original": {
"ref": "flake",
"type": "git",
"url": "https://git.fudo.org/niten/nix-home.git"
}
},
"fudo-nixos": {
"flake": false,
"locked": {
"narHash": "sha256-wIk8P88DRH8eQ31LajzGOKAwx7HoB+Qet4ws9bdeG+8=",
"path": "/state/nixops/fudo-nixos",
"narHash": "sha256-NCvYqgBq3HCqBx+EO1grdiflR9tthm9bUIasB4XtI4U=",
"path": "/state/nixops/fudo-home",
"type": "path"
},
"original": {
"path": "/state/nixops/fudo-nixos",
"path": "/state/nixops/fudo-home",
"type": "path"
}
},
"fudo-lib": {
"locked": {
"narHash": "sha256-r8qffvJPWbBJmN32thMIxjdmY9X5VCc3TuyQyFAIdks=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-lib_2": {
"locked": {
"narHash": "sha256-r8qffvJPWbBJmN32thMIxjdmY9X5VCc3TuyQyFAIdks=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-lib_3": {
"locked": {
"narHash": "sha256-O2CsIArXcPyiBtDbAiFNU2IvIBTqEljrwDJkGF0STbw=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-nixos": {
"inputs": {
"fudo-entities": "fudo-entities_2",
"fudo-home": "fudo-home",
"fudo-lib": "fudo-lib_3",
"fudo-pkgs": "fudo-pkgs",
"fudo-secrets": "fudo-secrets",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"narHash": "sha256-2SeObQF/+f9x8b9+8H7YObtF5brfwTBOaAGXjeES8gY=",
"path": "/state/fudo-nixos",
"type": "path"
},
"original": {
"path": "/state/fudo-nixos",
"type": "path"
}
},
"fudo-pkgs": {
"locked": {
"narHash": "sha256-zkWbqqzNFNMLbIqWGY1xAw/2NdBrNfbUvwIgX+44Zao=",
"narHash": "sha256-XwEs/VkqJp1mNwYUeBUqCPrW6GUEwAxbXMVOy7bF2P8=",
"path": "/state/nixops/fudo-pkgs",
"type": "path"
},
@ -265,16 +438,40 @@
},
"fudo-secrets": {
"inputs": {
"backplane": "backplane",
"build-keypairs": "build-keypairs",
"build-seed": "build-seed",
"dnssec-keys": "dnssec-keys",
"filesystem-keys": "filesystem-keys",
"host-keytabs": "host-keytabs",
"realm-master-keys": "realm-master-keys",
"service-keytabs": "service-keytabs",
"service-passwords": "service-passwords",
"ssh-keypairs": "ssh-keypairs"
},
"locked": {
"narHash": "sha256-MDaYnGcrppeZgOZKX4uHJO4NY7t5m//m7PwTMGE7hv4=",
"narHash": "sha256-Q89s52d8KAMIbxh7aBoUwUTFAbgUBE5IaAIwd267k20=",
"path": "/state/secrets",
"type": "path"
},
"original": {
"path": "/state/secrets",
"type": "path"
}
},
"fudo-secrets_2": {
"inputs": {
"build-keypairs": "build-keypairs_2",
"build-seed": "build-seed_2",
"dnssec-keys": "dnssec-keys_2",
"filesystem-keys": "filesystem-keys_2",
"host-keytabs": "host-keytabs_2",
"realm-master-keys": "realm-master-keys_2",
"service-keytabs": "service-keytabs_2",
"service-passwords": "service-passwords_2",
"ssh-keypairs": "ssh-keypairs_2"
},
"locked": {
"narHash": "sha256-Q89s52d8KAMIbxh7aBoUwUTFAbgUBE5IaAIwd267k20=",
"path": "/state/secrets",
"type": "path"
},
@ -286,16 +483,17 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"fudo-nixos",
"fudo-home",
"nixpkgs"
]
},
"locked": {
"lastModified": 1633291410,
"narHash": "sha256-IxUzCGwj+s2Rn/+u0NtY36ix5I8MopMOO8Ip59PnBlw=",
"lastModified": 1637019201,
"narHash": "sha256-lq4gz51fx4m5FXfx1SCB444aEBeaYtLMVm3P18Wi9ls=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "382505714d10c6791a96712e0554587c75c5bf8b",
"rev": "bcf03fa16a1f06b8a0abb27bf49afa8d6fffe8f1",
"type": "github"
},
"original": {
@ -308,23 +506,35 @@
"host-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-+4bPq8vQIaBsMXXcuw41yLTxe6e/Yy80NlCdrabEPCM=",
"path": "./kerberos/host-keytabs",
"narHash": "sha256-LzDfB9ubACWyQzjXzsPH6eNoESmSVcMFFb3V025Xgow=",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
},
"original": {
"path": "./kerberos/host-keytabs",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
}
},
"host-keytabs_2": {
"flake": false,
"locked": {
"narHash": "sha256-LzDfB9ubACWyQzjXzsPH6eNoESmSVcMFFb3V025Xgow=",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
}
},
"niten-doom-config": {
"flake": false,
"locked": {
"lastModified": 1628274414,
"narHash": "sha256-EIGqjTHcYnjVXceY1tpjaYxNmORh8NNiL2FVWCI5sBo=",
"lastModified": 1633712607,
"narHash": "sha256-6PAw7Xvoj4JROeTqK1nhT2zv7bPpiQlm9t7H5HQ0f2k=",
"ref": "master",
"rev": "0ab1532c856ccdb6ce46c5948054279f439eb1f2",
"revCount": 34,
"rev": "0a4f8ce4121ba3d64d29b0d52733c08febfb83d8",
"revCount": 35,
"type": "git",
"url": "https://git.fudo.org/niten/doom-emacs.git"
},
@ -367,11 +577,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1635719588,
"narHash": "sha256-pWjdy0NheM97NsPE6+jUnr5LYyeA0sBGTdw4mfXMGZQ=",
"lastModified": 1638196344,
"narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
"rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f",
"type": "github"
},
"original": {
@ -476,6 +686,30 @@
"type": "github"
}
},
"realm-master-keys": {
"flake": false,
"locked": {
"narHash": "sha256-5hDmPweE6lshRKA+AKRgJv7VwWxHsYekwMT32uAUKJU=",
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
}
},
"realm-master-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-5hDmPweE6lshRKA+AKRgJv7VwWxHsYekwMT32uAUKJU=",
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
}
},
"revealjs": {
"flake": false,
"locked": {
@ -494,10 +728,9 @@
},
"root": {
"inputs": {
"fudo-home": "fudo-home",
"fudo-entities": "fudo-entities",
"fudo-nixos": "fudo-nixos",
"fudo-pkgs": "fudo-pkgs",
"fudo-secrets": "fudo-secrets",
"fudo-secrets": "fudo-secrets_2",
"nixpkgs": "nixpkgs_2"
}
},
@ -520,36 +753,72 @@
"service-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-n2i88EiGs2DJCU+qGdLICbYMWUqdNpnEx/VUzDq5xZ8=",
"path": "./kerberos/service-keytabs",
"narHash": "sha256-9lw22Gh1IDX+MtXMLi+o3XbjvqEhOiZQG9FiG/xz/U0=",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
},
"original": {
"path": "./kerberos/service-keytabs",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
}
},
"service-keytabs_2": {
"flake": false,
"locked": {
"narHash": "sha256-9lw22Gh1IDX+MtXMLi+o3XbjvqEhOiZQG9FiG/xz/U0=",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
}
},
"service-passwords": {
"flake": false,
"locked": {
"narHash": "sha256-QF809kxBsyAfshBlm3GLUFaxk5KbU8cIn8v/gY9C9c8=",
"path": "./service-passwords",
"narHash": "sha256-4xEJlPU+KeBtQuFqRlB1bzJMXUQ6a+DT2v3OptaHyTg=",
"path": "/state/secrets/service-passwords",
"type": "path"
},
"original": {
"path": "./service-passwords",
"path": "/state/secrets/service-passwords",
"type": "path"
}
},
"service-passwords_2": {
"flake": false,
"locked": {
"narHash": "sha256-4xEJlPU+KeBtQuFqRlB1bzJMXUQ6a+DT2v3OptaHyTg=",
"path": "/state/secrets/service-passwords",
"type": "path"
},
"original": {
"path": "/state/secrets/service-passwords",
"type": "path"
}
},
"ssh-keypairs": {
"flake": false,
"locked": {
"narHash": "sha256-HE2nCM6p8hhoLu7JFOaVimzC3XIZfgCT4WHgnp+wqm0=",
"path": "./ssh-keypairs",
"narHash": "sha256-TlRfaYFuJxLUCarxZ1XYnW8PruKyYO5RErVGo5hTgo4=",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
},
"original": {
"path": "./ssh-keypairs",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
}
},
"ssh-keypairs_2": {
"flake": false,
"locked": {
"narHash": "sha256-TlRfaYFuJxLUCarxZ1XYnW8PruKyYO5RErVGo5hTgo4=",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
},
"original": {
"path": "/state/secrets/ssh-keypairs",
"type": "path"
}
}

39
deployments/informis/flake.nix Normal file
View File

@ -0,0 +1,39 @@
{
description = "Informis NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-secrets.url = "path:/state/secrets";
fudo-nixos = {
#url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git";
url = "path:/state/fudo-nixos";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-entities = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets } @ inputs:
with nixpkgs.lib; {
nixopsConfigurations.default = let
domain = "informis.land";
description = "Informis NixOps Network";
deployment-hosts = filterAttrs
(hostname: hostOpts:
hostOpts.domain == domain &&
hostOpts.nixos-system)
fudo-entities.entities.hosts;
deployment-config-generator =
import ../../common/deployment.nix;
in deployment-config-generator {
inherit inputs deployment-hosts description;
};
};
}

38
deployments/russell/flake.nix Normal file
View File

@ -0,0 +1,38 @@
{
description = "Russell NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-secrets.url = "path:/state/secrets";
fudo-nixos = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-entities = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets } @ inputs:
with nixpkgs.lib; {
nixopsConfigurations.default = let
domain = "rus.selby.ca";
description = "Russell NixOps Network";
deployment-hosts = filterAttrs
(hostname: hostOpts:
hostOpts.domain == domain &&
hostOpts.nixos-system)
fudo-entities.entities.hosts;
deployment-config-generator =
import ../../common/deployment.nix;
in deployment-config-generator {
inherit inputs deployment-hosts description;
};
};
}

407
joes-datacenter-0/flake.lock → deployments/seattle/flake.lock
View File

@ -1,26 +1,74 @@
{
"nodes": {
"backplane-passwords": {
"flake": false,
"locked": {
"narHash": "sha256-Bf5sVg4oSg6uCKMJl21btfBH4NQI/Wz4SU9j130Shyg=",
"path": "./backplane-passwords",
"type": "path"
},
"original": {
"path": "./backplane-passwords",
"type": "path"
}
},
"build-keypairs": {
"flake": false,
"locked": {
"narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=",
"path": "./build-keypairs",
"path": "/state/secrets/build-keypairs",
"type": "path"
},
"original": {
"path": "./build-keypairs",
"path": "/state/secrets/build-keypairs",
"type": "path"
}
},
"build-keypairs_2": {
"flake": false,
"locked": {
"narHash": "sha256-4eRLRLCzZ6kQIRZqy51bj60jhFSQ/wlKLeNgABPhTyw=",
"path": "/state/secrets/build-keypairs",
"type": "path"
},
"original": {
"path": "/state/secrets/build-keypairs",
"type": "path"
}
},
"build-seed": {
"flake": false,
"locked": {
"narHash": "sha256-6rzGK/itD/RBRoNGw1L2wLV1IcVbn2b0V49ay1J9z7k=",
"path": "/state/secrets/build.seed",
"type": "path"
},
"original": {
"path": "/state/secrets/build.seed",
"type": "path"
}
},
"build-seed_2": {
"flake": false,
"locked": {
"narHash": "sha256-6rzGK/itD/RBRoNGw1L2wLV1IcVbn2b0V49ay1J9z7k=",
"path": "/state/secrets/build.seed",
"type": "path"
},
"original": {
"path": "/state/secrets/build.seed",
"type": "path"
}
},
"dnssec-keys": {
"flake": false,
"locked": {
"narHash": "sha256-KGZFtyc7Sd5mGjLxnM+R/XnCtOwyZ4IuOMcblIjlCnM=",
"path": "/state/secrets/dnssec-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/dnssec-keys",
"type": "path"
}
},
"dnssec-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-KGZFtyc7Sd5mGjLxnM+R/XnCtOwyZ4IuOMcblIjlCnM=",
"path": "/state/secrets/dnssec-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/dnssec-keys",
"type": "path"
}
},
@ -34,7 +82,7 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_3",
"nix-straight": "nix-straight",
"nixpkgs": "nixpkgs",
"nose": "nose",
@ -193,15 +241,57 @@
"flake": false,
"locked": {
"narHash": "sha256-K2wdsA4vcNTaLR9A9qxB+aMaeANL0LXOwBWvUm63lX0=",
"path": "./filesystem-keys",
"path": "/state/secrets/filesystem-keys",
"type": "path"
},
"original": {
"path": "./filesystem-keys",
"path": "/state/secrets/filesystem-keys",
"type": "path"
}
},
"filesystem-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-K2wdsA4vcNTaLR9A9qxB+aMaeANL0LXOwBWvUm63lX0=",
"path": "/state/secrets/filesystem-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/filesystem-keys",
"type": "path"
}
},
"flake-utils": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1623875721,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
@ -216,69 +306,176 @@
"type": "github"
}
},
"fudo-entities": {
"inputs": {
"flake-utils": "flake-utils",
"fudo-lib": "fudo-lib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1638137290,
"narHash": "sha256-8Kjzn0jr4arVDDaOQUtT7VFd1ir1SB1X1xp1OoLZduo=",
"ref": "master",
"rev": "45cb2ae34407530496a30c6121cad976bd186fc5",
"revCount": 8,
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git"
},
"original": {
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git"
}
},
"fudo-entities_2": {
"inputs": {
"flake-utils": "flake-utils_2",
"fudo-lib": "fudo-lib_2",
"nixpkgs": [
"fudo-nixos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1638137290,
"narHash": "sha256-8Kjzn0jr4arVDDaOQUtT7VFd1ir1SB1X1xp1OoLZduo=",
"ref": "master",
"rev": "45cb2ae34407530496a30c6121cad976bd186fc5",
"revCount": 8,
"type": "git",
"url": "https://git.fudo.org/nix/fudo-entities.git"
},
"original": {
"type": "git",
"url": "https://git.fudo.org/nix/fudo-entities.git"
}
},
"fudo-home": {
"inputs": {
"doom-emacs": "doom-emacs",
"home-manager": "home-manager",
"niten-doom-config": "niten-doom-config",
"nixpkgs": [
"fudo-nixos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1635528550,
"narHash": "sha256-q+ZMD+VmZHz9TazccHQvEdttdxWgKtm5ldDt+w4jpFU=",
"ref": "flake",
"rev": "7d7f95b1c229ceed825559f1f94ee6f676b429a6",
"revCount": 38,
"type": "git",
"url": "https://git.fudo.org/niten/nix-home.git"
"narHash": "sha256-NCvYqgBq3HCqBx+EO1grdiflR9tthm9bUIasB4XtI4U=",
"path": "/state/nixops/fudo-home",
"type": "path"
},
"original": {
"ref": "flake",
"type": "git",
"url": "https://git.fudo.org/niten/nix-home.git"
"path": "/state/nixops/fudo-home",
"type": "path"
}
},
"fudo-lib": {
"locked": {
"narHash": "sha256-r8qffvJPWbBJmN32thMIxjdmY9X5VCc3TuyQyFAIdks=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-lib_2": {
"locked": {
"narHash": "sha256-r8qffvJPWbBJmN32thMIxjdmY9X5VCc3TuyQyFAIdks=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-lib_3": {
"locked": {
"narHash": "sha256-O2CsIArXcPyiBtDbAiFNU2IvIBTqEljrwDJkGF0STbw=",
"path": "/state/fudo-lib",
"type": "path"
},
"original": {
"path": "/state/fudo-lib",
"type": "path"
}
},
"fudo-nixos": {
"flake": false,
"inputs": {
"fudo-entities": "fudo-entities_2",
"fudo-home": "fudo-home",
"fudo-lib": "fudo-lib_3",
"fudo-pkgs": "fudo-pkgs",
"fudo-secrets": "fudo-secrets",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"narHash": "sha256-nbjdCHS9siLHN6kcXwFy/hR3zDBXcQ5aPg3vWstzmsQ=",
"path": "/state/nixops/fudo-nixos",
"type": "path"
"lastModified": 1638251788,
"narHash": "sha256-JzsjH4L25cXv/mpm/JK7z34hUKDrXVWP2HMbY6FRnv0=",
"ref": "master",
"rev": "a1d4e2aeb4006b778e31caec0407173af9ca8fa6",
"revCount": 390,
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git"
},
"original": {
"path": "/state/nixops/fudo-nixos",
"type": "path"
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git"
}
},
"fudo-pkgs": {
"locked": {
"lastModified": 1633732024,
"narHash": "sha256-H1xthHmjvczP+qYQnoLmZjqagHEk5LVsv/0zDlmZoAc=",
"ref": "master",
"rev": "160807215cf9158605b072c54a9b682522d62989",
"revCount": 10,
"type": "git",
"url": "https://git.fudo.org/fudo-public/fudo-pkgs.git"
"narHash": "sha256-XwEs/VkqJp1mNwYUeBUqCPrW6GUEwAxbXMVOy7bF2P8=",
"path": "/state/nixops/fudo-pkgs",
"type": "path"
},
"original": {
"type": "git",
"url": "https://git.fudo.org/fudo-public/fudo-pkgs.git"
"path": "/state/nixops/fudo-pkgs",
"type": "path"
}
},
"fudo-secrets": {
"inputs": {
"backplane-passwords": "backplane-passwords",
"build-keypairs": "build-keypairs",
"build-seed": "build-seed",
"dnssec-keys": "dnssec-keys",
"filesystem-keys": "filesystem-keys",
"host-keytabs": "host-keytabs",
"realm-master-keys": "realm-master-keys",
"service-keytabs": "service-keytabs",
"service-passwords": "service-passwords",
"ssh-keypairs": "ssh-keypairs"
},
"locked": {
"narHash": "sha256-0L3GFcBuGWbPyz5GUj9jX+ENtPx/U2rcMzO3yCDSq1M=",
"narHash": "sha256-Q89s52d8KAMIbxh7aBoUwUTFAbgUBE5IaAIwd267k20=",
"path": "/state/secrets",
"type": "path"
},
"original": {
"path": "/state/secrets",
"type": "path"
}
},
"fudo-secrets_2": {
"inputs": {
"build-keypairs": "build-keypairs_2",
"build-seed": "build-seed_2",
"dnssec-keys": "dnssec-keys_2",
"filesystem-keys": "filesystem-keys_2",
"host-keytabs": "host-keytabs_2",
"realm-master-keys": "realm-master-keys_2",
"service-keytabs": "service-keytabs_2",
"service-passwords": "service-passwords_2",
"ssh-keypairs": "ssh-keypairs_2"
},
"locked": {
"narHash": "sha256-Q89s52d8KAMIbxh7aBoUwUTFAbgUBE5IaAIwd267k20=",
"path": "/state/secrets",
"type": "path"
},
@ -290,16 +487,17 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"fudo-nixos",
"fudo-home",
"nixpkgs"
]
},
"locked": {
"lastModified": 1633291410,
"narHash": "sha256-IxUzCGwj+s2Rn/+u0NtY36ix5I8MopMOO8Ip59PnBlw=",
"lastModified": 1637019201,
"narHash": "sha256-lq4gz51fx4m5FXfx1SCB444aEBeaYtLMVm3P18Wi9ls=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "382505714d10c6791a96712e0554587c75c5bf8b",
"rev": "bcf03fa16a1f06b8a0abb27bf49afa8d6fffe8f1",
"type": "github"
},
"original": {
@ -312,23 +510,35 @@
"host-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-+4bPq8vQIaBsMXXcuw41yLTxe6e/Yy80NlCdrabEPCM=",
"path": "./kerberos/host-keytabs",
"narHash": "sha256-LzDfB9ubACWyQzjXzsPH6eNoESmSVcMFFb3V025Xgow=",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
},
"original": {
"path": "./kerberos/host-keytabs",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
}
},
"host-keytabs_2": {
"flake": false,
"locked": {
"narHash": "sha256-LzDfB9ubACWyQzjXzsPH6eNoESmSVcMFFb3V025Xgow=",
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/host-keytabs",
"type": "path"
}
},
"niten-doom-config": {
"flake": false,
"locked": {
"lastModified": 1628274414,
"narHash": "sha256-EIGqjTHcYnjVXceY1tpjaYxNmORh8NNiL2FVWCI5sBo=",
"lastModified": 1633712607,
"narHash": "sha256-6PAw7Xvoj4JROeTqK1nhT2zv7bPpiQlm9t7H5HQ0f2k=",
"ref": "master",
"rev": "0ab1532c856ccdb6ce46c5948054279f439eb1f2",
"revCount": 34,
"rev": "0a4f8ce4121ba3d64d29b0d52733c08febfb83d8",
"revCount": 35,
"type": "git",
"url": "https://git.fudo.org/niten/doom-emacs.git"
},
@ -371,11 +581,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1635543790,
"narHash": "sha256-I1lo59Y5mPbkqB8qbp92p4e5Htfm6Wbhvt19efg0cBU=",
"lastModified": 1638196344,
"narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c0c30146347188ce908838fd2b50c1b7db47c0c",
"rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f",
"type": "github"
},
"original": {
@ -480,6 +690,30 @@
"type": "github"
}
},
"realm-master-keys": {
"flake": false,
"locked": {
"narHash": "sha256-5hDmPweE6lshRKA+AKRgJv7VwWxHsYekwMT32uAUKJU=",
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
}
},
"realm-master-keys_2": {
"flake": false,
"locked": {
"narHash": "sha256-5hDmPweE6lshRKA+AKRgJv7VwWxHsYekwMT32uAUKJU=",
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/master-keys",
"type": "path"
}
},
"revealjs": {
"flake": false,
"locked": {
@ -498,10 +732,9 @@
},
"root": {
"inputs": {
"fudo-home": "fudo-home",
"fudo-entities": "fudo-entities",
"fudo-nixos": "fudo-nixos",
"fudo-pkgs": "fudo-pkgs",
"fudo-secrets": "fudo-secrets",
"fudo-secrets": "fudo-secrets_2",
"nixpkgs": "nixpkgs_2"
}
},
@ -524,36 +757,72 @@
"service-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-F2npNGjUglGumazLFj9qQABGradbwCnKYZn8BEGweJc=",
"path": "./kerberos/service-keytabs",
"narHash": "sha256-9lw22Gh1IDX+MtXMLi+o3XbjvqEhOiZQG9FiG/xz/U0=",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
},
"original": {
"path": "./kerberos/service-keytabs",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
}
},
"service-keytabs_2": {
"flake": false,
"locked": {
"narHash": "sha256-9lw22Gh1IDX+MtXMLi+o3XbjvqEhOiZQG9FiG/xz/U0=",
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
},
"original": {
"path": "/state/secrets/kerberos/service-keytabs",
"type": "path"
}
},
"service-passwords": {
"flake": false,
"locked": {
"narHash": "sha256-QF809kxBsyAfshBlm3GLUFaxk5KbU8cIn8v/gY9C9c8=",
"path": "./service-passwords",
"narHash": "sha256-4xEJlPU+KeBtQuFqRlB1bzJMXUQ6a+DT2v3OptaHyTg=",
"path": "/state/secrets/service-passwords",
"type": "path"
},
"original": {
"path": "./service-passwords",
"path": "/state/secrets/service-passwords",
"type": "path"
}
},
"service-passwords_2": {
"flake": false,
"locked": {
"narHash": "sha256-4xEJlPU+KeBtQuFqRlB1bzJMXUQ6a+DT2v3OptaHyTg=",
"path": "/state/secrets/service-passwords",
"type": "path"
},
"original": {
"path": "/state/secrets/service-passwords",
"type": "path"
}
},
"ssh-keypairs": {
"flake": false,
"locked": {
"narHash": "sha256-HE2nCM6p8hhoLu7JFOaVimzC3XIZfgCT4WHgnp+wqm0=",
"path": "./ssh-keypairs",
"narHash": "sha256-TlRfaYFuJxLUCarxZ1XYnW8PruKyYO5RErVGo5hTgo4=",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
},
"original": {
"path": "./ssh-keypairs",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
}
},
"ssh-keypairs_2": {
"flake": false,
"locked": {
"narHash": "sha256-TlRfaYFuJxLUCarxZ1XYnW8PruKyYO5RErVGo5hTgo4=",
"path": "/state/secrets/ssh-keypairs",
"type": "path"
},
"original": {
"path": "/state/secrets/ssh-keypairs",
"type": "path"
}
}

38
deployments/seattle/flake.nix Normal file
View File

@ -0,0 +1,38 @@
{
description = "Seattle Fudo NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-secrets.url = "path:/state/secrets";
fudo-nixos = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-entities = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets } @ inputs:
with nixpkgs.lib; {
nixopsConfigurations.default = let
domain = "sea.fudo.org";
description = "Seattle Fudo NixOps Network";
deployment-hosts = filterAttrs
(hostname: hostOpts:
hostOpts.domain == domain &&
hostOpts.nixos-system)
fudo-entities.entities.hosts;
deployment-config-generator =
import ../../common/deployment.nix;
in deployment-config-generator {
inherit inputs deployment-hosts description;
};
};
}

1
fudo-home

@ -1 +0,0 @@
Subproject commit 7d7f95b1c229ceed825559f1f94ee6f676b429a6

1
fudo-nixos

@ -1 +0,0 @@
Subproject commit 79b05be7d33b2dccb1a6967d86b52d1c2e9e5e3b

1
fudo-pkgs

@ -1 +0,0 @@
Subproject commit b1af37ff1e6366469d0292e59514acf4f76c088d

92
joes-datacenter-0/flake.nix
View File

@ -1,92 +0,0 @@
{
description = "Definition of the Informis NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-home = {
url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-secrets.url = "path:/state/secrets";
fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-nixos = {
# url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
url = "path:/state/nixops/fudo-nixos";
# Don't import it as a flake
flake = false;
};
};
outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
description = "Informis NixOps network.";
domain = "informis.land";
site = "joes-datacenter-0";
build-timestamp = self.sourceInfo.lastModified;
hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; };
hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
hostOpts.nixos-system && hostOpts.site == site)
(hostlib.base-host-config (fudo-nixos + /config/hosts));
network-hosts =
(import (fudo-nixos + /config/networks/${domain}.nix)).hosts;
pkgs-for = system: import nixpkgs {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import (fudo-pkgs + "/overlay.nix"))
(import (fudo-nixos + "/lib/overlay.nix"))
];
};
initialize-host = import (fudo-nixos + /initialize.nix);
in {
nixopsConfigurations.default = {
inherit nixpkgs;
network = {
description = description;
enableRollback = true;
};
} // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let
system = hostOpts.arch;
profile = hostOpts.profile;
in { config, pkgs, lib, ... }: {
imports = [
fudo-home.nixosModule
fudo-secrets.nixosModule
(initialize-host {
inherit hostname build-timestamp site domain profile;
})
];
nixpkgs.pkgs = pkgs-for system;
deployment = with lib; {
targetHost = network-hosts.${hostname}.ipv4-address;
keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys)
then
mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) config.fudo.secrets.files.host-filesystem-keys.${hostname}
else {};
};
}) hosts);
};
}

104
portage/flake.nix
View File

@ -1,104 +0,0 @@
{
description = "Definition of the Portage NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-home = {
url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-secrets.url = "path:/state/secrets";
# fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-pkgs.url = "path:/state/nixops/fudo-pkgs";
fudo-nixos = {
url = "path:/state/nixops/fudo-nixos";
# url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
# Don't import it as a flake
flake = false;
};
};
outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
domain = "fudo.org";
site = "portage";
build-timestamp = self.sourceInfo.lastModified;
hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; };
hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
hostOpts.nixos-system && hostOpts.site == site)
(hostlib.base-host-config (fudo-nixos + /config/hosts));
network-hosts = (import (fudo-nixos + /config/networks/${domain}.nix)).hosts;
pkgs-for = system: import nixpkgs {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import (fudo-pkgs + "/overlay.nix"))
(import (fudo-nixos + "/lib/overlay.nix"))
];
};
initialize-host = import (fudo-nixos + /initialize.nix);
in {
nixopsConfigurations.default = {
inherit nixpkgs;
network = {
description = "Portage NixOps network.";
enableRollback = true;
};
} // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let
system = hostOpts.arch;
profile = hostOpts.profile;
in { config, ... }: let
pkgs = pkgs-for system;
lib = pkgs.lib;
build-seed = builtins.readFile config.fudo.secrets.files.build-seed;
in {
imports = [
fudo-home.nixosModule
fudo-secrets.nixosModule
(initialize-host {
inherit
lib
pkgs
hostname
build-timestamp
build-seed
site
domain
profile; })
];
nixpkgs.pkgs = pkgs-for system;
nixpkgs.lib = (pkgs-for system).lib;
deployment = with lib; {
targetHost = network-hosts.${hostname}.ipv4-address;
keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys)
then
mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) config.fudo.secrets.files.host-filesystem-keys.${hostname}
else {};
};
}) hosts);
};
}

105
seattle/flake.nix
View File

@ -1,105 +0,0 @@
{
description = "Definition of the Seattle NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-home = {
url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-secrets.url = "path:/state/secrets";
#fudo-pkgs.url = "path:/state/nixops/fudo-pkgs";
fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-nixos = {
url = "path:/state/nixops/fudo-nixos";
# url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
# Don't import it as a flake
flake = false;
};
};
outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
domain = "sea.fudo.org";
site = "seattle";
build-timestamp = self.sourceInfo.lastModified;
hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; };
hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
hostOpts.nixos-system && hostOpts.site == site)
(hostlib.base-host-config (fudo-nixos + /config/hosts));
network-hosts = (import (fudo-nixos + /config/networks/${domain}.nix)).hosts;
pkgs-for = system: import nixpkgs {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import (fudo-pkgs + "/overlay.nix"))
(import (fudo-nixos + "/lib/overlay.nix"))
];
};
initialize-host = import (fudo-nixos + /initialize.nix);
in {
nixopsConfigurations.default = {
inherit nixpkgs;
network = {
description = "Seattle NixOps network.";
enableRollback = true;
};
} // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let
system = hostOpts.arch;
profile = hostOpts.profile;
in { config, ... }: let
pkgs = pkgs-for system;
lib = pkgs.lib;
build-seed = builtins.readFile config.fudo.secrets.files.build-seed;
in {
imports = [
fudo-home.nixosModule
fudo-secrets.nixosModule
(initialize-host {
inherit
lib
pkgs
hostname
build-timestamp
build-seed
site
domain
profile;
})
];
nixpkgs.pkgs = pkgs-for system;
nixpkgs.lib = (pkgs-for system).lib;
deployment = with lib; {
targetHost = network-hosts.${hostname}.ipv4-address;
keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys)
then
mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) config.fudo.secrets.files.host-filesystem-keys.${hostname}
else {};
};
}) hosts);
};
}