deployments/informis/flake.nix

{
  description = "Definition of the Informis NixOps network.";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-21.05";

    fudo-secrets.url = "path:/state/secrets";

    fudo-nixos = {
      url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    fudo-entities = {
      url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets, ... }:
    with nixpkgs.lib; {
      nixopsConfigurations.default = let
        domain = "informis.land";

        deployment-hosts = filterAttrs
          (hostname: hostOpts:
            hostOpts.domain == domain &&
            hostOpts.nixos-system)
          fudo-entities.entities.hosts;

        network-config = {
          inherit nixpkgs;
          network = {
            description = "Seattle NixOps network";
            enableRollback = true;
          };
        };

        uber-secrets = config.fudo.secrets.files.host-filesystem-keys;

        host-configs = (mapAttrs (hostname: hostOpts:
          fudo-nixos.nixopsHostConfigurations.${hostname})
          deployment-hosts);

        host-uber-secrets = (mapAttrs (hostname: hostOpts:
          if (hasAttr hostname uber-secrets) then
            mapAttrs (secret: secret-file: {
              keyFile = secret-file;
              user = "root";
              permissions = "0400";
            }) uber-secrets.${hostname}
          else {}));
      in network-config // host-configs // host-uber-secrets;
    };
}
Shuffling lots of stuff around 2021-11-29 16:40:16 -08:00			`{`
			`description = "Definition of the Informis NixOps network.";`

			`inputs = {`
			`nixpkgs.url = "nixpkgs/nixos-21.05";`

			`fudo-secrets.url = "path:/state/secrets";`

			`fudo-nixos = {`
			`url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/nixos-config.git";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`

			`fudo-entities = {`
			`url = "git+ssh://fudo_git@git.fudo.org:2222/fudo-nix/entities.git";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`};`

			`outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets, ... }:`
			`with nixpkgs.lib; {`
			`nixopsConfigurations.default = let`
			`domain = "informis.land";`

			`deployment-hosts = filterAttrs`
			`(hostname: hostOpts:`
			`hostOpts.domain == domain &&`
			`hostOpts.nixos-system)`
			`fudo-entities.entities.hosts;`

			`network-config = {`
			`inherit nixpkgs;`
			`network = {`
			`description = "Seattle NixOps network";`
			`enableRollback = true;`
			`};`
			`};`

			`uber-secrets = config.fudo.secrets.files.host-filesystem-keys;`

			`host-configs = (mapAttrs (hostname: hostOpts:`
			`fudo-nixos.nixopsHostConfigurations.${hostname})`
			`deployment-hosts);`

			`host-uber-secrets = (mapAttrs (hostname: hostOpts:`
			`if (hasAttr hostname uber-secrets) then`
			`mapAttrs (secret: secret-file: {`
			`keyFile = secret-file;`
			`user = "root";`
			`permissions = "0400";`
			`}) uber-secrets.${hostname}`
			`else {}));`
			`in network-config // host-configs // host-uber-secrets;`
			`};`
			`}`