deployments/common/deployment.nix

{ inputs, deployment-hosts, description, enable-rollback ? true, ... }:
with inputs.nixpkgs.lib; let
  network-config = {
    nixpkgs = inputs.nixpkgs;
    network = {
      inherit description;
      enableRollback = enable-rollback;
    };
  };

  host-configs = genAttrs deployment-hosts
    (hostname: fudo-nixos.nixopsHostConfigurations.${hostname});

  host-uber-secrets = genAttrs deployment-hosts
    (hostname: { config, ... }: let
      uber-secrets = config.fudo.secrets.files.host-filesystem-keys;
    in {
      imports = [
        inputs.fudo-secrets.nixosModule
        ({ config, ... }: {
          deployment.keys = mkIf (hasAttr hostname uber-secrets) {
            deployment.keys = mapAttrs (secret: secret-file: {
              keyFile = secret-file;
              user = "root";
              permissions = "0400";
            }) uber-secrets.${hostname};
          };
        })
      ];
    });
in network-config // host-configs // host-uber-secrets
Transitioning back to a deployment/ dir 2021-11-29 17:15:48 -08:00			`{ inputs, deployment-hosts, description, enable-rollback ? true, ... }:`
			`with inputs.nixpkgs.lib; let`
			`network-config = {`
			`nixpkgs = inputs.nixpkgs;`
			`network = {`
			`inherit description;`
			`enableRollback = enable-rollback;`
			`};`
			`};`

			`host-configs = genAttrs deployment-hosts`
			`(hostname: fudo-nixos.nixopsHostConfigurations.${hostname});`

			`host-uber-secrets = genAttrs deployment-hosts`
			`(hostname: { config, ... }: let`
			`uber-secrets = config.fudo.secrets.files.host-filesystem-keys;`
			`in {`
			`imports = [`
			`inputs.fudo-secrets.nixosModule`
			`({ config, ... }: {`
			`deployment.keys = mkIf (hasAttr hostname uber-secrets) {`
			`deployment.keys = mapAttrs (secret: secret-file: {`
			`keyFile = secret-file;`
			`user = "root";`
			`permissions = "0400";`
			`}) uber-secrets.${hostname};`
			`};`
			`})`
			`];`
			`});`
			`in network-config // host-configs // host-uber-secrets`