Transitioning back to a deployment/ dir
This commit is contained in:
parent
c345daa524
commit
6780fa76cd
|
|
@ -0,0 +1,31 @@
|
||||||
|
{ inputs, deployment-hosts, description, enable-rollback ? true, ... }:
|
||||||
|
with inputs.nixpkgs.lib; let
|
||||||
|
network-config = {
|
||||||
|
nixpkgs = inputs.nixpkgs;
|
||||||
|
network = {
|
||||||
|
inherit description;
|
||||||
|
enableRollback = enable-rollback;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
host-configs = genAttrs deployment-hosts
|
||||||
|
(hostname: fudo-nixos.nixopsHostConfigurations.${hostname});
|
||||||
|
|
||||||
|
host-uber-secrets = genAttrs deployment-hosts
|
||||||
|
(hostname: { config, ... }: let
|
||||||
|
uber-secrets = config.fudo.secrets.files.host-filesystem-keys;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
inputs.fudo-secrets.nixosModule
|
||||||
|
({ config, ... }: {
|
||||||
|
deployment.keys = mkIf (hasAttr hostname uber-secrets) {
|
||||||
|
deployment.keys = mapAttrs (secret: secret-file: {
|
||||||
|
keyFile = secret-file;
|
||||||
|
user = "root";
|
||||||
|
permissions = "0400";
|
||||||
|
}) uber-secrets.${hostname};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
});
|
||||||
|
in network-config // host-configs // host-uber-secrets
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
description = "Definition of the Informis NixOps network.";
|
description = "Informis NixOps network.";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "nixpkgs/nixos-21.05";
|
nixpkgs.url = "nixpkgs/nixos-21.05";
|
||||||
|
|
@ -17,39 +17,22 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets, ... }:
|
outputs = { self, nixpkgs, fudo-nixos, fudo-entities, fudo-secrets } @ inputs:
|
||||||
with nixpkgs.lib; {
|
with nixpkgs.lib; {
|
||||||
nixopsConfigurations.default = let
|
nixopsConfigurations.default = let
|
||||||
domain = "informis.land";
|
domain = "informis.land";
|
||||||
|
description = "Informis NixOps Network";
|
||||||
|
|
||||||
deployment-hosts = filterAttrs
|
deployment-hosts = attrNames
|
||||||
(hostname: hostOpts:
|
(filterAttrs
|
||||||
hostOpts.domain == domain &&
|
(hostname: hostOpts:
|
||||||
hostOpts.nixos-system)
|
hostOpts.domain == domain &&
|
||||||
fudo-entities.entities.hosts;
|
hostOpts.nixos-system)
|
||||||
|
fudo-entities.entities.hosts);
|
||||||
|
|
||||||
network-config = {
|
deployment-config-generator = import ../common/deployment.nix;
|
||||||
inherit nixpkgs;
|
in deployment-config-generator {
|
||||||
network = {
|
inherit inputs deployment-hosts description;
|
||||||
description = "Seattle NixOps network";
|
};
|
||||||
enableRollback = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
uber-secrets = config.fudo.secrets.files.host-filesystem-keys;
|
|
||||||
|
|
||||||
host-configs = (mapAttrs (hostname: hostOpts:
|
|
||||||
fudo-nixos.nixopsHostConfigurations.${hostname})
|
|
||||||
deployment-hosts);
|
|
||||||
|
|
||||||
host-uber-secrets = (mapAttrs (hostname: hostOpts:
|
|
||||||
if (hasAttr hostname uber-secrets) then
|
|
||||||
mapAttrs (secret: secret-file: {
|
|
||||||
keyFile = secret-file;
|
|
||||||
user = "root";
|
|
||||||
permissions = "0400";
|
|
||||||
}) uber-secrets.${hostname}
|
|
||||||
else {}));
|
|
||||||
in network-config // host-configs // host-uber-secrets;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue