From 6dc2119493f352859663c964a44195a6b459e258 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Tue, 19 Oct 2021 09:17:02 -0700
Subject: [PATCH] WORKING NFS, and adding informis
---
fudo-nixos | 2 +-
informis/flake.nix | 92 ++++++++++++++++++++++++++++++++++++++++++++++
seattle/flake.lock | 6 +--
3 files changed, 96 insertions(+), 4 deletions(-)
create mode 100644 informis/flake.nix
diff --git a/fudo-nixos b/fudo-nixos
index 3d5d7e3..409f341 160000
--- a/fudo-nixos
+++ b/fudo-nixos
@@ -1 +1 @@
-Subproject commit 3d5d7e389eceb5613b314bf084eed6667f0fa8f9
+Subproject commit 409f341fbb5141af4500255af8dc498c9de42d1b
diff --git a/informis/flake.nix b/informis/flake.nix
new file mode 100644
index 0000000..6727607
--- /dev/null
+++ b/informis/flake.nix
@@ -0,0 +1,92 @@
+let
+ description = "Informis NixOps network.";
+ domain = "informis.land";
+ site = "informis";
+
+in {
+ description = "Definition of the Informis NixOps network.";
+
+ inputs = {
+ nixpkgs.url = "nixpkgs/nixos-21.05";
+
+ fudo-home = {
+ url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ fudo-secrets.url = "path:/state/secrets";
+
+ fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
+
+ fudo-nixos = {
+ url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
+ # Don't import it as a flake
+ flake = false;
+ };
+ };
+
+ outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
+ build-timestamp = self.sourceInfo.lastModified;
+
+ hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; };
+
+ hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
+ hostOpts.nixos-system && hostOpts.site == site)
+ (hostlib.base-host-config (fudo-nixos + /config/hosts));
+
+ network-hosts =
+ (import (fudo-nixos + /config/networks/${domain}.nix)).hosts;
+
+ pkgs-for = system: import nixpkgs {
+ inherit system;
+ config = {
+ allowUnfree = true;
+ permittedInsecurePackages = [
+n "openssh-with-gssapi-8.4p1"
+ ];
+ };
+ overlays = [
+ (import (fudo-pkgs + "/overlay.nix"))
+ (import (fudo-nixos + "/lib/overlay.nix"))
+ ];
+ };
+
+ initialize-host = import (fudo-nixos + /initialize.nix);
+
+ in {
+ nixopsConfigurations.default = {
+ inherit nixpkgs;
+
+ network = {
+ description = description;
+ enableRollback = true;
+ };
+ } // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let
+ system = hostOpts.arch;
+ profile = hostOpts.profile;
+ in { config, pkgs, lib, ... }: {
+ imports = [
+ fudo-home.nixosModule
+ fudo-secrets.nixosModule
+ (initialize-host {
+ inherit hostname build-timestamp site domain profile;
+ })
+ ];
+
+ nixpkgs.pkgs = pkgs-for system;
+
+ deployment = with lib; {
+ targetHost = network-hosts.${hostname}.ipv4-address;
+
+ keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys)
+ then
+ mapAttrs (secret: secret-file: {
+ keyFile = secret-file;
+ user = "root";
+ permissions = "0400";
+ }) config.fudo.secrets.files.host-filesystem-keys.${hostname}
+ else {};
+ };
+ }) hosts);
+ };
+}
diff --git a/seattle/flake.lock b/seattle/flake.lock
index db29a2d..9c57585 100644
--- a/seattle/flake.lock
+++ b/seattle/flake.lock
@@ -243,7 +243,7 @@
"fudo-nixos": {
"flake": false,
"locked": {
- "narHash": "sha256-CjAIAldxjdR7mmPLhUWqQwjMLYI81fFHhE8tlfw3hGc=",
+ "narHash": "sha256-rZspm5MJjkiXONo7L9lsJqB2QZXoo/Wqs9+lODUkia8=",
"path": "/state/nixops/fudo-nixos",
"type": "path"
},
@@ -277,7 +277,7 @@
"ssh-keypairs": "ssh-keypairs"
},
"locked": {
- "narHash": "sha256-m1PDoHAJ+FSB38iM2hE43w5mEKz4KyFzar5pgjrowAc=",
+ "narHash": "sha256-TOBI3TVEHR97j7/Rf41P4QCpbL9XamHkHQHi3BhBdi4=",
"path": "/state/secrets",
"type": "path"
},
@@ -311,7 +311,7 @@
"host-keytabs": {
"flake": false,
"locked": {
- "narHash": "sha256-yvGgY3mgzaGjYBNHr0m4Lg2rxrB0+CRlzWdJ2A06MeM=",
+ "narHash": "sha256-QBfphmEdsPyzOSQxi1p+fZkpLXxXrWNQv1v5tnW0F+4=",
"path": "./kerberos/host-keytabs",
"type": "path"
},