Sigh. Still trying.

This commit is contained in:
niten 2021-11-19 22:30:51 -08:00
parent 8889d7919c
commit 88f25b5f47
5 changed files with 82 additions and 51 deletions

View File

@ -1,6 +1,4 @@
{ build-timestamp, networks, pkgs-for }:
hostname: hostOpts:
build-timestamp: hostname:
{ config, lib, ... }:
@ -11,21 +9,15 @@ with lib;
inherit build-timestamp;
};
nixpkgs.pkgs = pkgs-for hostOpts.arch;
deployment = let
domain = hostOpts.domain;
host-ip = networks.${domain}.hosts.${hostname}.ipv4-address;
fs-keys = config.fudo.secrets.files.host-filesystem-keys;
in {
keys = if (hasAttr hostname fs-keys) then
mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) fs-keys.${hostname} else {};
in {
inherit keys;
targetHost = host-ip;
};
};
}

View File

@ -1,19 +1,7 @@
{ deployment-hosts, description, ... }:
lib: build-timestamp: hostname: hostOpts:
{ self, nixpkgs, fudo-nixos, fudo-secrets, ... }:
with nixpkgs.lib;
with lib;
let
build-timestamp = self.sourceInfo.lastModified;
# helpers = import ./helpers.nix { lib = nixpkgs.lib; };
# syslib = import (fudo-nixos + /lib/system.nix) { lib = nixpkgs.lib; };
# networks = syslib.networks (fudo-nixos + /config/networks);
# deployment-hosts = getAttrs hostnames fudo-nixos.fudoHosts;
pkgs-for = system: import nixpkgs {
inherit system;
config = {
@ -28,22 +16,22 @@ let
};
};
host-config = let
networks = fudo-nixos.fudoNetworks;
in import ./deployment-config.nix {
inherit build-timestamp networks pkgs-for;
};
in fudo-nixos.nixosConfigurations.${hostname} {
in {
inherit nixpkgs;
} // mapAttrs (hostname: hostOpts: let
pkgs = pkgs-for hostOpts.arch;
host-ip = networks.${hostOpts.domain}.hosts.${hostname}.ipv4-address;
in fudo-nixos.nixosConfigurations.${hostname} // {
network = {
inherit description;
enableRollback = true;
config = {
nixpkgs.pkgs = pkgs;
imports = [
(host-config hostname)
];
instance = { inherit hostname; };
deployment.targetHost = host-ip;
};
} // mapAttrs (hostname: hostOpts: {
imports = [
(host-config hostname hostOpts)
fudo-nixos.nixosConfigurations.${hostname}
];
}) deployment-hosts

View File

@ -303,7 +303,7 @@
]
},
"locked": {
"narHash": "sha256-B2M99aciJcFkAfyNk5c0KXMc3wtfUxDZuBM8xeaYzes=",
"narHash": "sha256-1Z8ZrVFDTq9ohhYwD7Ti4KFYLgnRZG58OHvAQQAKZOU=",
"path": "/state/nixops/fudo-nixos",
"type": "path"
},

View File

@ -13,17 +13,27 @@
};
};
outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs: with nixpkgs.lib;
let
deployment = import ../../common/deployment.nix {
description = "Seattle NixOps network";
deployment-hosts = let
domain = "sea.fudo.org";
in filterAttrs
(hostname: hostOpts: hostOpts.domain == domain)
outputs = { self, nixpkgs, fudo-nixos, fudo-secrets, ... } @ inputs:
with nixpkgs.lib; {
nixopsConfigurations.default = let
deployment-hosts = filterAttrs
(hostname: hostOpts: hostOpts.domain == "sea.fudo.org")
fudo-nixos.fudoHosts;
};
in {
nixopsConfigurations.default = (deployment inputs);
build-timestamp = self.sourceInfo.lastModified;
host-gen-config = import ./host-config.nix {
inherit inputs build-timestamp;
};
host-configs = mapAttrs host-gen-config deployment-hosts;
in {
inherit nixpkgs;
network = {
description = "Seattle NixOps network";
enableRollback = true;
};
} // host-configs;
};
}

View File

@ -0,0 +1,41 @@
inputs: build-timestamp: hostname: hostOpts:
{ config, ... }:
let
pkgs-for = system: import inputs.nixpkgs {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
overlays = [
(import (inputs.fudo-pkgs + /overlay.nix))
(import (inputs.fudo-nixos + /lib/overlay.nix))
];
};
};
host-ip = hostname:
inputs.fudo-nixos.fudoNetworks.${hostOpts.domain}.hosts.${hostname}.ipv4-address;
in {
config = {
nixpkgs.pkgs = pkgs-for hostOpts.arch;
imports = [
inputs.fudo-nixos.nixosModule
inputs.fudo-secrets.nixosModule
];
instance = {
inherit hostname build-timestamp;
};
deployments = {
targetHost = host-ip hostname;
};
};
}