nix
/
deployments
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sigh. Still trying.

This commit is contained in:
niten 2021-11-19 22:30:51 -08:00
parent 8889d7919c
commit 88f25b5f47
5 changed files with 82 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
common/deployment-config.nix
View File

@ -1,6 +1,4 @@
{ build-timestamp, networks, pkgs-for }: build-timestamp: hostname:
hostname: hostOpts:
{ config, lib, ... }: { config, lib, ... }:
@ -11,21 +9,15 @@ with lib;
inherit build-timestamp; inherit build-timestamp;
}; };
nixpkgs.pkgs = pkgs-for hostOpts.arch;
deployment = let deployment = let
domain = hostOpts.domain;
host-ip = networks.${domain}.hosts.${hostname}.ipv4-address;
fs-keys = config.fudo.secrets.files.host-filesystem-keys; fs-keys = config.fudo.secrets.files.host-filesystem-keys;
in {
keys = if (hasAttr hostname fs-keys) then keys = if (hasAttr hostname fs-keys) then
mapAttrs (secret: secret-file: { mapAttrs (secret: secret-file: {
keyFile = secret-file; keyFile = secret-file;
user = "root"; user = "root";
permissions = "0400"; permissions = "0400";
}) fs-keys.${hostname} else {}; }) fs-keys.${hostname} else {};
in {
inherit keys;
targetHost = host-ip;
}; };
}; };
} }

46
common/deployment.nix
View File

@ -1,19 +1,7 @@
{ deployment-hosts, description, ... }: lib: build-timestamp: hostname: hostOpts:
{ self, nixpkgs, fudo-nixos, fudo-secrets, ... }: with lib;
with nixpkgs.lib;
let let
build-timestamp = self.sourceInfo.lastModified;
# helpers = import ./helpers.nix { lib = nixpkgs.lib; };
# syslib = import (fudo-nixos + /lib/system.nix) { lib = nixpkgs.lib; };
# networks = syslib.networks (fudo-nixos + /config/networks);
# deployment-hosts = getAttrs hostnames fudo-nixos.fudoHosts;
pkgs-for = system: import nixpkgs { pkgs-for = system: import nixpkgs {
inherit system; inherit system;
config = { config = {
@ -28,22 +16,22 @@ let
}; };
}; };
host-config = let in fudo-nixos.nixosConfigurations.${hostname} {
networks = fudo-nixos.fudoNetworks;
in import ./deployment-config.nix {
inherit build-timestamp networks pkgs-for;
};
in { } // mapAttrs (hostname: hostOpts: let
inherit nixpkgs; pkgs = pkgs-for hostOpts.arch;
host-ip = networks.${hostOpts.domain}.hosts.${hostname}.ipv4-address;
in fudo-nixos.nixosConfigurations.${hostname} // {
network = { config = {
inherit description; nixpkgs.pkgs = pkgs;
enableRollback = true;
imports = [
(host-config hostname)
];
instance = { inherit hostname; };
deployment.targetHost = host-ip;
}; };
} // mapAttrs (hostname: hostOpts: {
imports = [
(host-config hostname hostOpts)
fudo-nixos.nixosConfigurations.${hostname}
];
}) deployment-hosts }) deployment-hosts

2
deployments/seattle/flake.lock
View File

@ -303,7 +303,7 @@
] ]
}, },
"locked": { "locked": {
"narHash": "sha256-B2M99aciJcFkAfyNk5c0KXMc3wtfUxDZuBM8xeaYzes=", "narHash": "sha256-1Z8ZrVFDTq9ohhYwD7Ti4KFYLgnRZG58OHvAQQAKZOU=",
"path": "/state/nixops/fudo-nixos", "path": "/state/nixops/fudo-nixos",
"type": "path" "type": "path"
}, },

32
deployments/seattle/flake.nix
View File

@ -13,17 +13,27 @@
}; };
}; };
outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs: with nixpkgs.lib; outputs = { self, nixpkgs, fudo-nixos, fudo-secrets, ... } @ inputs:
let with nixpkgs.lib; {
deployment = import ../../common/deployment.nix { nixopsConfigurations.default = let
description = "Seattle NixOps network"; deployment-hosts = filterAttrs
deployment-hosts = let (hostname: hostOpts: hostOpts.domain == "sea.fudo.org")
domain = "sea.fudo.org";
in filterAttrs
(hostname: hostOpts: hostOpts.domain == domain)
fudo-nixos.fudoHosts; fudo-nixos.fudoHosts;
};
in { build-timestamp = self.sourceInfo.lastModified;
nixopsConfigurations.default = (deployment inputs);
host-gen-config = import ./host-config.nix {
inherit inputs build-timestamp;
};
host-configs = mapAttrs host-gen-config deployment-hosts;
in {
inherit nixpkgs;
network = {
description = "Seattle NixOps network";
enableRollback = true;
};
} // host-configs;
}; };
} }

41
deployments/seattle/host-config.nix Normal file
View File

@ -0,0 +1,41 @@
inputs: build-timestamp: hostname: hostOpts:
{ config, ... }:
let
pkgs-for = system: import inputs.nixpkgs {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
overlays = [
(import (inputs.fudo-pkgs + /overlay.nix))
(import (inputs.fudo-nixos + /lib/overlay.nix))
];
};
};
host-ip = hostname:
inputs.fudo-nixos.fudoNetworks.${hostOpts.domain}.hosts.${hostname}.ipv4-address;
in {
config = {
nixpkgs.pkgs = pkgs-for hostOpts.arch;
imports = [
inputs.fudo-nixos.nixosModule
inputs.fudo-secrets.nixosModule
];
instance = {
inherit hostname build-timestamp;
};
deployments = {
targetHost = host-ip hostname;
};
};
}