Sigh. Still trying.
This commit is contained in:
parent
8889d7919c
commit
88f25b5f47
|
@ -1,6 +1,4 @@
|
|||
{ build-timestamp, networks, pkgs-for }:
|
||||
|
||||
hostname: hostOpts:
|
||||
build-timestamp: hostname:
|
||||
|
||||
{ config, lib, ... }:
|
||||
|
||||
|
@ -11,21 +9,15 @@ with lib;
|
|||
inherit build-timestamp;
|
||||
};
|
||||
|
||||
nixpkgs.pkgs = pkgs-for hostOpts.arch;
|
||||
|
||||
deployment = let
|
||||
domain = hostOpts.domain;
|
||||
host-ip = networks.${domain}.hosts.${hostname}.ipv4-address;
|
||||
fs-keys = config.fudo.secrets.files.host-filesystem-keys;
|
||||
in {
|
||||
keys = if (hasAttr hostname fs-keys) then
|
||||
mapAttrs (secret: secret-file: {
|
||||
keyFile = secret-file;
|
||||
user = "root";
|
||||
permissions = "0400";
|
||||
}) fs-keys.${hostname} else {};
|
||||
in {
|
||||
inherit keys;
|
||||
targetHost = host-ip;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,19 +1,7 @@
|
|||
{ deployment-hosts, description, ... }:
|
||||
lib: build-timestamp: hostname: hostOpts:
|
||||
|
||||
{ self, nixpkgs, fudo-nixos, fudo-secrets, ... }:
|
||||
with nixpkgs.lib;
|
||||
with lib;
|
||||
let
|
||||
|
||||
build-timestamp = self.sourceInfo.lastModified;
|
||||
|
||||
# helpers = import ./helpers.nix { lib = nixpkgs.lib; };
|
||||
|
||||
# syslib = import (fudo-nixos + /lib/system.nix) { lib = nixpkgs.lib; };
|
||||
|
||||
# networks = syslib.networks (fudo-nixos + /config/networks);
|
||||
|
||||
# deployment-hosts = getAttrs hostnames fudo-nixos.fudoHosts;
|
||||
|
||||
pkgs-for = system: import nixpkgs {
|
||||
inherit system;
|
||||
config = {
|
||||
|
@ -28,22 +16,22 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
host-config = let
|
||||
networks = fudo-nixos.fudoNetworks;
|
||||
in import ./deployment-config.nix {
|
||||
inherit build-timestamp networks pkgs-for;
|
||||
};
|
||||
in fudo-nixos.nixosConfigurations.${hostname} {
|
||||
|
||||
in {
|
||||
inherit nixpkgs;
|
||||
} // mapAttrs (hostname: hostOpts: let
|
||||
pkgs = pkgs-for hostOpts.arch;
|
||||
host-ip = networks.${hostOpts.domain}.hosts.${hostname}.ipv4-address;
|
||||
in fudo-nixos.nixosConfigurations.${hostname} // {
|
||||
|
||||
config = {
|
||||
nixpkgs.pkgs = pkgs;
|
||||
|
||||
network = {
|
||||
inherit description;
|
||||
enableRollback = true;
|
||||
};
|
||||
} // mapAttrs (hostname: hostOpts: {
|
||||
imports = [
|
||||
(host-config hostname hostOpts)
|
||||
fudo-nixos.nixosConfigurations.${hostname}
|
||||
(host-config hostname)
|
||||
];
|
||||
|
||||
instance = { inherit hostname; };
|
||||
|
||||
deployment.targetHost = host-ip;
|
||||
};
|
||||
}) deployment-hosts
|
||||
|
|
|
@ -303,7 +303,7 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"narHash": "sha256-B2M99aciJcFkAfyNk5c0KXMc3wtfUxDZuBM8xeaYzes=",
|
||||
"narHash": "sha256-1Z8ZrVFDTq9ohhYwD7Ti4KFYLgnRZG58OHvAQQAKZOU=",
|
||||
"path": "/state/nixops/fudo-nixos",
|
||||
"type": "path"
|
||||
},
|
||||
|
|
|
@ -13,17 +13,27 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, fudo-nixos, ... } @ inputs: with nixpkgs.lib;
|
||||
let
|
||||
deployment = import ../../common/deployment.nix {
|
||||
description = "Seattle NixOps network";
|
||||
deployment-hosts = let
|
||||
domain = "sea.fudo.org";
|
||||
in filterAttrs
|
||||
(hostname: hostOpts: hostOpts.domain == domain)
|
||||
outputs = { self, nixpkgs, fudo-nixos, fudo-secrets, ... } @ inputs:
|
||||
with nixpkgs.lib; {
|
||||
nixopsConfigurations.default = let
|
||||
deployment-hosts = filterAttrs
|
||||
(hostname: hostOpts: hostOpts.domain == "sea.fudo.org")
|
||||
fudo-nixos.fudoHosts;
|
||||
|
||||
build-timestamp = self.sourceInfo.lastModified;
|
||||
|
||||
host-gen-config = import ./host-config.nix {
|
||||
inherit inputs build-timestamp;
|
||||
};
|
||||
|
||||
host-configs = mapAttrs host-gen-config deployment-hosts;
|
||||
in {
|
||||
nixopsConfigurations.default = (deployment inputs);
|
||||
inherit nixpkgs;
|
||||
|
||||
network = {
|
||||
description = "Seattle NixOps network";
|
||||
enableRollback = true;
|
||||
};
|
||||
} // host-configs;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
inputs: build-timestamp: hostname: hostOpts:
|
||||
|
||||
{ config, ... }:
|
||||
|
||||
let
|
||||
pkgs-for = system: import inputs.nixpkgs {
|
||||
inherit system;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
permittedInsecurePackages = [
|
||||
"openssh-with-gssapi-8.4p1"
|
||||
];
|
||||
overlays = [
|
||||
(import (inputs.fudo-pkgs + /overlay.nix))
|
||||
(import (inputs.fudo-nixos + /lib/overlay.nix))
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
host-ip = hostname:
|
||||
inputs.fudo-nixos.fudoNetworks.${hostOpts.domain}.hosts.${hostname}.ipv4-address;
|
||||
|
||||
|
||||
in {
|
||||
config = {
|
||||
nixpkgs.pkgs = pkgs-for hostOpts.arch;
|
||||
|
||||
imports = [
|
||||
inputs.fudo-nixos.nixosModule
|
||||
inputs.fudo-secrets.nixosModule
|
||||
];
|
||||
|
||||
instance = {
|
||||
inherit hostname build-timestamp;
|
||||
};
|
||||
|
||||
deployments = {
|
||||
targetHost = host-ip hostname;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue