nix/deployments
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added deployment definitions.

Browse Source
This commit is contained in:
niten
2021-11-29 22:08:44 -08:00
parent daa724a0eb
commit b689a64a1e
7 changed files with 974 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
common/deployment.nix
View File

@@ -8,24 +8,28 @@ with inputs.nixpkgs.lib; let
};
};
host-configs = genAttrs deployment-hosts
(hostname: fudo-nixos.nixopsHostConfigurations.${hostname});
host-config = hostname: inputs.fudo-nixos.nixopsHostConfigurations.${hostname};
host-uber-secrets = genAttrs deployment-hosts
(hostname: { config, ... }: let
uber-secrets = config.fudo.secrets.files.host-filesystem-keys;
in {
imports = [
inputs.fudo-secrets.nixosModule
({ config, ... }: {
deployment.keys = mkIf (hasAttr hostname uber-secrets) {
deployment.keys = mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) uber-secrets.${hostname};
};
})
];
});
in network-config // host-configs // host-uber-secrets
host-ip = hostname: domain: let
zone-hosts = inputs.fudo-entities.entities.zones.${domain}.hosts;
in zone-hosts.${hostname}.ipv4-address;
host-uber-secrets = hostname: { config, ... }: let
uber-secrets = config.fudo.secrets.files.host-filesystem-keys;
in {
config.deployment.keys = mkIf (hasAttr hostname uber-secrets)
(mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) uber-secrets.${hostname});
};
in network-config // (mapAttrs (hostname: hostOpts: {
imports = [
(host-config hostname)
(host-uber-secrets hostname)
];
deployment.targetHost = host-ip hostname hostOpts.domain;
}) deployment-hosts)