nix
/
deployments
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Created initial portage flake

This commit is contained in:
niten 2021-10-21 16:33:39 -07:00
parent c2f8a591aa
commit caedc06ff7
4 changed files with 118 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fudo-nixos

@ -1 +1 @@
Subproject commit 409f341fbb5141af4500255af8dc498c9de42d1b Subproject commit 81aae5cd8d0c859b2d6d16cfc40d1efb8f90f0f6

38
joes-datacenter-0/flake.lock
View File

@ -243,18 +243,13 @@
"fudo-nixos": { "fudo-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1634619324, "narHash": "sha256-0B2kRXs3D4ZqZwRak8LoIfzKxySEklH9ExC1uBNAAiE=",
"narHash": "sha256-RagNWJwRXJb7qkAaCw+B4+h/dIFjjbGpyFzcf35KBVs=", "path": "/state/nixops/fudo-nixos",
"ref": "nixops-flake", "type": "path"
"rev": "409f341fbb5141af4500255af8dc498c9de42d1b",
"revCount": 357,
"type": "git",
"url": "ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git"
}, },
"original": { "original": {
"ref": "nixops-flake", "path": "/state/nixops/fudo-nixos",
"type": "git", "type": "path"
"url": "ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git"
} }
}, },
"fudo-pkgs": { "fudo-pkgs": {
@ -278,11 +273,12 @@
"build-keypairs": "build-keypairs", "build-keypairs": "build-keypairs",
"filesystem-keys": "filesystem-keys", "filesystem-keys": "filesystem-keys",
"host-keytabs": "host-keytabs", "host-keytabs": "host-keytabs",
"service-keytabs": "service-keytabs",
"service-passwords": "service-passwords", "service-passwords": "service-passwords",
"ssh-keypairs": "ssh-keypairs" "ssh-keypairs": "ssh-keypairs"
}, },
"locked": { "locked": {
"narHash": "sha256-q1TQPvuZjjt1H+gI7R1Hqfn/TjwHcVwGwXzey2N0JaI=", "narHash": "sha256-7yAC1dWRpmpdPascKIhb3a6Q85tupqvx6zIZTVAsJ7o=",
"path": "/state/secrets", "path": "/state/secrets",
"type": "path" "type": "path"
}, },
@ -316,7 +312,7 @@
"host-keytabs": { "host-keytabs": {
"flake": false, "flake": false,
"locked": { "locked": {
"narHash": "sha256-QBfphmEdsPyzOSQxi1p+fZkpLXxXrWNQv1v5tnW0F+4=", "narHash": "sha256-GyYXhdmRj0eHXpQj85dOU+T+VYJkO6SK6J2XBIrmLTw=",
"path": "./kerberos/host-keytabs", "path": "./kerberos/host-keytabs",
"type": "path" "type": "path"
}, },
@ -375,11 +371,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1634551044, "lastModified": 1634661806,
"narHash": "sha256-HOHemrQt3wA7eS5YT8n+X0OdB9+X4O08YUPTrFMBG60=", "narHash": "sha256-fBuR7EZ67UOdNt3gEwhoyWJ6zJtXh4kuupIALRcx/7I=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f001876680c0e32a89bced8d02d2c61250684e17", "rev": "8fe3b97ef4527ac88d03ea33e0789f3512e01adc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -525,6 +521,18 @@
"type": "github" "type": "github"
} }
}, },
"service-keytabs": {
"flake": false,
"locked": {
"narHash": "sha256-vRo6wMpQunuKlk42J/e4nCGtF0hF0aMnA5HOv5+dPLM=",
"path": "./kerberos/service-keytabs",
"type": "path"
},
"original": {
"path": "./kerberos/service-keytabs",
"type": "path"
}
},
"service-passwords": { "service-passwords": {
"flake": false, "flake": false,
"locked": { "locked": {

3
joes-datacenter-0/flake.nix
View File

@ -14,7 +14,8 @@
fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git"; fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-nixos = { fudo-nixos = {
url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake"; # url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
url = "path:/state/nixops/fudo-nixos";
# Don't import it as a flake # Don't import it as a flake
flake = false; flake = false;
}; };

92
portage/flake.nix Normal file
View File

@ -0,0 +1,92 @@
{
description = "Definition of the Portage NixOps network.";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
fudo-home = {
url = "git+https://git.fudo.org/niten/nix-home.git?ref=flake";
inputs.nixpkgs.follows = "nixpkgs";
};
fudo-secrets.url = "path:/state/secrets";
#fudo-pkgs.url = "path:/state/nixops/fudo-pkgs";
fudo-pkgs.url = "git+https://git.fudo.org/fudo-public/fudo-pkgs.git";
fudo-nixos = {
url = "path:/state/nixops/fudo-nixos";
# url = "git+ssh://fudo_git@git.fudo.org:2222/fudosys/NixOS.git?ref=nixops-flake";
# Don't import it as a flake
flake = false;
};
};
outputs = { self, nixpkgs, fudo-home, fudo-nixos, fudo-pkgs, fudo-secrets, ... }: let
domain = "fudo.org";
site = "portage";
build-timestamp = self.sourceInfo.lastModified;
hostlib = import (fudo-nixos + /lib/hosts.nix) { lib = nixpkgs.lib; };
hosts = nixpkgs.lib.filterAttrs (hostname: hostOpts:
hostOpts.nixos-system && hostOpts.site == site)
(hostlib.base-host-config (fudo-nixos + /config/hosts));
network-hosts = (import (fudo-nixos + /config/networks/${domain}.nix)).hosts;
pkgs-for = system: import nixpkgs {
inherit system;
config = {
allowUnfree = true;
permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1"
];
};
overlays = [
(import (fudo-pkgs + "/overlay.nix"))
(import (fudo-nixos + "/lib/overlay.nix"))
];
};
initialize-host = import (fudo-nixos + /initialize.nix);
in {
nixopsConfigurations.default = {
inherit nixpkgs;
network = {
description = "Portage NixOps network.";
enableRollback = true;
};
} // (nixpkgs.lib.mapAttrs (hostname: hostOpts: let
system = hostOpts.arch;
profile = hostOpts.profile;
in { config, pkgs, lib, ... }: {
imports = [
fudo-home.nixosModule
fudo-secrets.nixosModule
(initialize-host {
inherit hostname build-timestamp site domain profile;
})
];
nixpkgs.pkgs = pkgs-for system;
deployment = with lib; {
targetHost = network-hosts.${hostname}.ipv4-address;
keys = if (hasAttr hostname config.fudo.secrets.files.host-filesystem-keys)
then
mapAttrs (secret: secret-file: {
keyFile = secret-file;
user = "root";
permissions = "0400";
}) config.fudo.secrets.files.host-filesystem-keys.${hostname}
else {};
};
}) hosts);
};
}