nixos-config/flake.nix

{
  description = "Fudo Host Configuration";

  inputs = {
    nixpkgs.url = "nixpkgs/nixos-21.05";

    fudo-home = {
      url = "path:/state/nixops/fudo-home";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    # This MUST be a clean git repo, because we use the timestamp.
    fudo-entities = {
      url = "git+https://git.fudo.org/nix/fudo-entities.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    fudo-lib = {
      url = "path:/state/fudo-lib";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    fudo-pkgs.url = "path:/state/nixops/fudo-pkgs";

    fudo-secrets.url = "path:/state/secrets";
  };

  outputs = { self,
              nixpkgs,
              fudo-home,
              fudo-lib,
              fudo-entities,
              fudo-pkgs,
              fudo-secrets,
              ... } @ inputs:
    with nixpkgs.lib;
    let
      fudo-nixos-hosts = filterAttrs
        (hostname: hostOpts: hostOpts.nixos-system)
        (fudo-entities.entities.hosts);

      fudo-networks = fudo-entities.entities.networks;

      pkgs-for = arch: import nixpkgs {
        system = arch;
        config = {
          allowUnfree = true;
          permittedInsecurePackages = [
            "openssh-with-gssapi-8.4p1"
          ];
        };
        overlays = [
          fudo-lib.overlay
          fudo-pkgs.overlay
        ];
      };

      latest-modified-timestamp = head
        (sort (a: b: a > b)
          (filter (timestamp: timestamp != null)
            (map (input: toInt input.lastModifiedDate) inputs)));

      concat-timestamp = timestamp:
        toInt (substring 0 10 (toString timestamp));

      common-host-config = hostname: hostOpts: let
        config-dir = ./config;
        build-timestamp =
          concatTimestamp last-modified-timestamp;
      in { config, ... }: {
        imports = [
          fudo-home.nixosModule
          fudo-secrets.nixosModule
          fudo-lib.nixosModule
          fudo-entities.nixosModule

          ./config
          (config-dir + /hardware/${hostname}.nix)
          (config-dir + /host-config/${hostname}.nix)
          (config-dir + /profile-config/${hostOpts.profile}.nix)
          (config-dir + /domain-config/${hostOpts.domain}.nix)
          (config-dir + /site-config/${hostOpts.site}.nix)
        ];

        config = {
          instance = let
            build-seed = builtins.readFile
              config.fudo.secrets.files.build-seed;
          in {
            inherit hostname build-timestamp build-seed;
          };

          nix.registry = {
            fudo-nixos.flake = self;
            fudo-entities.flake = fudo-entities;
            fudo-lib.flake = fudo-lib;
            fudo-pkgs.flake = fudo-pkgs;
          };

          nixpkgs.pkgs = pkgs-for hostOpts.arch;
        };
      };

      nixos-host-config = hostname: hostOpts: let
        system = hostOpts.arch;
      in nixosSystem {
        inherit system;
        modules = [
          (common-host-config hostname hostOpts)
        ];
      };

      nixops-host-config = hostname: hostOpts: let
        zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;
      in {
        imports = [
          (common-host-config hostname hostOpts)

          ({ ... }: {
            config.deployment.targetHost =
              zone-hosts.${hostname}.ipv4-address;
          })
        ];
      };

    in {
      nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts;
      nixopsHostConfigurations = mapAttrs nixops-host-config fudo-nixos-hosts;
    };
}
Add arch to hosts, share host config with flake. 2021-09-24 11:31:56 -07:00			`{`
			`description = "Fudo Host Configuration";`

			`inputs = {`
			`nixpkgs.url = "nixpkgs/nixos-21.05";`
Initial, broken 2021-09-29 17:55:13 -07:00
Pretty massive changes really 2021-11-28 12:39:03 -08:00			`fudo-home = {`
			`url = "path:/state/nixops/fudo-home";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Changes for cashew, added mobile site 2021-11-17 17:32:27 -08:00
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`# This MUST be a clean git repo, because we use the timestamp.`
Pretty massive changes really 2021-11-28 12:39:03 -08:00			`fudo-entities = {`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`url = "git+https://git.fudo.org/nix/fudo-entities.git";`
Pretty massive changes really 2021-11-28 12:39:03 -08:00			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00
Pretty massive changes really 2021-11-28 12:39:03 -08:00			`fudo-lib = {`
			`url = "path:/state/fudo-lib";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00
Changes for cashew, added mobile site 2021-11-17 17:32:27 -08:00			`fudo-pkgs.url = "path:/state/nixops/fudo-pkgs";`
Initial, broken 2021-09-29 17:55:13 -07:00
			`fudo-secrets.url = "path:/state/secrets";`
Add arch to hosts, share host config with flake. 2021-09-24 11:31:56 -07:00			`};`

Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`outputs = { self,`
			`nixpkgs,`
			`fudo-home,`
			`fudo-lib,`
			`fudo-entities,`
			`fudo-pkgs,`
			`fudo-secrets,`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`... } @ inputs:`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`with nixpkgs.lib;`
			`let`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`fudo-nixos-hosts = filterAttrs`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`(hostname: hostOpts: hostOpts.nixos-system)`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`(fudo-entities.entities.hosts);`
Initial, broken 2021-09-29 17:55:13 -07:00
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`fudo-networks = fudo-entities.entities.networks;`
Changes for cashew, added mobile site 2021-11-17 17:32:27 -08:00
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`pkgs-for = arch: import nixpkgs {`
			`system = arch;`
			`config = {`
			`allowUnfree = true;`
			`permittedInsecurePackages = [`
			`"openssh-with-gssapi-8.4p1"`
			`];`
			`};`
			`overlays = [`
			`fudo-lib.overlay`
			`fudo-pkgs.overlay`
Add arch to hosts, share host config with flake. 2021-09-24 11:31:56 -07:00			`];`
			`};`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00
Make the DNS serial correct 2021-11-29 19:21:38 -08:00			`latest-modified-timestamp = head`
			`(sort (a: b: a > b)`
			`(filter (timestamp: timestamp != null)`
			`(map (input: toInt input.lastModifiedDate) inputs)));`

			`concat-timestamp = timestamp:`
			`toInt (substring 0 10 (toString timestamp));`

Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`common-host-config = hostname: hostOpts: let`
			`config-dir = ./config;`
Make the DNS serial correct 2021-11-29 19:21:38 -08:00			`build-timestamp =`
			`concatTimestamp last-modified-timestamp;`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`in { config, ... }: {`
			`imports = [`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`fudo-home.nixosModule`
			`fudo-secrets.nixosModule`
Moving config stuff from ./lib into ./config 2021-11-22 10:17:44 -08:00			`fudo-lib.nixosModule`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`fudo-entities.nixosModule`

			`./config`
			`(config-dir + /hardware/${hostname}.nix)`
			`(config-dir + /host-config/${hostname}.nix)`
			`(config-dir + /profile-config/${hostOpts.profile}.nix)`
			`(config-dir + /domain-config/${hostOpts.domain}.nix)`
			`(config-dir + /site-config/${hostOpts.site}.nix)`
			`];`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`config = {`
			`instance = let`
			`build-seed = builtins.readFile`
			`config.fudo.secrets.files.build-seed;`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`in {`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`inherit hostname build-timestamp build-seed;`
			`};`

			`nix.registry = {`
			`fudo-nixos.flake = self;`
			`fudo-entities.flake = fudo-entities;`
			`fudo-lib.flake = fudo-lib;`
			`fudo-pkgs.flake = fudo-pkgs;`
			`};`

			`nixpkgs.pkgs = pkgs-for hostOpts.arch;`
			`};`
			`};`

			`nixos-host-config = hostname: hostOpts: let`
			`system = hostOpts.arch;`
			`in nixosSystem {`
			`inherit system;`
			`modules = [`
			`(common-host-config hostname hostOpts)`
			`];`
			`};`

			`nixops-host-config = hostname: hostOpts: let`
			`zone-hosts = fudo-entities.entities.zones.${hostOpts.domain}.hosts;`
			`in {`
			`imports = [`
			`(common-host-config hostname hostOpts)`

			`({ ... }: {`
			`config.deployment.targetHost =`
			`zone-hosts.${hostname}.ipv4-address;`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`})`
			`];`
Working 'flakified' nixops deploy! 2021-11-29 16:03:38 -08:00			`};`

			`in {`
			`nixosConfigurations = mapAttrs nixos-host-config fudo-nixos-hosts;`
			`nixopsHostConfigurations = mapAttrs nixops-host-config fudo-nixos-hosts;`
Changes to nutmeg and flake.nix 2021-11-19 10:26:10 -08:00			`};`
Add arch to hosts, share host config with flake. 2021-09-24 11:31:56 -07:00			`}`