Merged with unhead changes

config/host-config/plato.nix

@@ -5,56 +5,6 @@ let primary-ip = "10.0.0.21";
 
 in {
   config = {
-
-    boot.kernelParams = [ "nomodeset" ];
-
-    console.font = "VGA";
-
-    # fudo.secrets = {
-    #   host-secrets.plato = {
-    #     host-keytab = {
-    #       source-file = /state/secrets/kerberos/plato.keytab;
-    #       target-file = "/etc/krb5.keytab";
-    #       user = "root";
-    #     };
-    #   };
-
-    #   secret-group = "fudo-secrets";
-    #   secret-users = [ "niten" ];
-    #   secret-paths = [ "/state/secrets" ];
-    # };
-
-    systemd = let secrets-watcher-name = "secrets-ownership-fixer";
-    in {
-      tmpfiles.rules = [
-        "L /root/.gnupg - - - - /state/root/gnupg"
-        # "L /root/.emacs.d - - - - /state/root/emacs.d"
-        "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
-        "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
-        "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
-        "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
-        "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
-      ];
-    };
-
-    environment.etc = {
-      nixos.source = "/state/nixos";
-      adjtime.source = "/state/etc/adjtime";
-      NIXOS.source = "/state/etc/NIXOS";
-      "host-config.nix".source = "/state/etc/host-config.nix";
-    };
-
-    system.stateVersion = "20.09";
-
-    boot.initrd.postDeviceCommands = lib.mkAfter ''
-      ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
-    '';
-
-    security.sudo.extraConfig = ''
-      # rollback results in sudo lectures after each reboot
-      Defaults lecture = never
-    '';
-
     networking = {
       defaultGateway = {
         address = "10.0.0.1";
@@ -72,6 +22,42 @@ in {
       };
     };
 
+    # boot.kernelParams = [ "nomodeset" ];
+    # console.font = "VGA";
+
+    systemd.tmpfiles.rules = [
+      "L /root/.gnupg - - - - /state/root/gnupg"
+      # "L /root/.emacs.d - - - - /state/root/emacs.d"
+      "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
+      "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
+      "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
+      "L /etc/ssh/ssh_host_ed25519_key - - - - /state/ssh/ssh_host_ed25519_key"
+      "L /etc/ssh/ssh_host_rsa_key - - - - /state/ssh/ssh_host_rsa_key"
+    ];
+
+    environment = {
+      systemPackages = with pkgs; [
+        nixops
+      ];
+      etc = {
+        nixos.source = "/state/nixos";
+        adjtime.source = "/state/etc/adjtime";
+        NIXOS.source = "/state/etc/NIXOS";
+        "host-config.nix".source = "/state/etc/host-config.nix";
+      };
+    };
+
+    system.stateVersion = "20.09";
+
+    boot.initrd.postDeviceCommands = lib.mkAfter ''
+      ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
+    '';
+
+    security.sudo.extraConfig = ''
+      # rollback results in sudo lectures after each reboot
+      Defaults lecture = never
+    '';
+
     services = {
       openssh = {
         hostKeys = [

config/host-config/socrates.nix

@@ -35,11 +35,16 @@ in {
       "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
     ];
 
-    environment.etc = {
+    environment = {
-      nixos.source = "/state/nixos";
+      systemPackages = with pkgs; [
-      adjtime.source = "/state/etc/adjtime";
+        nixopsUnstable
-      NIXOS.source = "/state/etc/NIXOS";
+      ];
-      "host-config.nix".source = "/state/etc/host-config.nix";
+
+      etc = {
+        nixos.source = "/state/nixos";
+        adjtime.source = "/state/etc/adjtime";
+        NIXOS.source = "/state/etc/NIXOS";
+      };
     };
 
     system.stateVersion = "21.05";

config/profile-config/common-ui.nix

@@ -82,59 +82,59 @@ in {
     #fontconfig.subpixel.lcdfilter = "default";
 
     fonts = with pkgs; [
-      cantarell_fonts
+      # cantarell_fonts
-      dejavu_fonts
+      # dejavu_fonts
-      dina-font
+      # dina-font
-      dosemu_fonts
+      # dosemu_fonts
-      fira-code
+      # fira-code
-      fira-code-symbols
+      # fira-code-symbols
-      freefont_ttf
+      # freefont_ttf
-      liberation_ttf
+      # liberation_ttf
-      mplus-outline-fonts
+      # mplus-outline-fonts
-      nerdfonts
+      # nerdfonts
-      noto-fonts
+      # noto-fonts
-      noto-fonts-cjk
+      # noto-fonts-cjk
-      noto-fonts-emoji
+      # noto-fonts-emoji
-      proggyfonts
+      # proggyfonts
-      terminus_font
+      # terminus_font
-      ubuntu_font_family
+      # ubuntu_font_family
-      ucsFonts
+      # ucsFonts
-      ultimate-oldschool-pc-font-pack
+      # ultimate-oldschool-pc-font-pack
-      unifont
+      # unifont
-      xorg.fontadobe100dpi
+      # xorg.fontadobe100dpi
-      xorg.fontadobe75dpi
+      # xorg.fontadobe75dpi
-      xorg.fontadobeutopia100dpi
+      # xorg.fontadobeutopia100dpi
-      xorg.fontadobeutopia75dpi
+      # xorg.fontadobeutopia75dpi
-      xorg.fontadobeutopiatype1
+      # xorg.fontadobeutopiatype1
-      xorg.fontarabicmisc
+      # xorg.fontarabicmisc
-      xorg.fontbh100dpi
+      # xorg.fontbh100dpi
-      xorg.fontbh75dpi
+      # xorg.fontbh75dpi
-      xorg.fontbhlucidatypewriter100dpi
+      # xorg.fontbhlucidatypewriter100dpi
-      xorg.fontbhlucidatypewriter75dpi
+      # xorg.fontbhlucidatypewriter75dpi
-      xorg.fontbhttf
+      # xorg.fontbhttf
-      xorg.fontbhtype1
+      # xorg.fontbhtype1
-      xorg.fontbitstream100dpi
+      # xorg.fontbitstream100dpi
-      xorg.fontbitstream75dpi
+      # xorg.fontbitstream75dpi
-      xorg.fontbitstreamtype1
+      # xorg.fontbitstreamtype1
-      xorg.fontcronyxcyrillic
+      # xorg.fontcronyxcyrillic
-      xorg.fontcursormisc
+      # xorg.fontcursormisc
-      xorg.fontdaewoomisc
+      # xorg.fontdaewoomisc
-      xorg.fontdecmisc
+      # xorg.fontdecmisc
-      xorg.fontibmtype1
+      # xorg.fontibmtype1
-      xorg.fontisasmisc
+      # xorg.fontisasmisc
-      xorg.fontjismisc
+      # xorg.fontjismisc
-      xorg.fontmicromisc
+      # xorg.fontmicromisc
-      xorg.fontmisccyrillic
+      # xorg.fontmisccyrillic
-      xorg.fontmiscethiopic
+      # xorg.fontmiscethiopic
-      xorg.fontmiscmeltho
+      # xorg.fontmiscmeltho
-      xorg.fontmiscmisc
+      # xorg.fontmiscmisc
-      xorg.fontmuttmisc
+      # xorg.fontmuttmisc
-      xorg.fontschumachermisc
+      # xorg.fontschumachermisc
-      xorg.fontscreencyrillic
+      # xorg.fontscreencyrillic
-      xorg.fontsonymisc
+      # xorg.fontsonymisc
-      xorg.fontsunmisc
+      # xorg.fontsunmisc
-      xorg.fontwinitzkicyrillic
+      # xorg.fontwinitzkicyrillic
-      xorg.fontxfree86type1
+      # xorg.fontxfree86type1
     ];
   };
 }

initialize.nix

@@ -19,9 +19,6 @@ in {
   config = {
     instance = {
       inherit hostname build-timestamp;
-      local-site = site;
-      local-domain = domain;
-      local-profile = profile;
     };
   };
 }

lib/default.nix

@@ -11,6 +11,7 @@ with lib; {
     ./fudo/backplane
     ./fudo/chat.nix
     ./fudo/client/dns.nix
+    ./fudo/deploy.nix
     ./fudo/distributed-builds.nix
     ./fudo/dns.nix
     ./fudo/domains.nix

lib/fudo/backplane/dns.nix

@@ -1,3 +1,4 @@
+
 { config, pkgs, lib, ... }:
 
 with lib;

lib/fudo/deploy.nix

@@ -6,7 +6,8 @@ let
 
 in {
   config = {
-    users.usersroot.openssh.authorizedKeys.keys = mkIf (site-cfg.deploy-pubkeys != null)
+    users.users.root.openssh.authorizedKeys.keys =
-      site-cfg.deploy-pubkeys;
+      mkIf (site-cfg.deploy-pubkeys != null)
+        site-cfg.deploy-pubkeys;
   };
 }

lib/instance.nix

@@ -22,6 +22,11 @@ in {
       description = "Domain name of the current local host.";
     };
 
+    local-profile = mkOption {
+      type = str;
+      description = "Profile name of the current local host.";
+    };
+
     local-site = mkOption {
       type = str;
       description = "Site name of the current local host.";
@@ -58,18 +63,20 @@ in {
     local-domain = config.fudo.hosts.${local-host}.domain;
     local-site = config.fudo.hosts.${local-host}.site;
 
-    host-user-list = config.fudo.hosts."${local-host}".local-users;
+    host = config.fudo.hosts.${local-host};
+
+    host-user-list = host.local-users;
     domain-user-list = config.fudo.domains."${local-domain}".local-users;
     site-user-list = config.fudo.sites."${local-site}".local-users;
     local-users =
       getAttrs (host-user-list ++ domain-user-list ++ site-user-list) config.fudo.users;
 
-    host-admin-list = config.fudo.hosts."${local-host}".local-admins;
+    host-admin-list = host.local-admins;
     domain-admin-list = config.fudo.domains."${local-domain}".local-admins;
     site-admin-list = config.fudo.sites."${local-site}".local-admins;
     local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list;
 
-    host-group-list = config.fudo.hosts."${local-host}".local-groups;
+    host-group-list = host.local-groups;
     domain-group-list = config.fudo.domains."${local-domain}".local-groups;
     site-group-list = config.fudo.sites."${local-site}".local-groups;
     local-groups =
@@ -86,6 +93,7 @@ in {
       local-admins = local-admins;
       local-groups = local-groups;
       local-hosts = local-hosts;
+      local-profile = host.profile;
     };
   };
 }