create top-level machine definition that is used by both deploy-rs and
nixos rename bootstrap script
This commit is contained in:
parent
b4fbc0b955
commit
3550a6e8a8
4 changed files with 48 additions and 28 deletions
|
@ -1,11 +1,11 @@
|
|||
{ machine, ...}:
|
||||
{
|
||||
age = {
|
||||
identityPaths = [ "/root/age_ed25519" ];
|
||||
|
||||
secrets = {
|
||||
# TODO: make machine independent
|
||||
"jefke_host_ed25519".file = ./secrets/jefke_host_ed25519.age;
|
||||
"jefke_user_ed25519".file = ./secrets/jefke_user_ed25519.age;
|
||||
"host_ed25519".file = ./secrets/${machine.name}_host_ed25519.age;
|
||||
"user_ed25519".file = ./secrets/${machine.name}_user_ed25519.age;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, ... }: {
|
||||
{ pkgs, config, machine, ... }: {
|
||||
imports = [ ./hardware-configuration.nix ./disk-config.nix ./agenix.nix ];
|
||||
|
||||
boot.loader = {
|
||||
|
@ -31,10 +31,9 @@
|
|||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
};
|
||||
# TODO! machine independent
|
||||
extraConfig = ''
|
||||
HostCertificate ${builtins.toFile "jefke_host_ed25519-cert.pub" (builtins.readFile ./jefke_host_ed25519-cert.pub)}
|
||||
HostKey ${config.age.secrets.jefke_host_ed25519.path}
|
||||
HostCertificate ${builtins.toFile "host_ed25519-cert.pub" machine.host-cert}
|
||||
HostKey ${config.age.secrets.host_ed25519.path}
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -66,10 +65,9 @@
|
|||
};
|
||||
};
|
||||
|
||||
# TODO: machine independent
|
||||
extraConfig = ''
|
||||
CertificateFile ${builtins.toFile "jefke_user_ed25519-cert.pub" (builtins.readFile ./jefke_user_ed25519-cert.pub)}
|
||||
HostKey ${config.age.secrets.jefke_user_ed25519.path}
|
||||
CertificateFile ${builtins.toFile "user_ed25519-cert.pub" machine.user-cert}
|
||||
HostKey ${config.age.secrets.user_ed25519.path}
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
34
flake.nix
34
flake.nix
|
@ -20,33 +20,55 @@
|
|||
system = "x86_64-linux";
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
|
||||
machines = {
|
||||
jefke = {
|
||||
name = "jefke";
|
||||
hostname = "jefke.hyp";
|
||||
user-cert = builtins.readFile ./jefke_user_ed25519-cert.pub;
|
||||
host-cert = builtins.readFile ./jefke_host_ed25519-cert.pub;
|
||||
};
|
||||
};
|
||||
in {
|
||||
devShells.${system}.default = pkgs.mkShell {
|
||||
packages = with pkgs-unstable; [ libsecret nixos-anywhere ];
|
||||
packages = [
|
||||
pkgs.libsecret
|
||||
pkgs-unstable.nixos-anywhere
|
||||
pkgs-unstable.deploy-rs
|
||||
];
|
||||
};
|
||||
|
||||
formatter = pkgs.nixfmt;
|
||||
# TODO. if uncommented, nix flake check fails
|
||||
# formatter = pkgs.nixfmt;
|
||||
|
||||
nixosConfigurations.hypervisor = nixpkgs.lib.nixosSystem {
|
||||
# TODO create helper
|
||||
nixosConfigurations = nixpkgs.lib.foldlAttrs (acc: name: machine:
|
||||
acc // {
|
||||
"${name}" = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = { inherit machine; };
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
agenix.nixosModules.default
|
||||
./configuration.nix
|
||||
];
|
||||
};
|
||||
}) { } machines;
|
||||
|
||||
deploy = {
|
||||
sshUser = "root";
|
||||
user = "root";
|
||||
|
||||
nodes.jefke = {
|
||||
hostname = "jefke.hyp";
|
||||
# TODO create helper
|
||||
nodes = nixpkgs.lib.foldlAttrs (acc: name: machine:
|
||||
acc // {
|
||||
"${name}" = {
|
||||
hostname = machine.hostname;
|
||||
profiles.hypervisor = {
|
||||
path = deploy-rs.lib.${system}.activate.nixos
|
||||
self.nixosConfigurations.hypervisor;
|
||||
self.nixosConfigurations.${name};
|
||||
};
|
||||
};
|
||||
}) { } machines;
|
||||
};
|
||||
|
||||
checks = builtins.mapAttrs
|
||||
|
|
Loading…
Reference in a new issue