77 lines
2.2 KiB
Nix
77 lines
2.2 KiB
Nix
{
|
|
description = "NixOS definitions for our physical servers";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
|
deploy-rs.url = "github:serokell/deploy-rs";
|
|
disko = {
|
|
url = "github:nix-community/disko";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
agenix = {
|
|
url = "github:ryantm/agenix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs = { self, nixpkgs, deploy-rs, disko, agenix, nixpkgs-unstable, ... }:
|
|
let
|
|
system = "x86_64-linux";
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
|
|
machines = {
|
|
jefke = {
|
|
name = "jefke";
|
|
hostname = "jefke.hyp";
|
|
user-cert = builtins.readFile ./jefke_user_ed25519-cert.pub;
|
|
host-cert = builtins.readFile ./jefke_host_ed25519-cert.pub;
|
|
};
|
|
};
|
|
in {
|
|
devShells.${system}.default = pkgs.mkShell {
|
|
packages = [
|
|
pkgs.libsecret
|
|
pkgs-unstable.nixos-anywhere
|
|
pkgs-unstable.deploy-rs
|
|
];
|
|
};
|
|
|
|
# TODO. if uncommented, nix flake check fails
|
|
# formatter = pkgs.nixfmt;
|
|
|
|
# TODO create helper
|
|
nixosConfigurations = nixpkgs.lib.foldlAttrs (acc: name: machine:
|
|
acc // {
|
|
"${name}" = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = { inherit machine; };
|
|
modules = [
|
|
disko.nixosModules.disko
|
|
agenix.nixosModules.default
|
|
./configuration.nix
|
|
];
|
|
};
|
|
}) { } machines;
|
|
|
|
deploy = {
|
|
sshUser = "root";
|
|
user = "root";
|
|
|
|
# TODO create helper
|
|
nodes = nixpkgs.lib.foldlAttrs (acc: name: machine:
|
|
acc // {
|
|
"${name}" = {
|
|
hostname = machine.hostname;
|
|
profiles.hypervisor = {
|
|
path = deploy-rs.lib.${system}.activate.nixos
|
|
self.nixosConfigurations.${name};
|
|
};
|
|
};
|
|
}) { } machines;
|
|
};
|
|
|
|
checks = builtins.mapAttrs
|
|
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
|
};
|
|
}
|