Fediversity/infra/flake-part.nix

{
  self,
  inputs,
  lib,
  ...
}:

let
  inherit (lib) attrValues mapAttrs;
  inherit (lib.attrsets) genAttrs;

  makeResource =
    vmid:
    { providers, ... }:
    let
      vmConfig = import (./. + "/${vmid}");
    in
    {
      type = providers.local.exec;
      imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];

      ssh = {
        host = vmConfig.procolix.vm.ip4;
        opts = "";
        hostPublicKey = self.keys.systems.${vmid};
      };

      nixpkgs = inputs.nixpkgs;

      nixos.module = {
        imports = [
          ## NOTE: We import an attrset as a NixOS module, for convenience, so
          ## as to be able to use it in NixOps4 and to grab information from it
          ## (eg. the IP) without evaluating the whole configuration first.
          vmConfig

          ./common
          self.nixosModules.ageSecrets
        ];

        ## Necessary to filter Age secrets.
        fediversity.hostPublicKey = self.keys.systems.${vmid};

        ## FIXME: Remove direct root authentication once the NixOps4 NixOS
        ## provider supports users with password-less sudo.
        users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
      };
    };

  makeDeployments = mapAttrs (
    _: vmids:
    { providers, ... }:
    {
      providers.local = inputs.nixops4.modules.nixops4Provider.local;
      resources = genAttrs vmids (vmid: makeResource vmid { inherit providers; });
    }
  );

in
{
  nixops4Deployments = makeDeployments {
    git = [
      "vm02116"
      "fedi300"
    ];
    web = [ "vm02187" ];
    other = [
      "vm02179"
      "vm02186"
    ];
  };
}
Factorise the deployment definition 2025-01-30 09:57:56 +01:00			`{`
			`self,`
			`inputs,`
			`lib,`
			`...`
			`}:`
Make a NixOps4 deployment for action runners 2024-11-17 01:02:23 +01:00
Factorise the resource definition 2025-01-30 09:53:45 +01:00			`let`
Automatically git `root` access to all contributors 2025-01-31 10:59:36 +01:00			`inherit (lib) attrValues mapAttrs;`
Factorise the deployment definition 2025-01-30 09:57:56 +01:00			`inherit (lib.attrsets) genAttrs;`

Factorise the resource definition 2025-01-30 09:53:45 +01:00			`makeResource =`
			`vmid:`
			`{ providers, ... }:`
			`let`
Clean up resource definition 2025-01-31 14:03:37 +01:00			`vmConfig = import (./. + "/${vmid}");`
Factorise the resource definition 2025-01-30 09:53:45 +01:00			`in`
			`{`
			`type = providers.local.exec;`
			`imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];`
Clean up resource definition 2025-01-31 14:03:37 +01:00
Factorise the resource definition 2025-01-30 09:53:45 +01:00			`ssh = {`
Clean up resource definition 2025-01-31 14:03:37 +01:00			`host = vmConfig.procolix.vm.ip4;`
Factorise the resource definition 2025-01-30 09:53:45 +01:00			`opts = "";`
			`hostPublicKey = self.keys.systems.${vmid};`
			`};`
Clean up resource definition 2025-01-31 14:03:37 +01:00
Factorise the resource definition 2025-01-30 09:53:45 +01:00			`nixpkgs = inputs.nixpkgs;`
Clean up resource definition 2025-01-31 14:03:37 +01:00
Factorise the resource definition 2025-01-30 09:53:45 +01:00			`nixos.module = {`
			`imports = [`
Clean up resource definition 2025-01-31 14:03:37 +01:00			`## NOTE: We import an attrset as a NixOS module, for convenience, so`
			`## as to be able to use it in NixOps4 and to grab information from it`
			`## (eg. the IP) without evaluating the whole configuration first.`
			`vmConfig`

Factorise the resource definition 2025-01-30 09:53:45 +01:00			`./common`
			`self.nixosModules.ageSecrets`
			`];`
Clean up resource definition 2025-01-31 14:03:37 +01:00
			`## Necessary to filter Age secrets.`
			`fediversity.hostPublicKey = self.keys.systems.${vmid};`

			`## FIXME: Remove direct root authentication once the NixOps4 NixOS`
			`## provider supports users with password-less sudo.`
			`users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;`
Factorise the resource definition 2025-01-30 09:53:45 +01:00			`};`
			`};`

Factorise the deployment definition 2025-01-30 09:57:56 +01:00			`makeDeployments = mapAttrs (`
			`_: vmids:`
Discontinue two old actions runners 2024-12-16 13:06:35 +01:00			`{ providers, ... }:`
			`{`
Bump NixOps4 in particular, follow the split of `nixops4-nixos` to its own repository. 2025-01-31 14:11:46 +01:00			`providers.local = inputs.nixops4.modules.nixops4Provider.local;`
Factorise the deployment definition 2025-01-30 09:57:56 +01:00			`resources = genAttrs vmids (vmid: makeResource vmid { inherit providers; });`
			`}`
			`);`
Discontinue two old actions runners 2024-12-16 13:06:35 +01:00
Factorise the deployment definition 2025-01-30 09:57:56 +01:00			`in`
			`{`
			`nixops4Deployments = makeDeployments {`
			`git = [`
			`"vm02116"`
			`"fedi300"`
			`];`
			`web = [ "vm02187" ];`
			`other = [`
			`"vm02179"`
			`"vm02186"`
			`];`
			`};`
Make a NixOps4 deployment for action runners 2024-11-17 01:02:23 +01:00			`}`