diff --git a/flake.lock b/flake.lock index e65b00c8..13d45ad5 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -41,16 +41,16 @@ "crane_2": { "flake": false, "locked": { - "lastModified": 1699217310, - "narHash": "sha256-xpW3VFUG7yE6UE6Wl0dhqencuENSkV7qpnpe9I8VbPw=", + "lastModified": 1727316705, + "narHash": "sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE=", "owner": "ipetkov", "repo": "crane", - "rev": "d535642bbe6f377077f7c23f0febb78b1463f449", + "rev": "5b03654ce046b5167e7b0bccbd8244cb56c16f0e", "type": "github" }, "original": { "owner": "ipetkov", - "ref": "v0.15.0", + "ref": "v0.19.0", "repo": "crane", "type": "github" } @@ -82,11 +82,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1731274291, - "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", + "lastModified": 1738148035, + "narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=", "owner": "nix-community", "repo": "disko", - "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", + "rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54", "type": "github" }, "original": { @@ -106,11 +106,11 @@ "pyproject-nix": "pyproject-nix" }, "locked": { - "lastModified": 1732214960, - "narHash": "sha256-ViyEMSYwaza6y55XTDrsRi2K4YKCLsefMTorjWSE27s=", + "lastModified": 1735160684, + "narHash": "sha256-n5CwhmqKxifuD4Sq4WuRP/h5LO6f23cGnSAuJemnd/4=", "owner": "nix-community", "repo": "dream2nix", - "rev": "a8dac99db44307fdecead13a39c584b97812d0d4", + "rev": "8ce6284ff58208ed8961681276f82c2f8f978ef4", "type": "github" }, "original": { @@ -123,6 +123,7 @@ "inputs": { "nixpkgs": [ "nixops4-nixos", + "nixops4", "nix-cargo-integration", "nixpkgs" ], @@ -130,11 +131,11 @@ "pyproject-nix": "pyproject-nix_2" }, "locked": { - "lastModified": 1722526955, - "narHash": "sha256-fFS8aDnfK9Qfm2FLnQ8pqWk8FzvFEv5LvTuZTZLREnc=", + "lastModified": 1735160684, + "narHash": "sha256-n5CwhmqKxifuD4Sq4WuRP/h5LO6f23cGnSAuJemnd/4=", "owner": "nix-community", "repo": "dream2nix", - "rev": "3fd4c14d3683baac8d1f94286ae14fe160888b51", + "rev": "8ce6284ff58208ed8961681276f82c2f8f978ef4", "type": "github" }, "original": { @@ -162,11 +163,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -207,16 +208,48 @@ "type": "github" } }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -230,11 +263,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -252,11 +285,11 @@ ] }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -284,19 +317,38 @@ } }, "flake-parts_5": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_4" + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_6": { "inputs": { "nixpkgs-lib": [ "nixops4-nixos", + "nixops4", "nix", "nixpkgs" ] }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -309,15 +361,14 @@ "inputs": { "flake-compat": "flake-compat", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1730814269, - "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "d70155fdc00df4628446352fc58adc640cd705c2", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", "type": "github" }, "original": { @@ -348,11 +399,70 @@ ] }, "locked": { - "lastModified": 1721042469, - "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix_2": { + "inputs": { + "flake-compat": "flake-compat_4", + "gitignore": "gitignore_2", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix_3": { + "inputs": { + "flake-compat": [ + "nixops4-nixos", + "nixops4", + "nix" + ], + "gitignore": [ + "nixops4-nixos", + "nixops4", + "nix" + ], + "nixpkgs": [ + "nixops4-nixos", + "nixops4", + "nix", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixops4-nixos", + "nixops4", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", "type": "github" }, "original": { @@ -382,6 +492,28 @@ "type": "github" } }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "nixops4-nixos", + "git-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -403,39 +535,6 @@ "type": "github" } }, - "libgit2": { - "flake": false, - "locked": { - "lastModified": 1715853528, - "narHash": "sha256-J2rCxTecyLbbDdsyBWn9w7r3pbKRMkI9E7RvRgAqBdY=", - "owner": "libgit2", - "repo": "libgit2", - "rev": "36f7e21ad757a3dacc58cf7944329da6bc1d6e96", - "type": "github" - }, - "original": { - "owner": "libgit2", - "ref": "v1.8.1", - "repo": "libgit2", - "type": "github" - } - }, - "libgit2_2": { - "flake": false, - "locked": { - "lastModified": 1724328629, - "narHash": "sha256-7SuD4k+ORwFPwDm5Qr5eSV6GMVWjMfFed9KYi8riUQo=", - "owner": "libgit2", - "repo": "libgit2", - "rev": "782e29c906f6e44b120843356f286b6a97d89f88", - "type": "github" - }, - "original": { - "owner": "libgit2", - "repo": "libgit2", - "type": "github" - } - }, "mk-naked-shell": { "flake": false, "locked": { @@ -473,7 +572,6 @@ "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_3", "git-hooks-nix": "git-hooks-nix", - "libgit2": "libgit2", "nixpkgs": [ "nixops4", "nixpkgs" @@ -482,11 +580,11 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1732892090, - "narHash": "sha256-Ka/uNdaqpTAiVL++4MPHg8fG5o1tiJeY6G2t5UiKhd8=", + "lastModified": 1736342444, + "narHash": "sha256-u6OD0BH+UxyfrWMMpBfM5cz/TDWU9lxJOujgzqBnN9A=", "owner": "NixOS", "repo": "nix", - "rev": "64000481168d1da9d2519f055dd1fdee22275c21", + "rev": "5230d3ecc4cd3a3d965902a56b5a21bcc99821c3", "type": "github" }, "original": { @@ -510,11 +608,11 @@ "treefmt": "treefmt" }, "locked": { - "lastModified": 1733033761, - "narHash": "sha256-g7TCUozMeW3q5Uc+wmZI64yzFucQ3SYlZQepo7prarA=", + "lastModified": 1736316962, + "narHash": "sha256-nOWLP6pSblYrCipiBb7/SQpGhNe7AHT8m9f++b8/Ni4=", "owner": "yusdacra", "repo": "nix-cargo-integration", - "rev": "413617712f5189397cdf602485f89bf2b0a0e4af", + "rev": "1ce1f666c955e73f65de74f3a8c3ca2c3e5d741b", "type": "github" }, "original": { @@ -530,6 +628,7 @@ "mk-naked-shell": "mk-naked-shell_2", "nixpkgs": [ "nixops4-nixos", + "nixops4", "nixpkgs" ], "parts": "parts_2", @@ -537,11 +636,11 @@ "treefmt": "treefmt_2" }, "locked": { - "lastModified": 1724393640, - "narHash": "sha256-fjwO6Pv3d35F6UErY42hc7zXJr6ek0LhSZlgEu+eI04=", + "lastModified": 1736316962, + "narHash": "sha256-nOWLP6pSblYrCipiBb7/SQpGhNe7AHT8m9f++b8/Ni4=", "owner": "yusdacra", "repo": "nix-cargo-integration", - "rev": "3a8e3bb661db28522aa2d4a55f1fccf9f95ec33e", + "rev": "1ce1f666c955e73f65de74f3a8c3ca2c3e5d741b", "type": "github" }, "original": { @@ -552,29 +651,29 @@ }, "nix_2": { "inputs": { - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_5", - "libgit2": "libgit2_2", + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_6", + "git-hooks-nix": "git-hooks-nix_3", "nixpkgs": [ "nixops4-nixos", + "nixops4", "nixpkgs" ], "nixpkgs-23-11": "nixpkgs-23-11_2", - "nixpkgs-regression": "nixpkgs-regression_2", - "pre-commit-hooks": "pre-commit-hooks" + "nixpkgs-regression": "nixpkgs-regression_2" }, "locked": { - "lastModified": 1719448136, - "narHash": "sha256-ya0iofP+QysNzN7Gx7Btfe83ZW1YLpSdkccUNMnbBFQ=", + "lastModified": 1736342444, + "narHash": "sha256-u6OD0BH+UxyfrWMMpBfM5cz/TDWU9lxJOujgzqBnN9A=", "owner": "NixOS", "repo": "nix", - "rev": "ed129267dcd7dd2cce48c09b17aefd6cfc488bcd", + "rev": "5230d3ecc4cd3a3d965902a56b5a21bcc99821c3", "type": "github" }, "original": { "owner": "NixOS", + "ref": "master", "repo": "nix", - "rev": "ed129267dcd7dd2cce48c09b17aefd6cfc488bcd", "type": "github" } }, @@ -587,11 +686,11 @@ "nixpkgs-old": "nixpkgs-old" }, "locked": { - "lastModified": 1733171846, - "narHash": "sha256-MmWzxuH9bwBIM7/LQsJc6x/7S2YofWWPqwzLaqqudDQ=", + "lastModified": 1738308843, + "narHash": "sha256-I/+T3qhlcHDP628UjWqugdFKHEsjIA3blWqnoPxQTQ0=", "owner": "nixops4", "repo": "nixops4", - "rev": "b9dc536b7a0ea6dd947949c59c545e7fa604351a", + "rev": "7e83532e61aa70bccffea93d82e311e0ce07a4d1", "type": "github" }, "original": { @@ -603,21 +702,49 @@ "nixops4-nixos": { "inputs": { "flake-parts": "flake-parts_4", - "nix": "nix_2", - "nix-cargo-integration": "nix-cargo-integration_2", - "nixpkgs": "nixpkgs_5" + "git-hooks-nix": "git-hooks-nix_2", + "nixops4": "nixops4_2", + "nixops4-nixos": [ + "nixops4-nixos" + ], + "nixpkgs": [ + "nixops4-nixos", + "nixops4", + "nixpkgs" + ] }, "locked": { - "lastModified": 1727424043, - "narHash": "sha256-00Tm2hCF8xBZk4HmzsaoPGtvRVamq3OujE5xWyHm8FI=", + "lastModified": 1738310839, + "narHash": "sha256-dWTVaxENWTq6s7mO7xDxt2ml7pEHSYfHkm5h4yCQnIA=", "owner": "nixops4", - "repo": "nixops4", - "rev": "924af9b0f3666f22c638c02a21bc73a2ba002674", + "repo": "nixops4-nixos", + "rev": "65fe4b132fe299e03ee387d67d3fee1eb4593f4f", + "type": "github" + }, + "original": { + "owner": "nixops4", + "repo": "nixops4-nixos", + "type": "github" + } + }, + "nixops4_2": { + "inputs": { + "flake-parts": "flake-parts_5", + "nix": "nix_2", + "nix-cargo-integration": "nix-cargo-integration_2", + "nixpkgs": "nixpkgs_6", + "nixpkgs-old": "nixpkgs-old_2" + }, + "locked": { + "lastModified": 1738308843, + "narHash": "sha256-I/+T3qhlcHDP628UjWqugdFKHEsjIA3blWqnoPxQTQ0=", + "owner": "nixops4", + "repo": "nixops4", + "rev": "7e83532e61aa70bccffea93d82e311e0ce07a4d1", "type": "github" }, "original": { "owner": "nixops4", - "ref": "eval", "repo": "nixops4", "type": "github" } @@ -672,26 +799,26 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" } }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" } }, "nixpkgs-lib_3": { @@ -706,13 +833,41 @@ "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, + "nixpkgs-lib_4": { + "locked": { + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + } + }, "nixpkgs-old": { "locked": { - "lastModified": 1733016324, - "narHash": "sha256-8qwPSE2g1othR1u4uP86NXxm6i7E9nHPyJX3m3lx7Q4=", + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7e1ca67996afd8233d9033edd26e442836cc2ad6", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-old_2": { + "locked": { + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", "type": "github" }, "original": { @@ -754,29 +909,13 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1730958623, - "narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=", + "lastModified": 1737879851, + "narHash": "sha256-H+FXIKj//kmFHTTW4DFeOjR7F1z2/3eb2iwN6Me4YZk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85f7e662eda4fa3a995556527c87b2524b691933", + "rev": "5d3221fd57cc442a1a522a15eb5f58230f45a304", "type": "github" }, "original": { @@ -788,11 +927,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1730958623, - "narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=", + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85f7e662eda4fa3a995556527c87b2524b691933", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", "type": "github" }, "original": { @@ -804,11 +943,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1732837521, - "narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=", + "lastModified": 1737469691, + "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "970e93b9f82e2a0f3675757eb0bfc73297cc6370", + "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", "type": "github" }, "original": { @@ -820,11 +959,27 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1724819573, - "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", + "lastModified": 1730768919, + "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", + "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1737469691, + "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", "type": "github" }, "original": { @@ -834,13 +989,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { - "lastModified": 1734323986, - "narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=", + "lastModified": 1738163270, + "narHash": "sha256-B/7Y1v4y+msFFBW1JAdFjNvVthvNdJKiN6EGRPnqfno=", "owner": "nixos", "repo": "nixpkgs", - "rev": "394571358ce82dff7411395829aa6a3aad45b907", + "rev": "59e618d90c065f55ae48446f307e8c09565d5ab0", "type": "github" }, "original": { @@ -859,11 +1014,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -876,16 +1031,17 @@ "inputs": { "nixpkgs-lib": [ "nixops4-nixos", + "nixops4", "nix-cargo-integration", "nixpkgs" ] }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -894,41 +1050,6 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": [ - "nixops4-nixos", - "nix" - ], - "gitignore": [ - "nixops4-nixos", - "nix" - ], - "nixpkgs": [ - "nixops4-nixos", - "nix", - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixops4-nixos", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724857454, - "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "purescript-overlay": { "inputs": { "flake-compat": "flake-compat_3", @@ -956,8 +1077,10 @@ }, "purescript-overlay_2": { "inputs": { + "flake-compat": "flake-compat_6", "nixpkgs": [ "nixops4-nixos", + "nixops4", "nix-cargo-integration", "dream2nix", "nixpkgs" @@ -965,11 +1088,11 @@ "slimlock": "slimlock_2" }, "locked": { - "lastModified": 1696022621, - "narHash": "sha256-eMjFmsj2G1E0Q5XiibUNgFjTiSz0GxIeSSzzVdoN730=", + "lastModified": 1728546539, + "narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=", "owner": "thomashoneyman", "repo": "purescript-overlay", - "rev": "047c7933abd6da8aa239904422e22d190ce55ead", + "rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4", "type": "github" }, "original": { @@ -1020,7 +1143,7 @@ "git-hooks": "git-hooks", "nixops4": "nixops4", "nixops4-nixos": "nixops4-nixos", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" } }, "rust-overlay": { @@ -1032,11 +1155,11 @@ ] }, "locked": { - "lastModified": 1733020719, - "narHash": "sha256-Chv9+3zrf1DhdB9JyskjoV0vJbCQEgkVqrU3p4RPLv8=", + "lastModified": 1736303309, + "narHash": "sha256-IKrk7RL+Q/2NC6+Ql6dwwCNZI6T6JH2grTdJaVWHF0A=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "8e18f10703112e6c33e1c0d8b93e8305f6f0a75c", + "rev": "a0b81d4fa349d9af1765b0f0b4a899c13776f706", "type": "github" }, "original": { @@ -1046,13 +1169,20 @@ } }, "rust-overlay_2": { - "flake": false, + "inputs": { + "nixpkgs": [ + "nixops4-nixos", + "nixops4", + "nix-cargo-integration", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1724379657, - "narHash": "sha256-+CFDh1FUgyY7q0FiWhKJpHS7LlD3KbiqN5Z4Z+4bGmc=", + "lastModified": 1736303309, + "narHash": "sha256-IKrk7RL+Q/2NC6+Ql6dwwCNZI6T6JH2grTdJaVWHF0A=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "a18034322c7703fcfe5d7352a77981ba4a936a61", + "rev": "a0b81d4fa349d9af1765b0f0b4a899c13776f706", "type": "github" }, "original": { @@ -1089,6 +1219,7 @@ "inputs": { "nixpkgs": [ "nixops4-nixos", + "nixops4", "nix-cargo-integration", "dream2nix", "purescript-overlay", @@ -1096,11 +1227,11 @@ ] }, "locked": { - "lastModified": 1688610262, - "narHash": "sha256-Wg0ViDotFWGWqKIQzyYCgayeH8s4U1OZcTiWTQYdAp4=", + "lastModified": 1688756706, + "narHash": "sha256-xzkkMv3neJJJ89zo3o2ojp7nFeaZc2G0fYwNXNJRFlo=", "owner": "thomashoneyman", "repo": "slimlock", - "rev": "b5c6cdcaf636ebbebd0a1f32520929394493f1a6", + "rev": "cf72723f59e2340d24881fd7bf61cb113b4c407c", "type": "github" }, "original": { @@ -1133,11 +1264,11 @@ ] }, "locked": { - "lastModified": 1732894027, - "narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=", + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "6209c381904cab55796c5d7350e89681d3b2a8ef", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", "type": "github" }, "original": { @@ -1150,16 +1281,17 @@ "inputs": { "nixpkgs": [ "nixops4-nixos", + "nixops4", "nix-cargo-integration", "nixpkgs" ] }, "locked": { - "lastModified": 1724338379, - "narHash": "sha256-kKJtaiU5Ou+e/0Qs7SICXF22DLx4V/WhG1P6+k4yeOE=", + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "070f834771efa715f3e74cd8ab93ecc96fabc951", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f7251ccb..9e2a657a 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ disko.url = "github:nix-community/disko"; nixops4.url = "github:nixops4/nixops4"; - nixops4-nixos.url = "github:nixops4/nixops4/eval"; + nixops4-nixos.url = "github:nixops4/nixops4-nixos"; }; outputs = @@ -23,13 +23,11 @@ imports = [ inputs.git-hooks.flakeModule - inputs.nixops4-nixos.modules.flake.default + inputs.nixops4.modules.flake.default ./deployment/flake-part.nix ./infra/flake-part.nix - ./keys/flake-part.nix ./services/flake-part.nix - ./secrets/flake-part.nix ]; perSystem = diff --git a/infra/README.org b/infra/README.org index 80cbd011..d426a0d6 100644 --- a/infra/README.org +++ b/infra/README.org @@ -7,7 +7,20 @@ Their configuration can be updated via NixOps4. Run nixops4 deployments list #+end_src -to see the available deployments. Given a deployment (eg. ~git~), run +to see the available deployments. This should be done from the root of the +repository, otherwise NixOps4 will fail with something like: + +#+begin_src +nixops4 error: evaluation: error: + … while calling the 'getFlake' builtin + + error: path '/nix/store/05nn7krhvi8wkcyl6bsysznlv60g5rrf-source/flake.nix' does not exist, evaluation: error: + … while calling the 'getFlake' builtin + + error: path '/nix/store/05nn7krhvi8wkcyl6bsysznlv60g5rrf-source/flake.nix' does not exist +#+end_src + +Then, given a deployment (eg. ~git~), run #+begin_src sh nixops4 apply diff --git a/infra/common/default.nix b/infra/common/nixos/default.nix similarity index 100% rename from infra/common/default.nix rename to infra/common/nixos/default.nix diff --git a/infra/common/hardware.nix b/infra/common/nixos/hardware.nix similarity index 100% rename from infra/common/hardware.nix rename to infra/common/nixos/hardware.nix diff --git a/infra/common/networking.nix b/infra/common/nixos/networking.nix similarity index 66% rename from infra/common/networking.nix rename to infra/common/nixos/networking.nix index b6968c8c..3d50b9d5 100644 --- a/infra/common/networking.nix +++ b/infra/common/nixos/networking.nix @@ -1,18 +1,10 @@ { config, lib, ... }: let - inherit (lib) mkOption mkDefault; + inherit (lib) mkDefault; in { - options = { - procolix.vm = { - name = mkOption { }; - ip4 = mkOption { }; - ip6 = mkOption { }; - }; - }; - config = { services.openssh = { enable = true; @@ -20,8 +12,8 @@ in }; networking = { - hostName = config.procolix.vm.name; - domain = "procolix.com"; + hostName = config.procolixVm.name; + domain = config.procolixVm.domain; ## REVIEW: Do we actually need that, considering that we have static IPs? useDHCP = mkDefault true; @@ -31,16 +23,14 @@ in ipv4 = { addresses = [ { - address = config.procolix.vm.ip4; - prefixLength = 24; + inherit (config.procolixVm.ipv4) address prefixLength; } ]; }; ipv6 = { addresses = [ { - address = config.procolix.vm.ip6; - prefixLength = 64; + inherit (config.procolixVm.ipv6) address prefixLength; } ]; }; @@ -48,11 +38,11 @@ in }; defaultGateway = { - address = "185.206.232.1"; + address = config.procolixVm.ipv4.gateway; interface = "eth0"; }; defaultGateway6 = { - address = "2a00:51c0:12:1201::1"; + address = config.procolixVm.ipv6.gateway; interface = "eth0"; }; diff --git a/infra/common/nftables-ruleset.nft b/infra/common/nixos/nftables-ruleset.nft similarity index 100% rename from infra/common/nftables-ruleset.nft rename to infra/common/nixos/nftables-ruleset.nft diff --git a/infra/common/users.nix b/infra/common/nixos/users.nix similarity index 100% rename from infra/common/users.nix rename to infra/common/nixos/users.nix diff --git a/infra/common/options.nix b/infra/common/options.nix new file mode 100644 index 00000000..a3246fd5 --- /dev/null +++ b/infra/common/options.nix @@ -0,0 +1,81 @@ +{ lib, ... }: + +let + inherit (lib) mkOption; + +in +{ + options.procolixVm = { + name = mkOption { + description = '' + The name of the machine. Most of the time, this will look like `vm02XXX` + or `fediYYY`. + ''; + }; + + domain = mkOption { + description = '' + The domain hosting the machine. Most of the time, this will be either of + `procolix.com`, `fediversity.eu` or `abundos.eu`. + ''; + default = "procolix.com"; + }; + + ipv4 = { + address = mkOption { + description = '' + The IP address of the machine, version 4. It will be injected as a + value in `networking.interfaces.eth0`, but it will also be used to + communicate with the machine via NixOps4. + ''; + }; + + prefixLength = mkOption { + description = '' + The subnet mask of the interface, specified as the number of bits in + the prefix. + ''; + default = 24; + }; + + gateway = mkOption { + description = '' + The IP address of the default gateway. + ''; + default = "185.206.232.1"; # FIXME: compute default from `address` and `prefixLength`. + }; + }; + + ipv6 = { + address = mkOption { + description = '' + The IP address of the machine, version 6. It will be injected as a + value in `networking.interfaces.eth0`, but it will also be used to + communicate with the machine via NixOps4. + ''; + }; + + prefixLength = mkOption { + description = '' + The subnet mask of the interface, specified as the number of bits in + the prefix. + ''; + default = 64; + }; + + gateway = mkOption { + description = '' + The IP address of the default gateway. + ''; + default = "2a00:51c0:12:1201::1"; # FIXME: compute default from `address` and `prefixLength`. + }; + }; + + hostPublicKey = mkOption { + description = '' + The host public key of the machine. It is used to filter Age secrets and + only keep the relevant ones, and to feed to NixOps4. + ''; + }; + }; +} diff --git a/infra/common/resource.nix b/infra/common/resource.nix new file mode 100644 index 00000000..9f7e2f4f --- /dev/null +++ b/infra/common/resource.nix @@ -0,0 +1,57 @@ +{ + inputs, + lib, + config, + ... +}: + +let + inherit (lib) attrValues elem; + inherit (lib.attrsets) concatMapAttrs optionalAttrs; + inherit (lib.strings) removeSuffix; + + secretsPrefix = ../../secrets; + secrets = import (secretsPrefix + "/secrets.nix"); + keys = import ../../keys; + hostPublicKey = keys.systems.${config.procolixVm.name}; + +in +{ + imports = [ ./options.nix ]; + + ssh = { + host = config.procolixVm.ipv4.address; + hostPublicKey = hostPublicKey; + }; + + nixpkgs = inputs.nixpkgs; + + ## The configuration of the machine. We strive to keep in this file only the + ## options that really need to be injected from the resource. Everything else + ## should go into the `./nixos` subdirectory. + nixos.module = { + imports = [ + inputs.agenix.nixosModules.default + ./options.nix + ./nixos + ]; + + ## Inject the shared options from the resource's `config` into the NixOS + ## configuration. + procolixVm = config.procolixVm; + + ## Read all the secrets, filter the ones that are supposed to be readable + ## with this host's public key, and add them correctly to the configuration + ## as `age.secrets..file`. + age.secrets = concatMapAttrs ( + name: secret: + optionalAttrs (elem hostPublicKey secret.publicKeys) ({ + ${removeSuffix ".age" name}.file = secretsPrefix + "/${name}"; + }) + ) secrets; + + ## FIXME: Remove direct root authentication once the NixOps4 NixOS provider + ## supports users with password-less sudo. + users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors; + }; +} diff --git a/infra/fedi300/default.nix b/infra/fedi300/default.nix index 642423d8..0ebd3310 100644 --- a/infra/fedi300/default.nix +++ b/infra/fedi300/default.nix @@ -1,33 +1,34 @@ -{ lib, ... }: - { - imports = [ - ./forgejo-actions-runner.nix - ]; + procolixVm = { + domain = "fediversity.eu"; - procolix.vm = { - name = "fedi300"; - ip4 = "95.215.187.30"; - ip6 = "2a00:51c0:12:1305::30"; + ipv4 = { + address = "95.215.187.30"; + gateway = "95.215.187.1"; + }; + ipv6 = { + address = "2a00:51c0:12:1305::30"; + gateway = "2a00:51c0:13:1305::1"; + }; }; - ## FIXME: We should just have an option under `procolix.vm` to distinguish - ## between Procolix VMs and Fediversity ones. - networking.domain = lib.mkForce "fediversity.eu"; - networking.defaultGateway.address = lib.mkForce "95.215.187.1"; - networking.defaultGateway6.address = lib.mkForce "2a00:51c0:13:1305::1"; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1A4E-07F4"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" + nixos.module = { + imports = [ + ./forgejo-actions-runner.nix ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1A4E-07F4"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; }; } diff --git a/infra/flake-part.nix b/infra/flake-part.nix index c1c49c05..0896479a 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -1,60 +1,37 @@ { - self, inputs, lib, ... }: let - inherit (lib) attrValues mapAttrs; + inherit (lib) attrValues concatLists mapAttrs; inherit (lib.attrsets) genAttrs; - makeResource = - vmid: - { providers, ... }: - let - vmmodule = import (./. + "/${vmid}"); - in - { - type = providers.local.exec; - imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ]; - ssh = { - # FIXME: The following assumes that `vmmodule` does not use arguments - # and does not get `proxolix.vm.ip4` from an import, etc. I have tried - # an approach with `lib.evalModules` but I cannot get it to work. - host = vmmodule.procolix.vm.ip4; - opts = ""; - hostPublicKey = self.keys.systems.${vmid}; - }; - nixpkgs = inputs.nixpkgs; - nixos.module = { - imports = [ - vmmodule - ./common - self.nixosModules.ageSecrets - { - fediversity.hostPublicKey = self.keys.systems.${vmid}; - - ## FIXME: Remove direct root authentication once the NixOps4 NixOS - ## provider supports users with password-less sudo. - users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors; - } - ]; - }; - }; + addDefaultDeployment = + deployments: deployments // { default = concatLists (attrValues deployments); }; makeDeployments = mapAttrs ( - _: vmids: + _: vmNames: { providers, ... }: { - providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local; - resources = genAttrs vmids (vmid: makeResource vmid { inherit providers; }); + providers.local = inputs.nixops4.modules.nixops4Provider.local; + resources = genAttrs vmNames (vmName: { + _module.args = { inherit inputs; }; + type = providers.local.exec; + imports = [ + inputs.nixops4-nixos.modules.nixops4Resource.nixos + ./common/resource.nix + (./. + "/${vmName}") + ]; + procolixVm.name = vmName; + }); } ); in { - nixops4Deployments = makeDeployments { + nixops4Deployments = makeDeployments (addDefaultDeployment { git = [ "vm02116" "fedi300" @@ -64,5 +41,5 @@ in "vm02179" "vm02186" ]; - }; + }); } diff --git a/infra/vm02116/default.nix b/infra/vm02116/default.nix index 34f7a24f..cf5940a3 100644 --- a/infra/vm02116/default.nix +++ b/infra/vm02116/default.nix @@ -1,27 +1,28 @@ { - imports = [ - ./forgejo.nix - ]; - - procolix.vm = { - name = "vm02116"; - ip4 = "185.206.232.34"; - ip6 = "2a00:51c0:12:1201::20"; + procolixVm = { + ipv4.address = "185.206.232.34"; + ipv6.address = "2a00:51c0:12:1201::20"; }; - ## vm02116 is running on old hardware based on a Xen VM environment, so it - ## needs these extra options. Once the VM gets moved to a newer node, these - ## two options can safely be removed. - boot.initrd.availableKernelModules = [ "xen_blkfront" ]; - services.xe-guest-utilities.enable = true; + nixos.module = { + imports = [ + ./forgejo.nix + ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853"; - fsType = "ext4"; - }; + ## vm02116 is running on old hardware based on a Xen VM environment, so it + ## needs these extra options. Once the VM gets moved to a newer node, these + ## two options can safely be removed. + boot.initrd.availableKernelModules = [ "xen_blkfront" ]; + services.xe-guest-utilities.enable = true; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2CE2-1173"; - fsType = "vfat"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/3802a66d-e31a-4650-86f3-b51b11918853"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/2CE2-1173"; + fsType = "vfat"; + }; }; } diff --git a/infra/vm02179/default.nix b/infra/vm02179/default.nix index fbf2027e..6839d5cd 100644 --- a/infra/vm02179/default.nix +++ b/infra/vm02179/default.nix @@ -1,21 +1,22 @@ { - procolix.vm = { - name = "vm02179"; - ip4 = "185.206.232.179"; - ip6 = "2a00:51c0:12:1201::179"; + procolixVm = { + ipv4.address = "185.206.232.179"; + ipv6.address = "2a00:51c0:12:1201::179"; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241"; - fsType = "ext4"; - }; + nixos.module = { + fileSystems."/" = { + device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/D9F4-9BF0"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D9F4-9BF0"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; }; } diff --git a/infra/vm02186/default.nix b/infra/vm02186/default.nix index 032dc122..7811cc5d 100644 --- a/infra/vm02186/default.nix +++ b/infra/vm02186/default.nix @@ -1,21 +1,22 @@ { - procolix.vm = { - name = "vm02186"; - ip4 = "185.206.232.186"; - ip6 = "2a00:51c0:12:1201::186"; + procolixVm = { + ipv4.address = "185.206.232.186"; + ipv6.address = "2a00:51c0:12:1201::186"; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a"; - fsType = "ext4"; - }; + nixos.module = { + fileSystems."/" = { + device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a"; + fsType = "ext4"; + }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/B4D5-3AF9"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/B4D5-3AF9"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; }; } diff --git a/infra/vm02187/default.nix b/infra/vm02187/default.nix index 70a0f0e6..a1620197 100644 --- a/infra/vm02187/default.nix +++ b/infra/vm02187/default.nix @@ -1,25 +1,26 @@ { - imports = [ - ./wiki.nix - ]; - - procolix.vm = { - name = "vm02187"; - ip4 = "185.206.232.187"; - ip6 = "2a00:51c0:12:1201::187"; + procolixVm = { + ipv4.address = "185.206.232.187"; + ipv6.address = "2a00:51c0:12:1201::187"; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/6AB5-4FA8"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" + nixos.module = { + imports = [ + ./wiki.nix ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6AB5-4FA8"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; }; } diff --git a/keys/flake-part.nix b/keys/flake-part.nix deleted file mode 100644 index 7e01c8fd..00000000 --- a/keys/flake-part.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - flake.keys = import ./.; -} diff --git a/secrets/flake-part.nix b/secrets/flake-part.nix deleted file mode 100644 index b2e1874d..00000000 --- a/secrets/flake-part.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - inputs, - lib, - ... -}: - -let - inherit (builtins) elem; - inherit (lib.attrsets) concatMapAttrs optionalAttrs; - inherit (lib.strings) removeSuffix; - - secrets = import ./secrets.nix; -in -{ - flake = { - inherit secrets; - - nixosModules.ageSecrets = ( - { config, ... }: - { - imports = [ inputs.agenix.nixosModules.default ]; - - options.fediversity.hostPublicKey = lib.mkOption { - description = '' - The host public key of the machine. It is used in particular - to filter Age secrets and only keep the relevant ones. - ''; - }; - - config.age.secrets = concatMapAttrs ( - name: secret: - optionalAttrs (elem config.fediversity.hostPublicKey secret.publicKeys) ({ - ${removeSuffix ".age" name}.file = ./. + "/${name}"; - }) - ) secrets; - } - ); - }; -}