kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Rework infra to handle sharing options between resource and NixOS configuration (#96)

Browse source
This commit is contained in:
Nicolas Jeannerod 2025-02-03 10:06:59 +01:00
commit 12ab424a89
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
18 changed files with 616 additions and 405 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

544
flake.lock generated
View file

@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
@ -41,16 +41,16 @@
"crane_2": {
"flake": false,
"locked": {
"lastModified": 1699217310,
"narHash": "sha256-xpW3VFUG7yE6UE6Wl0dhqencuENSkV7qpnpe9I8VbPw=",
"lastModified": 1727316705,
"narHash": "sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "d535642bbe6f377077f7c23f0febb78b1463f449",
"rev": "5b03654ce046b5167e7b0bccbd8244cb56c16f0e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"ref": "v0.15.0",
"ref": "v0.19.0",
"repo": "crane",
"type": "github"
}
@ -82,11 +82,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1731274291,
"narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=",
"lastModified": 1738148035,
"narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=",
"owner": "nix-community",
"repo": "disko",
"rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc",
"rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54",
"type": "github"
},
"original": {
@ -106,11 +106,11 @@
"pyproject-nix": "pyproject-nix"
},
"locked": {
"lastModified": 1732214960,
"narHash": "sha256-ViyEMSYwaza6y55XTDrsRi2K4YKCLsefMTorjWSE27s=",
"lastModified": 1735160684,
"narHash": "sha256-n5CwhmqKxifuD4Sq4WuRP/h5LO6f23cGnSAuJemnd/4=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "a8dac99db44307fdecead13a39c584b97812d0d4",
"rev": "8ce6284ff58208ed8961681276f82c2f8f978ef4",
"type": "github"
},
"original": {
@ -123,6 +123,7 @@
"inputs": {
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nix-cargo-integration",
"nixpkgs"
],
@ -130,11 +131,11 @@
"pyproject-nix": "pyproject-nix_2"
},
"locked": {
"lastModified": 1722526955,
"narHash": "sha256-fFS8aDnfK9Qfm2FLnQ8pqWk8FzvFEv5LvTuZTZLREnc=",
"lastModified": 1735160684,
"narHash": "sha256-n5CwhmqKxifuD4Sq4WuRP/h5LO6f23cGnSAuJemnd/4=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "3fd4c14d3683baac8d1f94286ae14fe160888b51",
"rev": "8ce6284ff58208ed8961681276f82c2f8f978ef4",
"type": "github"
},
"original": {
@ -162,11 +163,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -207,16 +208,48 @@
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github"
},
"original": {
@ -230,11 +263,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github"
},
"original": {
@ -252,11 +285,11 @@
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
@ -284,19 +317,38 @@
}
},
"flake-parts_5": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_4"
},
"locked": {
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_6": {
"inputs": {
"nixpkgs-lib": [
"nixops4-nixos",
"nixops4",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
@ -309,15 +361,14 @@
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1730814269,
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
"lastModified": 1737465171,
"narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
"rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
"type": "github"
},
"original": {
@ -348,11 +399,70 @@
]
},
"locked": {
"lastModified": 1721042469,
"narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
"lastModified": 1734279981,
"narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
"rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"git-hooks-nix_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"gitignore": "gitignore_2",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1737465171,
"narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"git-hooks-nix_3": {
"inputs": {
"flake-compat": [
"nixops4-nixos",
"nixops4",
"nix"
],
"gitignore": [
"nixops4-nixos",
"nixops4",
"nix"
],
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nix",
"nixpkgs"
],
"nixpkgs-stable": [
"nixops4-nixos",
"nixops4",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1734279981,
"narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
"type": "github"
},
"original": {
@ -382,6 +492,28 @@
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixops4-nixos",
"git-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -403,39 +535,6 @@
"type": "github"
}
},
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1715853528,
"narHash": "sha256-J2rCxTecyLbbDdsyBWn9w7r3pbKRMkI9E7RvRgAqBdY=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "36f7e21ad757a3dacc58cf7944329da6bc1d6e96",
"type": "github"
},
"original": {
"owner": "libgit2",
"ref": "v1.8.1",
"repo": "libgit2",
"type": "github"
}
},
"libgit2_2": {
"flake": false,
"locked": {
"lastModified": 1724328629,
"narHash": "sha256-7SuD4k+ORwFPwDm5Qr5eSV6GMVWjMfFed9KYi8riUQo=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "782e29c906f6e44b120843356f286b6a97d89f88",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"mk-naked-shell": {
"flake": false,
"locked": {
@ -473,7 +572,6 @@
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_3",
"git-hooks-nix": "git-hooks-nix",
"libgit2": "libgit2",
"nixpkgs": [
"nixops4",
"nixpkgs"
@ -482,11 +580,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1732892090,
"narHash": "sha256-Ka/uNdaqpTAiVL++4MPHg8fG5o1tiJeY6G2t5UiKhd8=",
"lastModified": 1736342444,
"narHash": "sha256-u6OD0BH+UxyfrWMMpBfM5cz/TDWU9lxJOujgzqBnN9A=",
"owner": "NixOS",
"repo": "nix",
"rev": "64000481168d1da9d2519f055dd1fdee22275c21",
"rev": "5230d3ecc4cd3a3d965902a56b5a21bcc99821c3",
"type": "github"
},
"original": {
@ -510,11 +608,11 @@
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1733033761,
"narHash": "sha256-g7TCUozMeW3q5Uc+wmZI64yzFucQ3SYlZQepo7prarA=",
"lastModified": 1736316962,
"narHash": "sha256-nOWLP6pSblYrCipiBb7/SQpGhNe7AHT8m9f++b8/Ni4=",
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"rev": "413617712f5189397cdf602485f89bf2b0a0e4af",
"rev": "1ce1f666c955e73f65de74f3a8c3ca2c3e5d741b",
"type": "github"
},
"original": {
@ -530,6 +628,7 @@
"mk-naked-shell": "mk-naked-shell_2",
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nixpkgs"
],
"parts": "parts_2",
@ -537,11 +636,11 @@
"treefmt": "treefmt_2"
},
"locked": {
"lastModified": 1724393640,
"narHash": "sha256-fjwO6Pv3d35F6UErY42hc7zXJr6ek0LhSZlgEu+eI04=",
"lastModified": 1736316962,
"narHash": "sha256-nOWLP6pSblYrCipiBb7/SQpGhNe7AHT8m9f++b8/Ni4=",
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"rev": "3a8e3bb661db28522aa2d4a55f1fccf9f95ec33e",
"rev": "1ce1f666c955e73f65de74f3a8c3ca2c3e5d741b",
"type": "github"
},
"original": {
@ -552,29 +651,29 @@
},
"nix_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_5",
"libgit2": "libgit2_2",
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_6",
"git-hooks-nix": "git-hooks-nix_3",
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nixpkgs"
],
"nixpkgs-23-11": "nixpkgs-23-11_2",
"nixpkgs-regression": "nixpkgs-regression_2",
"pre-commit-hooks": "pre-commit-hooks"
"nixpkgs-regression": "nixpkgs-regression_2"
},
"locked": {
"lastModified": 1719448136,
"narHash": "sha256-ya0iofP+QysNzN7Gx7Btfe83ZW1YLpSdkccUNMnbBFQ=",
"lastModified": 1736342444,
"narHash": "sha256-u6OD0BH+UxyfrWMMpBfM5cz/TDWU9lxJOujgzqBnN9A=",
"owner": "NixOS",
"repo": "nix",
"rev": "ed129267dcd7dd2cce48c09b17aefd6cfc488bcd",
"rev": "5230d3ecc4cd3a3d965902a56b5a21bcc99821c3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nix",
"rev": "ed129267dcd7dd2cce48c09b17aefd6cfc488bcd",
"type": "github"
}
},
@ -587,11 +686,11 @@
"nixpkgs-old": "nixpkgs-old"
},
"locked": {
"lastModified": 1733171846,
"narHash": "sha256-MmWzxuH9bwBIM7/LQsJc6x/7S2YofWWPqwzLaqqudDQ=",
"lastModified": 1738308843,
"narHash": "sha256-I/+T3qhlcHDP628UjWqugdFKHEsjIA3blWqnoPxQTQ0=",
"owner": "nixops4",
"repo": "nixops4",
"rev": "b9dc536b7a0ea6dd947949c59c545e7fa604351a",
"rev": "7e83532e61aa70bccffea93d82e311e0ce07a4d1",
"type": "github"
},
"original": {
@ -603,21 +702,49 @@
"nixops4-nixos": {
"inputs": {
"flake-parts": "flake-parts_4",
"nix": "nix_2",
"nix-cargo-integration": "nix-cargo-integration_2",
"nixpkgs": "nixpkgs_5"
"git-hooks-nix": "git-hooks-nix_2",
"nixops4": "nixops4_2",
"nixops4-nixos": [
"nixops4-nixos"
],
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nixpkgs"
]
},
"locked": {
"lastModified": 1727424043,
"narHash": "sha256-00Tm2hCF8xBZk4HmzsaoPGtvRVamq3OujE5xWyHm8FI=",
"lastModified": 1738310839,
"narHash": "sha256-dWTVaxENWTq6s7mO7xDxt2ml7pEHSYfHkm5h4yCQnIA=",
"owner": "nixops4",
"repo": "nixops4",
"rev": "924af9b0f3666f22c638c02a21bc73a2ba002674",
"repo": "nixops4-nixos",
"rev": "65fe4b132fe299e03ee387d67d3fee1eb4593f4f",
"type": "github"
},
"original": {
"owner": "nixops4",
"repo": "nixops4-nixos",
"type": "github"
}
},
"nixops4_2": {
"inputs": {
"flake-parts": "flake-parts_5",
"nix": "nix_2",
"nix-cargo-integration": "nix-cargo-integration_2",
"nixpkgs": "nixpkgs_6",
"nixpkgs-old": "nixpkgs-old_2"
},
"locked": {
"lastModified": 1738308843,
"narHash": "sha256-I/+T3qhlcHDP628UjWqugdFKHEsjIA3blWqnoPxQTQ0=",
"owner": "nixops4",
"repo": "nixops4",
"rev": "7e83532e61aa70bccffea93d82e311e0ce07a4d1",
"type": "github"
},
"original": {
"owner": "nixops4",
"ref": "eval",
"repo": "nixops4",
"type": "github"
}
@ -672,26 +799,26 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"lastModified": 1735774519,
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"lastModified": 1735774519,
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}
},
"nixpkgs-lib_3": {
@ -706,13 +833,41 @@
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
}
},
"nixpkgs-lib_4": {
"locked": {
"lastModified": 1735774519,
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}
},
"nixpkgs-old": {
"locked": {
"lastModified": 1733016324,
"narHash": "sha256-8qwPSE2g1othR1u4uP86NXxm6i7E9nHPyJX3m3lx7Q4=",
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7e1ca67996afd8233d9033edd26e442836cc2ad6",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-old_2": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
@ -754,29 +909,13 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730958623,
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
"lastModified": 1737879851,
"narHash": "sha256-H+FXIKj//kmFHTTW4DFeOjR7F1z2/3eb2iwN6Me4YZk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f7e662eda4fa3a995556527c87b2524b691933",
"rev": "5d3221fd57cc442a1a522a15eb5f58230f45a304",
"type": "github"
},
"original": {
@ -788,11 +927,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1730958623,
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
"lastModified": 1730768919,
"narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f7e662eda4fa3a995556527c87b2524b691933",
"rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"type": "github"
},
"original": {
@ -804,11 +943,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1732837521,
"narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=",
"lastModified": 1737469691,
"narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "970e93b9f82e2a0f3675757eb0bfc73297cc6370",
"rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
"type": "github"
},
"original": {
@ -820,11 +959,27 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
"lastModified": 1730768919,
"narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
"rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1737469691,
"narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
"type": "github"
},
"original": {
@ -834,13 +989,13 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1734323986,
"narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=",
"lastModified": 1738163270,
"narHash": "sha256-B/7Y1v4y+msFFBW1JAdFjNvVthvNdJKiN6EGRPnqfno=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "394571358ce82dff7411395829aa6a3aad45b907",
"rev": "59e618d90c065f55ae48446f307e8c09565d5ab0",
"type": "github"
},
"original": {
@ -859,11 +1014,11 @@
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github"
},
"original": {
@ -876,16 +1031,17 @@
"inputs": {
"nixpkgs-lib": [
"nixops4-nixos",
"nixops4",
"nix-cargo-integration",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github"
},
"original": {
@ -894,41 +1050,6 @@
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
"nixops4-nixos",
"nix"
],
"gitignore": [
"nixops4-nixos",
"nix"
],
"nixpkgs": [
"nixops4-nixos",
"nix",
"nixpkgs"
],
"nixpkgs-stable": [
"nixops4-nixos",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724857454,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"purescript-overlay": {
"inputs": {
"flake-compat": "flake-compat_3",
@ -956,8 +1077,10 @@
},
"purescript-overlay_2": {
"inputs": {
"flake-compat": "flake-compat_6",
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nix-cargo-integration",
"dream2nix",
"nixpkgs"
@ -965,11 +1088,11 @@
"slimlock": "slimlock_2"
},
"locked": {
"lastModified": 1696022621,
"narHash": "sha256-eMjFmsj2G1E0Q5XiibUNgFjTiSz0GxIeSSzzVdoN730=",
"lastModified": 1728546539,
"narHash": "sha256-Sws7w0tlnjD+Bjck1nv29NjC5DbL6nH5auL9Ex9Iz2A=",
"owner": "thomashoneyman",
"repo": "purescript-overlay",
"rev": "047c7933abd6da8aa239904422e22d190ce55ead",
"rev": "4ad4c15d07bd899d7346b331f377606631eb0ee4",
"type": "github"
},
"original": {
@ -1020,7 +1143,7 @@
"git-hooks": "git-hooks",
"nixops4": "nixops4",
"nixops4-nixos": "nixops4-nixos",
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
}
},
"rust-overlay": {
@ -1032,11 +1155,11 @@
]
},
"locked": {
"lastModified": 1733020719,
"narHash": "sha256-Chv9+3zrf1DhdB9JyskjoV0vJbCQEgkVqrU3p4RPLv8=",
"lastModified": 1736303309,
"narHash": "sha256-IKrk7RL+Q/2NC6+Ql6dwwCNZI6T6JH2grTdJaVWHF0A=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8e18f10703112e6c33e1c0d8b93e8305f6f0a75c",
"rev": "a0b81d4fa349d9af1765b0f0b4a899c13776f706",
"type": "github"
},
"original": {
@ -1046,13 +1169,20 @@
}
},
"rust-overlay_2": {
"flake": false,
"inputs": {
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nix-cargo-integration",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724379657,
"narHash": "sha256-+CFDh1FUgyY7q0FiWhKJpHS7LlD3KbiqN5Z4Z+4bGmc=",
"lastModified": 1736303309,
"narHash": "sha256-IKrk7RL+Q/2NC6+Ql6dwwCNZI6T6JH2grTdJaVWHF0A=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a18034322c7703fcfe5d7352a77981ba4a936a61",
"rev": "a0b81d4fa349d9af1765b0f0b4a899c13776f706",
"type": "github"
},
"original": {
@ -1089,6 +1219,7 @@
"inputs": {
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nix-cargo-integration",
"dream2nix",
"purescript-overlay",
@ -1096,11 +1227,11 @@
]
},
"locked": {
"lastModified": 1688610262,
"narHash": "sha256-Wg0ViDotFWGWqKIQzyYCgayeH8s4U1OZcTiWTQYdAp4=",
"lastModified": 1688756706,
"narHash": "sha256-xzkkMv3neJJJ89zo3o2ojp7nFeaZc2G0fYwNXNJRFlo=",
"owner": "thomashoneyman",
"repo": "slimlock",
"rev": "b5c6cdcaf636ebbebd0a1f32520929394493f1a6",
"rev": "cf72723f59e2340d24881fd7bf61cb113b4c407c",
"type": "github"
},
"original": {
@ -1133,11 +1264,11 @@
]
},
"locked": {
"lastModified": 1732894027,
"narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=",
"lastModified": 1736154270,
"narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "6209c381904cab55796c5d7350e89681d3b2a8ef",
"rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b",
"type": "github"
},
"original": {
@ -1150,16 +1281,17 @@
"inputs": {
"nixpkgs": [
"nixops4-nixos",
"nixops4",
"nix-cargo-integration",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724338379,
"narHash": "sha256-kKJtaiU5Ou+e/0Qs7SICXF22DLx4V/WhG1P6+k4yeOE=",
"lastModified": 1736154270,
"narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "070f834771efa715f3e74cd8ab93ecc96fabc951",
"rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b",
"type": "github"
},
"original": {

6
flake.nix
View file

@ -8,7 +8,7 @@
disko.url = "github:nix-community/disko";
nixops4.url = "github:nixops4/nixops4";
nixops4-nixos.url = "github:nixops4/nixops4/eval";
nixops4-nixos.url = "github:nixops4/nixops4-nixos";
};
outputs =
@ -23,13 +23,11 @@
imports = [
inputs.git-hooks.flakeModule
inputs.nixops4-nixos.modules.flake.default
inputs.nixops4.modules.flake.default
./deployment/flake-part.nix
./infra/flake-part.nix
./keys/flake-part.nix
./services/flake-part.nix
./secrets/flake-part.nix
];
perSystem =

15
infra/README.org
View file

@ -7,7 +7,20 @@ Their configuration can be updated via NixOps4. Run
nixops4 deployments list
#+end_src
to see the available deployments. Given a deployment (eg. ~git~), run
to see the available deployments. This should be done from the root of the
repository, otherwise NixOps4 will fail with something like:
#+begin_src
nixops4 error: evaluation: error:
… while calling the 'getFlake' builtin
error: path '/nix/store/05nn7krhvi8wkcyl6bsysznlv60g5rrf-source/flake.nix' does not exist, evaluation: error:
… while calling the 'getFlake' builtin
error: path '/nix/store/05nn7krhvi8wkcyl6bsysznlv60g5rrf-source/flake.nix' does not exist
#+end_src
Then, given a deployment (eg. ~git~), run
#+begin_src sh
nixops4 apply <deployment>

0
infra/common/default.nix → infra/common/nixos/default.nix
View file

0
infra/common/hardware.nix → infra/common/nixos/hardware.nix
View file

24
infra/common/networking.nix → infra/common/nixos/networking.nix
View file

@ -1,18 +1,10 @@
{ config, lib, ... }:
let
inherit (lib) mkOption mkDefault;
inherit (lib) mkDefault;
in
{
options = {
procolix.vm = {
name = mkOption { };
ip4 = mkOption { };
ip6 = mkOption { };
};
};
config = {
services.openssh = {
enable = true;
@ -20,8 +12,8 @@ in
};
networking = {
hostName = config.procolix.vm.name;
domain = "procolix.com";
hostName = config.procolixVm.name;
domain = config.procolixVm.domain;
## REVIEW: Do we actually need that, considering that we have static IPs?
useDHCP = mkDefault true;
@ -31,16 +23,14 @@ in
ipv4 = {
addresses = [
{
address = config.procolix.vm.ip4;
prefixLength = 24;
inherit (config.procolixVm.ipv4) address prefixLength;
}
];
};
ipv6 = {
addresses = [
{
address = config.procolix.vm.ip6;
prefixLength = 64;
inherit (config.procolixVm.ipv6) address prefixLength;
}
];
};
@ -48,11 +38,11 @@ in
};
defaultGateway = {
address = "185.206.232.1";
address = config.procolixVm.ipv4.gateway;
interface = "eth0";
};
defaultGateway6 = {
address = "2a00:51c0:12:1201::1";
address = config.procolixVm.ipv6.gateway;
interface = "eth0";
};

0
infra/common/nftables-ruleset.nft → infra/common/nixos/nftables-ruleset.nft
View file

0
infra/common/users.nix → infra/common/nixos/users.nix
View file

81
infra/common/options.nix Normal file
View file

@ -0,0 +1,81 @@
{ lib, ... }:
let
inherit (lib) mkOption;
in
{
options.procolixVm = {
name = mkOption {
description = ''
The name of the machine. Most of the time, this will look like `vm02XXX`
or `fediYYY`.
'';
};
domain = mkOption {
description = ''
The domain hosting the machine. Most of the time, this will be either of
`procolix.com`, `fediversity.eu` or `abundos.eu`.
'';
default = "procolix.com";
};
ipv4 = {
address = mkOption {
description = ''
The IP address of the machine, version 4. It will be injected as a
value in `networking.interfaces.eth0`, but it will also be used to
communicate with the machine via NixOps4.
'';
};
prefixLength = mkOption {
description = ''
The subnet mask of the interface, specified as the number of bits in
the prefix.
'';
default = 24;
};
gateway = mkOption {
description = ''
The IP address of the default gateway.
'';
default = "185.206.232.1"; # FIXME: compute default from `address` and `prefixLength`.
};
};
ipv6 = {
address = mkOption {
description = ''
The IP address of the machine, version 6. It will be injected as a
value in `networking.interfaces.eth0`, but it will also be used to
communicate with the machine via NixOps4.
'';
};
prefixLength = mkOption {
description = ''
The subnet mask of the interface, specified as the number of bits in
the prefix.
'';
default = 64;
};
gateway = mkOption {
description = ''
The IP address of the default gateway.
'';
default = "2a00:51c0:12:1201::1"; # FIXME: compute default from `address` and `prefixLength`.
};
};
hostPublicKey = mkOption {
description = ''
The host public key of the machine. It is used to filter Age secrets and
only keep the relevant ones, and to feed to NixOps4.
'';
};
};
}

57
infra/common/resource.nix Normal file
View file

@ -0,0 +1,57 @@
{
inputs,
lib,
config,
...
}:
let
inherit (lib) attrValues elem;
inherit (lib.attrsets) concatMapAttrs optionalAttrs;
inherit (lib.strings) removeSuffix;
secretsPrefix = ../../secrets;
secrets = import (secretsPrefix + "/secrets.nix");
keys = import ../../keys;
hostPublicKey = keys.systems.${config.procolixVm.name};
in
{
imports = [ ./options.nix ];
ssh = {
host = config.procolixVm.ipv4.address;
hostPublicKey = hostPublicKey;
};
nixpkgs = inputs.nixpkgs;
## The configuration of the machine. We strive to keep in this file only the
## options that really need to be injected from the resource. Everything else
## should go into the `./nixos` subdirectory.
nixos.module = {
imports = [
inputs.agenix.nixosModules.default
./options.nix
./nixos
];
## Inject the shared options from the resource's `config` into the NixOS
## configuration.
procolixVm = config.procolixVm;
## Read all the secrets, filter the ones that are supposed to be readable
## with this host's public key, and add them correctly to the configuration
## as `age.secrets.<name>.file`.
age.secrets = concatMapAttrs (
name: secret:
optionalAttrs (elem hostPublicKey secret.publicKeys) ({
${removeSuffix ".age" name}.file = secretsPrefix + "/${name}";
})
) secrets;
## FIXME: Remove direct root authentication once the NixOps4 NixOS provider
## supports users with password-less sudo.
users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors;
};
}

29
infra/fedi300/default.nix
View file

@ -1,22 +1,22 @@
{ lib, ... }:
{
procolixVm = {
domain = "fediversity.eu";
ipv4 = {
address = "95.215.187.30";
gateway = "95.215.187.1";
};
ipv6 = {
address = "2a00:51c0:12:1305::30";
gateway = "2a00:51c0:13:1305::1";
};
};
nixos.module = {
imports = [
./forgejo-actions-runner.nix
];
procolix.vm = {
name = "fedi300";
ip4 = "95.215.187.30";
ip6 = "2a00:51c0:12:1305::30";
};
## FIXME: We should just have an option under `procolix.vm` to distinguish
## between Procolix VMs and Fediversity ones.
networking.domain = lib.mkForce "fediversity.eu";
networking.defaultGateway.address = lib.mkForce "95.215.187.1";
networking.defaultGateway6.address = lib.mkForce "2a00:51c0:13:1305::1";
fileSystems."/" = {
device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc";
fsType = "ext4";
@ -30,4 +30,5 @@
"dmask=0022"
];
};
};
}

57
infra/flake-part.nix
View file

@ -1,60 +1,37 @@
{
self,
inputs,
lib,
...
}:
let
inherit (lib) attrValues mapAttrs;
inherit (lib) attrValues concatLists mapAttrs;
inherit (lib.attrsets) genAttrs;
makeResource =
vmid:
{ providers, ... }:
let
vmmodule = import (./. + "/${vmid}");
in
{
type = providers.local.exec;
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
ssh = {
# FIXME: The following assumes that `vmmodule` does not use arguments
# and does not get `proxolix.vm.ip4` from an import, etc. I have tried
# an approach with `lib.evalModules` but I cannot get it to work.
host = vmmodule.procolix.vm.ip4;
opts = "";
hostPublicKey = self.keys.systems.${vmid};
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
vmmodule
./common
self.nixosModules.ageSecrets
{
fediversity.hostPublicKey = self.keys.systems.${vmid};
## FIXME: Remove direct root authentication once the NixOps4 NixOS
## provider supports users with password-less sudo.
users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
}
];
};
};
addDefaultDeployment =
deployments: deployments // { default = concatLists (attrValues deployments); };
makeDeployments = mapAttrs (
_: vmids:
_: vmNames:
{ providers, ... }:
{
providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
resources = genAttrs vmids (vmid: makeResource vmid { inherit providers; });
providers.local = inputs.nixops4.modules.nixops4Provider.local;
resources = genAttrs vmNames (vmName: {
_module.args = { inherit inputs; };
type = providers.local.exec;
imports = [
inputs.nixops4-nixos.modules.nixops4Resource.nixos
./common/resource.nix
(./. + "/${vmName}")
];
procolixVm.name = vmName;
});
}
);
in
{
nixops4Deployments = makeDeployments {
nixops4Deployments = makeDeployments (addDefaultDeployment {
git = [
"vm02116"
"fedi300"
@ -64,5 +41,5 @@ in
"vm02179"
"vm02186"
];
};
});
}

13
infra/vm02116/default.nix
View file

@ -1,14 +1,14 @@
{
procolixVm = {
ipv4.address = "185.206.232.34";
ipv6.address = "2a00:51c0:12:1201::20";
};
nixos.module = {
imports = [
./forgejo.nix
];
procolix.vm = {
name = "vm02116";
ip4 = "185.206.232.34";
ip6 = "2a00:51c0:12:1201::20";
};
## vm02116 is running on old hardware based on a Xen VM environment, so it
## needs these extra options. Once the VM gets moved to a newer node, these
## two options can safely be removed.
@ -24,4 +24,5 @@
device = "/dev/disk/by-uuid/2CE2-1173";
fsType = "vfat";
};
};
}

9
infra/vm02179/default.nix
View file

@ -1,10 +1,10 @@
{
procolix.vm = {
name = "vm02179";
ip4 = "185.206.232.179";
ip6 = "2a00:51c0:12:1201::179";
procolixVm = {
ipv4.address = "185.206.232.179";
ipv6.address = "2a00:51c0:12:1201::179";
};
nixos.module = {
fileSystems."/" = {
device = "/dev/disk/by-uuid/119863f8-55cf-4e2f-ac17-27599a63f241";
fsType = "ext4";
@ -18,4 +18,5 @@
"dmask=0022"
];
};
};
}

9
infra/vm02186/default.nix
View file

@ -1,10 +1,10 @@
{
procolix.vm = {
name = "vm02186";
ip4 = "185.206.232.186";
ip6 = "2a00:51c0:12:1201::186";
procolixVm = {
ipv4.address = "185.206.232.186";
ipv6.address = "2a00:51c0:12:1201::186";
};
nixos.module = {
fileSystems."/" = {
device = "/dev/disk/by-uuid/833ac0f9-ad8c-45ae-a9bf-5844e378c44a";
fsType = "ext4";
@ -18,4 +18,5 @@
"dmask=0022"
];
};
};
}

13
infra/vm02187/default.nix
View file

@ -1,14 +1,14 @@
{
procolixVm = {
ipv4.address = "185.206.232.187";
ipv6.address = "2a00:51c0:12:1201::187";
};
nixos.module = {
imports = [
./wiki.nix
];
procolix.vm = {
name = "vm02187";
ip4 = "185.206.232.187";
ip6 = "2a00:51c0:12:1201::187";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a46a9c46-e32b-4216-a4aa-8819b2cd0d49";
fsType = "ext4";
@ -22,4 +22,5 @@
"dmask=0022"
];
};
};
}

3
keys/flake-part.nix
View file

@ -1,3 +0,0 @@
{
flake.keys = import ./.;
}

39
secrets/flake-part.nix
View file

@ -1,39 +0,0 @@
{
inputs,
lib,
...
}:
let
inherit (builtins) elem;
inherit (lib.attrsets) concatMapAttrs optionalAttrs;
inherit (lib.strings) removeSuffix;
secrets = import ./secrets.nix;
in
{
flake = {
inherit secrets;
nixosModules.ageSecrets = (
{ config, ... }:
{
imports = [ inputs.agenix.nixosModules.default ];
options.fediversity.hostPublicKey = lib.mkOption {
description = ''
The host public key of the machine. It is used in particular
to filter Age secrets and only keep the relevant ones.
'';
};
config.age.secrets = concatMapAttrs (
name: secret:
optionalAttrs (elem config.fediversity.hostPublicKey secret.publicKeys) ({
${removeSuffix ".age" name}.file = ./. + "/${name}";
})
) secrets;
}
);
};
}