From 1f2ea73e69690d7eb6e164cc4333f90276f8571e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Fri, 31 Jan 2025 14:03:37 +0100 Subject: [PATCH] Clean up resource definition --- infra/flake-part.nix | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/infra/flake-part.nix b/infra/flake-part.nix index c1c49c05..301146bb 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -13,33 +13,37 @@ let vmid: { providers, ... }: let - vmmodule = import (./. + "/${vmid}"); + vmConfig = import (./. + "/${vmid}"); in { type = providers.local.exec; imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ]; + ssh = { - # FIXME: The following assumes that `vmmodule` does not use arguments - # and does not get `proxolix.vm.ip4` from an import, etc. I have tried - # an approach with `lib.evalModules` but I cannot get it to work. - host = vmmodule.procolix.vm.ip4; + host = vmConfig.procolix.vm.ip4; opts = ""; hostPublicKey = self.keys.systems.${vmid}; }; + nixpkgs = inputs.nixpkgs; + nixos.module = { imports = [ - vmmodule + ## NOTE: We import an attrset as a NixOS module, for convenience, so + ## as to be able to use it in NixOps4 and to grab information from it + ## (eg. the IP) without evaluating the whole configuration first. + vmConfig + ./common self.nixosModules.ageSecrets - { - fediversity.hostPublicKey = self.keys.systems.${vmid}; - - ## FIXME: Remove direct root authentication once the NixOps4 NixOS - ## provider supports users with password-less sudo. - users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors; - } ]; + + ## Necessary to filter Age secrets. + fediversity.hostPublicKey = self.keys.systems.${vmid}; + + ## FIXME: Remove direct root authentication once the NixOps4 NixOS + ## provider supports users with password-less sudo. + users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors; }; };