forked from fediversity/fediversity
Compare commits
No commits in common. "69437983268b502c85216385959f195ae019ba2f" and "c1dc0fef0146f60775a9527eaac7a36fd74ac608" have entirely different histories.
6943798326
...
c1dc0fef01
20 changed files with 31 additions and 74 deletions
|
|
@ -2,7 +2,6 @@
|
|||
self,
|
||||
inputs,
|
||||
lib,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -28,7 +27,7 @@ in
|
|||
../common/nixosTest.nix
|
||||
./nixosTest.nix
|
||||
];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit targetMachines pathToRoot pathFromRoot;
|
||||
};
|
||||
};
|
||||
|
|
@ -45,7 +44,7 @@ in
|
|||
inputs.nixops4-nixos.modules.nixops4Resource.nixos
|
||||
../common/targetResource.nix
|
||||
];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit nodeName pathToRoot pathFromRoot;
|
||||
nixos.module =
|
||||
{ pkgs, ... }:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
self,
|
||||
inputs,
|
||||
lib,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -31,7 +30,7 @@ in
|
|||
../common/nixosTest.nix
|
||||
./nixosTest.nix
|
||||
];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit
|
||||
targetMachines
|
||||
pathToRoot
|
||||
|
|
@ -45,7 +44,7 @@ in
|
|||
let
|
||||
makeTargetResource = nodeName: {
|
||||
imports = [ ../common/targetResource.nix ];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit
|
||||
nodeName
|
||||
pathToRoot
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -15,6 +14,8 @@ let
|
|||
types
|
||||
;
|
||||
|
||||
sources = import ../../../npins;
|
||||
|
||||
in
|
||||
{
|
||||
_class = "nixos";
|
||||
|
|
@ -77,7 +78,7 @@ in
|
|||
config.system.extraDependenciesFromModule
|
||||
{
|
||||
nixpkgs.hostPlatform = "x86_64-linux";
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
enableAcme = config.enableAcme;
|
||||
acmeNodeIP = config.acmeNodeIP;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
lib,
|
||||
config,
|
||||
hostPkgs,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -62,7 +61,7 @@ in
|
|||
{
|
||||
deployer = {
|
||||
imports = [ ./deployerNode.nix ];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
enableAcme = config.enableAcme;
|
||||
acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
|
||||
};
|
||||
|
|
@ -89,7 +88,7 @@ in
|
|||
|
||||
genAttrs config.targetMachines (_: {
|
||||
imports = [ ./targetNode.nix ];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
enableAcme = config.enableAcme;
|
||||
acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
|
||||
});
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
inputs,
|
||||
lib,
|
||||
config,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -41,7 +40,7 @@ in
|
|||
(lib.modules.importJSON (config.pathToCwd + "/${config.nodeName}-network.json"))
|
||||
];
|
||||
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
enableAcme = config.enableAcme;
|
||||
acmeNodeIP = trim (readFile (config.pathToCwd + "/acme_server_ip"));
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
self,
|
||||
inputs,
|
||||
lib,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -34,7 +33,7 @@ in
|
|||
../common/nixosTest.nix
|
||||
./nixosTest.nix
|
||||
];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit
|
||||
targetMachines
|
||||
pathToRoot
|
||||
|
|
@ -48,7 +47,7 @@ in
|
|||
let
|
||||
makeTargetResource = nodeName: {
|
||||
imports = [ ../common/targetResource.nix ];
|
||||
_module.args = { inherit inputs sources; };
|
||||
_module.args.inputs = inputs;
|
||||
inherit
|
||||
nodeName
|
||||
pathToRoot
|
||||
|
|
|
|||
|
|
@ -31,9 +31,6 @@
|
|||
inherit nixpkgs;
|
||||
};
|
||||
self = self';
|
||||
specialArgs = {
|
||||
inherit sources;
|
||||
};
|
||||
}
|
||||
(
|
||||
{ inputs, ... }:
|
||||
|
|
@ -51,8 +48,6 @@
|
|||
|
||||
./deployment/flake-part.nix
|
||||
./infra/flake-part.nix
|
||||
./keys/flake-part.nix
|
||||
./secrets/flake-part.nix
|
||||
];
|
||||
|
||||
perSystem =
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ in
|
|||
_class = "nixos";
|
||||
|
||||
imports = [
|
||||
./hardware.nix
|
||||
./networking.nix
|
||||
./users.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -15,6 +15,8 @@
|
|||
availableKernelModules = [
|
||||
"ata_piix"
|
||||
"uhci_hcd"
|
||||
"virtio_pci"
|
||||
"virtio_scsi"
|
||||
"sd_mod"
|
||||
"sr_mod"
|
||||
];
|
||||
|
|
@ -2,9 +2,6 @@
|
|||
inputs,
|
||||
lib,
|
||||
config,
|
||||
sources,
|
||||
keys,
|
||||
secrets,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -12,6 +9,12 @@ let
|
|||
inherit (lib) attrValues elem mkDefault;
|
||||
inherit (lib.attrsets) concatMapAttrs optionalAttrs;
|
||||
inherit (lib.strings) removeSuffix;
|
||||
sources = import ../../npins;
|
||||
inherit (sources) agenix disko;
|
||||
|
||||
secretsPrefix = ../../secrets;
|
||||
secrets = import (secretsPrefix + "/secrets.nix");
|
||||
keys = import ../../keys;
|
||||
|
||||
in
|
||||
{
|
||||
|
|
@ -33,8 +36,8 @@ in
|
|||
## should go into the `./nixos` subdirectory.
|
||||
nixos.module = {
|
||||
imports = [
|
||||
"${sources.agenix}/modules/age.nix"
|
||||
"${sources.disko}/module.nix"
|
||||
"${agenix}/modules/age.nix"
|
||||
"${disko}/module.nix"
|
||||
./options.nix
|
||||
./nixos
|
||||
];
|
||||
|
|
@ -43,15 +46,15 @@ in
|
|||
## configuration.
|
||||
fediversityVm = config.fediversityVm;
|
||||
|
||||
## Read all the secrets, filter the ones that are supposed to be readable with
|
||||
## public key, and create a mapping from `<name>.file` to the absolute path of
|
||||
## the secret's file.
|
||||
## Read all the secrets, filter the ones that are supposed to be readable
|
||||
## with this host's public key, and add them correctly to the configuration
|
||||
## as `age.secrets.<name>.file`.
|
||||
age.secrets = concatMapAttrs (
|
||||
name: secret:
|
||||
optionalAttrs (elem config.fediversityVm.hostPublicKey secret.publicKeys) ({
|
||||
${removeSuffix ".age" name}.file = secrets.rootPath + "/${name}";
|
||||
${removeSuffix ".age" name}.file = secretsPrefix + "/${name}";
|
||||
})
|
||||
) secrets.mapping;
|
||||
) secrets;
|
||||
|
||||
## FIXME: Remove direct root authentication once the NixOps4 NixOS provider
|
||||
## supports users with password-less sudo.
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
{
|
||||
inputs,
|
||||
lib,
|
||||
sources,
|
||||
keys,
|
||||
secrets,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -16,6 +13,7 @@ let
|
|||
filterAttrs
|
||||
;
|
||||
inherit (lib.attrsets) genAttrs;
|
||||
sources = import ../../npins;
|
||||
|
||||
## Given a machine's name and whether it is a test VM, make a resource module,
|
||||
## except for its missing provider. (Depending on the use of that resource, we
|
||||
|
|
@ -24,14 +22,7 @@ let
|
|||
{ vmName, isTestVm }:
|
||||
{
|
||||
# TODO(@fricklerhandwerk): this is terrible but IMO we should just ditch flake-parts and have our own data model for how the project is organised internally
|
||||
_module.args = {
|
||||
inherit
|
||||
inputs
|
||||
sources
|
||||
keys
|
||||
secrets
|
||||
;
|
||||
};
|
||||
_module.args = { inherit inputs; };
|
||||
|
||||
imports =
|
||||
[
|
||||
|
|
@ -40,12 +31,11 @@ let
|
|||
++ (
|
||||
if isTestVm then
|
||||
[
|
||||
./common/proxmox-qemu-vm.nix
|
||||
../machines/operator/${vmName}
|
||||
{
|
||||
nixos.module.users.users.root.openssh.authorizedKeys.keys = [
|
||||
# allow our panel vm access to the test machines
|
||||
keys.panel
|
||||
(import ../keys).panel
|
||||
];
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
{ _module.args.keys = import ./.; }
|
||||
|
|
@ -16,10 +16,4 @@
|
|||
gateway = "2a00:51c0:13:1305::1";
|
||||
};
|
||||
};
|
||||
|
||||
nixos.module = {
|
||||
imports = [
|
||||
../../../infra/common/proxmox-qemu-vm.nix
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@
|
|||
|
||||
nixos.module = {
|
||||
imports = [
|
||||
../../../infra/common/proxmox-qemu-vm.nix
|
||||
./fedipanel.nix
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,14 +4,12 @@
|
|||
}:
|
||||
let
|
||||
name = "panel";
|
||||
sources = import ../../../npins;
|
||||
in
|
||||
{
|
||||
_class = "nixos";
|
||||
|
||||
imports = [
|
||||
(import ../../../panel { }).module
|
||||
(import "${sources.home-manager}/nixos")
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../../infra/common/proxmox-qemu-vm.nix
|
||||
./forgejo.nix
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../../infra/common/proxmox-qemu-vm.nix
|
||||
./wiki.nix
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -96,19 +96,6 @@
|
|||
"url": "https://github.com/hercules-ci/gitignore.nix/archive/637db329424fd7e46cf4185293b9cc8c88c95394.tar.gz",
|
||||
"hash": "02wxkdpbhlm3yk5mhkhsp3kwakc16xpmsf2baw57nz1dg459qv8w"
|
||||
},
|
||||
"home-manager": {
|
||||
"type": "Git",
|
||||
"repository": {
|
||||
"type": "GitHub",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager"
|
||||
},
|
||||
"branch": "master",
|
||||
"submodules": false,
|
||||
"revision": "863842639722dd12ae9e37ca83bcb61a63b36f6c",
|
||||
"url": "https://github.com/nix-community/home-manager/archive/863842639722dd12ae9e37ca83bcb61a63b36f6c.tar.gz",
|
||||
"hash": "0rw9n8d4v87pzlmw7ws15f0sldb51fd9528skpbzmrzl4pinsgij"
|
||||
},
|
||||
"htmx": {
|
||||
"type": "GitRelease",
|
||||
"repository": {
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
{
|
||||
mapping = import ./secrets.nix;
|
||||
rootPath = ./.;
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
{ _module.args.secrets = import ./.; }
|
||||
Loading…
Add table
Reference in a new issue