{ inputs, self, ... }: let allVmIds = builtins.genList (x: 100 + x) 156; # 100 -- 255 makeInstallerIso = import ../infra/makeInstallerIso.nix; in { flake.nixosConfigurations.provisioning = let inherit (builtins) map listToAttrs; makeProvisioningConfiguration = vmid: inputs.nixpkgs.lib.nixosSystem { modules = [ { procolix.vmid = vmid; } ./procolixVm.nix inputs.disko.nixosModules.default ]; }; in listToAttrs ( map (vmid: { name = "fedi${toString vmid}"; value = makeProvisioningConfiguration vmid; }) allVmIds ); flake.isoInstallers.provisioning = let inherit (builtins) mapAttrs; in mapAttrs ( vmname: nixosConfiguration: makeInstallerIso { inherit (inputs) nixpkgs; inherit nixosConfiguration; hostKeys = { ed25519 = { private = ./hostKeys/${vmname}/ssh_host_ed25519_key; public = ./hostKeys/${vmname}/ssh_host_ed25519_key.pub; }; }; } ) self.nixosConfigurations.provisioning; nixops4Deployments.feditest = { providers, ... }: let inherit (builtins) readFile; makeProcolixVmResource = vmid: vmconfig: { type = providers.local.exec; imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ]; ssh = { host = "95.215.187.${toString vmid}"; hostPublicKey = readFile ./hostKeys/fedi${toString vmid}/ssh_host_ed25519_key.pub; }; nixpkgs = inputs.nixpkgs; nixos.module = { imports = [ vmconfig { procolix.vmid = vmid; } ./procolixVm.nix self.nixosModules.fediversity inputs.disko.nixosModules.default ]; }; }; ## NOTE: All of these secrets are publicly available in this source file ## and will end up in the Nix store. We don't care as they are only ever ## used for testing anyway. pixelfedS3KeyConfig = { pkgs, ... }: { s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b"; s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987"; }; mastodonS3KeyConfig = { pkgs, ... }: { s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558"; s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34"; }; peertubeS3KeyConfig = { pkgs, ... }: { s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b"; s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395"; }; in { providers = { inherit (inputs.nixops4.modules.nixops4Provider) local; }; resources = { fedi100 = makeProcolixVmResource 100 ( { pkgs, ... }: { fediversity = { domain = "abundos.eu"; garage.enable = true; pixelfed = pixelfedS3KeyConfig { inherit pkgs; }; mastodon = mastodonS3KeyConfig { inherit pkgs; }; peertube = peertubeS3KeyConfig { inherit pkgs; }; }; } ); fedi101 = makeProcolixVmResource 101 ( { pkgs, ... }: { fediversity = { domain = "abundos.eu"; pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // { enable = true; }; }; } ); fedi102 = makeProcolixVmResource 102 ( { pkgs, ... }: { fediversity = { domain = "abundos.eu"; mastodon = mastodonS3KeyConfig { inherit pkgs; } // { enable = true; }; temp.cores = 1; # FIXME: should come from NixOps4 eventually }; } ); fedi103 = makeProcolixVmResource 103 ( { pkgs, ... }: { fediversity = { domain = "abundos.eu"; peertube = peertubeS3KeyConfig { inherit pkgs; } // { enable = true; ## NOTE: Only ever used for testing anyway. secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24"; }; }; } ); }; }; }