forked from Fediversity/Fediversity
53 lines
1.5 KiB
Nix
53 lines
1.5 KiB
Nix
{ lib, inputs, ... }:
|
|
|
|
## NOTE: Hackish solution mostly taken from `../common/resource.nix`.
|
|
## Eventually, `forgejo-ci` should move to a datacentre somewhere and this code
|
|
## should be integrated with the code for other machines (in particular VMs).
|
|
|
|
let
|
|
inherit (lib) attrValues elem;
|
|
inherit (lib.attrsets) concatMapAttrs optionalAttrs;
|
|
inherit (lib.strings) removeSuffix;
|
|
|
|
secretsPrefix = ../../secrets;
|
|
secrets = import (secretsPrefix + "/secrets.nix");
|
|
keys = import ../../keys;
|
|
hostPublicKey = keys.systems.forgejo-ci;
|
|
|
|
in
|
|
{
|
|
nixops4Deployments.forgejo-ci =
|
|
{ providers, ... }:
|
|
{
|
|
providers.local = inputs.nixops4.modules.nixops4Provider.local;
|
|
|
|
resources.forgejo-ci = {
|
|
type = providers.local.exec;
|
|
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
|
|
|
|
ssh = {
|
|
host = "45.142.234.216";
|
|
opts = "-J orianne"; # FIXME
|
|
hostPublicKey = hostPublicKey;
|
|
};
|
|
|
|
nixpkgs = inputs.nixpkgs;
|
|
|
|
nixos.module = {
|
|
imports = [
|
|
inputs.agenix.nixosModules.default
|
|
./configuration.nix
|
|
];
|
|
|
|
age.secrets = concatMapAttrs (
|
|
name: secret:
|
|
optionalAttrs (elem hostPublicKey secret.publicKeys) ({
|
|
${removeSuffix ".age" name}.file = secretsPrefix + "/${name}";
|
|
})
|
|
) secrets;
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors;
|
|
};
|
|
};
|
|
};
|
|
}
|