forked from Fediversity/Fediversity
125 lines
4.5 KiB
Nix
125 lines
4.5 KiB
Nix
{
|
|
inputs = {
|
|
agenix.url = "github:ryantm/agenix";
|
|
disko.url = "github:nix-community/disko";
|
|
nixpkgs.url = "github:nixos/nixpkgs/release-24.11";
|
|
};
|
|
outputs =
|
|
inputs@{ nixpkgs, ... }:
|
|
let
|
|
system = "x86_64-linux";
|
|
inherit (nixpkgs) lib;
|
|
in
|
|
{
|
|
nixosConfigurations =
|
|
let
|
|
## NOTE: All of these secrets are publicly available in this source file
|
|
## and will end up in the Nix store. We don't care as they are only ever
|
|
## used for testing anyway.
|
|
##
|
|
## FIXME: Generate and store in NixOps4's state.
|
|
mastodonS3KeyConfig =
|
|
{ pkgs, ... }:
|
|
{
|
|
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK3515373e4c851ebaad366558";
|
|
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34";
|
|
};
|
|
peertubeS3KeyConfig =
|
|
{ pkgs, ... }:
|
|
{
|
|
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GK1f9feea9960f6f95ff404c9b";
|
|
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
|
|
};
|
|
pixelfedS3KeyConfig =
|
|
{ pkgs, ... }:
|
|
{
|
|
s3AccessKeyFile = pkgs.writeText "s3AccessKey" "GKb5615457d44214411e673b7b";
|
|
s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
|
|
};
|
|
in
|
|
lib.mapAttrs
|
|
(
|
|
_: module:
|
|
lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = { inherit system inputs; };
|
|
modules = [
|
|
inputs.disko.nixosModules.default
|
|
inputs.agenix.nixosModules.default
|
|
../services/fediversity
|
|
./resource.nix
|
|
module
|
|
{
|
|
nixpkgs = { inherit system; };
|
|
}
|
|
(
|
|
{ pkgs, terraform, ... }:
|
|
let
|
|
inherit (terraform) hostname;
|
|
in
|
|
{
|
|
imports = [
|
|
# FIXME: get VM details from TF
|
|
../infra/test-machines/${hostname}
|
|
];
|
|
fediversityVm.name = hostname;
|
|
fediversity = {
|
|
inherit (terraform) domain;
|
|
temp.initialUser = {
|
|
inherit (terraform.initialUser) username email displayName;
|
|
# FIXME: disgusting, but nvm, this is going to be replaced by
|
|
# proper central authentication at some point
|
|
passwordFile = pkgs.writeText "password" terraform.initialUser.password;
|
|
};
|
|
};
|
|
}
|
|
)
|
|
];
|
|
}
|
|
)
|
|
{
|
|
garage =
|
|
{ pkgs, ... }:
|
|
{
|
|
fediversity = {
|
|
garage.enable = true;
|
|
pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
|
|
mastodon = mastodonS3KeyConfig { inherit pkgs; };
|
|
peertube = peertubeS3KeyConfig { inherit pkgs; };
|
|
};
|
|
};
|
|
mastodon =
|
|
{ pkgs, ... }:
|
|
{
|
|
fediversity = {
|
|
mastodon = mastodonS3KeyConfig { inherit pkgs; } // {
|
|
enable = true;
|
|
};
|
|
temp.cores = 1; # FIXME: should come from NixOps4 eventually
|
|
};
|
|
};
|
|
peertube =
|
|
{ pkgs, ... }:
|
|
{
|
|
fediversity = {
|
|
peertube = peertubeS3KeyConfig { inherit pkgs; } // {
|
|
enable = true;
|
|
## NOTE: Only ever used for testing anyway.
|
|
##
|
|
## FIXME: Generate and store in NixOps4's state.
|
|
secretsFile = pkgs.writeText "secret" "574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24";
|
|
};
|
|
};
|
|
};
|
|
pixelfed =
|
|
{ pkgs, ... }:
|
|
{
|
|
fediversity = {
|
|
pixelfed = pixelfedS3KeyConfig { inherit pkgs; } // {
|
|
enable = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|