forked from fediversity/fediversity
58 lines
1.4 KiB
Nix
58 lines
1.4 KiB
Nix
{
|
|
lib,
|
|
inputs,
|
|
sources,
|
|
keys,
|
|
secrets,
|
|
...
|
|
}:
|
|
|
|
## NOTE: Hackish solution mostly taken from `../common/resource.nix`.
|
|
## Eventually, `forgejo-ci` should move to a datacentre somewhere and this code
|
|
## should be integrated with the code for other machines (in particular VMs).
|
|
|
|
let
|
|
inherit (lib) attrValues elem;
|
|
inherit (lib.attrsets) concatMapAttrs optionalAttrs;
|
|
inherit (lib.strings) removeSuffix;
|
|
|
|
hostPublicKey = keys.systems.forgejo-ci;
|
|
in
|
|
{
|
|
_class = "flake";
|
|
|
|
nixops4Deployments.forgejo-ci =
|
|
{ providers, ... }:
|
|
{
|
|
providers.local = inputs.nixops4.modules.nixops4Provider.local;
|
|
|
|
resources.forgejo-ci = {
|
|
type = providers.local.exec;
|
|
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
|
|
|
|
ssh = {
|
|
host = "forgejo-ci";
|
|
hostPublicKey = hostPublicKey;
|
|
};
|
|
|
|
nixpkgs = inputs.nixpkgs;
|
|
|
|
nixos.module = {
|
|
imports = with sources; [
|
|
"${agenix}/modules/age.nix"
|
|
"${disko}/module.nix"
|
|
./configuration.nix
|
|
];
|
|
|
|
age.secrets = concatMapAttrs (
|
|
name: secret:
|
|
optionalAttrs (elem hostPublicKey secret.publicKeys) {
|
|
${removeSuffix ".age" name}.file = secrets.rootPath + "/${name}";
|
|
}
|
|
) secrets.mapping;
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors;
|
|
};
|
|
};
|
|
};
|
|
}
|