forked from Fediversity/Fediversity
55 lines
1.2 KiB
Nix
55 lines
1.2 KiB
Nix
|
{
|
||
|
|
self,
|
||
|
|
inputs,
|
||
|
|
providers,
|
||
|
|
lib,
|
||
|
|
config,
|
||
|
|
...
|
||
|
|
}:
|
||
|
|
|
||
|
|
let
|
||
|
|
inherit (lib) attrValues mkOption;
|
||
|
|
|
||
|
|
in
|
||
|
|
{
|
||
|
|
options = {
|
||
|
|
procolixVm.name = mkOption { };
|
||
|
|
};
|
||
|
|
|
||
|
|
config =
|
||
|
|
let
|
||
|
|
vmConfig = import (./. + "/${config.procolixVm.name}");
|
||
|
|
in
|
||
|
|
{
|
||
|
|
type = providers.local.exec;
|
||
|
|
|
||
|
|
ssh = {
|
||
|
|
host = vmConfig.procolix.vm.ip4;
|
||
|
|
opts = "";
|
||
|
|
hostPublicKey = self.keys.systems.${config.procolixVm.name};
|
||
|
|
};
|
||
|
|
|
||
|
|
nixpkgs = inputs.nixpkgs;
|
||
|
|
|
||
|
|
nixos.module = {
|
||
|
|
imports = [
|
||
|
|
## NOTE: We import an attrset as a NixOS module, for convenience, so
|
||
|
|
## as to be able to use it in NixOps4 and to grab information from it
|
||
|
|
## (eg. the IP) without evaluating the whole configuration first.
|
||
|
|
vmConfig
|
||
|
|
|
||
|
|
./common
|
||
|
|
|
||
|
|
self.nixosModules.ageSecrets
|
||
|
|
];
|
||
|
|
|
||
|
|
## Necessary to filter Age secrets.
|
||
|
|
fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};
|
||
|
|
|
||
|
|
## FIXME: Remove direct root authentication once the NixOps4 NixOS
|
||
|
|
## provider supports users with password-less sudo.
|
||
|
|
users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|