Start building a procolixVm resource module

2025-01-31 14:59:35 +01:00 · 2025-01-31 14:59:35 +01:00 · 4f761bfc1f
commit 4f761bfc1f
parent aed74dc599
2 changed files with 64 additions and 34 deletions
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -6,53 +6,29 @@
 }:

 let
-  inherit (lib) attrValues mapAttrs;
+  inherit (lib) mapAttrs;
  inherit (lib.attrsets) genAttrs;

  makeResource =
-    vmid:
+    vmName:
    { providers, ... }:
-    let
-      vmConfig = import (./. + "/${vmid}");
-    in
    {
-      type = providers.local.exec;
-      imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
+      _module.args = { inherit self inputs providers; };

-      ssh = {
-        host = vmConfig.procolix.vm.ip4;
-        opts = "";
-        hostPublicKey = self.keys.systems.${vmid};
-      };
+      imports = [
+        inputs.nixops4-nixos.modules.nixops4Resource.nixos
+        ./procolixResource.nix
+      ];

-      nixpkgs = inputs.nixpkgs;
-
-      nixos.module = {
-        imports = [
-          ## NOTE: We import an attrset as a NixOS module, for convenience, so
-          ## as to be able to use it in NixOps4 and to grab information from it
-          ## (eg. the IP) without evaluating the whole configuration first.
-          vmConfig
-
-          ./common
-          self.nixosModules.ageSecrets
-        ];
-
-        ## Necessary to filter Age secrets.
-        fediversity.hostPublicKey = self.keys.systems.${vmid};
-
-        ## FIXME: Remove direct root authentication once the NixOps4 NixOS
-        ## provider supports users with password-less sudo.
-        users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
-      };
+      procolixVm.name = vmName;
    };

  makeDeployments = mapAttrs (
-    _: vmids:
+    _: vmNames:
    { providers, ... }:
    {
      providers.local = inputs.nixops4.modules.nixops4Provider.local;
-      resources = genAttrs vmids (vmid: makeResource vmid { inherit providers; });
+      resources = genAttrs vmNames (vmName: makeResource vmName { inherit providers; });
    }
  );

--- a/infra/procolixResource.nix
+++ b/infra/procolixResource.nix
@ -0,0 +1,54 @@
+{
+  self,
+  inputs,
+  providers,
+  lib,
+  config,
+  ...
+}:
+
+let
+  inherit (lib) attrValues mkOption;
+
+in
+{
+  options = {
+    procolixVm.name = mkOption { };
+  };
+
+  config =
+    let
+      vmConfig = import (./. + "/${config.procolixVm.name}");
+    in
+    {
+      type = providers.local.exec;
+
+      ssh = {
+        host = vmConfig.procolix.vm.ip4;
+        opts = "";
+        hostPublicKey = self.keys.systems.${config.procolixVm.name};
+      };
+
+      nixpkgs = inputs.nixpkgs;
+
+      nixos.module = {
+        imports = [
+          ## NOTE: We import an attrset as a NixOS module, for convenience, so
+          ## as to be able to use it in NixOps4 and to grab information from it
+          ## (eg. the IP) without evaluating the whole configuration first.
+          vmConfig
+
+          ./common
+
+          self.nixosModules.ageSecrets
+        ];
+
+        ## Necessary to filter Age secrets.
+        fediversity.hostPublicKey = self.keys.systems.${config.procolixVm.name};
+
+        ## FIXME: Remove direct root authentication once the NixOps4 NixOS
+        ## provider supports users with password-less sudo.
+        users.users.root.openssh.authorizedKeys.keys = attrValues self.keys.contributors;
+      };
+    };
+}