nixos-config/nixos/krops.nix

{ pkgs, writeCommand, lib, secrets }:
let

  # command that ensures we use flake.nix during switch
  command = targetPath:
    let
      commandLine = "TMPDIR=/tmp nixos-rebuild switch --flake ${targetPath} -L --keep-going";
    in
    ''
      echo '${commandLine}'
      nix-shell \
       -E "with import <nixpkgs> {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \
       --run '${commandLine}'
    '';

  source = {
    secrets.file = {
      path = "${secrets}/secrets";
      useChecksum = true;
    };
    private_assets.pass = {
      dir = toString ~/.password-store;
      name = "krops/private_assets";
    };
    assets.file = {
      path = toString ./assets;
      useChecksum = true;
    };
    configs.file = {
      path = toString ./configs;
      useChecksum = true;
    };
    library.file = {
      path = toString ./library;
      useChecksum = true;
    };
    modules.file = {
      path = toString ./modules;
      useChecksum = true;
    };
    pkgs.file = {
      path = toString ./pkgs;
      useChecksum = true;
    };
    system.file = {
      path = toString ./system;
      useChecksum = true;
    };
    "flake.nix".file = {
      path = toString ./flake.nix;
      useChecksum = true;
    };
    "flake.lock".file = {
      path = toString ./flake.lock;
      useChecksum = true;
    };
  };

  server = { name, host }:
    let
      system = writeCommand "/bin/system" {
        source = lib.evalSource [ source ];
        force = true;
        target = lib.mkTarget "root@${host}/var/krops";
        inherit command;
      };
    in
    {
      "${name}" = pkgs.writers.writeBashBin name ''
        echo "deploy system"
        ${system}/bin/system
      '';
    };

  desktop = { name, host }:
    let
      system = writeCommand "/bin/system" {
        source = lib.evalSource [ source ];
        force = true;
        target = lib.mkTarget "root@${host}/var/krops";
        inherit command;
      };
      network = writeCommand "/bin/secrets" {
        source = lib.evalSource [{
          system-connections.pass = {
            dir = toString ~/.password-store;
            name = "krops/desktop_secrets/network-manager/system-connections";
          };
        }];
        force = true;
        target = lib.mkTarget "root@${host}/etc/NetworkManager";
      };
    in
    {
      "${name}" = pkgs.writers.writeBashBin "${name}-all" ''
        echo "deploy network secerts"
        ${network}/bin/secrets
        echo "deploy system"
        ${system}/bin/system
      '';
    };

in
(desktop {
  name = "sterni";
  host = "sterni.private";
}) //
(desktop {
  name = "sternchen";
  host = "sternchen.secret";
}) //
(server {
  name = "pepe";
  host = "pepe.private";
}) //
(server {
  name = "workhorse";
  host = "workhorse.private";
}) //
(server {
  name = "sputnik";
  host = "sputnik.private";
})
moved all to subfolder nixos 2021-09-25 20:28:25 +02:00			`{ pkgs, writeCommand, lib, secrets }:`
			`let`

			`# command that ensures we use flake.nix during switch`
			`command = targetPath:`
			`let`
use switch instead of test 2021-11-01 11:00:53 +01:00			`commandLine = "TMPDIR=/tmp nixos-rebuild switch --flake ${targetPath} -L --keep-going";`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`in`
			`''`
moved all to subfolder nixos 2021-09-25 20:28:25 +02:00			`echo '${commandLine}'`
			`nix-shell \`
			`-E "with import <nixpkgs> {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \`
			`--run '${commandLine}'`
			`'';`

			`source = {`
useChecksum = true 2021-10-26 07:54:50 +02:00			`secrets.file = {`
			`path = "${secrets}/secrets";`
			`useChecksum = true;`
			`};`
moved all to subfolder nixos 2021-09-25 20:28:25 +02:00			`private_assets.pass = {`
			`dir = toString ~/.password-store;`
			`name = "krops/private_assets";`
			`};`
useChecksum = true 2021-10-26 07:54:50 +02:00			`assets.file = {`
			`path = toString ./assets;`
			`useChecksum = true;`
			`};`
			`configs.file = {`
			`path = toString ./configs;`
			`useChecksum = true;`
			`};`
			`library.file = {`
			`path = toString ./library;`
			`useChecksum = true;`
			`};`
			`modules.file = {`
			`path = toString ./modules;`
			`useChecksum = true;`
			`};`
			`pkgs.file = {`
			`path = toString ./pkgs;`
			`useChecksum = true;`
			`};`
			`system.file = {`
			`path = toString ./system;`
			`useChecksum = true;`
			`};`
			`"flake.nix".file = {`
			`path = toString ./flake.nix;`
			`useChecksum = true;`
			`};`
			`"flake.lock".file = {`
			`path = toString ./flake.lock;`
			`useChecksum = true;`
			`};`
moved all to subfolder nixos 2021-09-25 20:28:25 +02:00			`};`

add other servers 2021-09-25 20:30:49 +02:00			`server = { name, host }:`
			`let`
			`system = writeCommand "/bin/system" {`
			`source = lib.evalSource [ source ];`
			`force = true;`
			`target = lib.mkTarget "root@${host}/var/krops";`
			`inherit command;`
			`};`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`in`
			`{`
add other servers 2021-09-25 20:30:49 +02:00			`"${name}" = pkgs.writers.writeBashBin name ''`
			`echo "deploy system"`
			`${system}/bin/system`
			`'';`
			`};`

moved all to subfolder nixos 2021-09-25 20:28:25 +02:00			`desktop = { name, host }:`
			`let`
			`system = writeCommand "/bin/system" {`
			`source = lib.evalSource [ source ];`
			`force = true;`
			`target = lib.mkTarget "root@${host}/var/krops";`
			`inherit command;`
			`};`
			`network = writeCommand "/bin/secrets" {`
			`source = lib.evalSource [{`
			`system-connections.pass = {`
			`dir = toString ~/.password-store;`
			`name = "krops/desktop_secrets/network-manager/system-connections";`
			`};`
			`}];`
			`force = true;`
			`target = lib.mkTarget "root@${host}/etc/NetworkManager";`
			`};`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`in`
			`{`
minor adjustments 2021-09-26 10:18:18 +02:00			`"${name}" = pkgs.writers.writeBashBin "${name}-all" ''`
moved all to subfolder nixos 2021-09-25 20:28:25 +02:00			`echo "deploy network secerts"`
			`${network}/bin/secrets`
			`echo "deploy system"`
			`${system}/bin/system`
			`'';`
			`};`

workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`in`
			`(desktop {`
add other servers 2021-09-25 20:30:49 +02:00			`name = "sterni";`
			`host = "sterni.private";`
git rid of useless modules 2021-11-01 09:40:39 +01:00			`}) //`
			`(desktop {`
add 2021-09-25 20:32:19 +02:00			`name = "sternchen";`
			`host = "sternchen.secret";`
git rid of useless modules 2021-11-01 09:40:39 +01:00			`}) //`
			`(server {`
add other servers 2021-09-25 20:30:49 +02:00			`name = "pepe";`
			`host = "pepe.private";`
git rid of useless modules 2021-11-01 09:40:39 +01:00			`}) //`
			`(server {`
add other servers 2021-09-25 20:30:49 +02:00			`name = "workhorse";`
			`host = "workhorse.private";`
git rid of useless modules 2021-11-01 09:40:39 +01:00			`}) //`
			`(server {`
add other servers 2021-09-25 20:30:49 +02:00			`name = "sputnik";`
			`host = "sputnik.private";`
			`})`