nixos-config/shell.nix

264 lines
6.9 KiB
Nix
Raw Normal View History

2019-10-24 02:20:38 +02:00
let
2020-01-24 11:19:48 +01:00
# host used to install stuff. (can be an onion id if you use torify)
2020-04-08 16:43:09 +02:00
#installHost = "localhost";
2021-03-05 08:22:35 +01:00
installHost = "mobi.private";
2020-01-24 11:19:48 +01:00
2019-12-20 05:52:19 +01:00
#ops = import ../plops ;
ops = import ((import <nixpkgs> { }).fetchgit {
url = "https://github.com/mrVanDalo/plops.git";
rev = "bad0f386afe20cb6a6b8692a3ec365556f8bdabb";
sha256 = "1qfc7kkfg83dy1jliw3afaq7q758b4ybz9md74g5fqpqjdxhxrnw";
});
lib = ops.lib;
pkgs = ops.pkgs;
source = {
raspberryNixPkgs = {
nixpkgs.git = {
ref = (ops.importJson ./.channelRaspberryStable.json).rev;
url = "https://github.com/NixOS/nixpkgs-channels";
};
nixpkgs-unstable.git = {
ref = (ops.importJson ./.channelRaspberryUnstable.json).rev;
url = "https://github.com/NixOS/nixpkgs-channels";
};
};
nixPkgs = {
nixpkgs.git = {
ref = (ops.importJson ./.channelStable.json).rev;
2020-11-21 18:56:11 +01:00
url = "https://github.com/NixOS/nixpkgs";
2019-12-20 05:52:19 +01:00
};
nixpkgs-unstable.git = {
ref = (ops.importJson ./.channelUnstable.json).rev;
2020-11-21 18:56:11 +01:00
url = "https://github.com/NixOS/nixpkgs";
2019-12-20 05:52:19 +01:00
};
};
2020-09-21 23:03:55 +02:00
system = name:
2020-10-08 21:09:35 +02:00
let
exclusive = name:
if name == "workhorse" then {
property.file = toString ./submodules/property;
} else
{ };
2021-11-01 19:30:41 +01:00
in
{
2020-10-08 21:09:35 +02:00
system.file = toString ./system;
configs.file = toString ./configs;
nixos-config.symlink = "configs/${name}/configuration.nix";
} // (exclusive name);
2019-12-20 05:52:19 +01:00
desktopSecrets = {
desktop_secrets.pass = {
dir = toString ~/.password-store;
name = "krops/desktop_secrets";
};
};
keys = name: {
keys.pass = {
dir = toString ~/.password-store;
name = "krops/${name}/keys";
};
};
secrets = name: {
secrets.pass = {
dir = toString ~/.password-store;
name = "krops/${name}/secrets";
};
common_secrets.pass = {
dir = toString ~/.password-store;
name = "krops/common_secrets";
};
};
modules = {
modules.file = toString ./modules;
library.file = toString ./library;
pkgs.file = toString ./pkgs;
assets.file = toString ./assets;
2021-03-16 22:14:50 +01:00
mqtt.file = toString ./mqtt;
2019-12-20 05:52:19 +01:00
nix-writers.git = {
url = "https://cgit.krebsco.de/nix-writers/";
ref = (ops.importJson ./.nix-writers.json).rev;
};
#backup-module.file = toString ~/dev/backup;
backup-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/backup.git";
ref = "1.3.3";
};
#kops-lib.file = toString ~/dev/krops-lib;
krops-lib.git = {
url = "https://git.ingolf-wagner.de/nix-modules/krops.git";
2021-03-03 06:45:08 +01:00
ref = "1.0.3";
2019-12-20 05:52:19 +01:00
};
#cluster-module.file = toString ~/dev/cluster-module;
cluster-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/cluster.git";
ref = "1.2.0";
};
#home-manager.file = toString ~/dev/home-manager;
home-manager.git = {
2021-04-17 16:43:33 +02:00
url = "https://github.com/nix-community/home-manager.git";
ref = "2aa20ae969f2597c4df10a094440a66e9d7f8c86";
2019-12-20 05:52:19 +01:00
};
background-image-generators.git = {
url =
"https://git.ingolf-wagner.de/nix-modules/background-image-generators.git";
ref = "1.0.0";
};
2020-03-08 19:47:12 +01:00
mozilla-overlay.git = {
url = "https://github.com/mozilla/nixpkgs-mozilla.git";
ref = "e912ed483e980dfb4666ae0ed17845c4220e5e7c";
};
2019-12-20 05:52:19 +01:00
cleverca22.git = {
url = "https://github.com/mrVanDalo/nixos-configs.git";
ref = "76260ad60cd99d40ab25df1400b0663d48e736db";
};
2019-10-24 02:20:38 +02:00
};
};
2020-02-03 05:21:27 +01:00
hostPattern = name:
2021-03-05 16:01:24 +01:00
if name == "sternchen" then
"${name}.secret"
else if name == "porani" then
2021-03-05 08:22:35 +01:00
"${name}.secret"
2020-05-20 00:30:53 +02:00
else if name == "dummy" then
"95.217.223.75"
else
"${name}.private";
2020-01-04 06:00:17 +01:00
deployment = { secrets, content }:
name:
2021-11-01 19:30:41 +01:00
{ host ? (hostPattern name)
, target ? "/var/src/"
, user ? "root"
, commandPrefix ? "deploy"
, enableSwitch ? true
, enableSecrets ? true
}:
with ops;
let
commandName =
if enableSecrets then
"${commandPrefix}-${name}-with-secrets"
else
"${commandPrefix}-${name}-without-secrets";
populateCommands = with lib;
flatten [
content
(optionals enableSecrets secrets)
(optionals enableSwitch [ switch ])
];
in
jobs commandName "${user}@${host}${target}" populateCommands;
2020-01-31 11:18:17 +01:00
serverDeployment = name:
with ops;
2021-11-01 19:30:41 +01:00
deployment
{
content = [
(populate source.nixPkgs)
(populate source.modules)
(populate (source.system name))
];
secrets = [ (populate (source.secrets name)) ];
}
name;
2020-01-31 11:18:17 +01:00
desktopDeployment = name:
with ops;
2021-11-01 19:30:41 +01:00
deployment
{
content = [
(populate source.nixPkgs)
(populate source.modules)
(populate (source.system name))
];
secrets =
[ (populate (source.secrets name)) (populate source.desktopSecrets) ];
}
name;
2019-12-20 05:52:19 +01:00
cleanupNix = name:
{ ... }:
2019-12-20 05:52:19 +01:00
let
target = {
2020-01-04 06:00:17 +01:00
host = hostPattern name;
2019-12-20 05:52:19 +01:00
user = "root";
port = "22";
};
2021-11-01 19:30:41 +01:00
in
pkgs.writers.writeDashBin "clean-${name}" # sh
''
set -eu
${pkgs.openssh}/bin/ssh \
${target.user}@${target.host} -p ${target.port} \
nix-collect-garbage -d
'';
2019-10-24 02:20:38 +02:00
# helper function to make stuff more readable
runForAll = serverList: command: arguments:
let f = args: (map (name: command name (arguments // args)) serverList);
in (f { enableSecrets = false; }) ++ (f { enableSecrets = true; });
2019-12-20 05:52:19 +01:00
# generate tasks
servers = serverList:
with lib;
2019-12-20 05:52:19 +01:00
let
doForAll = runForAll serverList;
deployments = doForAll serverDeployment { };
cleanup = doForAll cleanupNix { };
install = doForAll serverDeployment {
commandPrefix = "install";
host = installHost;
target = "/mnt/var/src";
enableSwitch = false;
};
2021-11-01 19:30:41 +01:00
in
deployments ++ cleanup ++ install;
2019-12-20 05:52:19 +01:00
desktops = desktopList:
with lib;
2019-12-20 05:52:19 +01:00
let
doForAll = runForAll desktopList;
deployments = doForAll desktopDeployment { };
cleanup = doForAll cleanupNix { };
install = doForAll desktopDeployment {
commandPrefix = "install";
host = installHost;
target = "/mnt/var/src";
enableSwitch = false;
};
2021-11-01 19:30:41 +01:00
in
deployments ++ cleanup ++ install;
2019-12-20 05:52:19 +01:00
2021-11-01 19:30:41 +01:00
in
pkgs.mkShell {
2019-10-24 02:20:38 +02:00
buildInputs = with pkgs;
2020-05-20 00:30:53 +02:00
(servers [ "workhorse" "sputnik" "porani" "dummy" ])
2021-03-05 08:22:35 +01:00
++ (desktops [ "pepe" "workout" "sterni" "mobi" "sternchen" ]) ++ [
2019-12-20 05:52:19 +01:00
(pkgs.writers.writeBashBin "reformat" ''
find ${
toString ./.
} -type f | egrep "nix$" | grep -v wetten | while read line ; do ${pkgs.nixfmt}/bin/nixfmt "$line"; done
'')
];
2019-10-24 02:20:38 +02:00
}