let # host used to install stuff. (can be an onion id if you use torify) #installHost = "localhost"; installHost = "adsf.onion"; #ops = import ../plops ; ops = import ((import { }).fetchgit { url = "https://github.com/mrVanDalo/plops.git"; rev = "bad0f386afe20cb6a6b8692a3ec365556f8bdabb"; sha256 = "1qfc7kkfg83dy1jliw3afaq7q758b4ybz9md74g5fqpqjdxhxrnw"; }); lib = ops.lib; pkgs = ops.pkgs; source = { raspberryNixPkgs = { nixpkgs.git = { ref = (ops.importJson ./.channelRaspberryStable.json).rev; url = "https://github.com/NixOS/nixpkgs-channels"; }; nixpkgs-unstable.git = { ref = (ops.importJson ./.channelRaspberryUnstable.json).rev; url = "https://github.com/NixOS/nixpkgs-channels"; }; }; nixPkgs = { nixpkgs.git = { ref = (ops.importJson ./.channelStable.json).rev; url = "https://github.com/NixOS/nixpkgs"; }; nixpkgs-unstable.git = { ref = (ops.importJson ./.channelUnstable.json).rev; url = "https://github.com/NixOS/nixpkgs"; }; }; system = name: let exclusive = name: if name == "workhorse" then { property.file = toString ./submodules/property; } else { }; in { system.file = toString ./system; configs.file = toString ./configs; nixos-config.symlink = "configs/${name}/configuration.nix"; } // (exclusive name); desktopSecrets = { desktop_secrets.pass = { dir = toString ~/.password-store; name = "krops/desktop_secrets"; }; }; keys = name: { keys.pass = { dir = toString ~/.password-store; name = "krops/${name}/keys"; }; }; secrets = name: { secrets.pass = { dir = toString ~/.password-store; name = "krops/${name}/secrets"; }; common_secrets.pass = { dir = toString ~/.password-store; name = "krops/common_secrets"; }; }; modules = { modules.file = toString ./modules; library.file = toString ./library; pkgs.file = toString ./pkgs; assets.file = toString ./assets; nix-writers.git = { url = "https://cgit.krebsco.de/nix-writers/"; ref = (ops.importJson ./.nix-writers.json).rev; }; #backup-module.file = toString ~/dev/backup; backup-module.git = { url = "https://git.ingolf-wagner.de/nix-modules/backup.git"; ref = "1.3.3"; }; #kops-lib.file = toString ~/dev/krops-lib; krops-lib.git = { url = "https://git.ingolf-wagner.de/nix-modules/krops.git"; ref = "1.0.3"; }; #cluster-module.file = toString ~/dev/cluster-module; cluster-module.git = { url = "https://git.ingolf-wagner.de/nix-modules/cluster.git"; ref = "1.2.0"; }; #home-manager.file = toString ~/dev/home-manager; home-manager.git = { url = "https://github.com/rycee/home-manager.git"; ref = "7b6ebf2785cfc9dd6fc2b101cbbb2152eb68d45c"; }; background-image-generators.git = { url = "https://git.ingolf-wagner.de/nix-modules/background-image-generators.git"; ref = "1.0.0"; }; mozilla-overlay.git = { url = "https://github.com/mozilla/nixpkgs-mozilla.git"; ref = "e912ed483e980dfb4666ae0ed17845c4220e5e7c"; }; cleverca22.git = { url = "https://github.com/mrVanDalo/nixos-configs.git"; ref = "76260ad60cd99d40ab25df1400b0663d48e736db"; }; }; }; hostPattern = name: if name == "porani" then "${name}.insecure" else if name == "dummy" then "95.217.223.75" else "${name}.private"; deployment = { secrets, content }: name: { host ? (hostPattern name), target ? "/var/src/", user ? "root" , commandPrefix ? "deploy", enableSwitch ? true, enableSecrets ? true }: with ops; let commandName = if enableSecrets then "${commandPrefix}-${name}-with-secrets" else "${commandPrefix}-${name}-without-secrets"; populateCommands = with lib; flatten [ content (optionals enableSecrets secrets) (optionals enableSwitch [ switch ]) ]; in jobs commandName "${user}@${host}${target}" populateCommands; serverDeployment = name: with ops; deployment { content = [ (populate source.nixPkgs) (populate source.modules) (populate (source.system name)) ]; secrets = [ (populate (source.secrets name)) ]; } name; desktopDeployment = name: with ops; deployment { content = [ (populate source.nixPkgs) (populate source.modules) (populate (source.system name)) ]; secrets = [ (populate (source.secrets name)) (populate source.desktopSecrets) ]; } name; cleanupNix = name: { ... }: let target = { host = hostPattern name; user = "root"; port = "22"; }; in pkgs.writers.writeDashBin "clean-${name}" # sh '' set -eu ${pkgs.openssh}/bin/ssh \ ${target.user}@${target.host} -p ${target.port} \ nix-collect-garbage -d ''; # helper function to make stuff more readable runForAll = serverList: command: arguments: let f = args: (map (name: command name (arguments // args)) serverList); in (f { enableSecrets = false; }) ++ (f { enableSecrets = true; }); # generate tasks servers = serverList: with lib; let doForAll = runForAll serverList; deployments = doForAll serverDeployment { }; cleanup = doForAll cleanupNix { }; install = doForAll serverDeployment { commandPrefix = "install"; host = installHost; target = "/mnt/var/src"; enableSwitch = false; }; in deployments ++ cleanup ++ install; desktops = desktopList: with lib; let doForAll = runForAll desktopList; deployments = doForAll desktopDeployment { }; cleanup = doForAll cleanupNix { }; install = doForAll desktopDeployment { commandPrefix = "install"; host = installHost; target = "/mnt/var/src"; enableSwitch = false; }; in deployments ++ cleanup ++ install; in pkgs.mkShell { buildInputs = with pkgs; (servers [ "workhorse" "sputnik" "porani" "dummy" ]) ++ (desktops [ "pepe" "workout" "sterni" "mobi" ]) ++ [ (pkgs.writers.writeBashBin "reformat" '' find ${ toString ./. } -type f | egrep "nix$" | grep -v wetten | while read line ; do ${pkgs.nixfmt}/bin/nixfmt "$line"; done '') ]; }