{ pkgs, writeCommand, lib, secrets }: let # command that ensures we use flake.nix during switch command = targetPath: let commandLine = "TMPDIR=/tmp nixos-rebuild switch --flake ${targetPath} -L --keep-going"; in '' echo '${commandLine}' nix-shell \ -E "with import {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \ --run '${commandLine}' ''; source = { secrets.file = "${secrets}/secrets"; private_assets.pass = { dir = toString ~/.password-store; name = "krops/private_assets"; }; assets.file = toString ./assets; configs.file = toString ./configs; library.file = toString ./library; modules.file = toString ./modules; pkgs.file = toString ./pkgs; system.file = toString ./system; "flake.nix".file = toString ./flake.nix; "flake.lock".file = toString ./flake.lock; }; server = { name, host }: let system = writeCommand "/bin/system" { source = lib.evalSource [ source ]; force = true; target = lib.mkTarget "root@${host}/var/krops"; inherit command; }; in { "${name}" = pkgs.writers.writeBashBin name '' echo "deploy system" ${system}/bin/system ''; }; desktop = { name, host }: let system = writeCommand "/bin/system" { source = lib.evalSource [ source ]; force = true; target = lib.mkTarget "root@${host}/var/krops"; inherit command; }; network = writeCommand "/bin/secrets" { source = lib.evalSource [{ system-connections.pass = { dir = toString ~/.password-store; name = "krops/desktop_secrets/network-manager/system-connections"; }; }]; force = true; target = lib.mkTarget "root@${host}/etc/NetworkManager"; }; in { "${name}" = pkgs.writers.writeBashBin "${name}-all" '' echo "deploy network secerts" ${network}/bin/secrets echo "deploy system" ${system}/bin/system ''; }; in (desktop { name = "sterni"; host = "sterni.private"; }) // (desktop { name = "sternchen"; host = "sternchen.secret"; }) // (server { name = "pepe"; host = "pepe.private"; }) // (server { name = "workhorse"; host = "workhorse.private"; }) // (server { name = "sputnik"; host = "sputnik.private"; })