palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/shell.nix
Ingolf Wagner 607dfb0efc
updated syncthing
2020-10-08 21:09:35 +02:00

243 lines
6.6 KiB
Nix
Raw Blame History

let
# host used to install stuff. (can be an onion id if you use torify)
#installHost = "localhost";
installHost = "adsf.onion";
#ops = import ../plops ;
ops = import ((import <nixpkgs> { }).fetchgit {
url = "https://github.com/mrVanDalo/plops.git";
rev = "bad0f386afe20cb6a6b8692a3ec365556f8bdabb";
sha256 = "1qfc7kkfg83dy1jliw3afaq7q758b4ybz9md74g5fqpqjdxhxrnw";
});
lib = ops.lib;
pkgs = ops.pkgs;
source = {
raspberryNixPkgs = {
nixpkgs.git = {
ref = (ops.importJson ./.channelRaspberryStable.json).rev;
url = "https://github.com/NixOS/nixpkgs-channels";
};
nixpkgs-unstable.git = {
ref = (ops.importJson ./.channelRaspberryUnstable.json).rev;
url = "https://github.com/NixOS/nixpkgs-channels";
};
};
nixPkgs = {
nixpkgs.git = {
ref = (ops.importJson ./.channelStable.json).rev;
url = "https://github.com/NixOS/nixpkgs-channels";
};
nixpkgs-unstable.git = {
ref = (ops.importJson ./.channelUnstable.json).rev;
url = "https://github.com/NixOS/nixpkgs-channels";
};
};
system = name:
let
exclusive = name:
if name == "workhorse" then {
property.file = toString ./submodules/property;
} else
{ };
in {
system.file = toString ./system;
configs.file = toString ./configs;
nixos-config.symlink = "configs/${name}/configuration.nix";
} // (exclusive name);
desktopSecrets = {
desktop_secrets.pass = {
dir = toString ~/.password-store;
name = "krops/desktop_secrets";
};
};
keys = name: {
keys.pass = {
dir = toString ~/.password-store;
name = "krops/${name}/keys";
};
};
secrets = name: {
secrets.pass = {
dir = toString ~/.password-store;
name = "krops/${name}/secrets";
};
common_secrets.pass = {
dir = toString ~/.password-store;
name = "krops/common_secrets";
};
};
modules = {
modules.file = toString ./modules;
library.file = toString ./library;
pkgs.file = toString ./pkgs;
assets.file = toString ./assets;
nix-writers.git = {
url = "https://cgit.krebsco.de/nix-writers/";
ref = (ops.importJson ./.nix-writers.json).rev;
};
#backup-module.file = toString ~/dev/backup;
backup-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/backup.git";
ref = "1.3.3";
};
#kops-lib.file = toString ~/dev/krops-lib;
krops-lib.git = {
url = "https://git.ingolf-wagner.de/nix-modules/krops.git";
ref = "1.0.2";
};
#cluster-module.file = toString ~/dev/cluster-module;
cluster-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/cluster.git";
ref = "1.2.0";
};
#home-manager.file = toString ~/dev/home-manager;
home-manager.git = {
url = "https://github.com/rycee/home-manager.git";
ref = "a378bccd609c159fa8d421233b9c5eae04f02042";
};
background-image-generators.git = {
url =
"https://git.ingolf-wagner.de/nix-modules/background-image-generators.git";
ref = "1.0.0";
};
mozilla-overlay.git = {
url = "https://github.com/mozilla/nixpkgs-mozilla.git";
ref = "e912ed483e980dfb4666ae0ed17845c4220e5e7c";
};
cleverca22.git = {
url = "https://github.com/mrVanDalo/nixos-configs.git";
ref = "76260ad60cd99d40ab25df1400b0663d48e736db";
};
};
};
hostPattern = name:
if name == "porani" then
"${name}.insecure"
else if name == "dummy" then
"95.217.223.75"
else
"${name}.private";
deployment = { secrets, content }:
name:
{ host ? (hostPattern name), target ? "/var/src/", user ? "root"
, commandPrefix ? "deploy", enableSwitch ? true, enableSecrets ? true }:
with ops;
let
commandName = if enableSecrets then
"${commandPrefix}-${name}-with-secrets"
else
"${commandPrefix}-${name}-without-secrets";
populateCommands = with lib;
flatten [
content
(optionals enableSecrets secrets)
(optionals enableSwitch [ switch ])
];
in jobs commandName "${user}@${host}${target}" populateCommands;
serverDeployment = name:
with ops;
deployment {
content = [
(populate source.nixPkgs)
(populate source.modules)
(populate (source.system name))
];
secrets = [ (populate (source.secrets name)) ];
} name;
desktopDeployment = name:
with ops;
deployment {
content = [
(populate source.nixPkgs)
(populate source.modules)
(populate (source.system name))
];
secrets =
[ (populate (source.secrets name)) (populate source.desktopSecrets) ];
} name;
cleanupNix = name:
{ ... }:
let
target = {
host = hostPattern name;
user = "root";
port = "22";
};
in pkgs.writers.writeDashBin "clean-${name}" # sh
''
set -eu
${pkgs.openssh}/bin/ssh \
${target.user}@${target.host} -p ${target.port} \
nix-collect-garbage -d
'';
# helper function to make stuff more readable
runForAll = serverList: command: arguments:
let f = args: (map (name: command name (arguments // args)) serverList);
in (f { enableSecrets = false; }) ++ (f { enableSecrets = true; });
# generate tasks
servers = serverList:
with lib;
let
doForAll = runForAll serverList;
deployments = doForAll serverDeployment { };
cleanup = doForAll cleanupNix { };
install = doForAll serverDeployment {
commandPrefix = "install";
host = installHost;
target = "/mnt/var/src";
enableSwitch = false;
};
in deployments ++ cleanup ++ install;
desktops = desktopList:
with lib;
let
doForAll = runForAll desktopList;
deployments = doForAll desktopDeployment { };
cleanup = doForAll cleanupNix { };
install = doForAll desktopDeployment {
commandPrefix = "install";
host = installHost;
target = "/mnt/var/src";
enableSwitch = false;
};
in deployments ++ cleanup ++ install;
in pkgs.mkShell {
buildInputs = with pkgs;
(servers [ "workhorse" "sputnik" "porani" "dummy" ])
++ (desktops [ "pepe" "workout" "sterni" "mobi" ]) ++ [
(pkgs.writers.writeBashBin "reformat" ''
find ${
toString ./.
} -type f | egrep "nix$" | grep -v wetten | while read line ; do ${pkgs.nixfmt}/bin/nixfmt "$line"; done
'')
];
}
Reference in a new issue View git blame Copy permalink