nixos-config/terranix/space-left/plops/shell.nix
2021-02-14 20:24:19 +01:00

71 lines
1.7 KiB
Nix

let
# import plops with pkgs and lib
opsImport = import ((import <nixpkgs> { }).fetchgit {
url = "https://github.com/mrVanDalo/plops.git";
rev = "9fabba016a3553ae6e13d5d17d279c4de2eb00ad";
sha256 = "193pajq1gcd9jyd12nii06q1sf49xdhbjbfqk3lcq83s0miqfs63";
});
ops = let
overlay = self: super: {
# overwrite ssh to use the generated ssh configuration
openssh = super.writeShellScriptBin "ssh" ''
${super.openssh}/bin/ssh -F ${
toString ./generated/ssh-configuration
} "$@"
'';
};
in opsImport { overlays = [ overlay ]; };
lib = ops.lib;
pkgs = ops.pkgs;
# define all sources
source = {
# nixpkgs (no need for channels anymore)
nixPkgs.nixpkgs.git = {
ref = "nixos-20.09";
url = "https://github.com/NixOS/nixpkgs";
};
# system configurations
system = name: {
configs.file = toString ./configs;
nixos-config.symlink = "configs/${name}/configuration.nix";
};
# secrets which are hold and stored by pass
secrets = name: {
secrets.pass = {
dir = toString ./secrets;
name = name;
};
};
};
servers = import ./generated/nixos-machines.nix;
deployServer = name:
{ user ? "root", host, ... }:
with ops;
jobs "deploy-${name}" "${user}@${host.ipv4}" [
# deploy secrets to /run/plops-secrets/secrets
# (populateTmpfs (source.secrets name))
# deploy system to /var/src/system
(populate (source.system name))
# deploy nixpkgs to /var/src/nixpkgs
(populate source.nixPkgs)
switch
];
in pkgs.mkShell {
buildInputs = lib.mapAttrsToList deployServer servers;
shellHook = ''
export PASSWORD_STORE_DIR=./secrets
'';
}