palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/krops.nix
Ingolf Wagner d736f660cb
made krops, flakes and sops work for sterni
2021-09-25 15:17:07 +02:00

96 lines
2.6 KiB
Nix
Raw Blame History

{ pkgs, writeCommand, lib, secrets }:
let
# command that ensures we use flake.nix during switch
command = targetPath:
let
commandLine =
"TMPDIR=/tmp nixos-rebuild build --flake ${targetPath} -L --keep-going";
in ''
echo '${commandLine}'
nix-shell \
-E "with import <nixpkgs> {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \
--run '${commandLine}'
'';
#secrets = name: {
# secrets.pass = {
# dir = toString ~/.password-store;
# name = "krops/${name}/secrets";
# };
# common_secrets.pass = {
# dir = toString ~/.password-store;
# name = "krops/common_secrets";
# };
#};
#desktopSecrets = {
# desktop_secrets.pass = {
# dir = toString ~/.password-store;
# name = "krops/desktop_secrets";
# };
#};
source = {
secrets.file = "${secrets}/secrets";
assets.file = toString ./assets;
private_assets.pass = {
dir = toString ~/.password-store;
name = "krops/private_assets";
};
configs.file = toString ./configs;
library.file = toString ./library;
modules.file = toString ./modules;
pkgs.file = toString ./pkgs;
system.file = toString ./system;
"flake.nix".file = toString ./flake.nix;
"flake.lock".file = toString ./flake.lock;
"configurations.nix".file = toString ./configurations.nix;
#mqtt.file = toString ./mqtt;
#backup-module.file = toString ~/dev/backup;
backup-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/backup.git";
ref = "1.3.3";
};
#kops-lib.file = toString ~/dev/krops-lib;
krops-lib.git = {
url = "https://git.ingolf-wagner.de/nix-modules/krops.git";
ref = "1.0.3";
};
#cluster-module.file = toString ~/dev/cluster-module;
cluster-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/cluster.git";
ref = "1.2.0";
};
};
in {
sterni = let
system = writeCommand "/bin/system" {
source = lib.evalSource [ source ];
force = true;
target = lib.mkTarget "root@sterni.private/var/krops";
inherit command;
};
network = writeCommand "/bin/secrets" {
source = lib.evalSource [{
system-connections.pass = {
dir = toString ~/.password-store;
name = "krops/desktop_secrets/network-manager/system-connections";
};
}];
force = true;
target = lib.mkTarget "root@sterni.private/etc/NetworkManager";
};
in pkgs.writers.writeBash "/bin/sterni" ''
#echo "deploy network secerts"
#${network}/bin/secrets
echo "deploy system"
${system}/bin/system
'';
}
Reference in a new issue View git blame Copy permalink