summaryrefslogtreecommitdiff
path: root/flake.nix
diff options
context:
space:
mode:
authorstuebinm2023-04-11 18:37:20 +0200
committerstuebinm2023-04-11 18:41:13 +0200
commit48d3f66855fb57379351fb9a458a95cf28522916 (patch)
tree730f4f9186a5a7f52e64236417ec384968eb96fd /flake.nix
parent4e4eaf4838bbd45393d7a19ad182c8d4c076b043 (diff)
manage secrets with sops
not sure if i like this yet, but it seems worth trying it out.
Diffstat (limited to '')
-rw-r--r--flake.nix140
1 files changed, 74 insertions, 66 deletions
diff --git a/flake.nix b/flake.nix
index c1c790f..cf0aaff 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,4 +1,3 @@
-
{
description = "testing nix flakes for server deployment";
@@ -10,10 +9,15 @@
home-manager.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
- simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
- emacs-overlay.url = "gitlab:nix-community/emacs-overlay?rev=d938b780a3d8072aeac0178c46121060079ff217";
+ simple-nixos-mailserver.url =
+ "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
+ emacs-overlay.url =
+ "gitlab:nix-community/emacs-overlay?rev=d938b780a3d8072aeac0178c46121060079ff217";
rust-overlay.url = "github:oxalica/rust-overlay";
rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
+ sops-nix.url = "github:Mic92/sops-nix";
+ sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable";
+ sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
uplcg.url = "git+https://stuebinm.eu/git/uplcg?ref=main";
uplcg.flake = false;
@@ -40,64 +44,69 @@
walint.flake = false;
};
- outputs = { self, deploy-rs, ... }@inputs:
- let
- nixpkgs = import inputs.nixpkgs {
- system = "x86_64-linux";
- overlays = [
- inputs.rust-overlay.overlays.default
- self.overlays.default
- ];
- };
- mkConfig = imports: config:
- inputs.nixpkgs.lib.nixosSystem rec {
- system = "x86_64-linux";
- modules = [ config ] ++ imports;
- pkgs = nixpkgs;
-
- specialArgs = {
- inherit inputs system;
- craneLib = inputs.crane.lib.${system};
+ outputs = { self, deploy-rs, sops-nix, ... }@inputs:
+ let
+ nixpkgs = import inputs.nixpkgs {
+ system = "x86_64-linux";
+ overlays =
+ [ inputs.rust-overlay.overlays.default self.overlays.default ];
};
- };
- mkServer = mkConfig [ ./common/headless.nix ];
- mkDesktop = mkConfig [ ./common/desktop.nix ];
- deploy-vps = hostname: {
- inherit hostname;
- profiles.system = {
- user = "root";
- sshUser = "root";
- path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname};
+ mkConfig = imports: config:
+ inputs.nixpkgs.lib.nixosSystem rec {
+ system = "x86_64-linux";
+ modules = [ config ] ++ imports;
+ pkgs = nixpkgs;
+
+ specialArgs = {
+ inherit inputs system;
+ craneLib = inputs.crane.lib.${system};
+ };
+ };
+ mkDesktop = mkConfig [ ./common/desktop.nix ];
+ mkServer = mkConfig [
+ ./common/headless.nix
+ sops-nix.nixosModules.sops
+ ];
+ deploy-vps = hostname: {
+ inherit hostname;
+ profiles.system = {
+ user = "root";
+ sshUser = "root";
+ path = deploy-rs.lib.x86_64-linux.activate.nixos
+ self.nixosConfigurations.${hostname};
+ };
};
- };
- in {
+ in {
- nixosConfigurations = {
- chaski = mkServer ./chaski/configuration.nix;
- flora = mkServer ./flora/configuration.nix;
- abbenay = mkDesktop ./abbenay/configuration.nix;
- cyberbox = mkDesktop ./cyberbox/configuration.nix;
- surltesh-echer = mkDesktop ./surltesh-echer/configuration.nix;
- ilex = mkDesktop ./ilex/configuration.nix;
- };
+ nixosConfigurations = {
+ chaski = mkServer ./chaski/configuration.nix;
+ flora = mkServer ./flora/configuration.nix;
+ abbenay = mkDesktop ./abbenay/configuration.nix;
+ cyberbox = mkDesktop ./cyberbox/configuration.nix;
+ surltesh-echer = mkDesktop ./surltesh-echer/configuration.nix;
+ ilex = mkDesktop ./ilex/configuration.nix;
+ };
- deploy.nodes = {
- chaski = deploy-vps "chaski";
- flora = deploy-vps "flora";
- parsons = {
- hostname = "parsons";
- profiles.home = {
- user = "stuebinm";
- sshUser = "stuebinm";
- path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.stuebinm-minimal;
- };
+ deploy.nodes = {
+ chaski = deploy-vps "chaski";
+ flora = deploy-vps "flora";
+ parsons = {
+ hostname = "parsons";
+ profiles.home = {
+ user = "stuebinm";
+ sshUser = "stuebinm";
+ path = deploy-rs.lib.x86_64-linux.activate.home-manager
+ self.homeConfigurations.stuebinm-minimal;
+ };
+ };
};
- };
- checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+ checks = builtins.mapAttrs
+ (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
- homeConfigurations =
- let home = root: inputs.home-manager.lib.homeManagerConfiguration rec {
+ homeConfigurations = let
+ home = root:
+ inputs.home-manager.lib.homeManagerConfiguration rec {
pkgs = nixpkgs;
modules = [ root ];
extraSpecialArgs = {
@@ -110,19 +119,18 @@
stuebinm-minimal = home ./home/home-minimal.nix;
};
- home = self.homeConfigurations.stuebinm.activationPackage;
- home-minimal = self.homeConfigurations.stuebinm-minimal.activationPackage;
+ home = self.homeConfigurations.stuebinm.activationPackage;
+ home-minimal = self.homeConfigurations.stuebinm-minimal.activationPackage;
- overlays.default = final: prev:
- import ./pkgs/overlay.nix { inherit inputs; } final prev;
- packages.x86_64-linux = {
- inherit (nixpkgs) galmon-core galmon-full glitchtip typst
- almanac kijetesantakaluotokieni showrt isabelle-utils isabat
- emacs29 crs-tools;
- };
+ overlays.default = final: prev:
+ import ./pkgs/overlay.nix { inherit inputs; } final prev;
+ packages.x86_64-linux = {
+ inherit (nixpkgs)
+ galmon-core galmon-full glitchtip typst almanac
+ kijetesantakaluotokieni showrt isabelle-utils isabat emacs29
+ crs-tools;
+ };
- nixosModules = {
- glitchtip = import ./modules/glitchtip.nix;
+ nixosModules = { glitchtip = import ./modules/glitchtip.nix; };
};
- };
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 18:39:13 +0000