From 48d3f66855fb57379351fb9a458a95cf28522916 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Tue, 11 Apr 2023 18:37:20 +0200 Subject: manage secrets with sops not sure if i like this yet, but it seems worth trying it out. --- flake.nix | 140 +++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 74 insertions(+), 66 deletions(-) (limited to 'flake.nix') diff --git a/flake.nix b/flake.nix index c1c790f..cf0aaff 100644 --- a/flake.nix +++ b/flake.nix @@ -1,4 +1,3 @@ - { description = "testing nix flakes for server deployment"; @@ -10,10 +9,15 @@ home-manager.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; - emacs-overlay.url = "gitlab:nix-community/emacs-overlay?rev=d938b780a3d8072aeac0178c46121060079ff217"; + simple-nixos-mailserver.url = + "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; + emacs-overlay.url = + "gitlab:nix-community/emacs-overlay?rev=d938b780a3d8072aeac0178c46121060079ff217"; rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; + sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs"; uplcg.url = "git+https://stuebinm.eu/git/uplcg?ref=main"; uplcg.flake = false; @@ -40,64 +44,69 @@ walint.flake = false; }; - outputs = { self, deploy-rs, ... }@inputs: - let - nixpkgs = import inputs.nixpkgs { - system = "x86_64-linux"; - overlays = [ - inputs.rust-overlay.overlays.default - self.overlays.default - ]; - }; - mkConfig = imports: config: - inputs.nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - modules = [ config ] ++ imports; - pkgs = nixpkgs; - - specialArgs = { - inherit inputs system; - craneLib = inputs.crane.lib.${system}; + outputs = { self, deploy-rs, sops-nix, ... }@inputs: + let + nixpkgs = import inputs.nixpkgs { + system = "x86_64-linux"; + overlays = + [ inputs.rust-overlay.overlays.default self.overlays.default ]; }; - }; - mkServer = mkConfig [ ./common/headless.nix ]; - mkDesktop = mkConfig [ ./common/desktop.nix ]; - deploy-vps = hostname: { - inherit hostname; - profiles.system = { - user = "root"; - sshUser = "root"; - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}; + mkConfig = imports: config: + inputs.nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [ config ] ++ imports; + pkgs = nixpkgs; + + specialArgs = { + inherit inputs system; + craneLib = inputs.crane.lib.${system}; + }; + }; + mkDesktop = mkConfig [ ./common/desktop.nix ]; + mkServer = mkConfig [ + ./common/headless.nix + sops-nix.nixosModules.sops + ]; + deploy-vps = hostname: { + inherit hostname; + profiles.system = { + user = "root"; + sshUser = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.${hostname}; + }; }; - }; - in { + in { - nixosConfigurations = { - chaski = mkServer ./chaski/configuration.nix; - flora = mkServer ./flora/configuration.nix; - abbenay = mkDesktop ./abbenay/configuration.nix; - cyberbox = mkDesktop ./cyberbox/configuration.nix; - surltesh-echer = mkDesktop ./surltesh-echer/configuration.nix; - ilex = mkDesktop ./ilex/configuration.nix; - }; + nixosConfigurations = { + chaski = mkServer ./chaski/configuration.nix; + flora = mkServer ./flora/configuration.nix; + abbenay = mkDesktop ./abbenay/configuration.nix; + cyberbox = mkDesktop ./cyberbox/configuration.nix; + surltesh-echer = mkDesktop ./surltesh-echer/configuration.nix; + ilex = mkDesktop ./ilex/configuration.nix; + }; - deploy.nodes = { - chaski = deploy-vps "chaski"; - flora = deploy-vps "flora"; - parsons = { - hostname = "parsons"; - profiles.home = { - user = "stuebinm"; - sshUser = "stuebinm"; - path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.stuebinm-minimal; - }; + deploy.nodes = { + chaski = deploy-vps "chaski"; + flora = deploy-vps "flora"; + parsons = { + hostname = "parsons"; + profiles.home = { + user = "stuebinm"; + sshUser = "stuebinm"; + path = deploy-rs.lib.x86_64-linux.activate.home-manager + self.homeConfigurations.stuebinm-minimal; + }; + }; }; - }; - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + checks = builtins.mapAttrs + (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; - homeConfigurations = - let home = root: inputs.home-manager.lib.homeManagerConfiguration rec { + homeConfigurations = let + home = root: + inputs.home-manager.lib.homeManagerConfiguration rec { pkgs = nixpkgs; modules = [ root ]; extraSpecialArgs = { @@ -110,19 +119,18 @@ stuebinm-minimal = home ./home/home-minimal.nix; }; - home = self.homeConfigurations.stuebinm.activationPackage; - home-minimal = self.homeConfigurations.stuebinm-minimal.activationPackage; + home = self.homeConfigurations.stuebinm.activationPackage; + home-minimal = self.homeConfigurations.stuebinm-minimal.activationPackage; - overlays.default = final: prev: - import ./pkgs/overlay.nix { inherit inputs; } final prev; - packages.x86_64-linux = { - inherit (nixpkgs) galmon-core galmon-full glitchtip typst - almanac kijetesantakaluotokieni showrt isabelle-utils isabat - emacs29 crs-tools; - }; + overlays.default = final: prev: + import ./pkgs/overlay.nix { inherit inputs; } final prev; + packages.x86_64-linux = { + inherit (nixpkgs) + galmon-core galmon-full glitchtip typst almanac + kijetesantakaluotokieni showrt isabelle-utils isabat emacs29 + crs-tools; + }; - nixosModules = { - glitchtip = import ./modules/glitchtip.nix; + nixosModules = { glitchtip = import ./modules/glitchtip.nix; }; }; - }; } -- cgit v1.2.3