155 lines
4.7 KiB
Nix
155 lines
4.7 KiB
Nix
{
|
|
inputs = {
|
|
disko.inputs.nixpkgs.follows = "nixpkgs";
|
|
disko.url = "github:nix-community/disko";
|
|
|
|
flake-utils.url = "github:numtide/flake-utils";
|
|
|
|
nix-pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix/master";
|
|
nix-pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
|
|
|
|
nixos-hardware.url = "github:nixos/nixos-hardware/master";
|
|
|
|
krops.url = "github:Mic92/krops";
|
|
krops.inputs.flake-utils.follows = "flake-utils";
|
|
krops.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
sops-nix.url = "github:Mic92/sops-nix";
|
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
sbruder-overlay.url = "github:sbruder/nixpkgs-overlay";
|
|
sbruder-overlay.inputs.flake-utils.follows = "flake-utils";
|
|
sbruder-overlay.inputs.nix-pre-commit-hooks.follows = "nix-pre-commit-hooks";
|
|
sbruder-overlay.inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
outputs =
|
|
{ self
|
|
, flake-utils
|
|
, krops
|
|
, nix-pre-commit-hooks
|
|
, nixpkgs
|
|
, ...
|
|
}@inputs: flake-utils.lib.eachDefaultSystem
|
|
(system:
|
|
let
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
overlays = [ self.overlays.default ];
|
|
};
|
|
inherit (pkgs) lib;
|
|
in
|
|
rec {
|
|
checks = {
|
|
pre-commit-check = nix-pre-commit-hooks.lib.${system}.run {
|
|
src = ./.;
|
|
hooks = {
|
|
black.enable = true;
|
|
nixpkgs-fmt.enable = true;
|
|
shellcheck.enable = true;
|
|
statix = {
|
|
enable = true;
|
|
settings.ignore = [ ".direnv" ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
devShells.default = pkgs.mkShell {
|
|
name = "fablab-nixos-config";
|
|
|
|
buildInputs = (with pkgs; [
|
|
black
|
|
nixpkgs-fmt
|
|
shellcheck
|
|
sops
|
|
ssh-to-pgp
|
|
]);
|
|
|
|
shellHook = ''
|
|
find ${./keys} -type f -print0 | xargs -0 ${pkgs.gnupg}/bin/gpg --quiet --import
|
|
'' + self.checks.${system}.pre-commit-check.shellHook;
|
|
};
|
|
|
|
apps = lib.mapAttrs
|
|
(name: program: { type = "app"; program = toString program; })
|
|
(flake-utils.lib.flattenTree {
|
|
deploy = lib.recurseIntoAttrs (lib.mapAttrs
|
|
(hostname: machine:
|
|
let
|
|
inherit (krops.packages.${system}) writeCommand;
|
|
inherit (krops) lib;
|
|
in
|
|
writeCommand "deploy-${hostname}" {
|
|
target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // {
|
|
extraOptions = [
|
|
# force allocation of tty to allow aborting with ^C and to show build progress
|
|
"-t"
|
|
];
|
|
};
|
|
source = lib.evalSource (lib.singleton {
|
|
config.file = {
|
|
path = toString ./.;
|
|
useChecksum = true;
|
|
};
|
|
});
|
|
command = targetPath: ''
|
|
nixos-rebuild switch --flake ${targetPath}/config -L --keep-going
|
|
'';
|
|
}
|
|
)
|
|
self.nixosConfigurations);
|
|
|
|
showKeyFingerprint = pkgs.writeShellScript "show-key-fingerprint" ''
|
|
${pkgs.gnupg}/bin/gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }'
|
|
'';
|
|
});
|
|
|
|
packages = lib.filterAttrs
|
|
(n: v: lib.elem system v.meta.platforms)
|
|
(flake-utils.lib.flattenTree {
|
|
inherit (pkgs)
|
|
fablab;
|
|
});
|
|
}) // {
|
|
overlays.default = import ./pkgs;
|
|
|
|
nixosConfigurations = nixpkgs.lib.mapAttrs
|
|
(hostname: { system
|
|
, extraModules ? [ ]
|
|
, targetHost ? hostname
|
|
}: nixpkgs.lib.nixosSystem rec {
|
|
inherit system;
|
|
|
|
modules = [
|
|
(./machines + "/${hostname}/configuration.nix")
|
|
|
|
./modules
|
|
|
|
{
|
|
_module.args.inputs = inputs;
|
|
}
|
|
|
|
# deployment settings
|
|
({ lib, ... }: {
|
|
options.deployment = {
|
|
targetHost = lib.mkOption {
|
|
type = lib.types.str;
|
|
readOnly = true;
|
|
internal = true;
|
|
};
|
|
};
|
|
config.deployment = {
|
|
inherit targetHost;
|
|
};
|
|
})
|
|
] ++ (with inputs; [
|
|
sops-nix.nixosModules.sops
|
|
disko.nixosModules.disko
|
|
]) ++ extraModules;
|
|
})
|
|
(import ./machines inputs);
|
|
};
|
|
}
|