diff --git a/flake.lock b/flake.lock index 84b0983..e132050 100644 --- a/flake.lock +++ b/flake.lock @@ -36,6 +36,29 @@ "type": "github" } }, + "krops": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1644957911, + "narHash": "sha256-ggie/j7pdBqzDs4W7OiPmhqH9IGbXAbJxGqBdVxA8jA=", + "owner": "Mic92", + "repo": "krops", + "rev": "86fb3d2ee94fd8306231853b323ed8804edf26ec", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "krops", + "type": "github" + } + }, "nix-pre-commit-hooks": { "inputs": { "flake-utils": [ @@ -139,6 +162,7 @@ "inputs": { "flake-utils": "flake-utils", "home-manager": "home-manager", + "krops": "krops", "nix-pre-commit-hooks": "nix-pre-commit-hooks", "nixpkgs": "nixpkgs_2", "nixpkgsMaster": "nixpkgsMaster", diff --git a/flake.nix b/flake.nix index 2702d48..bbd838a 100644 --- a/flake.nix +++ b/flake.nix @@ -20,11 +20,20 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + krops = { + url = "github:Mic92/krops"; + inputs = { + flake-utils.follows = "flake-utils"; + nixpkgs.follows = "nixpkgs"; + }; + }; }; outputs = { self , nixpkgs , flake-utils + , krops , home-manager , nur , nix-pre-commit-hooks @@ -62,12 +71,48 @@ ${self.checks.${system}.pre-commit-check.shellHook} ''; }; + + apps = lib.mapAttrs + (name: program: { type = "app"; program = toString program; }) + (flake-utils.lib.flattenTree { + deploy = lib.recurseIntoAttrs (lib.mapAttrs + (hostname: machine: + let + inherit (krops.packages.${system}) writeCommand; + inherit (krops) lib; + in + writeCommand "deploy-${hostname}" { + target = lib.mkTarget "root@${machine.config.deployment.targetHost}" // { + extraOptions = [ + # force allocation of tty to allow aborting with ^C and to show build progress + "-t" + ]; + }; + source = lib.evalSource (lib.singleton { + config.file = { + path = toString ./.; + useChecksum = true; + }; + }); + command = targetPath: '' + nixos-rebuild switch --flake ${targetPath}/config -L --keep-going + ''; + } + ) + self.nixosConfigurations); + + showKeyFingerprint = pkgs.writeShellScript "show-key-fingerprint" '' + ${pkgs.gnupg}/bin/gpg --with-fingerprint --with-colons --show-key "keys/''${1}.asc" | awk -F: '$1 == "fpr" { print $10; exit }' + ''; + }); + }) // { overlay = import ./pkgs; nixosConfigurations = nixpkgs.lib.mapAttrs (hostname: { system , extraModules ? [ ] + , targetHost ? hostname , nixpkgs ? inputs.nixpkgs }: nixpkgs.lib.nixosSystem rec { inherit system; @@ -75,10 +120,26 @@ modules = [ (./hosts + "/${hostname}/configuration.nix") + ./modules + { _module.args.inputs = inputs; } + + # deployment settings + ({ lib, ... }: { + options.deployment = { + targetHost = lib.mkOption { + type = lib.types.str; + readOnly = true; + internal = true; + }; + }; + config.deployment = { + inherit targetHost; + }; + }) ] ++ [{ nixpkgs.overlays = [ nur.overlay ]; }] ++ [